Congress members impacted in RXNT breach

The data breach has led to political leaders having their prescription information leaked to malicious actors.

What happened

According to Politico, between March 1st and March 3rd, medical software provider RXNT, which is used by the Office of the Attending Physician to manage care for Congress members, was targeted in a data breach. Following the incident, an investigation began on March 3rd and concluded on April 17th, 2026.

The Capitol’s attending physician, Brian Monahan, is personally calling the staff and lawmakers whose data may have been involved. Specifically, the breach may have led to Congress members having their prescription history accessed. Notably, the Office of the Attending Physician said they limit information provided to RXNT to only what is needed to process prescription services. Other protected health information (PHI), like patient records, insurance information, or Social Security numbers, were not shared with RXNT and thus not part of the breach.

Going deeper

While a lot of highly sensitive data avoided being breached, information involved in the attack included names, addresses, dates of birth, physician names, and prescription and pharmacy information.

The Office of the Attending Physician (OAP) has not yet announced the full scale of the breach on Congress members; we don’t yet know who all may have been impacted or the range of dates that the data is from. For instance, it’s possible that current and past congressmen have been impacted. RXNT, which has been a healthcare software provider since 1999 and boasts numerous awards, has yet to provide a press release or other official statement regarding the incident. They provided notice to the OAP within the 60-day range that is required by HIPAA, on the final day possible. RXNT has not notified the Department of Health and Human Services (HHS) at this time, and it’s likely that other individuals outside of Congress were impacted, as RXNT has numerous partners.

Why it matters

While it’s difficult to know why exactly RXNT was targeted, as they are a large company, it’s possible that this was a politically motivated incident. The Center for Strategic and International Studies (CSIS) has documented numerous politically motivated attacks that have occurred since 2022, with multiple attacks linked in Iran and China. Although no group has claimed this breach yet, it’s possible the incident will be claimed or held for ransom. Malicious groups may target Congressional members because of their high status and the value the data may bring in on the dark web, if it were to be leaked.

The big picture

As the incident continues to unfold, RXNT will likely be required to provide more information to the HHS as well as Attorney Generals. Once the details are provided, it will likely become clearer how and why the breach took place. In the meantime, impacted individuals will have access to this website, which has been specifically set up to provide information to victims. The website requires a login to access, showing that RXNT is prioritizing security on breach details. This may suggest that components of the investigation are still underway or that RXNT is trying to keep details private for another reason.

FAQs

Why hasn’t RXNT notified the HHS yet?

RXNT is a business associate, and needed to notify the HIPAA-covered clients they work within 60 days of discovering the breach. At that point, they then have an additional 60 days to notify the HHS. RXNT may be delaying notification while they gather additional details.

What will happen to the Congress members’ data?

It’s likely that the data will be leaked on the dark web, but the hackers may also try to negotiate a deal with RXNT to receive money in exchange for not releasing PHI.