DATE ISSUED: 10/25/2013
SUBJECT: Domain Squatting of Healthcare Exchange Websites
Domain squatters registered over 700 domains related to the Patient Protection and Affordable Care Act following the rollout of healthcare exchange websites on October 1st, 2013. Since many healthcare exchange sites registered in the .gov top-level domain, domain squatters registered the same and similar names in the popular .com and .net top-level domains. Some examples of fictitious websites include:
Domain squatters register domains similar to those of high-traffic websites, in order to generate profit or exploit users. While some websites existed prior to the establishment of the healthcare exchanges and may be legitimate, others appear to be a legitimate exchange but provide a fictitious signup process in order to collect user’s personal identifying information (PII). Such websites put users at risk for identity theft and financial fraud.
We recommend the following actions be taken:
· States should ensure that the uniform resource locator (URL) of their healthcare exchange website is prominent on all advertising to limit the potential for confusion amongst users.
· If there is still a concern of users being directed to fictitious websites, states should direct all users to the federal Affordable Care Act website (http://healthcare.gov) which links to the individual exchanges. This will reduce the likelihood that users mistakenly land on a fictitious website when navigating to the state’s exchange.
· States should regularly monitor search engine results to ensure that their healthcare exchange websites are the top listed result and not a fictitious website. If a fictitious website is listed, please contact the CIS SOC.
The Center for Internet Security
31 Tech Valley Drive
East Greenbush, NY 12061
7x24 SOC 1-866-787-4722