As White House officials and insurance providers scramble to get the Patient Protection and Affordable Care Act’s (PPACA) online health insurance exchanges in place by Oct. 1, cybercriminals are lining up to dupe users and steal information. Experts caution that the online third-party structure makes it easy to scam and be scammed. Prospective enrollees are advised to eschew search engines, stay alert for deviations in domain name, and verify potential sellers by phone or in person.
The embattled healthcare reform known as Obamacare requires uninsured Americans to buy healthcare insurance if they can afford to, or pay a penalty. Online health insurance market places, also known as the exchanges, are run by individual states and the federal goverment in order to facilitate enrollment. Scammers and phishers are using the lack of concentric structure to their advantage, making the upcoming policy market a potential goldmine.
"The root problem is that the Health Insurance Exchange isn’t made up by a single authoritative site where people can go and register for coverage,” said Christopher Budd, threat communications manager at Trend Micro security. “In addition to the federal site, people can apply for coverage at sites run by individual states. Then, within each state, there can also be legitimate third-party that provide assistance and even broker coverage.”
Although the sprawling structure may relieve web traffic during open enrollment and promote accessibility, the lack uniformity and authority makes online verification risky. According to Budd, the market place represents the “perfect environment” for identity thieves and other criminals, who will prey on the initial confusion and fuzzy verification system by writing fake sites.
“When a person starts looking through sites to find one, at this time, they’re faced with the challenge that there’s no official marking or labeling that they can look at on a site to know that it’s an officially sanctioned site,” he explained. “A survey of state and third-party sites also shows that official sites aren’t required to provide the ability to verify the site using SSL [secure socket layer]: many of them don’t provide it for site verification at all.”
The easiest way to avoid potential scammers and phishers is to start your search at sites run by federal and state government. These sites will provide you with resources deemed trustworthy by officials. It is important to avoid traditional search engines, as cybercriminals replicate legitimate keywords, names, and even site designs to lure in prospective enrollees.
For further protection against online fraud, experts recommend calling the site's listed number or even visiting the listed address in person.