The DC Health Link data breach affected 56,415 current and past customers, Ms. Kofman said. She is expected to testify before the House Oversight and Accountability subcommittee April 19.
Ms. Kofman said that while DC Health Link does not have medical or healthcare information, it does have personal information. The two stolen reports had personal information, including names, dates of birth and Social Security numbers.
An investigation into the breach found the cause was human error, according to the testimony.
“With respect to the ‘root cause’ — the problem here related to the configurations on a server used for generating and storing automated jobs and weekly reports,” Ms. Kofman said. “The server was misconfigured to allow access to the reports on the server without proper authentication. Based on our investigation to date, we believe the misconfiguration was not intentional but human mistake. Also, at no point was the DC Health Link enrollment system breached or exposed.”
Forty-three family members of House lawmakers and 231 family members of House staffers were also affected by the breach, Ms. Kofman said.
