ST. PAUL, Minn. (AP) — Internet security experts have identified flaws in Minnesota's online health insurance marketplace that could compromise sensitive consumer data.
Minnesota Public Radio reports (http://bit.ly/1fnjRQH ) the MNsure website is vulnerable to "rogue access points." Such devices can masquerade as a standard wireless connection to the Internet. But when a user connects to the device it strips away security measures, allowing the hacker to see information passing between the user and MNsure's site.
When sensitive information is involved, websites typically offer encrypted connections so no one can eavesdrop. Some websites sever connections if the customer's computer or smartphone fails to use encryption to secure the communication. But MPR reports MNsure's site allows unsecured transmissions to go through.
The state's chief information security officer says the threat of this kind of attack is low.
Information from: Minnesota Public Radio News, http://www.mprnews.org