Multiple state-run health-care exchanges are vulnerable to a type of Wi-Fi attack that can allow hackers to intercept usernames and passwords, KSTP, a Minnesota ABC affiliate, reports.
According to Mark Lanterman, the CEO and chief technology officer of Computer Forensic Services who ran the simulated attack for KSTP, state-run exchanges in Minnesota, Hawaii, Nevada, Colorado, New Mexico, New York, Maryland, and the District of Columbia are vulnerable to it.
Lanterman tested at least a dozen of the state-run exchanges to determine if they had the vulnerability. Kentucky, Rhode Island, Vermont, Massachusetts, and California did not. HealthCare.gov, the federal exchange, also is not vulnerable to the attack.
MNsure, Minnesota’s exchange, insists that its website does not have a problem.
KSTP also reports that during the period that HealthCare.gov was hosted by servers owned by Google, the tech giant appeared to be capturing MAC addresses—reporter Nick Winkler characterizes them as “computer fingerprints”—which can identify individual computers.
“It seems weird to me,” Lanterman told KSTP. “I’m a little bit troubled by it. It’s not something that would ordinarily be collected, so someone had to make a decision to collect it.”
Google has been unwilling to speak with KSTP about the collection of MAC addresses.