Healthcare.gov’s GuidewellConnect.com payment service is insecure due to expired certificate putting potentially millions at risk
I'm posting this here since nobody seems to be fixing this. I was helping someone sign up for insurance this week via the healthcare.gov website. They need to pay their first month premium by the start of the month to start getting insurance.
Healthcare.gov uses Guidewell Connect to do this. Sadly, they have an expired certificate so the SSL isn't working and as such the payment transaction isn't secure. This leaves people prone to having payment information stolen and leaves them open to intrusion.
Given the amount of money flowing through this website, it's rather insanely stupid that nobody had checked the SSL or that the link is working.
Does anyone know any of this geniuses? Any chance you can get them to do their jobs? It's hard to sign someone up for insurance on Aug 1 if you can't pay the first months premium.
I figured i'd post his here in case anyone knows these geniuses.
Error code: SSL_ERROR_UNRECOGNIZED_NAME_ALERT
Is the specific error.
submitted by /u/startupschmartup
[comments]