[ISN] Tricare files stolen from Central Region

From: InfoSec News (isnat_private)
Date: Tue Dec 31 2002 - 00:56:45 PST

  • Next message: InfoSec News: "[ISN] Linux Security Week - December 30th 2002"

    Forwarded from: William Knowles <wkat_private>
    By Tom Philpott, Special to Stars and Stripes
    European edition, Thursday, December 26, 2002
    Enrollment and claim files of 550,000 Tricare beneficiaries across the 
    16-state Central Region of the military's managed-care network have 
    been stolen, officials announced Monday.
    Missing are computer hard drives with names, addresses, phone numbers, 
    Social Security numbers, claims data and other information on every 
    servicemember, family member and retiree enrolled in Tricare through 
    TriWest Healthcare Alliance Corp., the managed-care support contractor 
    for the Central Region.
    "This is theft of information, pure and simple," said David J. 
    McIntyre Jr., president of TriWest, in a phone interview.
    The Central Region comprises Arizona, Colorado, Idaho, Iowa, Kansas, 
    Minnesota, Missouri, Montana, Nebraska, Nevada, New Mexico, North 
    Dakota, South Dakota, Utah, Wyoming and western Texas.
    Among potential victims of one of the largest identity theft cases in 
    recent memory are tens of thousands of active-duty servicemembers 
    listed as sponsors to family members.
    The threat of financial mischief through credit card applications, 
    access to e-mail, rerouting government checks and false 
    identifications is clear. But the stolen data also would seem to 
    create risks to national security and to personal safety, in light of 
    the war on terror.
    The break-in occurred Dec. 14, when every hard drive out of TriWest 
    "servers" used to store enrollment and claims was stolen. TriWest for 
    the past year has housed its servers in industrial park offices in 
    northwest Phoenix.
    The thief or thieves apparently gained access to a property manager's 
    office, stole a master electronic key and entered TriWest spaces, 
    according to reports. The office was not protected by surveillance 
    cameras. Electronic-door records show the thief was confident enough 
    about not getting caught to make two trips, in and out, of the secured 
    "We and the Department of Defense obviously are concerned for 
    individuals whose personal records were stolen," said McIntyre. "We 
    hope that the intent was not to steal the identities of individuals. - 
    But we are operating on the assumption we need to take every measure 
    to assist beneficiaries [understand] steps they can take to protect 
    their information."
    The FBI, Defense Criminal Investigative Service and other law 
    enforcement agencies are investigating the incident.
    TriWest is one of four contractors having deals with the Military 
    Health System to provide care to servicemembers, retirees and their 
    families. The four and, presumably, other managed-care contractors, 
    were to deliver their bids in January for the next generation of 
    Tricare support contracts. DOD has delayed the filing deadline by 
    several weeks.
    TriWest used backup tapes to restore stolen files within three hours 
    of the theft’s discovery, McIntyre said. But irked Defense officials 
    said in a statement they got word of the theft from TriWest on Dec. 
    20, six days after it occurred, and then "began working with them to 
    ensure uninterrupted delivery of medical benefits in the wake of the 
    Tricare officials have ordered other managed-care contractors to 
    reassess their physical and electronic security.
    - FWD -
    December 23, 2002
    No. 02-36
    The TRICARE Management Activity announced today that computer 
    equipment and files were stolen on Dec. 14, 2002, from its TRICARE 
    Central Region health contractor, TriWest Healthcare Alliance Corp. in 
    Phoenix, Ariz. TriWest contracts with the Military Health System to 
    provide health services to service members, their families and 
    retirees. The equipment and files were used to help deliver health 
    care services to these beneficiaries residing mostly in central and 
    western states of the United States.* 
    The total impact of the theft is still being assessed. The case is 
    being investigated by the Defense Criminal Investigative Service, FBI 
    and other law enforcement agencies. 
    The Department regrets any inconvenience this incident might cause. 
    The Defense Department, after learning of the theft from TriWest on 
    Dec. 20, began working with them to ensure uninterrupted delivery of 
    medical benefits in the wake of the break-in. As more information is 
    known about the theft, the department will ensure that TriWest will be 
    in touch with affected beneficiaries. 
    TriWest will contact affected individuals and will establish both a 
    toll-free number and an e-mail address for TRICARE beneficiaries who 
    have questions about what they need to know and do. 
    The department has ordered all contractors working with the TRICARE 
    system to assess their current physical and electronic security. 
    For further information, beneficiaries may call toll-free (888) 
    339-9378 or e-mail questions to computertheftat_private 
    * Colorado, Idaho, Iowa, Kansas, Minnesota, Missouri, Montana, 
    Nebraska, North Dakota, South Dakota, Utah, Wyoming, Arizona, New 
    Mexico, Nevada, extreme Western Texas  
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue Dec 31 2002 - 08:01:42 PST