A serious breach of the personal information protection law has been reported by one of the Pentagon’s major contractors. Up to 4.9 million of patients, who have received care from military facilities in San Antonio since 1992, have been affected.
According to Science Applications International Corp., the breach was caused by the theft of backup tapes with health records. Some of the records contained social security numbers, addresses, phone numbers and health data of patients from 10 states.
As stated on the TRICARE DoD's Military Health System web site, the backup tapes contained no data on bank cards and accounts.
Tricare is the health care coverage for retired and active military personnel and their families.
According to the web-site’s statement, the tapes contained the records of patients who were seen at San Antonio-area military treatment facilities, or had lab workups processed in the facilities, from 1992 through Sept. 7 this year: names, social security numbers, addresses, diagnosis and treatment data, names and phone numbers of medical facilities, as well as other patients’ details. The tapes could also include health records, lab test results and prescribed drug data.
The word “breach” is not used in the statement. Tricare patients are just informed of “a loss of backup tapes with personal and protected medical data”.
There is no proof that the data has been used for abuse. The Tricare web-site’s statement also says that the department and the company are trying together to identify the beneficiaries, whose personal information could fall into third party hands because of the above disturbance.
Comments by Nikolay Fedotov, InfoWatch chief analyst: «It would be naive to believe that bad guys will not be able to read or decode a backup copy. There is a big black market in the USA where marketable personal information (like in this case) is circulated. Numerous "getters" sell raw data to wholesalers, who then actually sell it to retail customers. Just the fact that in order to read a backup tape the industrial equipment, which can’t be purchased in the supermarket next door, is needed, does not guarantee that this data won’t be sold. Not even a little! This only reduces the price at the first resale phase. A tape with millions of social security numbers ($12-16 each in retail) will surely get into reliable and capable hands».