• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Security   »   Why Digital Certificates are Important for Health Care Sites and How to Use Them

Why Digital Certificates are Important for Health Care Sites and How to Use Them

  • Posted on:October 2, 2013
  • Posted in:Security
  • Posted by:Christopher Budd (Global Threat Communications)
0

One of the problems people are facing as they look for Health Insurance Exchange websites is that not all Health Insurance Exchange sites are using digital certificates. This means if you’re talking with a site that doesn’t have a digital certificate, it’s impossible for you to be sure it is who you think it is. This is one thing that makes the current situation around Health Insurance Exchange sites potentially dangerous.  

There are some sites that do use digital certificates. And on those sites that do, you can and should use that to help verify that site. As people start to learn how to sign up for health insurance online, understanding how to verify a site using its digital certificate is an important skill to help keep you safe and away from possible scam and phishing sites. 

Many people don’t know what digital certificates are. But you’ve likely used them for years even if you don’t know what they are. Digital certificates provide the “lock” in the address bar of your browser that we should all be looking for when we’re doing things like shopping or banking online:

healthcare.gov

Most people know that the lock means it’s OK to send information like credit card numbers: the lock tells them the information is encrypted. What many people don’t know is that the lock also tells them they can use the digital certificate to verify the identity of the site they’re talking with. 

The lock acts like a driver’s license or passport. And you check it just like someone checks your passport or driver’s license to verify you are who you say you are. 

To verify a site using its digital certificate, you first have to make sure you’re going to the site using HTTPS. Actually type the URL in the address bar starting with “HTTPS.”

healthcare.gov2

If the site doesn’t come up or you get an error, that means it either doesn’t have a digital certificate or doesn’t have one you can be sure of. If this happens you won’t be able to check that site and be sure. Unfortunately many legitimate Health Insurance Exchange websites don’t have good certificates you can check: that means you have to be extra careful with those sites. Instead of continuing online, consider calling your state insurance agency for help finding the resources that you need instead.

If the website does come up with no errors, the next thing you want to do is bring up the digital certificate. This is where you basically ask the site to show you its driver’s license or passport. On most browsers you can click the lock and it will bring up information from the certificate. 

You want to find the website name on the certificate and make sure it matches the name of the site you wanted to talk with. In the example below you can see the name of the website highlighted.

healthcare.gov3

 

If you want additional information, you can bring up the full digital certificate itself by. In the example below, you click “certificate information” to bring up the full digital certificate.

 

 

The full digital certificate contains a lot of information you don’t need to worry about. The main items you want to check are the “Issued to” and the “Valid from/to” dates. Just someone checks the name and dates on your driver’s license or passport; these are the key things that tell you the site is who it says it is and that the digital certificate itself is valid.

As online Health Insurance Exchanges mature, it’s almost certain that they’ll all be required to have digital certificates so you can verify them. For now, though, if a site doesn’t give you that option, you should be wary and consider not using it. Most importantly, though, it’s important to get into the habit of looking for the lock not just to protect your information through encryption but to know if there’s a digital certificate you can check. And then, it’s important that you check the digital certificate and verify the site before you start entering any data. When dealing with personal information around healthcare, it’s critical you make sure you don’t give it to the wrong person and find that you, a family member or even your entire family are the victims of identity theft.

Related posts:

  1. Affordable Care Act-related sites need an online seal program
  2. The Coming Risk of Scam “Obamacare” Sites
  3. Why is health care being targeted by hackers?
  4. Mobile devices in health care: How secure are they?

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Cloud-based Email Threats Capitalized on Chaos of COVID-19
  • Detected Cyber Threats Rose 20% to Exceed 62.6 Billion in 2020
  • Trend Micro Recognized on CRN Security 100 List
  • Trend Micro Reports Solid Results for Q4 and Fiscal Year 2020
  • Connected Cars Technology Vulnerable to Cyber Attacks
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.