These claims haven’t been thoroughly investigated yet, but they’re similar stories, and they have a “tip of the iceberg” feel to them. The report comes from ABC News affiliate WVEC in Virginia:
In both cases, people who gave their personal information to ObamaCare’s train-wreck website, Healthcare.gov, were swiftly contacted by shady individuals who had somehow obtained their data, using caller-ID spoofing techniques to conceal their true identity. They claimed to be insurance providers looking to get more personal information from the targets so they could “help them find a plan.” One of the targeted ObamaCare enrollees, Rich Guillory of Virginia Beach, reports the scammers were very persistent:
Guillory signed up for a plan through the website on the marketplace. Just one day later, he started getting phone calls from two Virginia Beach numbers. The callers were asking if he needed help finding a plan.
At the time, Guillory didn’t have time to talk, but the calls kept coming. He remembers getting seven to eight calls. Finally, he called one of the numbers back and got a surprise.
“A lady answered the call and said ‘I don’t know what you’re talking about,’” explains Guillory.
He called the second number back and got another person, clueless as to what he was talking about.
“I was thinking at that time, this doesn’t sound right at all,” Guillory said.
The next time he got a call, Guillory began to question the person on the other end.
“I told them, ‘I tried to contact y’all a couple times and this is not a legitimate number.’ They hung up immediately,” Guillory explained.
That led to a flood concerns for Guillory, who now wondered how the mystery person got his personal information. He feels it has to be connected to signing up for insurance on HealthCare.gov.
“Has to be. There’s no other way for those people to have known that I was looking for insurance,” Guillory said.
Prepare to be reclassified as a meaningless “anecdote” by the Administration, Mr. Guillory! Unless, of course, you’re already a meaningless anecdote because you had insurance that you liked, but ObamaCare killed it. You can’t get much less important to Barack Obama than that.
A cyber-security expert interviewed by WVEC News allowed that it was possible this was an early example of data theft from Healthcare.gov, or it might have just been a coincidence, despite Guillory’s conviction that he couldn’t have come to the scammers’ attention any other way. (Less is known about the other victim described in the report, who wished to remain anonymous.) The security consultant also laid out some surprising stakes for the scam artists, saying that health care data is actually much more valuable than stolen credit card numbers, because “a criminal will use it to get insurance, use it to buy drugs, which can then be resold on the street.”
Naturally, the Centers for Medicare and Medicaid Services assures us all is well, and security is impenetrable, even before they’ve made an effort to investigate the claims relayed by WVEC:
When consumers fill out their online Marketplace applications, they can trust that the information that they are providing is protected by stringent security standards. To date, there have been no successful security attacks on healthcare.gov and no person or group has maliciously accessed personally identifiable information from the site… Security testing is conducted on an ongoing basis using industry best practices to appropriately safeguard consumers’ personal information. The security of the system is also monitored by sensors and other tools to deter and prevent any unauthorized access.
I’d feel better about those assurances if they were actually required to inform the public about security attacks, but of course they’re not. Also, one of the big security concerns surrounding the badly-written Healthcare.gov site is that hackers would hijack data at the point of entry, by slipping malware into the thick stew of plugins and scripts that pour into your computer when you log in. The information needed by these phone scammers could have been skimmed that way, without actually hacking into any secure databases. There are a lot of possibilities to be investigated before these Virginia Beach incidents are either taken as proof of an immediate crisis, or written off as nothing. Also, we might ask: if only a few people have thus far reported the scam, how many others might have fallen for it – especially if, unlike Mr. Guillory, they were confused, or ran into system errors, and were thus unable to complete the signup process successfully?