Updated: 01/31/2014 7:46 AM
Created: 01/30/2014 9:41 PM KSTP.com
By: Jay Kolls
KSTP tested all five HMOs that are under contract with the state to offer health care insurance under MNsure, and four of them failed our cyber security test.
Computer Forensic Services (CFS) performed the tests on the websites of Preferred One, HealthPartners, UCare, Blue Cross/Blue Shield of Minnesota and Medica.
"Only Medica passed with a truly secure website when people log in with their usernames and passwords," Mark Lanterman, owner of CFS, said.
Lanterman tells 5 EYEWITNESS NEWS, "This is a serious computer security problem for the state and the companies that are contracting with to provide health insurance options."
Lanterman says the websites of Preferred One, HealthPartners, UCare and Blue Cross/Blue Shield could be easily hacked.
"I had usernames and passwords within seconds, and that is bad for consumers exposing them to credit card fraud, identity theft and dozens of other financial and health care crimes." he said.
Lanterman says bad guys can take usernames and passwords from a website and then track that person's personal information to other secure sites and gain access by using the victim's username and password.
UCare, Preferred One and HealthPartners all declined to comment on camera but did tell us, in part, they take what we found very seriously and were working to fix any possible problems. Blue Cross/Blue Shield told us they had already fixed the problem and had no reports of any customers who had their personal information compromised.