Randy Westergren looked into Christiana Care’s online payment portal, which involves a third party payment processor developed by BYL Companies, LLC. What Randy found was very concerning, and he promptly notified BYL of his findings.
You can read his write-up of it all on his site.
So here’s the thing: how many people may have actually exploited the vulnerability he found before he reported it and they patched it? We don’t know.
This is not the first time a healthcare payment processor screwed up. Years ago, I reported how Verus, Inc. forgot to restore a firewall following an upgrade and left a number of its client hospitals’ payment portals unsecured. Over 60,000 patients had to be notified and the firm folded.
How secure do you feel using online patient portals? I’ve never used them because I’m so distrustful of security – or lack thereof – by now.