Data breach hits military hospitals, clinics

On Sept. 14, Science Applications International Corporation (SAIC) reported a data breach involving personally identifiable and protected health information impacting an estimated 4.9 million military clinic and hospital patients. The information was contained on backup tapes from an electronic health-care record used in the military health system to capture patient data from 1992 through Sept. 7, and may include Social Security numbers, addresses and phone numbers, and some personal health data such as clinical notes, laboratory tests and prescriptions. There is no financial data, such as credit card or bank account information, on the backup tapes.

The risk of harm to patients is judged to be low despite the data elements involved, since retrieving the data on the tapes would require knowledge of and access to specific hardware and software and knowledge of the system and data structure. The incident is being investigated and additional information will be published as soon as it is available. Meanwhile, both SAIC and TRICARE Management Activity are reviewing current data protection security policies and procedures to prevent similar breaches in the future.

Anyone who suspects that they were impacted by this incident is urged to take steps to protect their personal information and should be guided by the Federal Trade Commission here.

Concerned patients may contact the SAIC Incident Response Call Center Monday through Friday from 9 a.m. to 6 p.m. Eastern Time at (855) 366-0140 (United States) or by calling collect at (952) 556-8312 (international).

For more information about the breach, click here.


  1. This should be a "resume-generating event". The person doing the transfer, any supervision allowing such a transfer, and the contract officials allowing such a transfer should be dismissed IF it can be shown that they indeed performed or allowed such activity. IT people know that tape is damaged by heat - how hot was the car? Security calls for a minimum of 2 people present when moving sensitive data. Negligence from every angle! Taking chances with OUR information is no joke. Want life insurance? Have a serious disease? Take narcotic pain medication? As the saying goes, "Perception is Reality". You are nothing but a collection of information gathered about you and used by people you may or may not know about. Discrimination happens without your knowledge. PLEASE let your elected officials know that this type of incredibly stupid activity cannot be tolerated! Ask your Post to work through the chain to your department and get the word out - it won't happen without YOU!
  2. Science Applications International Corporation has over 41,000 employees and claims to train National Governments and Tier 1 Communications companies in cybersecurity. Exactly how good can you be if you are transferring backup tapes in an employee's private car? How professional can a company be if they allow such tapes to be transferred in such an insecure manner? Didn't the VA learn from the LAST time data (stored on 1 laptop) was stolen from a private car? From Reuters: The families used the federal government's TRICARE health provider. SAIC is the suburban Washington firm that handles military health provider TRICARE's data. The tapes went missing on September 14 when they were "among items stolen from an employee's car in San Antonio," SAIC spokesman Vernon Guidry told Reuters. They were in the car, he said, because they were "being transferred from one federal facility to another in compliance with the terms of their contract."
  3. As always, the folks in the know don't want to deal with 4.9 million angry vets, so they claim the impact is "low risk". The people who steal this information no longer do so as a joke, or to prove they can. It is a huge global business. Information from multiple data breaches is compiled to verify the accuracy of the stolen data, and verified data is valuable! You can be sure that the excuse of data structure, hardware, etc is just that - an excuse. None of that will even slow down, much less stop, the organized crime that controls this activity. There is no "suspect that you were impacted". You WERE impacted just as surely as if a thief broke into your home. The system does not allow full web addresses, but search on "50 days of hacks" and "lulzsec" on the Washington Post website. This is just ONE group in less than 2 months - and claims of disbanding and capture should not make you think the threat is gone. WE need to be the squeaky wheel to motivate change!
By submitting this form, you accept the Mollom privacy policy.