The Washington State Insurance Commissioner’s office is investigating a number of websites that have popped up which have striking similarities to the state's Washington Healthplanfinder site.
The state's site is designed to provide information about the health insurance exchange that will start enrolling subscribers on October 1st.
At least one of the sites provides an insurance application asking for an individual’s private information, including the social security number.
“It’s impossible to tell which site is the real site and which site is not the state website,” said Christopher Budd, a online security and privacy expert at Trend Micro.
Budd believes the online enrollment of possibly hundreds of thousands of new subscribers can pose serious security issues.
“You’re going to hand over your personal information as a matter of course, and that’s an identity thief’s dream,” said Budd.
KING 5 found the owner of the look-alike website. Jeff Lindstrom of The Health Insurance Team says he’s a legitimate insurance broker in Shoreline, Washington.
“We couldn’t believe that the [website] domain existed,” said Lindstrom. “We thought [the state] bought it already. We thought great, it’ll help our business."
Lindstrom says he bought the domain name nine months ago and admits the site’s similarities have given his business a lot of traffic. But he says he does not mislead callers.
“People said ‘Are you the state exchange?’ We said ‘Unequivocally, no. We are not. We are licensed by the state to sell these plans, but we are not the state exchange,'” said Lindstrom.
The Washington State Insurance Commissioner’s office is investigating Lindstrom’s site and several others.
Security experts advise those signing up for insurance on the state’s exchange to use what they call “a chain of trust.” Do not use Google or Bing to search for the website. Instead, start with the Washington State Insurance Commissioners website and follow the links it provides to get to the exchange.