[Vision2020] Contractor: 900, 000 Medical Records Were Left Unsecured

Tom Hansen thansen at moscow.com
Tue Jul 24 15:19:18 PDT 2007 

>From the July 30, 2007 edition of the Army Times -

-------------------------------------------------------

Contractor: 900,000 medical records were left unsecured

By William H. McMichael - Staff Writer, Army Times

Personal data of close to 900,000 troops, family members and other
government employees stored on a private defense contractor's nonsecure
computer server has been compromised, the company announced July 20.

SAIC, the contractor, said the data - maintained under several Tricare
health care contracts with the Defense Department - included combinations of
names, addresses, Social Security numbers, birth dates and/or "limited
health information in the form of codes."

It was stored on a single, SAIC-owned, nonsecure server and was, in some
cases, transmitted over the Internet unencrypted. The information was
exposed while being processed, the company said. 

The company acknowledged it has known of the problem since May 29, when U.S.
Air Forces Europe told SAIC it had detected "unsecure transmission of
personal information concerning uniformed service members and other
individuals," according to an SAIC news release. 

However, SAIC had concerns about a potential problem even earlier. Two weeks
before USAFE contacted them, SAIC officials shut down the server "based on
general concerns regarding the security of transmissions," the news release
said. SAIC confirmed that personal information had been transmitted in an
unsecure manner and stored on an unsecured computer.

SAIC officials said the security lapses were "remedied" once they were
discovered and added that forensic analysis has shown no indications that
any of the lost personal data was actually compromised.

However, "the possibility cannot be ruled out," the news release said.

SAIC is notifying about 580,000 households, "some with more than one
affected person," according to the release. 

Affected are service members and family members of the Army, Navy, Air
Force, Marine Corps and the Department of Homeland Security. The breakdown
includes 173,939 Army; 151,315 Air Force; 96,925 Navy; 26,171 Marine and
10,415 Coast Guard. All told, SAIC officials said, the breach involves
867,000 individuals.

The company has taken full responsibility for the lapse. 

"We deeply regret this security failure, and I want to extend our apologies
to those affected by it," Chairman and Chief Executive Officer Ken Dahlberg
said. 

SAIC said the company is working with the affected agencies to "mitigate any
potential inconvenience or harm" the security lapse may have caused. It has
retained Kroll Inc. to help out those affected, opening an Incident Response
Center with extended hours, information resources and credit and identity
restoration services for any victims of related identity theft. All will be
provided at no cost to the government or those persons affected, SAIC said.

The notification letters going out to affected households will tell people
how to access those services, the company said.

-------------------------------------------------------

Seeya round town, Moscow.

Tom Hansen
Moscow, Idaho

"Patriotism is not a short and frenzied outburst of emotion but the tranquil
and steady dedication of a lifetime." 

--Adlai E. Stevenson, Jr.

More information about the Vision2020 mailing list