How to Identify and Avoid Health Insurance Enrollment-Related Phishing Scams

The Oct. 1 rollout of federal health insurance exchanges has suffered from numerous technological glitches. However, another negative outcome—phishing scams disguised as official-looking enrollment emails—isn’t the fault of the government or its IT contractors.

Why Phishing, and Why Now?

Periods of confusion provide great opportunities for scammers, and the current upheaval in health insurance delivery, with the federal site, multiple state-run exchanges, Medicaid expansion, and legitimate third-party/broker options, is a great example. Consumers are “faced with the challenge that there’s no official marking or labeling that they can look at on a site to know that it’s officially sanctioned,” says Christopher Budd, threat communications manager for Trend Micro. “A survey of state and third-party sites also shows that aren’t required to verify the site using SSL .” As a consequence, consumers are “going to be faced with potentially hundreds or thousands of sites that claim to be legitimate but won’t be able to easily verify that claim.”

What Do These Scams Look Like?

Many suspicious emails will purport to be serious communications about health insurance enrollment. But rather than directing users to or an official state site, links point to bogus websites designed to glean personal information. In certain instances, simply opening an email or clicking on a link will immediately load malware on a user’s computer.

How Can These Phishing Scams Be Prevented?

The first step is obvious: avoid opening any email that comes from an unrecognized sender, especially if it contains attachments or links that look suspicious. URLs like,, and are NOT official sites. Meanwhile, Internet addresses that contain long strings of jumbled letters and numbers instead of words are also indications of scams. Avoiding search engine queries to find health insurance exchanges is another way to steer clear of fake sites.

What Can Small Businesses Do to Protect Themselves and Their Employees?

Company-wide Internet filtering can prevent workers from accessing some unauthorized websites. Employers should also take extra precautions to alert their employees when and from whom any insurance or enrollment-related communications will arrive. Also, notifying IT support staff—whether internal or external—when obvious phishing attempts do arrive can also cut down on the future threat of fraud or infection.

Anyone with questions about the healthcare exchanges is encouraged to call the federal hotline at 1-800-318-2596 (small businesses can call 1-800-706-7893). Although is still experiencing some technical glitches, recent news reports state that call center wait times are currently quite short.

The future of healthcare, particularly for those in the small to medium-sized business realm, still looks murky—and CMIT Solutions feels your pain. With so many healthcare-related questions to answer and decisions to make, you shouldn’t have to worry about data security and IT, which is our specialty. Call or email today to find out how CMIT can make technology work FOR your business, not AGAINST your business—with no glitches in sight.

Back to Blog


Related Posts

15 Quick Keyboard Shortcuts to Supercharge Your Use of Microsoft Office

In late 2013 and early 2014, CMIT Solutions covered 10 tricks, tips,…

Read More

Personal Data at Risk if You Don’t Wipe Your Old Mobile Device

Over the last 12 months, the four largest mobile carriers in the…

Read More

Who Can You Trust with Your Information? Recent Poll Says Not Many Institutions

No technology trend has been more ubiquitous lately than online security (or…

Read More