Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

Lost Tapes at TRICARE Potentially Expose 4.9 Million Military Personnel

TRICARE Breach Potentially Puts 4.9 Million Individuals at Risk

A massive data breach that could potentially affect 4.9 million individuals who received services from TRICARE, a provider of health care services to active and retired military personnel, was disclosed this week.

TRICARE Breach Potentially Puts 4.9 Million Individuals at Risk

A massive data breach that could potentially affect 4.9 million individuals who received services from TRICARE, a provider of health care services to active and retired military personnel, was disclosed this week.

Health Care SecurityAccording to a statement from TRICARE, on September 14, 2011, Science Applications International Corporation, a third party technology contractor, reported the data breach that occurred as a result of lost backup tapes. The tapes were apparently lost during a transfer between Federal facilities and San Antonio, Texas.

A representative from SAIC’s Incident Response Call Center told SecurityWeek that the data on the tapes was encrypted, but I’m not convinced that is the case. In a public statement announcing the breach, the company said, “The risk of harm to patients is judged to be low despite the data elements involved since retrieving the data on the tapes would require knowledge of and access to specific hardware and software and knowledge of the system and data structure.” This statement is far from convincing that the risk level is low, and knowledge of specific hardware and software typically doesn’t matter much when it comes to encryption. If the data had been encrypted, one would think they would explicitly say so in the statement. Also, it’s typically not required to disclose an incident like this if the media had been properly encrypted.

Either way, this incident will cost TRICARE big money.

The information contained on the lost backup tapes included data from patients who received care in San Antonio area military treatment facilities from 1992 through September 7, 2011, and may include Social Security numbers, addresses and phone numbers, and some personal health data such as clinical notes, laboratory tests and prescriptions.

According to TRICARE, no financial data, such as credit card or bank account information was stored the backup tapes.

According to Howard Anderson at HealthCareInfoSecurity.Com, this could be the largest health information breach reported since the HIPAA breach notification rule which took effect in September of 2009.

Advertisement. Scroll to continue reading.
Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is founder and director of several leading cybersecurity industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.