Exchange Cyber Leak Stopped

Healthcare.gov was involved in scandal earlier this year as reports arose saying the website was sending private information to third parties.  The information leaked was personal health information that mistakenly became part of the URL that third parties had access to.   Inside the URL was the age, smoking status, pregnancy status, parental status, zip code, state and annual income of the individual on healthcare.gov. The URL was created when customers used the Window Shopping tool to estimate their coverage cost.  When a consumer got their results, it created a URL that included the data entered in the calculator that third parties could see even if the “Do Not Track” feature was activated.  These third parties can be companies like Doubleclick which matches personal data collected from sites to your online presence and creates detailed and targeted ads.  For example, if you are pregnant the ads can be pregnancy-centered.

Other risks include a cyber-attacker compromising healthcare.gov via a third-party resource and using that information for nefarious purposes.  However, there is no indication that this has happened and no alarm has been raised by the government about a significant risk.

In fact, the Department of Health and Human Services (HHS) already added another layer of encryption to the website to help security.  The information embedded in the URL is no longer there and new encryption limits the personal information available to third-party companies.  The HHS will continue to monitor online security and take steps as needed to protect customers.

Linkedin Facebook Twitter Email
, , ,

About Andie Schieler

Andie is an attorney and works in J.W.Terrill's Compliance division specializing in interpreting the Affordable Care Act and various insurance laws. She advises clients on legal and regulatory issues affecting their employee benefit plans. She obtained her law degree from Saint Louis University and undergraduate from Indiana University Bloomington.

View all posts by Andie Schieler

No comments yet.

Leave a Reply

Time limit is exhausted. Please reload the CAPTCHA.