It is a essential time of the 12 months for the 24 million Americans who depend on medical health insurance bought by the general public market.
Open enrollment is the season — from Nov. 1 to Jan. 15 — when Individuals to decide on and lock in a medical health insurance plan for the next 12 months. For anybody trying to purchase well being care protection for 2026, the subsequent few weeks are essential. Dec. 15 is the deadline for protection that takes impact on Jan. 1.
However that significance (and urgency) can also be what makes it a time of excessive danger when online scammers could attempt to exploit you. Shopper consideration and anxiousness round open enrollment are incessantly exploited by refined cybercriminals, resulting in identification theft, monetary loss and interruption of medical care.
Whereas open enrollment is critical to maintain your protection going into subsequent 12 months, you have to be vigilant towards advanced scams that focus on Medicare beneficiaries and Market enrollees by impersonation, high-pressure gross sales and profit fraud.
A number of key defensive methods — paired with some tech instruments and companies — will help defend you, your private knowledge and your funds.
This is what a cybersecurity professional and a healthcare professional say you are able to do to maintain your self secure throughout open enrollment season.
Do not miss any of our unbiased tech content material and lab-based evaluations. Add CNET as a most popular Google supply.
Why open enrollment is a first-rate goal for fraudsters
1. Urgency and confusion
The urgency of open enrollment season is constructed into the construction of this system. There’s a deadline, in spite of everything.
“Any of those durations the place there’s one thing on the road, for those who do not act, there’s urgency,” says Josh Kamdjou, CEO and co-founder of AI electronic mail safety firm Chic Safety. “It’s extremely pure for a fraudster to try to benefit from that.”
That is very true of open enrollment, as a result of the stakes are so excessive. “Lots of people are susceptible to wanting to ensure their well being care is enrolled,” says Sharon Auma-Ebanyat, analysis director for the healthcare trade at Data-Tech Analysis Group.
There will also be some pure confusion as a result of complexity of well being protection within the US. There’s Medicare, Medicare Benefit, Medicaid and varied Market tiers. This makes shoppers prone to “simplistic” gives that may come from scammers promising to make all of it simple.
In 2025, California Health Advocates reported {that a} suspicious electronic mail was circulating concerning an alleged Medicare refund. Consultants warn towards these kinds of scams the place you’re lured by free funds in change for handing over your private knowledge. At all times name your supplier utilizing the quantity in your official insurance coverage card to confirm the message is legit.
2. Excessive quantity of legit contact
The official course of for open enrollment, even with none dangerous actors, entails plenty of legit communication from authorities companies and healthcare suppliers.
This creates a gap for scammers utilizing phishing techniques like pretend calls, emails or texts. As a result of shoppers are already anticipating plenty of calls or messages, scammers can attempt to mix into the chaos.
3. Goal demographics
Typically talking, “most assaults of this type are indiscriminate,” Kamdjou says. “These are very a lot untargeted, mass spray-and-pray phishing” makes an attempt.
That stated, some demographics is perhaps extra susceptible to scams than others.
Older Individuals who will not be as tech savvy, for instance, is perhaps extra liable to reply a fraudulent name or message, Auma-Ebanyat says.
Decrease-income Individuals may additionally be focused throughout this time. That is as a result of, particularly for these with Medicaid protection, “that enrollment course of is a bit unstable” from month to month, Auma-Ebanyat says. Scammers search for these gaps and goal them, preying on individuals with an actual sense of urgency or a determined want for care, she says.
Anatomy of open enrollment scams
I requested our consultants to drag out the commonest rip-off sorts to point out how fraudsters function and what techniques they depend on.
1. Phishing/Vishing
The Risk: Unsolicited calls, texts or emails claiming to be from Medicare, HealthCare.gov or a identified insurer corresponding to Blue Cross Blue Defend. Scammers demand rapid motion, claiming the beneficiary wants a “new card,” that their “protection is expiring,” or they need to “re-verify” their Social Safety quantity or Medicare quantity.
“Caller ID can lie,” Auma-Ebanyat says, so do not belief it.
Authorities companies normally don’t name out of the blue asking for private data or fee.
Scammers use high-pressure techniques in texts and emails to trick shoppers into handing over private data.
2. False advantages and medical provide schemes (Medicare)
“Free” companies: Providing free presents, well being screenings, genetic testing or medical provides in change for a Medicare ID quantity or different delicate private data. “Do not click on any adverts and freebies,” says Auma-Ebanyat.
Faux low cost plans: Promoting “medical low cost plans” that cost a month-to-month payment however supply no actual insurance coverage or legit entry to taking part suppliers.
Defending your self: Important protection methods
These sensible steps will help you keep forward of scammers and safeguard your data throughout enrollment season.
1. Guard your private data
By no means share your Medicare ID, Social Safety quantity, financial institution data or bank card information with an unsolicited caller, emailer or customer.
2. Confirm unsolicited contact
Scammers use caller ID spoofing to make calls seem legit. If somebody calls claiming to be from a authorities company or plan, hold up. Name the official quantity discovered on the again of your insurance coverage card or use the official authorities numbers discovered on any “.gov” web site.
“By no means belief caller IDs,” says Auma-Ebanyat. “Any time you’re feeling pressured to do something, at all times pause … and confirm.”
- The official Medicare contact quantity is: 1-800-MEDICARE (1-800-633-4227)
- The official medical health insurance Market contact quantity is: 1-800-318-2596
To assist defend your identification, share your medical insurance coverage card quantity and never your Social Safety quantity.
3. Use official sources solely
Solely entry enrollment portals through the safe, official authorities web sites (HealthCare.gov or Medicare.gov).
At all times examine for “https://” protocol and the “.gov” area.
Search free, trusted assist by the official Market Name Middle or your State Well being Insurance coverage Help Program (SHIP). By no means pay for enrollment assist.
4. Acknowledge purple flags
Any demand to “act instantly” or face dropping protection is a serious purple flag. Authentic enrollment processes permit time for evaluation.
“It is best to by no means simply give out data on the fly,” says Auma-Ebanyat.
Be cautious of brokers providing costly sign-up presents, money or free screenings in change on your Medicare ID.
5. Be cautious of QR codes
Keep away from scanning QR codes associated to open enrollment — a brand new sort of rip-off entails scanning QR codes fairly than clicking on hyperlinks.
A brand new sort of open enrollment rip-off lately has concerned using QR codes, fairly than malicious hyperlinks, in phishing emails, in accordance with Kamdjou.
Keep away from scanning QR codes associated to open enrollment. As Kamdjou notes, Medicare.gov in all probability is not going to ship you a QR code. “It is used as a technique to bypass safety options,” he says.
6. Monitor and report
Verify your Rationalization of Advantages (EOB) statements frequently for unauthorized fees or companies you did not obtain. Instantly report suspected scams to 1-800-MEDICARE or the Federal Trade Commission (FTC).
7. Do not be too laborious on your self
Even for those who do the whole lot proper, there’s nonetheless an opportunity you possibly can fall for a rip-off.
“In terms of scamming, it is extra of a play on psychology than something,” which suggests everyone seems to be prone, says Auma-Ebanyat.
“Do not take it personally; it occurs to the very best of us,” Kamdjou says. As a substitute, study out of your errors to higher defend your self subsequent time.
8. Be careful for fraud from legit dealer and brokers
The dealer or agent you employ on your ACA or Medicare enrollment may very well be a nasty actor. Look out for misconduct behaviors corresponding to:
Misrepresenting earnings (ACA): Rogue brokers or net brokers encourage or immediate candidates to purposely misstate family earnings to qualify for larger subsidies, which is fraudulent.
Unauthorized enrollment: Switching a person’s well being plan with out their specific consent, usually to earn larger commissions. This is named “plan-switching” or “slamming”.
Charging at no cost companies: That is when navigators or licensed software counselors, who’re legally required to supply assist at no cost, illegally cost charges for enrollment help.
Think about ID theft or credit-monitoring service
Past the fundamental on-line safety hygiene (robust passwords, verifying all contact, pausing earlier than giving out private data), you would possibly need to take into account ID safety and theft companies to protect towards healthcare fraud.
The companies under have a wide array of options, prices and charges. CNET exams and recommends the best identity theft protection services, however this is a breakdown of some widespread options.
- Credit score monitoring and alerts: The three main credit score bureaus (Equifax, Experian and TransUnion) can track your credit report and ship you alerts for any key adjustments, like a giant new credit score line or mortgage in your file.
- Darkish net monitoring: Scammers, as soon as they steal your data, usually attempt to promote it on the darkish net. Darkish net monitoring companies can provide you with a warning in case your private data finally ends up there, and supply restoration help if that does occur.
- Public information monitoring: Some identification monitoring companies include the ability to monitor public records (like courtroom filings or property deeds) to provide you with a warning in case your data seems someplace that it isn’t speculated to be, indicating potential identification theft.
- Credit score freezes/locks: For those who do end up within the midst of a rip-off, otherwise you unintentionally gave away delicate data, you may name your banks and bank card corporations to “freeze” your accounts, which is able to stop scammers from accessing your funds.
- Monetary account alerts: Many banks and monetary establishments can notify you of surprising exercise or giant transactions, which could tip you off to probably fraudulent exercise.
- Multi-factor authentication: Enabling two-step authentication in your on-line accounts is a wonderful technique to defend towards hackers. Even when they’re capable of steal a password, it is a lot more durable to entry your account if it requires a verification code despatched to your cellphone quantity.
Allow multi-factor authentication (2FA) to guard your accounts.
- Use a password supervisor service: A password supervisor service helps you generate and retailer robust passwords, which might defend you from scammers attempting to entry your passwords or your accounts. CNET recommends Bitwarden and a few others.
- Identification restoration companies: Some identification theft monitoring and safety merchandise additionally supply “restoration” companies. One of the best ones supply white glove restoration, which assigns a fraud specialist to your case to do the heavy lifting to revive your identification, according to CNET experts.
- Think about antivirus software program: A good antivirus software in your laptop can filter out some makes an attempt by hackers to ship you fraudulent communications or entry your delicate data.
