[HEALTH.MIL] Still More on The TRICARE Data Breach

  • From: HEALTH.MIL Mailing List
  • To: <HEALTH.MIL@xxxxxxxxxxxxx>, <TFL@xxxxxxxxxxxxx>
  • Date: Sat, 26 Nov 2011 11:26:11 -0600

Tricare Military Beneficiaries Being Informed Of Stolen Personal Data
By Steve Vogel, Published: November 24

The letter that arrived Saturday at the home of Fred MacLean in Fayetteville,
N.C., held alarming news: Computer backup tapes containing the retired Army
chaplain's personal information with the military's Tricare health system had
been stolen.

MacLean is hardly the only one receiving bad news. Letters are being sent this
month and next to the homes of all 4.9 million Tricare military beneficiaries
whose personal data has been stolen in one of the largest health-data breaches
ever reported.

The data on the tapes include names, Social Security numbers, addresses, birth
dates, phone numbers and laboratory tests but not any financial data such as
credit card or bank information, according to the letter from Science
Applications International Corp., a defense contractor for the Tricare
Management Activity.

The tapes were stolen on Sept. 12 from the car of an SAIC employee in San
Antonio who was transporting the data from one federal facility to another as
part of required backup procedures. The theft was publicly revealed on the
Tricare Web site and publicized in late September. But many beneficiaries,
including MacLean, are just learning the news with the arrival of the letters.

When MacLean's wife, Adrianne, called SAIC and Tricare for more information, she
said that everyone she spoke to offered reassurance. 

"They all told me it was encrypted and I had nothing to worry about," she said.
"You're crazy if you think I'm not worried."

In fact, "most of the data was not encrypted," SAIC spokesman Vernon Guidry said
this week.

Austin Camacho, a Tricare spokesman, said: "If that's something that's being put
out, they need to fix that in a hurry."

Following an inquiry from The Washington Post, SAIC said it "reinforced with our
call center personnel their previous instruction that they should not say the
data were encrypted."

Despite the data theft and the lack of encryption, SAIC and Tricare say the risk
to beneficiaries is low. "The chance that your information could be obtained
from these tapes is low since accessing, viewing and using the data requires
specific hardware and software," the SAIC letter states.

"There aren't a lot of people who know how to do it or have the equipment,"
Camacho said.

"At this time, we have no evidence to indicate the data on the backup tapes has
been accessed, viewed or used by others in any way," the SAIC letter states.

Nonetheless, SAIC is facing a class-action lawsuit filed in Texas seeking up to
$4.9 billion in damages on behalf of affected beneficiaries. A separate
class-action lawsuit has been filed seeking $4.9 billion in damages from the
Defense Department.

"We take this incident very seriously," Brig. Gen. W. Bryan Gamble, deputy
director of the Tricare Management Activity, said in a statement. "The risk to
our patients is low, but the Department of Defense is taking steps to keep
affected patients informed and protected."

Adrianne MacLean is not reassured. "Tricare was pointing the finger at SAIC, and
SAIC says, 'It's not our fault,' " she said. "Nobody had good answers for me."

SAIC has received reports from beneficiaries who fear that their information is
being misappropriated. The company is looking into whether the cases are linked
to the data theft, Guidry said. SAIC is about halfway through the mailing and
expects it to be completed in early December, he added.

Procedures for backing up computer data have been changed. "The tapes are no
longer transported," said Guidry, who declined to discuss how the information is
now being backed up.

The employee from whom the tapes were stolen no longer works for SAIC, Guidry
said, but he declined to say whether his departure was related to the incident.

Said Adrianne MacLean: "It's not fair for veterans to have to deal with this on
top of everything else they're facing."

SOURCE:  Washington Post News Article at

== HEALTH.MIL Mailing List ==

1.  The following options may be used to join\leave this mailing list:

    a.  ONLINE OPTION:  Online subscription\unsubscription options are 
available at:


    b.  E-MAIL OPTION:  Subscription\unsubscription may be performed by sending 
an E-Mail message to the following address:

        (1)  To subscribe to this mailing list, send an E-Mail message to 
HEALTH.MIL-request@xxxxxxxxxxxxx with 'subscribe' as the subject.

        (2)  To unsubscribe, send an E-Mail message to 
HEALTH.MIL-request@xxxxxxxxxxxxx with 'unsubscribe' as the subject.

2.  If the above subscribe or unsubscribe procedures don't work or if you have 
questions, comments, etc., about this mailing list, please contact 

Other related posts:

  • » [HEALTH.MIL] Still More on The TRICARE Data Breach - HEALTH . MIL Mailing List