Amid numerous reports of ObamaCare exchange difficulties, Internet cloud security company Trend Micro has reported that they have already seen spam targeted to words such as “Medicare,” “enrollment,” and “medical insurance.” The company reports that some of the spam variants appear “professional enough to fool some users into opening the email and clicking the links in these messages.”
Budd wrote last week that due to the way the online registration for ObamaCare will work, and to the type of information people must enter online to obtain health insurance coverage, “there’s a real risk of a perfect storm that can make this process a bonanza for identity thieves and cybercriminals:”
The root problem is that the Health Insurance Exchange isn’t made up of a single, authoritative site where people can go and register for coverage. In addition to the Federal site, people can apply for coverage at sites run by individual states. Then, within each state, there can also be legitimate third-party sites that provide assistance and even broker coverage.
When a person starts looking through sites to find one, at this time, they’re faced with the challenge that there’s no official marking or labeling that they can look at on a site to know that it’s an officially sanctioned site. A survey of state and third-party sites also shows that official sites aren’t required to provide the ability to verify the site using SSL: many of them don’t provide it for site verification at all, though the Federal site does. As people look for health care exchanges, they’re going to be faced with potentially hundreds or thousands of sites that claim to be legitimate but won’t be able to easily verify that claim.
Budd said that, in addition, when applying for healthcare coverage, people must submit all of their most sensitive personal data – not only for themselves, but also for their entire family.
In short, according to Budd, the ObamaCare exchanges create a situation in which people are encouraged to give away critical personal information to what they believe to be legitimate sites, but can’t really be sure the sites are legitimate:
This is a perfect environment for identity thieves and other criminals to put together bogus sites to get personal information they can use or sell on the digital underground. And this situation also provides an opportunity for old fashioned healthcare scammers to offer bogus coverage and fraudulent billing scams to more unsuspecting people.