Tester: TRICARE patients deserve answers after security breach
Senator demands information after theft of personal information
(U.S. SENATE) – Senator Jon Tester is asking the Defense Department for further details about a data breach that may have compromised Montanans’ medical and financial records.
In September, hackers accessed the personal and health information of almost five million TRICARE patients from a company that does business with the Defense Department. TRICARE is the U.S. military’s health insurer.
Tester today told Defense Secretary Leon Panetta that a quicker response from the Defense Department would have let TRICARE patients safeguard their bank accounts and credit card information. Tester is particularly concerned that the agency took two weeks to publicize the security breach – and even longer to notify individuals.
“If patients were notified earlier, they could have notified their financial institutions before any confidential information was compromised,” Tester wrote Panetta. “These folks put their lives on the lines to help protect our nation; the last thing they should have to worry about is the protection of their private identification and health information.”
Tester also wants to know what security improvements have been made since the incident and called on Panetta to release more information about the scope of the data breach.
“I ask that you provide my office with the various ways TRICARE recipients were affected by this data breach and the extent of the population impacted,” wrote Tester, who has been contacted by numerous Montanans affected by the security breach.
According to reports, patients at San Antonio, Tex., area military facilities since 1992 could be at risk. Their records were administered by Science Application International Corp., a science and technology company that partners with various government agencies.
Tester is a leading voice for holding the Defense Department and other government agencies accountable. He recently called for “full accountability” following a report of “gross mismanagement” at the mortuary that handles the remains of America’s fallen troops.
Text of Tester’s letter to Panetta is available below and online HERE.
December 9, 2011
The Honorable Leon Panetta
Department of Defense
1000 Defense Pentagon
Washington, DC 20301
Dear Secretary Panetta:
It has come to my attention that on September 13, 2011 one of the Defense Department’s TRICARE business associates, Science Applications International Corp (SAIC), had a data breach occur involving the personal identification and health information of certain TRICARE recipients. It was reported that almost five million patients, treated at San Antonio area military facilities since 1992, could be affected by this breach.
I am concerned that it took the Department of Defense over two weeks to post the initial notification and even longer to notify individuals affected by the breach. According to the TRICARE notification, the breach only affected San Antonio area military treatment facilities; however I have reports of constituents in the State of Montana who have likewise been affected. TRICARE also reported that no financial data was accessed, yet I’ve heard from constituents whose bank accounts and credit card information has been compromised based on the information that was accessed from the data breach. If patients were notified earlier, they could have notified their financial institutions before any confidential information was compromised.
It is troubling to me that a Department of Defense contractor would fail to safeguard the private records of our service members and veterans. It is unacceptable. As I’m sure you will agree, these folks put their lives on the line to help protect our nation; the last thing they should have to worry about is the protection of their private identification and health care information, especially when they entrust the federal government with that security.
Moving forward, I ask that you provide my office with the existing measures SAIC has taken to ensure the security of personal identification information, as well as the specific areas in which SAIC failed to protect their recipients, and SAIC’s plan to remedy this incident. I also ask that you provide my office with the various ways TRICARE recipients were affected by this data breach, the extent of the population impacted by this breach, and that you detail the Department of Defense’s plan to ensure future contractors provide the necessary safety and security measures for the privacy and health care information of TRICARE recipients.
I appreciate your time and I look forward to your response.