VIRGINIA BEACH -- Rich Guillory of Virginia Beach is questioning the security of the Affordable Care Act website, HealthCare.gov.
Guillory signed up for a plan through the website on the marketplace. Just one day later, he started getting phone calls from two Virginia Beach numbers. The callers were asking if he needed help finding a plan.
At the time, Guillory didn't have time to talk, but the calls kept coming. He remembers getting seven to eight calls. Finally, he called one of the numbers back and got a surprise.
"A lady answered the call and said 'I don't know what you're talking about,'" explains Guillory.
He called the second number back and got another person, clueless as to what he was talking about.
"I was thinking at that time, this doesn't sound right at all," Guillory said.
The next time he got a call, Guillory began to question the person on the other end.
"I told them, 'I tried to contact y'all a couple times and this is not a legitimate number.' They hung up immediately," Guillory explained.
That led to a flood concerns for Guillory, who now wondered how the mystery person got his personal information. He feels it has to be connected to signing up for insurance on HealthCare.gov.
"Has to be. There's no other way for those people to have known that I was looking for insurance," Guillory said.
The other victim in this case is a woman from Virginia Beach, who prefers not to be identified. It was her phone number that popped up on Guillory's caller ID, but she wasn't making the calls. Her number also appeared on the caller ID of others and many called her with similar concerns.
She says the mystery caller somehow made the calls appear as if they were coming from her cell number.
"That's when I learned that my number had been spoofed, and I had no idea what that even was," she says.
Spoofing is a process that cyber-security expert Heather Engel says is easy to do. "It's easier than you think to make it look like you're calling from a different number than you actually are."
Engel says there have been some concerns about the security of the HealthCare.gov website and she believes it's possible that Guillory's information was somehow lifted from the site.
Engel also says it could just be a 'weird coincidence' and Guillory's information could have come from another source. And it's not a surprise that the caller was looking for personal health information, a bigger prize on the black market.
"Healthcare records generally go for $8 to $25 on the black market. A credit card number would go for $6. A criminal will use it to get insurance, use it to buy drugs, which can then be resold on the street," Engel said.
The federal government is pushing back on any concerns about security on HealthCare.gov.
Aaron Albright is the director of the media relations for the Centers for Medicare and Medicaid Services under Health and Human Services.
Albright issued this statement:
When consumers fill out their online Marketplace applications, they can trust that the information that they are providing is protected by stringent security standards. To date, there have been no successful security attacks on healthcare.gov and no person or group has maliciously accessed personally identifiable information from the site...Security testing is conducted on an ongoing basis using industry best practices to appropriately safeguard consumers’ personal information. The security of the system is also monitored by sensors and other tools to deter and prevent any unauthorized access.