Lawmakers’ prescription data at risk after data breach

Lawmakers on Capitol Hill were informed this week of a data breach involving the congressional medical office that may have compromised personal information — including their prescription history.

The intrusions occurred March 1 and 3 and targeted RXNT, a medical software provider used by the Office of the Attending Physician to manage care for members of Congress, according to letters sent this week to affected individuals that were reviewed by Blue Light News.

Brian Monahan, the Capitol’s attending physician, is making personal calls to staff and lawmakers whose data are affected, according to one person contacted by phone this week and alerted that their prescription history was among those breached.

RXNT’s software is intended to “securely transmit prescription information to pharmacies for fulfillment,” Monahan’s office explained in the letters to patients. Among the data accessed in the RXNT breach includes names, birthdays, addresses, prescription information, doctor information and pharmacy information.

Under federal law, the data breach has to be reported within 60 days of the intrusion being discovered. RXNT notified the attending physician’s office on the last possible day allowed under federal health privacy rules. That, in turn, might have delayed the OAP’s review of the impact of the breach on Capitol Hill patients, according to two people familiar with the timeline and granted anonymity to share private deliberations.

It is not clear what foreign or domestic entity conducted the breach and where the sensitive data on lawmakers’ health could end up.

Financial data, insurance information and Social Security numbers were not compromised, nor were any patient records maintained by the Office of the Attending Physician that were not shared with RXNT. Such records, which include extensive information on lawmakers’ health history and medical treatments, “remain secured within the walls of Congress” and are “not cloud based,” according to the notice shared with affected patients on Capitol Hill.

“The OAP only provides the minimum information required to process prescription services,” the letter reads.

The Office of the Attending Physician operates several small medical clinics on the Capitol campus where Navy medical personnel handle both emergencies and primary health care for lawmakers, while also providing vaccinations and minor medical services for congressional aides. Staff are able to procure prescriptions through the OAP in limited circumstances, including for official travel and follow-up care.