Military health service providers, TRICARE and Science Applications International Corporation (SAIC) report a data breach of involving the personal information of an estimated 4.9 million military clinic and hospital patients.
The lost data was stored on back-up tapes that contained patient health care information from 1992 until September 7, 2011. The exposed information may include names, Social Security numbers, addresses, phone numbers, diagnoses, treatment information, provider names, provider locations, and other personal health data such as clinical notes, laboratory tests and prescriptions, according to a data breach notification statement issued by the companies.
The statement claims that the tapes did not contain financial data, credit card, or banking information. It remains unknown exactly how the data went missing. It is also unclear whether the stored data was encrypted. However, the data breach statement says that patient risk is low, as retrieving the data stored on the tapes would, allegedly, “…require knowledge of and access to specific hardware and software and knowledge of the system and data structure.”
SAIC did not respond to a request for comment.
Individuals at risk of exposure are those that received care at or whose health care information was processed through military treatment facilities in the San Antonio area between 1992 and September 7 of this year.
“TRICARE and SAIC are working together to identify as quickly as possible all beneficiaries whose information may have been involved in the breach and notify as appropriate,” the statement reads.