In the 2024 budget, the National Health Insurance Scheme (NHIS) got a total allocation of N1,145,554,925. Yet, its official website (www.nhis.gov.ng) has been unsafe for visitors for four months.
FIJ found that the website’s Secure Socket Layer (SSL) certificate expired on October 2, 2024, and it has not been renewed four months and six days later.
A visit to the website directs users to a page with this message: Your connection is not private. Attackers might be trying to steal your information from www.nhis.gov.ng (for example, passwords, messages, or credit cards).
READ ALSO: Second-Class Citizens: How Hospitals Treat Patients Under Osun Govt’s Health Insurance Programme
A screenshot of the website.
A screenshot showing the expiry date of the SSL certificate.
The SSL is a standard technology for securing an internet connection by encrypting data sent between a website and a browser to protect user privacy. It also boosts a website’s credibility and trustworthiness.
An expired SSL certificate increases cyber and business risks. Some of the implications include exposing visitors to hackers, who could exploit the vulnerability of the site to intercept and steal transferred information and data.
READ ALSO: SPOTTED: Kwara Govt Website Unsafe for Visitors as Administrators Fail to Renew SSL Certificate
The NHIS violates Section 7.3.3 of the standards and guidelines for government websites set down by the National Information Technology Development Agency (NITDA) by leaving its website in this unsafe state.
“In ensuring the security of Web Content, Government Institutions shall: i. Commit to a continuous process of maintaining the security of Web Servers to ensure continued security,” Section 7.3.3 states.
“ii. Use authentication and cryptographic technologies as appropriate to protect certain types of sensitive data with differing access privileges. It is recommended that SSL be used for any cryptographic implementation.”
A screenshot of the 2024 budget allocation.
Meanwhile, out of the N1.34 trillion allocated to the Federal Ministry of Health and Social Welfare and its 126 agencies in the 2024 fiscal year, N1.1 billion went to the NHIS.
Francis Ihejirika, a software developer, told FIJ in 2024 that renewing SSL certificates could be free or priced between $5 and $59.
On domain platforms such as DomanKing and TrueHost, SSL certificates could cost between N1,000 and N109,000 per month or N14,700 to N216,750 per year.
For a period of two years, one can also get SSL certificates that are as low as N39,960 and as high as N380,000.
The post NHIS Leaves Website Unsafe for 4 Months With Expired SSL Certificate appeared first on Foundation For Investigative Journalism.