Slashdot Mirror
Military Healthcare Data Stolen
An anonymous reader writes "TriWest, a federal contractor providing healthcare to the military, had computer hardware stolen from one of their offices. Social security numbers, credit card numbers, and healthcare information about 500,000 US military personnel and their families is contained on the stolen hardware. The AP picked up the story. The theft is also being covered by the Salt Lake Tribune and the Arizona Republic. This opens the door to speculation about who would be interested in the data held by a military contractor and what they will do with the information."
This opens the door to speculation about who would be interested in the data held by a military contractor and what they will do with the information.
Well if the military keeps a record of imunizations of its soldiers, then any country wishing to use bio weapons upon the US could use their medical record to determine which viruses/bacteria/pathogens they are weakest against.
I work in healthcare
Healthcare sysadmins are often pretty poorly paid and are often people who would not make it in a business environment, and the security is often minimal. I know, I 'test' it.
I think we will have a few more of these disasters until the healthcare industry realises that IT is part of its core business and has to pay accordingly.
Humorous signatures are over-rated.
This makes me think of all the conference speeches I've given on security, watching folks yawn through the physical security sections.
Firewall indeed.
-JPJ
Feh.
The Defence Department learns that Windows are a problem in information security.
(Score: -1, Stupid)
What makes people so sure they were after the computer for that data? They probably stole it so they could play The Sims Online.
Rather than spending money on tracking down and throwing a bunch of clueless hackers in jail, law enforcement should really focus on the criminals that are easy to identify and prosecute: companies that don't treat customer data with appropriate care. If a few high-profile cases resulted in hundreds of millions of dollars in fines, these cases would soon stop happening: companies would finally make the modest investments necessary to keep customer data secure.
Most computer hardware is stolen to be sold on as computer hardware. These could be your standard issue thief who is only likely to sell on the hardware itself, without ever knowing he even has the data. Of course it could be someone who has an interest in the data, or someone who just wants to say a big F**** YOU at the guys in charge of these things. If this hardware isnt UV marked or otherwise, so it can be detected later, i would be very dissapointed. At my college we UV mark EVERY piece of hardware, and things like optical mice (i.e not the cheap ones no one wants to steal) are locked to the workstations, so you couldnt steal them without breaking them.
forget about virtually protecting patient data with VPNs and encrytption... how about some physical security? They state that there was "reasonable security" for a company; hmmmm... obviously that hinges on your definition of reasonable.
Data like this is a gold mine if the thieves have any idea how to use it. I hope they are advising people to put fraud alerts on their credit reports... but there are things worse than identity theft. What might that information be worth to a foreign power, or terrorist organization?
Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
Yeah. Like the way the Mad Anthrax Mailer suddenly went from a "must get" when it was thought to be a filthy foriegner to a "drop like hot potato" when it started looking like ties to senior millitary research labs.
if you haven't got physical security, you haven't got ANY security.
Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
So this suggests that the U.S. Government's Total Information Awareness program would be a nice, juicy target. After all, everything's in one place...
To a prisoner of war, sitting chained to a chair in some interrogation chamber after just being repeatedly subjected to beatings, whippings, and electric shock torture and probably doped up on sodium pentothal, even the threat of action against their family by someone who has even a sliver of information about them would seem very real indeed.
Suppose the following scenario: you are kidnapped, taken to a small room and tortured, then someone asks you for classified information, or to betray your country, or to do something that every fiber in your being resists. Then that person proceeds to enumerate the names, ages, addresses, and medical conditions of your family members. Perhaps they include a bit of data on where they go out to eat, or where they work, of if there's an alarm system on their house. They don't have to say where they got the data, the very fact that they have it at all could lead you to believe that they have much, much more of it. Most military members have family somewhere that doesn't live on base (parents, siblings, etc.) Information is the most valuable tool an enemy can have.
In the end they will lay their freedom at our feet and say to us, Make us your slaves, but feed us. - Fyodor Dostoyevsky
Tricare is administered by regions. When you enroll in tricare, you are assigned to a region.
Northeast, Mid-atlantic, Gulfsouth, etc.
There is no TRICARE West region... but judging by the number of states mentioned in the article, I'd guess this contractor was dealing with the Central region (15 states), with the possible addition of california (1 state, obviously), or the Northwest region (2 states)
Just FYI.
Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
If you have ever had to deal with Tricare, I feel your pain.
It is *the* worst insurance system in the world.
Call them twice - ask the same question - you will get a different answer 85% of the time. There are times, infact, where it's been better to *not* use them at all, and just pay outright.
I feel for all you who are forced to use tricare, and are now possibly screwed somehow because your info was stolen. Keep your eye on your accounts and whatnot, I know we will be doing so more then ever.
http://slashdot.org/~tf23/journal
It's in the first line.
Thieves who broke into a government contractor's office snatched computer hard drives containing Social Security numbers, addresses and other records of about 500,000 members of the military and their families.
Only the harddrives were taken from the machines, so unless the thieves were desperate for more space to download mp3s onto, then it's quite probable that they were just after the data.
"Free software as in beer, copy protection as in racket" - Telsa Gwynne
As a member of the military, I am ~really~ curious to know what they could do with that info.
/alot/ more info. Alot.
Someone mentioned immunization records. But who cares if some 80 yr old retired Sgt Major had his TB recently? And untill you correlate Soldiers with Units, that info won't do you much good. If you wanted to know that, why not steal if from the Unit... it wouldn't be to much harder; and would provide
I personally think that they where after SSN's, and just happened to view a haul of 500k as too good to pass up. I don't believe that the fact it was military was of consequence. Which is why I also believe that it was American Civilians that did it, not some Foreign Agent. If so, I'm f*'ing pissed.
I don't need to say how well you can screw someone over with thier SSN; imagine the entire Military preoccupied with sorting out thier lifes; worried about a wife (or husband) and children having to deal with identity thieft while the soldier is busy overseas.
--Cam
All jocks think about is sports. All nerds think about is sex.
Keep in mind that when geeks like us talk about 'harddrives', that's not the same thing as what the general population refers to as 'harddrives'. Nearly every non-geek I've met thinks that the case is the hard drive.
These thieves may have stolen the computers (leaving the bulky monitors), and the non-geek reporter wrote that they only took the harddrives.
Slashdot monitor for your Mozilla sidebar or Active Desktop.
About 8 years ago when I was in the Navy, we were REQUIRED to submit a blood sample and cotton swab of the inside of my mouth. We weren't given a choice, we were told refusal would be grounds for discharge.
We had a lot of questions about this such as; storage (where, how long), would they be destroyed after discharge, could it be used against us(in legal proceeding, for insurance purposes)?
We weren't given the answers to those questions. Now I'm wondering where the hell that vial of blood and cotton swab is right now. How secure is it? How could a DNA sample labeled with my SSN be used against me?
I hope that someday we will be able to put away our fears and prejudices and just laugh at people. - Jack Handey