President Barack Obama's health care reform law kicks in Oct. 1, and cybercriminals, along with health care providers, are standing by, only too eager for you to share your personal information.
There's already a lot of confusion out there about the Affordable Care Act, and as some of us start to finally pay attention and get ready to sign up for coverage, scammers and phishers are at the ready for those people who opt to sign up for coverage by doing it online at the Health Insurance Exchange. (You can learn more about the plan here.)
What makes it a potential gold mine for cyberthieves is that the Health Insurance Exchange "isn't made up of a single authoritative site where people can go and register for coverage," writes Christopher Budd, threat communications manager for Trend Micro security, in a blog post.
In addition to the federal site, he says, "people can apply for coverage at sites run by individual states. Then, within each state, there can also be legitimate third-party sites that provide assistance and even broker coverage."
When people start looking through various health care insurance websites to find the right one, "they're faced with the challenge that there’s no official marking or labeling that they can look at on a site to know that it’s an officially sanctioned site," he writes.
"A survey of state and third-party sites also shows that official sites aren’t required to provide the ability to verify the site using SSL [secure socket layers]: many of them don’t provide it for site verification at all, though the federal site does."
So, as people look for health care exchanges, "they're going to be faced with potentially hundreds or thousands of sites that claim to be legitimate but won’t be able to easily verify that claim."
(You can learn more about the Affordable Care Act here.)
What can you do?
To prevent getting conned, he says, "absolutely do not use a search engine as your starting point when looking for coverage."
Instead, go to a "known, trusted source," including the federal government's or your state government's website.
"Use these sites to identify the resources they’ve identified as trustworthy," Budd writes. "With that information you can then get more information by going to the sites they recommend (by typing the URL in yourself), calling the numbers listed or even visiting in person."
With an already confusing situation being made worse by issues such as computer snags in some areas of the country, it creates the "real risk of a perfect storm that can make this process a bonanza for identity thieves and cybercriminals," he says.
"This could be the most significant new area for phishing and identity theft in the next year in the United States. It also can give established health care scammers a new field to look for victims."