Tricare Data Breach

Posted: October 3, 2011 in Uncategorized
Tags:

On 14 SEP Science Applications International Corporation (SAIC) reported a data breach involving personally identifiable and protected health information (PII/PHI) impacting an estimated 4.9 million military clinic and hospital patients. The information was contained on backup tapes from an electronic health care record used in the military health system (MHS) to capture patient data from 1992 through September 7, 2011, and may include Social Security numbers, addresses and phone numbers, and some personal health data such as clinical notes, laboratory tests and prescriptions. There is no financial data, such as credit card or bank account information, on the backup tapes. The risk of harm to patients is judged to be low despite the data elements involved since retrieving the data on the tapes would require knowledge of and access to specific hardware and software and knowledge of the system and data structure.
The incident is being investigated and additional information will be published as soon as it is available. Meanwhile, both SAIC and TRICARE Management Activity (TMA) are reviewing current data protection security policies and procedures to prevent similar breaches in the future. Anyone who suspects that they were impacted by this incident is urged to take steps to protect their personal information and should be guided by the Federal Trade Commission at: http://www.ftc.gov/bcp/edu/microsites/idtheft/consumers/defend.html. Concerned patients may contact the SAIC Incident Response Call Center, M-F from 09-1800 EST in the U.S at (855) 366-0140. Those overseas can call collect to (952) 556-8312. The following is germane to the breach:
 Approximately 4.9 million patients who received care from 1992 through September 7, 2011 in the San Antonio area military treatment facilities (MTFs) (including the filling of pharmacy prescriptions) and others whose laboratory workups were processed in these same MTFs even though the patients were receiving treatment elsewhere.
 The PII/PHI data elements involved include, but are not limited to names, Social Security numbers, addresses, diagnoses, treatment information, provider names, provider locations and other patient data, but do not include any financial data, such as credit card or bank account information.
 Not just anyone can access this data. Retrieving the data on the tapes requires knowledge of and access to specific hardware and software and knowledge of the system and data structure.
 The exact circumstance surrounding this data loss remain the subject of an ongoing investigation. Thus, Tricare waited to announce the breach to beneficiaries because they wanted to determine the degree of risk this data loss represented before making notifications not want to raise undue alarm.
 TRICARE and SAIC are working together to identify as quickly as possible all beneficiaries whose information may have been involved in the breach and notify as appropriate.
 Affected beneficiaries to protect themselves can monitor their credit and place a free fraud alert on their credit for a period of 90 days using the Federal Trade Commission (FTC) web site. The FTC site also provides other valuable information regarding actions that can be taken now or in the future, should any problems develop. This information is available at: http://www.ftc.gov/bcp/edu/microsites/idtheft/consumers/defend.html
 To get more information affected beneficiaries can call the SAIC Incident Response Call Center, M-F from 09-1800 EST in the U.S at (855) 366-0140. Those overseas can call collect to (952) 556-8312.
[Source: http://tricare.mil/mybenefit/Download/Forms/DataBreach_PublicStatement.pdf 28 Sep 2011 ++]

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s