Data for nearly 600,000 Tricare-enrolled households stored on a government contractor's unprotected computer server could have been exposed to hackers, defense officials announced July 20.
Beneficiaries' names, addresses, Social Security numbers, birth dates and some health information were on a computer server without a firewall or adequate password protection, Tricare Management Activity officials said.
Officials disabled the server in May. Forensic analysis of the server found no evidence that any beneficiary information was compromised, said Leslie Shaffer, assistant privacy officer at the activity.
Science Applications International Corp. (SAIC) maintained the data in Shalimar, Fla., and used it to process several military health care contracts.
The server allowed for file transfer protocol transmissions of the data to its contract customers.
Officials discovered the security breach after contract customers reported nonsecure data transmissions.
SAIC continues investigating and placed some employees on administrative leave pending the outcome, a company release stated.
Since May, SAIC has processed the data, matching it with contact information to notify beneficiaries.
DoD and SAIC mailed a letter last month to beneficiaries whose data was put at risk. An incident response center has been set up to field customers' toll-free calls.
Beneficiaries put at risk can receive a free, one-year subscription to an identity restoration service, she said.
The incident response center can be reached toll free within the United States at (888) 862-2680. Those outside the United States may call collect at (515) 365-3550.
© 2007 National Guard Association of the United States Provided by ProQuest LLC. All Rights Reserved.
Source: National Guard
