Skip Tags

Popular Tags

Decorative icon

The Resource Center Identity Theft & Protection The Resource Center | article

Security Flaws Found in State Health Insurance Websites

Federal investigators have discovered potentially serious security flaws in the health insurance websites operated by California, Kentucky and Vermont.The Affordable Care Act gives each state the option to create its own health insurance exchange in which those who do not already have employer-based coverage can shop around for an individual policy – possibly qualifying for subsidies in the process. Those states that do not create exchanges automatically default to a federal exchange.

In the immediate aftermath of the ACA rollout, the big story was that the federal website suffered from numerous problems and was unable to function properly amid the demands of thousands of users. Reviews of the state exchanges were more positive. While a few states – most notably Oregon – had some serious problems getting their systems up and running, others, like Kentucky, had websites that worked quite well and were popular among users.

Recently, however, it seems that some state exchanges have more problems than what initially appeared to be the case – particularly when it comes to securing users’ personal information.

Security flaws found in three state health insurance websites

Federal investigators have discovered potentially serious security flaws in the health insurance websites operated by California, Kentucky and Vermont, according to the Associated Press. If not addressed soon, these weaknesses could allow hackers to obtain personal information belonging to thousands of residents in each of these states.

While the Government Accountability Office did not specifically identify which state had particular problems, it did give reporters a general overview of what went wrong. One state, for instance, did not use a filter to block potentially hostile attempts to visit the website. Another state did not encrypt its servers properly.

Vermont officials have not yet commented publicly on this story. The governments of both California and Kentucky insist that there is no evidence of any successful attempts to steal personal information. However, they added that not all of the uncovered security flaws have been fixed yet.

In Kentucky, for instance, former Gov. Steve Beshear said through a spokesperson that “not all those issues had been addressed” by the time his successor, current Gov. Matt Bevin, took office last year. Bevin’s office told the Associated Press that efforts to fix the problems are ongoing, and that security is “of the utmost importance.”

Why medical identity theft is such a threat

Medical identity theft is different from other forms of financial identity theft, and in many ways leaves victims in riskier positions.

Those who are targeted by financial identity theft, such as credit card fraud, face the possibility that they will lose money and suffer damaged credit. However, in recent years the financial industry has responded to the growing rate of financial ID theft by boosting security measures and limiting customer liability. If your credit card is stolen, for instance, you can report it to your card issuer and you generally won’t be held responsible for any purchases made. By comparison, the medical industry has been much slower to protect patients – many of whom may not realize that they have been targeted by medical identity theft for many months, if not years. You may check your bank statements regularly, but how often do you look up your medical records?

This is why it is important for every patient to take proactive measures to protect their identity from thieves, whether they live in one of the aforementioned states or not. An identity theft protection service, like Identity Guard, can help. By monitoring your credit file, Social Security Number and public records, our service can alert you to certain activity in your credit file that could indicate fraud.