The agency claimed there was "no reason to believe" the info had been abused, but that's not much consolation. It's not clear who was responsible for the attack or what their motivations might be. At least some previous attacks were conducted by Chinese hackers hoping to learn about American health care, but this could also be the work of private scammers or state-sponsored agents with alternate methods.

The breach illustrates how medical networks continue to be fragile: an email is all it took to directly expose the most sensitive data of thousands of users. The AHCA is taking a step to resolve this by training staff on security measures, but you might not see a lasting solution until private info is further separated from the outside world.