Slashdot Mirror

← Back to Stories (view on slashdot.org)

Military Healthcare Data Stolen

Posted by michael on from the sick-call dept.

An anonymous reader writes "TriWest, a federal contractor providing healthcare to the military, had computer hardware stolen from one of their offices. Social security numbers, credit card numbers, and healthcare information about 500,000 US military personnel and their families is contained on the stolen hardware. The AP picked up the story. The theft is also being covered by the Salt Lake Tribune and the Arizona Republic. This opens the door to speculation about who would be interested in the data held by a military contractor and what they will do with the information."

7 of 299 comments (clear)

  1. Who is stupid enough... by YahoKa · · Score: 2, Informative

    To steal from somewhere the military has a huge interest. They'll probably spend the cashola on the investigation, and when they are caught someone is going to get it REALLY hard right up the ...

  2. Yeeeeaaaaahhhhh.... by AirmanTux · · Score: 2, Informative

    I happen to be in the military, though just an Airman First Class, and due to the nature of my assignment I have to deal with contractors pretty often. Because of how the system works it seems like most of the time the military is getting hired by the contractors. More often than not we have to meet thier standards and I have yet to see an off base contractor that would meet DoD 'standards' for security. Furthermore, since all of our individual records are tracked by our social security numbers we don't really have much in the way of private information (there's "Privacy Act of 1974" stickers everywhere but that's pretty much a joke to begin with). I'm not sure why there'd be credit card information there and I've never heard of TriWest (Tricare is our health provider, typo maybe?) and judging on past experience I'd be surprised if the affected military are notified. Heck, I'd be surprised if they know which individuals it was. As for whether it was the hardware or software the theives were after, all I'm going to say is a lot happens right here in the Midwest that the general public is never aware of. There are active terrorist cells on US soil but for one reason or another there's not a lot we can do about them.

    1. Re:Yeeeeaaaaahhhhh.... by The+Tyro · · Score: 4, Informative

      Tricare is administered by regions. When you enroll in tricare, you are assigned to a region.

      Northeast, Mid-atlantic, Gulfsouth, etc.

      There is no TRICARE West region... but judging by the number of states mentioned in the article, I'd guess this contractor was dealing with the Central region (15 states), with the possible addition of california (1 state, obviously), or the Northwest region (2 states)

      Just FYI.

      --
      Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
  3. Re:Security by Oob+the+Rhox · · Score: 2, Informative
    Because this is health care information, HIPAA, the health information portability and accountability act applies. Unfortunately, encryption is not required: under technical controls, they state:The following implementation feature must be implemented: Procedure for emergency access. In addition, at least one of the following three implementation features must be implemented: Context-based access, Role-based access, User-based access. The use of Encryption is optional. However, there are also physical access controls required, and clearly those failed.

    The real guts of story might be that this will be a poster child for what can go wrong with centralized health care databases. In the long run, this might be a good thing to have happened.

  4. Re:How? by JourneymanMereel · · Score: 2, Informative
    Why does a contractor even need SSN's, etc?

    In the military everything is tied to your social security number. It's on all my paperwork from the enlistment contract to the piece of paper where I agreed not to have sex w/my recruiter. They put it on the ID cards. I had to use it whenever it went to sick call. It's spray painted on the outside of my duffle bag. It's even on a chain that I'm wearing around my neck right now (aka, my dog tags).

    But even out in normal civilian life, the social security number is extreamly overused. I tried to test drive a car once and the dealer wouldn't let me because I wouldn't give them my SSN.

    --
    Life has many choices. Eternity has two. What's yours?
  5. Re:RTFA by FTL · · Score: 5, Informative
    > Only the harddrives were taken from the machines

    Keep in mind that when geeks like us talk about 'harddrives', that's not the same thing as what the general population refers to as 'harddrives'. Nearly every non-geek I've met thinks that the case is the hard drive.

    These thieves may have stolen the computers (leaving the bulky monitors), and the non-geek reporter wrote that they only took the harddrives.

    --
    Slashdot monitor for your Mozilla sidebar or Active Desktop.
  6. Re:RTFA by danamania · · Score: 3, Informative

    This is exactly what happened recently when a computer theft racket was exposed where young kids were sent to steal machines from schools here.

    Whoever reported it wrote that kids were paid up to $AUS500 for each "hard drive" stolen from schools - the reality is kids were allegedly paid this much for stealing brand new fileservers and laptops.

    a grrl & her server