Skip to main content

Cyber Security

Go Search
Home
  
Cyber Security > Announcements > HealthCare Exchange Websites  

Announcements: HealthCare Exchange Websites

Title

HealthCare Exchange Websites 

Body

DATE ISSUED: 10/25/2013

 

SUBJECT: Domain Squatting of Healthcare Exchange Websites

 

Domain squatters registered over 700 domains related to the Patient Protection and Affordable Care Act following the rollout of healthcare exchange websites on October 1st, 2013. Since many healthcare exchange sites registered in the .gov top-level domain, domain squatters registered the same and similar names in the popular .com and .net top-level domains. Some examples of fictitious websites include:

 

healthcare[dot]org

affordablecareact[dot]us

obamacare[dot]us

 

Domain squatters register domains similar to those of high-traffic websites, in order to generate profit or exploit users. While some websites existed prior to the establishment of the healthcare exchanges and may be legitimate, others appear to be a legitimate exchange but provide a fictitious signup process in order to collect user’s personal identifying information (PII). Such websites put users at risk for identity theft and financial fraud.

 

RECOMMENDATIONS:

We recommend the following actions be taken:

·     States should ensure that the uniform resource locator (URL) of their healthcare exchange website is prominent on all advertising to limit the potential for confusion amongst users.

·     If there is still a concern of users being directed to fictitious websites, states should direct all users to the federal Affordable Care Act website (http://healthcare.gov) which links to the individual exchanges. This will reduce the likelihood that users mistakenly land on a fictitious website when navigating to the state’s exchange.

·     States should regularly monitor search engine results to ensure that their healthcare exchange websites are the top listed result and not a fictitious website. If a fictitious website is listed, please contact the CIS SOC.

 

The Center for Internet Security

31 Tech Valley Drive

East Greenbush, NY 12061

518-266-3488

7x24 SOC 1-866-787-4722

soc@cisecurity.org

Expires

12/20/2013 
Attachments
Created at 10/25/2013 3:29 PM  by Montoya, Arthur C. 
Last modified at 10/25/2013 3:29 PM  by Montoya, Arthur C.