Readers of this SSL Blog will recall that there was a time when tracking the early adoption of Extended Validation SSL was one of this blog's main functions. As it has become more mainstream, I've left off mentioning deployment on individual sites unless they're very important.
Today I'm highlighting the fact that EV SSL is live on Aetna. This deployment is important because of Aetna's leadership position in both the insurance and health care industries. Both these industries deal in a great amount of personal information for which confidentiality is very important and which individuals want to ensure is secure.
Consider the consequences of a privacy breech on three types of sites: E-commerce, financial, and health care. In the first case a credit card number is stolen. The individual has to go through the hassle of disputing charges and getting a new credit card. Definitely a bummer. The second case is worse. The individual most likely is the victim of account takeover, meaning that money is stolen either directly or indirectly. Now the individual has to deal with a bank or trading firm or the like to see to it that his or her money is returned, usually at the expense of the financial service provider in question.
All bad. But let's talk about what happens when confidential health care information escapes into the public sphere. Now there is no recourse, no matter how hard you work at it. A bank account can be restored. Compensation can come to the victim of a pump-and-dump scheme. But once there's general knowledge of who uses which prescription drugs or who has been diagnosed with cancer or who has tested positive for a congenital disease, then no activity, no action of the court, no trick of law enforcement will ever put that genie back in that bottle.