Information Security News: Tricare files stolen from Central Region

[InfoSec News <isn () c4i org>]

Forwarded from: William Knowles <wk () c4i org>

http://www.estripes.com/article.asp?section=104&article=11756&archive=true

By Tom Philpott, Special to Stars and Stripes
European edition, Thursday, December 26, 2002

Enrollment and claim files of 550,000 Tricare beneficiaries across the 
16-state Central Region of the military's managed-care network have 
been stolen, officials announced Monday.

Missing are computer hard drives with names, addresses, phone numbers, 
Social Security numbers, claims data and other information on every 
servicemember, family member and retiree enrolled in Tricare through 
TriWest Healthcare Alliance Corp., the managed-care support contractor 
for the Central Region.

"This is theft of information, pure and simple," said David J. 
McIntyre Jr., president of TriWest, in a phone interview.

The Central Region comprises Arizona, Colorado, Idaho, Iowa, Kansas, 
Minnesota, Missouri, Montana, Nebraska, Nevada, New Mexico, North 
Dakota, South Dakota, Utah, Wyoming and western Texas.

Among potential victims of one of the largest identity theft cases in 
recent memory are tens of thousands of active-duty servicemembers 
listed as sponsors to family members.

The threat of financial mischief through credit card applications, 
access to e-mail, rerouting government checks and false 
identifications is clear. But the stolen data also would seem to 
create risks to national security and to personal safety, in light of 
the war on terror.

The break-in occurred Dec. 14, when every hard drive out of TriWest 
"servers" used to store enrollment and claims was stolen. TriWest for 
the past year has housed its servers in industrial park offices in 
northwest Phoenix.

The thief or thieves apparently gained access to a property manager's 
office, stole a master electronic key and entered TriWest spaces, 
according to reports. The office was not protected by surveillance 
cameras. Electronic-door records show the thief was confident enough 
about not getting caught to make two trips, in and out, of the secured 
area.

"We and the Department of Defense obviously are concerned for 
individuals whose personal records were stolen," said McIntyre. "We 
hope that the intent was not to steal the identities of individuals. - 
But we are operating on the assumption we need to take every measure 
to assist beneficiaries [understand] steps they can take to protect 
their information."

The FBI, Defense Criminal Investigative Service and other law 
enforcement agencies are investigating the incident.

TriWest is one of four contractors having deals with the Military 
Health System to provide care to servicemembers, retirees and their 
families. The four and, presumably, other managed-care contractors, 
were to deliver their bids in January for the next generation of 
Tricare support contracts. DOD has delayed the filing deadline by 
several weeks.

TriWest used backup tapes to restore stolen files within three hours 
of the theft’s discovery, McIntyre said. But irked Defense officials 
said in a statement they got word of the theft from TriWest on Dec. 
20, six days after it occurred, and then "began working with them to 
ensure uninterrupted delivery of medical benefits in the wake of the 
break-in."

Tricare officials have ordered other managed-care contractors to 
reassess their physical and electronic security.


- FWD -


http://tricare.osd.mil/newsreleases/2002/news0236.htm

December 23, 2002
No. 02-36

The TRICARE Management Activity announced today that computer 
equipment and files were stolen on Dec. 14, 2002, from its TRICARE 
Central Region health contractor, TriWest Healthcare Alliance Corp. in 
Phoenix, Ariz. TriWest contracts with the Military Health System to 
provide health services to service members, their families and 
retirees. The equipment and files were used to help deliver health 
care services to these beneficiaries residing mostly in central and 
western states of the United States.* 

The total impact of the theft is still being assessed. The case is 
being investigated by the Defense Criminal Investigative Service, FBI 
and other law enforcement agencies. 

The Department regrets any inconvenience this incident might cause. 

The Defense Department, after learning of the theft from TriWest on 
Dec. 20, began working with them to ensure uninterrupted delivery of 
medical benefits in the wake of the break-in. As more information is 
known about the theft, the department will ensure that TriWest will be 
in touch with affected beneficiaries. 

TriWest will contact affected individuals and will establish both a 
toll-free number and an e-mail address for TRICARE beneficiaries who 
have questions about what they need to know and do. 

The department has ordered all contractors working with the TRICARE 
system to assess their current physical and electronic security. 

For further information, beneficiaries may call toll-free (888) 
339-9378 or e-mail questions to computertheft () triwest com  


* Colorado, Idaho, Iowa, Kansas, Minnesota, Missouri, Montana, 
Nebraska, North Dakota, South Dakota, Utah, Wyoming, Arizona, New 
Mexico, Nevada, extreme Western Texas  

 

*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.