DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

TRICARE discloses SAIC breach: backup tapes held data on 4.9 million

Posted on September 29, 2011 by Dissent

TRICARE, the health care program serving Uniformed Service members, retirees and their families worldwide, issued the following public statement on their web site:

STATEMENT

On September 14, 2011, Science Applications International Corporation (SAIC) reported a data breach involving personally identifiable and protected health information (PII/PHI) impacting an estimated 4.9 million military clinic and hospital patients. The information was contained on backup tapes from an electronic health care record used in the military health system (MHS) to capture patient data from 1992 through September 7, 2011, and may include Social Security numbers, addresses and phone numbers, and some personal health data such as clinical notes, laboratory tests and prescriptions. There is no
financial data, such as credit card or bank account information, on the backup tapes.

The risk of harm to patients is judged to be low despite the data elements involved since retrieving the data on the tapes would require knowledge of and access to specific hardware and software and knowledge of the system and data structure. The incident is being investigated and additional information will be published as soon as it is available.

Meanwhile, both SAIC and TRICARE Management Activity (TMA) are reviewing current data protection security policies and procedures to prevent similar breaches in the future.

Anyone who suspects that they were impacted by this incident is urged to take steps to protect their personal information and should be guided by the Federal Trade Commission at: http://www.ftc.gov/bcp/edu/microsites/idtheft/consumers/defend.html.

Concerned patients may contact the SAIC Incident Response Call Center, Monday through Friday from 9 a.m. to 6 p.m. Eastern Time at the following numbers:

United States, call toll free: (855) 366-0140
International, call collect: (952) 556-8312

Questions & Answers

Q. Whose personal information was at risk of compromise?
A. Approximately 4.9 million patients who received care from 1992 through September 7, 2011 in the San Antonio area military treatment facilities (MTFs) (including the filling of pharmacy prescriptions) and others whose laboratory workups were processed in these same MTFs even though the patients were receiving treatment elsewhere.

Q. What type of information was lost?
A. The PII/PHI data elements involved include, but are not limited to names, Social Security numbers, addresses, diagnoses, treatment information, provider names, provider locations and other patient data, but do not include any financial data, such as credit card or bank account information.

Q. Can just anyone access this data?
A. No. Retrieving the data on the tapes requires knowledge of and access to specific hardware and software and knowledge of the system and data structure.

Q. Why have almost 2 weeks passed before this notification was posted?
A. The exact circumstance surrounding this data loss remain the subject of an ongoing investigation. We did not want to raise undue alarm in our beneficiaries and so wanted to determine the degree of risk this data loss represented before making notifications.

Q. What is TRICARE doing to protect affected beneficiaries following the loss of this information?
A. TRICARE and SAIC are working together to identify as quickly as possible all beneficiaries whose information may have been involved in the breach and notify as appropriate.

Q. What should affected beneficiaries do to protect themselves?
A. Beneficiaries can monitor their credit and place a free fraud alert on their credit for a period of 90 days using the Federal Trade Commission (FTC) web site. The FTC site also provides other valuable information regarding actions that can be taken now or in the future, should any problems develop. This information is available at: http://www.ftc.gov/bcp/edu/microsites/idtheft/consumers/defend.html

Q. How can affected beneficiaries get more information?
A. Beneficiaries can call the SAIC Incident Response Call Center, Monday through
Friday from 9 a.m. to 6 p.m. Eastern Time at the following numbers:
United States, call toll free: (855) 366-0140
International, call collect: (952) 556-8312

Notice that they haven’t told us the nature of the breach, but Sig Christenson of MySanAntonio.com reports that a SAIC spokesperson indicated the breach “consisted of the loss of storage media, not an electronic breach. There was a loss of magnetic storage media.”

“Loss” as in, “we lost it” or as in “loss due to theft?” It would be nice to have some clarification on that. The fact that it was reported to the police as soon as the loss was discovered leads me to think this may have involved theft, but we’ll find out eventually.

SAIC has been involved in previous breaches affecting large numbers of individuals. Some breach-related news on SAIC prior to 2009 can be found on archive.pogowasright.org while a 2010 incident involving stolen backup tapes was reported to the Maryland Attorney General’s Office.

Related posts:

  • TRICARE discloses SAIC breach: stolen backup tapes held data on 4.9 million (updated)
  • Congress critical of TRICARE's response; requests detailed answers while criticizing TRICARE and SAIC (updated)
  • Congress critical of TRICARE’s response; requests detailed answers while criticizing TRICARE and SAIC
  • TRICARE Investigates Beneficiary Data Breach
Category: Health Data

Post navigation

← GA: Atlanta Man Pleads Guilty to Federal Computer Hacking Charges
TRICARE discloses SAIC breach: stolen backup tapes held data on 4.9 million (updated) →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.