Insights

Military Health Insurance Has Knowledge-Based Authentication Information Data Breach

TRICARE, the health insurance company that provides medical
coverage to military personnel, military retirees, and their dependents,
reported a data breach. The Science Applications International says the data
breach involved personally identifiable and protected health information
(PII/PHI) impacts an estimated 4.9 million military clinic and hospital
patients.

The breach involved backup tapes from an electronic
healthcare record used in the military health system to capture patient data
from 1992 through Sept. 7, 2011 from patients who received care in the San
Antonio area military treatment facilities. This includes persons who had
prescriptions filled, and patients whose laboratory tests were processed in
these facilities even if they received treatment elsewhere.

It is reported the backup tapes may have included the
following knowledge-based
authentication
information:

 

  • Social
    Security Numbers
  • Addresses
  • Phone
    Numbers
  • Personal
    Health data (e.g.: clinical notes, lab tests, prescriptions)

 

Officials say there is no financial data on the backup
tapes.

TRICARE officials say, the risk of harm to patients is
judged to be low because the knowledge it would take to access the data
requires specific hardware and software, and knowledge of the system and data
structure. But even though the officials say the risk is low, we still caution
possible victims of this data breach to be extremely careful with identity verification because this
information is enough for you to fall victim to identity theft.

We encourage you to reach out to the credit reporting
agencies, Experian,
TransUnion and Equifax to monitor your credit
report and make sure there is no fraudulent claims on there.

Explore more articles