Many Tricare users now learning of Sept. data theft

By Steve Vogel

The letter that arrived Saturday at the home of Fred MacLean in Fayetteville, N.C., held bad news: Computer backup tapes containing the retired Army chaplain's personal information with the military's Tricare health system had been stolen.

MacLean is hardly the only one receiving bad news. Letters are being sent this month and next to the homes of all 4.9 million Tricare military beneficiaries whose personal data has been stolen in one of the largest health-data breaches ever reported.

The data on the tapes include names, Social Security numbers, addresses, birth dates, phone numbers and laboratory tests, but not any financial data such as credit card or bank information, according to the letter from Science Applications International Corp., a defense contractor for the Tricare Management Activity.

The tapes were stolen Sept. 12 from the car of an SAIC employee in San Antonio who was transporting the data from one federal facility to another as part of required backup procedures. The theft was publicly revealed on the Tricare website and publicized in late September. But many beneficiaries, including MacLean, are just learning the news with the arrival of the letters.

When MacLean's wife, Adrianne, called SAIC and Tricare for more information, she said that everyone she spoke to offered reassurance.

"They all told me it was encrypted and I had nothing to worry about," she said. "You're crazy if you think I'm not worried."

In fact, "most of the data was not encrypted," SAIC spokesman Vernon Guidry said this week.

Austin Camacho, a Tricare spokesman, said: "If that's something that's being put out, they need to fix that in a hurry."

Following an inquiry from The Washington Post, SAIC said it "reinforced with our call center personnel their previous instruction that they should not say the data were encrypted."

Despite the data theft and the lack of encryption, SAIC and Tricare say the risk to beneficiaries is low. "The chance that your information could be obtained from these tapes is low since accessing, viewing and using the data requires specific hardware and software," the SAIC letter states.

"There aren't a lot of people who know how to do it, or have the equipment," Camacho said.

"At this time, we have no evidence to indicate the data on the backup tapes has been accessed, viewed or used by others in any way," the SAIC letter states.

Nonetheless, SAIC is facing a class-action lawsuit filed in Texas seeking up to $4.9 billion in damages on behalf of affected beneficiaries. A separate class-action lawsuit has been filed seeking $4.9 billion in damages from the Defense Department.

"We take this incident very seriously," Brig. Gen. Bryan Gamble, deputy director of the Tricare Management Activity, said in a statement. "The risk to our patients is low, but the Department of Defense is taking steps to keep affected patients informed and protected."

Adrianne MacLean is not reassured. "Tricare was pointing the finger at SAIC, and SAIC says, 'It's not our fault,' " she said. "Nobody had good answers for me."

SAIC has received reports from beneficiaries who fear their information is being misappropriated. The company is looking into whether the cases are linked to the data theft, Guidry said. SAIC is about halfway through the mailing and expects it to be completed in early December, he added.

Procedures for backing up computer data have been changed. "The tapes are no longer transported," said Guidry, who declined to discuss how the information is now being backed up.

The employee from whom the tapes were stolen no longer works for the SAIC, said Guidry, but he declined to say whether his departure was related to the incident.

Posted to: Military Virginia

How to be civil in comments:

 No name-calling, personal insults or threats. No attacks based on race, gender, ethnicity, etc. No writing with your Caps Lock on – it's screaming. Keep on topic and under 1500 characters. No profanity or vulgarity. Stay G- or PG-rated. Read the full rules here.

Are They That Stupid?

On top of it all, family members received letters in the mail from SAIC wanting SSN, Birth Dates, Phone Numbers, Address and signature so they can "monitor our credit." They did such a great job the first time we are suppose to give them more information for them to loose and via the mail? Not me. I'll monitor my own credit. I don't trust they could secure the bathroom door behind themselves!

you got that right

there is no way on God's green earth that I'm going to give SAIC any information. I will call the 800 number to see what the heck is going on, though. And I can monitor my own damn credit, thanks very much.

SAIC - the same company who burned through $600M developing completely non-functional software for NYC.

theft of information

Could it be that the letters purporting to be from SAIC about monitoring your credit are really a phishing scam from the thieves? Just because the letterhead apparently claims to be from SAIC doesn't guarantee that they are. Think of the phishing scams on the internet from copies of someone else's email addresses.

Exactly Right

We got one of these letters in the mail and that was my first thought upon seeing the letter. "This is a scam". They asked for very private information, had no information on the letter head, or other information that I would expect to receive from a "legit" company. In addition, if my information was stolen, why am I getting a phony looking letter in the mail now? I should have been notified much sooner than now.

So much to say...

here about this.

"There aren't a lot of people who know how to do it, or have the equipment," Camacho said. "

Umm, excuse me, all it takes is ONE who knows how to, or know someone they can give or sell the tapes to to access it! This whole episode stinks on so many levels. It seems to me that contracts have language and MONEY to supposedly 'ensure' that checks and balances are adhered to so that this can't happen. Where was the employee when his car was broken into? The minute he was away from it, that contract was broken, but I suspect SAIC has the political connections to not have to worry about anything. WE got letters, it's OUR info that is out there now! This is a failure of the contractor, the Navy, and the government. Thanks all!

Some HIPPA Breach

The boys in Denver better get the check book charged up to settle these lawsuits. Typical sloppy oversight of contractors by TMA.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Please note: Threaded comments work best if you view the oldest comments first.

Daily Deal |  | Promote your business