Multiple state-run health-care exchanges are vulnerable to a type of Wi-Fi attack that can allow hackers to intercept usernames and passwords, KSTP, a Minnesota ABC affiliate, reports.
Lanterman tested at least a dozen of the state-run exchanges to determine if they had the vulnerability. Kentucky, Rhode Island, Vermont, Massachusetts, and California did not. HealthCare.gov, the federal exchange, also is not vulnerable to the attack.
MNsure, Minnesota’s exchange, insists that its website does not have a problem.
“It seems weird to me,” Lanterman told KSTP. “I’m a little bit troubled by it. It’s not something that would ordinarily be collected, so someone had to make a decision to collect it.”
Google has been unwilling to speak with KSTP about the collection of MAC addresses.