National Review Online has the details:
Multiple state-run health-care exchanges are vulnerable to a type of Wi-Fi attack that can allow hackers to intercept usernames and passwords, KSTP, a Minnesota ABC affiliate, reports.
According to Mark Lanterman, the CEO and chief technology officer of Computer Forensic Services who ran the simulated attack for KSTP, state-run exchanges in Minnesota, Hawaii, Nevada, Colorado, New Mexico, New York, Maryland, and the District of Columbia are vulnerable to it.
Lanterman tested at least a dozen of the state-run exchanges to determine if they had the vulnerability. Kentucky, Rhode Island, Vermont, Massachusetts, and California did not. HealthCare.gov, the federal exchange, also is not vulnerable to the attack.
Google refused to answer questions posed by KSTP regarding Lanterman’s claim that Google was collecting MAC addresses from users when they hosted Healthcare.gov.
Video of the KSTP report: