Data Breach Could Affect up to 4.9M Beneficiaries of TRICARE

RELATED TOPICS:

On Wednesday, TRICARE -- which provides health benefits for military personnel, retirees and their families -- announced that a contractor has reported a data breach that might have affected up to 4.9 million beneficiaries, the San Antonio Express-News reports.

Details of the Breach

Science Applications International Corporation -- the Department of Defense contractor responsible for the breach -- said the incident involved the loss of backup computer tapes from an electronic health record system. SAIC reported the breach on Sept. 14.

The tapes contained data on TRICARE beneficiaries who received care at military facilities between 1992 and Sept. 7. The affected beneficiaries are residents of TRICARE's southern region, which includes:

  • Alabama;
  • Arkansas;
  • Florida;
  • Georgia;
  • Louisiana;
  • Mississippi;
  • Oklahoma;
  • South Carolina;
  • Tennessee; and
  • Texas, except for El Paso (Christenson, San Antonio Express-News, 9/29).

According to officials, the patient data on the magnetic tapes include:

  • Addresses;
  • Personal health data;
  • Phone numbers; and
  • Social Security numbers.

Officials said the tapes did not contain financial data such as bank account information or credit card numbers.

They added that the breach is under investigation and that more information will be provided as it becomes available.

Response to the Breach

TRICARE officials said they delayed announcing the breach for two weeks to avoid causing "undue alarm" while they assessed the risk to the public (Merrill, Healthcare IT News, 9/29).

According to a statement on TRICARE's website, the risk to those affected by the breach "is judged to be low despite the data elements involved since retrieving the data on the tapes would require knowledge of and access to specific hardware and software" (San Antonio Express-News, 9/29).

TRICARE is encouraging affected beneficiaries to use a Federal Trade Commission website to place a no-cost fraud alert on their credit for 90 days and to monitor their accounts (Goedert, Health Data Management, 9/29).

Mia DeStefano
If the U.S. Government (and their contractors) cannot protect the PHI of the brave men and women who make sacrifices daily to protect our freedom, does anyone think these bureaucrats are up to the task of administering healthcare without putting the PHI of an entire nation at risk?

to share your thoughts on this article.