Slashdot Mirror
Military Healthcare Data Stolen
An anonymous reader writes "TriWest, a federal contractor providing healthcare to the military, had computer hardware stolen from one of their offices. Social security numbers, credit card numbers, and healthcare information about 500,000 US military personnel and their families is contained on the stolen hardware. The AP picked up the story. The theft is also being covered by the Salt Lake Tribune and the Arizona Republic. This opens the door to speculation about who would be interested in the data held by a military contractor and what they will do with the information."
This opens the door to speculation about who would be interested in the data held by a military contractor and what they will do with the information.
Well if the military keeps a record of imunizations of its soldiers, then any country wishing to use bio weapons upon the US could use their medical record to determine which viruses/bacteria/pathogens they are weakest against.
I work in healthcare
Healthcare sysadmins are often pretty poorly paid and are often people who would not make it in a business environment, and the security is often minimal. I know, I 'test' it.
I think we will have a few more of these disasters until the healthcare industry realises that IT is part of its core business and has to pay accordingly.
Humorous signatures are over-rated.
maybe the US governement should secure their equipment a little better before they try to secure the internet.....
Rather than spending money on tracking down and throwing a bunch of clueless hackers in jail, law enforcement should really focus on the criminals that are easy to identify and prosecute: companies that don't treat customer data with appropriate care. If a few high-profile cases resulted in hundreds of millions of dollars in fines, these cases would soon stop happening: companies would finally make the modest investments necessary to keep customer data secure.
forget about virtually protecting patient data with VPNs and encrytption... how about some physical security? They state that there was "reasonable security" for a company; hmmmm... obviously that hinges on your definition of reasonable.
Data like this is a gold mine if the thieves have any idea how to use it. I hope they are advising people to put fraud alerts on their credit reports... but there are things worse than identity theft. What might that information be worth to a foreign power, or terrorist organization?
Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
"Yes, Lieutenant. I've already heard your name, rank, and serial number, over and over again. Now, I'd like to show you this photo... Steady! (Hold him, please.) Our sources looked up your next of kin in your medical records... This is a recent photo of your mother and father, hm? Our operatives are quite good at photography, we train them well.
"Now where were we? Oh yes. Now, Lieutenant, I'd like you to begin talking. And please remember, your parents' lives depend on what you say. Name, rank and serial number are not acceptable."
That reminds me of the scene in wargames when the tour group enters through the obscenely thick door. Ironic to the point of insane.
Yeah. Like the way the Mad Anthrax Mailer suddenly went from a "must get" when it was thought to be a filthy foriegner to a "drop like hot potato" when it started looking like ties to senior millitary research labs.
if you haven't got physical security, you haven't got ANY security.
Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
So this suggests that the U.S. Government's Total Information Awareness program would be a nice, juicy target. After all, everything's in one place...
Good luck, A1C Tux. It's a hell of a military you've found yourself in -- yeah, yeah, I know, old soldiers bitch all the time (and I'm not that old; I was in from 1989 to 1997) but it really does seem like some things were going to hell right about the time I got out, and the whole Tricare thing is one of them. (My guess is that TriWest is a company formed specifically to handle Tricare contracts.) As a medic, I had to deal with all the harebrained ideas for patient administration that came down the pike, and I don't envy you. Sounds like it's just getting worse.
...
Business is not war, and war is not business, and outsourcing vital functions of our national security to private companies that don't give a shit about the welfare of people in uniform is not the way to keep our country safe. Actually, this is true of a whole bunch of governmental functions; the whole "run government like a business" bandwagon that Democrats and Republicans have jumped on with equal enthusiasm is a stupid idea. But that's a whole 'nother argument
The correlation between ignorance of statistics and using "correlation is not causation" as an argument is close to 1.
It's in the first line.
Thieves who broke into a government contractor's office snatched computer hard drives containing Social Security numbers, addresses and other records of about 500,000 members of the military and their families.
Only the harddrives were taken from the machines, so unless the thieves were desperate for more space to download mp3s onto, then it's quite probable that they were just after the data.
"Free software as in beer, copy protection as in racket" - Telsa Gwynne
As a member of the military, I am ~really~ curious to know what they could do with that info.
/alot/ more info. Alot.
Someone mentioned immunization records. But who cares if some 80 yr old retired Sgt Major had his TB recently? And untill you correlate Soldiers with Units, that info won't do you much good. If you wanted to know that, why not steal if from the Unit... it wouldn't be to much harder; and would provide
I personally think that they where after SSN's, and just happened to view a haul of 500k as too good to pass up. I don't believe that the fact it was military was of consequence. Which is why I also believe that it was American Civilians that did it, not some Foreign Agent. If so, I'm f*'ing pissed.
I don't need to say how well you can screw someone over with thier SSN; imagine the entire Military preoccupied with sorting out thier lifes; worried about a wife (or husband) and children having to deal with identity thieft while the soldier is busy overseas.
--Cam
All jocks think about is sports. All nerds think about is sex.
Large databases with diverse pieces of personal information one database with inadequate protection are just too attractive a target -- 500,000 social security numbers? The amount of money identity thieves can make from the sale of those ssns, and the damage done to individuals, is staggering. But will there be any penalty beyond a slap on the wrist for insufficient security?
To clear up a few misconceptions that I've seen from the posts:
HIPAA is now worded in such a way that it allows health care providers (and other "covered entities") to share medical information about a patient without consent for a number of reasons. The result is that information in your file may be shared with others without you ever finding out. The best place I've found for information on HIPAA is at the Health Privacy Project . Go to their page and do a search on "HIPAA" and you will find out everything you ever wanted to know about HIPAA.
HIPAA makes it easier to circulate information once gathered, but it is not itself a storage system. For a huge storage system, go check out the Medical Information Bureau (MIB) web site. They have a FAQ about what they do, what medical information they store, and who they share it with. MIB exists to prevent fraud (a good thing), but I'd sure like to know what their security is like.
Finally, for another reason to repeal HIPAA and decentralize information, read about the "Emergency Health Powers Act". Again, designed for good reasons, but could be applied in very heavy-handed ways. The Health Powers Act specifically shields companies from liability.