Saturday, November 5, 2011

Mass Data Compromise

On September 14, 2011, Science Applications International Corporation (SAIC) reported a data breach involving personally identifiable and protected health information (PII/PHI) impacting an estimated 4.9 million military clinic and hospital patients. The information was contained on backup tapes from an electronic health care record used in the military health system (MHS) to capture patient data from 1992 through September 7, 2011, and may include Social Security numbers, addresses and phone numbers, and some personal health data such as clinical notes, laboratory tests and prescriptions. There is no financial data, such as credit card or bank account information, on the backup tapes.

The risk of harm to patients is judged to be low despite the data elements involved since retrieving the data on the tapes would require knowledge of and access to specific hardware and software and knowledge of the system and data structure. Considering the totality of the circumstances, we determined that potentially impacted persons or households will be notified of this incident via letter. We regret that the information required to initiate notification is not available at this time, but we will ensure that it is done in an accurate and timely manner and in compliance with all applicable DoD guidelines. Due to the large volume of individuals potentially impacted by this incident, we anticipate that individual notification will take at least 4-6 weeks; therefore, this notice is being posted in the interim. The incident continues to be investigated and additional information will be published as soon as it is available. Meanwhile, both SAIC and TRICARE Management Activity (TMA) are reviewing current data protection security policies and procedures to prevent similar breaches in the future.

Anyone who suspects that they were impacted by this incident is urged to take steps to protect their personal information and should be guided by the Federal Trade Commission at:

Concerned patients may contact the SAIC Incident Response Call Center, Monday through Friday from 9 a.m. to 6 p.m. Eastern Time at the following numbers:

United States, call toll free: (855) 366-0140
International, call collect: (952) 556-8312

Source: The Retired Enlisted Association (TREA) Washington Office


stephen said...

1. who is the driver responsible, has a current indepth background check for possible terroist activity been done, if so all findings should be made public. the info stolen is still valuable even if it is sat on for a year or more.

2. one year free id protection is not enough... more so if # 1 is true or plausable.

stephen said...

3. Why was the info transported to an off-site location?
4. Why was it transported in a POV and not a company car?
5. Why were the tapes left unattended, out of the employee/s’ care?
6. where was the car parked at the time... please dont say a bar or something.
7. If they are being prosecuted, what are the charges?
8. SAIC has some nerve not giving patients/victims the choice of what credit monitoring system to use. Instead, they want patient/victims using their company-owned credit monitoring which is ridiculous.
9. Why does SAIC have access to patient/s’ personal information anyway? I know that I didn’t sign a non-disclosure agreement to release my SSN to them. I've been out of the Military for a few years now, why is info on me & my family still floating around