Data breach affects 4.9M active, retired military personnel

Backup disk containing unencrypted personal data is missing

Sensitive data including Social Security Numbers, names, addresses, phone numbers and personal health data belonging to about 4.9 million active and retired U.S. military personnel may have been compromised after backup tapes containing the data went missing recently.

The information on the tapes was from an electronic healthcare application used to capture patient data. It does not include bank, credit card or other financial data, according to a statement released by TRICARE, a healthcare system for active and retired military personnel and their families.

The breach affects all those who received care at the military's San Antonio area military treatment facilities between 1992 and Sept. 7 of this year. Those affected include individuals who had filled pharmacy prescriptions or had laboratory tests done at any of the facilities, TRICARE said.

As is often typical with such incidents, the information on the backup tapes does not appear to have been encrypted. But in its statement, TRICARE maintained that the risk of the data being misused was low "since retrieving the data on the tapes would require knowledge of and access to specific hardware and software and knowledge of the system and data structure."

It is not immediately clear how or when Science Applications International Corporation (SAIC), a contractor for the military, discovered the breach. SAIC reported the breach to TRICARE on Sept.14. In an online FAQ, TRICARE said it waited two weeks to go public about the breach so it could first determine the degree of risk to those affected.

"We did not want to raise undue alarm in our beneficiaries" by notifying them about the data loss without first learning more about it, TRICARE said.

SAIC did not immediately respond to a request for comment.

Compromises stemming from the loss of storage media and mobile devices containing unencrypted data are common.

This year alone there have been at least 77 incidents in which laptops, backup tapes, disks and other storage media containing unencrypted data were reported lost or stolen, according to statistics maintained by Privacy Rights Clearinghouse (PRC).

Prior to the SAIC breach, a total of just over 3.2 million records containing personal data had been compromised in such incidents this year, according to the PRC.

Though security analysts have long maintained that data encryption offers a relatively simple and inexpensive way to protect data on such devices, a large number of companies still haven't done so.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is jvijayan@computerworld.com .

Read more about security in Computerworld's Security Topic Center.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jaikumar Vijayan

Computerworld (US)
Topics: data security, security, health care, data protection, Science Applications International, industry verticals, privacy
Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Compare & Save

Deals powered by WhistleOut
Use WhistleOut's technology to compare:
Mobile phone plans & deals
Mobile phone models
Mobile phone carriers
Broadband plans & deals
Broadband providers
Deals powered by WhistleOut
WhistleOut

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?