The online health insurance marketplace serving residents of Washington, D.C. and U.S. Congress staffers and members is facing two proposed class action lawsuits following a hacking incident that affected at least 56,400 individuals.
Data stolen in the incident was recently posted for sale on the dark web. Both lawsuits were filed in the U.S. District Court for the District of Columbia, with each making similar allegations against the DC Health Benefit Exchange Authority, claiming the entity was negligent in failing to secure sensitive information of the plaintiffs and class members.
One of the lawsuits, filed by Angelo Meranda, names two DC Health Benefit Exchange Authority leaders as co-defendants, and alleges that up to 506,000 individuals may have been affected by the incident.
The other complaint, filed by Jenni Suhr, estimates that between 56,000 and 107,000 individuals were affected. Both lawsuits seek monetary damages and improvements to the health insurance marketplace’s data security.
The DC Health Benefit Exchange Authority responded to an inquiry with a statement that the vulnerability exploited by hackers has been fixed. However, CBS News reported that at least 17 current and former members of Congress are among the tens of thousands of individuals affected by the attack.
Experts predict that DC Health Link will face serious fallout from the breach, which could lead to increased scrutiny from the Department of Health and Human Services’ Office for Civil Rights, and a higher risk of a financial enforcement action, depending on the underlying facts.
The DC Health Link is working with Mandiant, a forensics firm, “to do a comprehensive review of our security measures and controls, and we will be implementing new protocols going forward,” according to the exchange’s breach notice.
This incident highlights the importance of organizations taking appropriate measures to protect sensitive information and ensure the security of their systems. The consequences of failing to do so can be significant, including not only financial penalties and lawsuits but also damage to an organization’s reputation and trust among its customers.
