BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

TRICARE data breach

From: security curmudgeon <jericho () attrition org>
Date: Mon, 21 Nov 2011 13:07:12 -0600 (CST)


---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.af.mil/news/story.asp?id=123280606

11/18/2011 - WASHINGTON (AFNS) -- Science Applications International 
Corporation is mailing letters to affected military clinic and hospital 
patients regarding a data breach involving personally identifiable and 
protected health information.

On Sept. 14, SAIC reported the loss of backup tapes containing electronic 
health care records used in the military health system to capture patient 
data from 1992 through Sept. 7, 2011, in San Antonio-area military 
treatment facilities.

This includes patients filling pharmacy prescriptions and other patients 
whose laboratory workups were processed in these same MTFs, even if the 
patients were receiving treatment elsewhere. The data may include Social 
Security numbers, addresses and phone numbers, and some personal health 
data such as clinical notes, laboratory tests and prescriptions. There is 
no financial data, such as credit card or bank account information, on the 
backup tapes.

The risk of harm to patients is judged to be low since retrieving the data 
on the tapes would require knowledge of, and access to, specific hardware 
and software and knowledge of the system and data structure. As a 
precaution, the assistant secretary of defense (health affairs) determined 
that SAIC should notify potentially impacted persons or households of this 
incident by letter.

As directed by TRICARE Management Activity, SAIC will provide credit 
monitoring and credit restoration services for one year for patients 
requesting them. The credit restoration services being provided exceeds 
current industry standards for responding to a data breach.

SAIC's Incident Response Center is available to answer patient's 
questions, including helping with signing up for credit monitoring, Monday 
through Friday from 9 a.m. to 6 p.m. EST. Concerned patients should call 
the response center to ask questions and verify authenticity of the 
letter:

- United States, call toll free at 855-366-0140

- International, call collect at 952-556-8312

For more information, visit http://www.tricare.mil/Breach/.

(Courtesy of TRICARE Public Affairs.)
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/
Previous By Date Next
Previous By Thread Next

Current thread: