Military Healthcare Data Stolen 302
An anonymous reader writes "TriWest, a federal contractor providing healthcare to the military, had computer hardware stolen from one of their offices. Social security numbers, credit card numbers, and healthcare information about 500,000 US military personnel and their families is contained on the stolen hardware. The AP picked up the story. The theft is also being covered by the Salt Lake Tribune and the Arizona Republic. This opens the door to speculation about who would be interested in the data held by a military contractor and what they will do with the information."
Not sexy, but effective (Score:4, Interesting)
This makes me think of all the conference speeches I've given on security, watching folks yawn through the physical security sections.
Firewall indeed.
-JPJ
What ?!?!? (Score:5, Interesting)
Do they even know they have the data? (Score:4, Interesting)
Re:hmm... (Score:4, Interesting)
Anyway, a main goal of HIPAA is the Doctor-Patient confidentiality (which is in existance today, but not really upheld). Basically, the simple fact that you go to a certian doctor is concidered "secret" by federal law... I'd imagine that for the military, it's a little more strict.
OHH NO! (Score:0, Interesting)
I never thought I would use that phrase in a case where it actually makes sense.
tricare is a POS (Score:4, Interesting)
It is *the* worst insurance system in the world.
Call them twice - ask the same question - you will get a different answer 85% of the time. There are times, infact, where it's been better to *not* use them at all, and just pay outright.
I feel for all you who are forced to use tricare, and are now possibly screwed somehow because your info was stolen. Keep your eye on your accounts and whatnot, I know we will be doing so more then ever.
Identity Theft heaven (Score:2, Interesting)
had to prep all of his vital information "in
the event of". This data probabaly contains
all the info one could ever desire to carry
out succesful ID theft:
for dependents?
the theft for an extended period
authorities busy
Dissolve the assets of the company
as a lesson for protectors of our data, and
make a slush fund to pay out when the
attacks start.
Re:stiff penalties for careless companies (Score:4, Interesting)
Sure, there is. In many situations, where you entrust companies or individuals with valuable or private information, they have a responsibility to take reasonable care to keep it private. It's just that there aren't particularly stiff penalties right now. And that has resulted in an unacceptable carelessness by companies when dealing with customer information.
The business deserves, simply, to lose its government contract. Why you want to complicate this matter and rewrite corporate law is beyond me.
We have notions of "fiduciary duty" and "criminal negligence" for physical property. It makes sense to apply them to what companies do with personal information.
your analogy is wrong (Score:3, Interesting)
You see, your private information is valuable. If it falls into the wrong hands, you may lose your life savings. Companies that you entrust with it have a duty to treat it with care.
Furthermore, the tax payer shouldn't be responsible for tracking down losses that are enabled by the complete carelessness of poorly run businesses.
It's a well-established legal principle that if you entrust somebody with something valuable, in many cases, they are legally responsible if it's lost or stolen if they didn't take proper care of it. In fact, airlines are liable for loss of your luggage even if they did take proper care of it.
Since personal information is often much more valuable than luggage and since losses are hard to quantify (e.g., suffering from identity theft, etc.), penalties should be stiff.
If a company takes reasonable care to secure their computer systems physically and against break-ins, then they shouldn't be penalized for negligence when data is stolen (although they may still be liable). But this case, like most others, smacks of complete negligence on the part of the company.
Military REQUIRES DNA samples, security on it? (Score:4, Interesting)
We had a lot of questions about this such as; storage (where, how long), would they be destroyed after discharge, could it be used against us(in legal proceeding, for insurance purposes)?
We weren't given the answers to those questions. Now I'm wondering where the hell that vial of blood and cotton swab is right now. How secure is it? How could a DNA sample labeled with my SSN be used against me?
Re:hmm... (Score:2, Interesting)
As far as I'm aware, the next round of extensions run out next October.
However, nothing I've seen about HIPPA would have stopped this. It just instructs them to take "reasonable precautions", and describes what types and combinations of information can't be accessed by unauthorized users.
Murder Revenge (Score:1, Interesting)
"Fundamentalist Islamic law includes the concept of thaa'r, which binds the relatives of a murdered man to seek vengance of similar kind. Not only is reciprocal murder condoned under the law; it is an inescapable social obligation."
To date, many believers have been killed in battles and wars, but their deaths remain unavenged.
While the medical records might not be a neon arrow pointing to the soldier, sailor, airman, or marine
"I am looking for a soldier who served in Afghanistan and killed my family
"We have his medical records right here. And, we have the medical records of his family
Oh, really? Too far-fetched? A little too much paranoia? Last year, Afghani civilians [al Qa'eda, Taliban, people promised huge rewards, and people threatened to find information or die] penetrated the Bagram compound and were caught searching through the trash piles for personal information on soldiers
See "The Feather Men" by Sir Ranulph Fiennes [Soon to be a motion picture by a questionable director]