Update to the SAIC/TRICARE breach
Letters are being mailed from Science Applications International Corporation (SAIC) to affected military clinic and hospital patients regarding a data breach involving personally identifiable and protected health information (PII/PHI). On Sept. 14, 2011, SAIC reported the loss of backup tapes containing electronic health care records used in the military health system (MHS) to capture patient data from 1992 through Sept. 7, 2011in San Antonio area military treatment facilities (MTFs), including filling pharmacy prescriptions and other patients whose laboratory workups were processed in these same MTFs, even if the patients were receiving treatment elsewhere. The data may include Social Security numbers, addresses and phone numbers, and some personal health data such as clinical notes, laboratory tests and prescriptions. There is no financial data, such as credit card or bank account information, on the backup tapes.
The risk of harm to patients is judged to be low since retrieving the data on the tapes would require knowledge of, and access to, specific hardware and software and knowledge of the system and data structure. As a precaution, the Assistant Secretary of Defense (Health Affairs) determined that SAIC should notify potentially impacted persons or households of this incident by letter.
As directed by TRICARE Management Activity (TMA), SAIC will provide credit monitoring and credit restoration services for one year for patients requesting them. The credit restoration services being provided exceeds current industry standards for responding to a data breach.
Read more on TRICARE.
Thanks to @jslarve for pointing out this update to me.
Anonymous - November 24, 2011
Just a note about the letter mailed to those affected with instructions on how to receive the one year of monitoring service. The instructions for enrolling online do not work. They take you to a website requesting you enter information and press continue. There is no place to enter information, no button to continue, and no instructions on the website to indicate it is anything other than a link to get information about identity theft. This is going to 4-9 million affected people. It only leaves the alternative of mailing their enclosed form.