As you may have heard, personally identifying information regarding up to 4.9 million people was stolen from the possession of a Tricare contractor on September 14, 2011. The contractor, Science Applications International Corporation (SAIC), was responsible for maintaining information on patients who utilized San Antonio area military treatment facilities, including laboratory work. As the San Antonio laboratory facilities process certain laboratory tests for military treatment facilities worldwide, this includes a large number of patients who have never been seen in a San Antonio area facility. As part of the contract, SAIC was required to make backup copies of all information and transporting these backup copies to a remote location.
During transportation, the electronic files were stolen from the transporting vehicle. Fortunately, the format of the backups requires specific hardware and software to access the data. It is unlikely that the data will be viewed and used for any malicious purposes, but it is always good to be careful.
If the information were to be accessed, the personally identifying information of patients would be available to be used for fraudulent purposes. Included information may include names, Social Security Numbers, addresses, dates of birth, phone numbers, laboratory tests, and care provider names and locations. The Tricare Management Activity has asked SAIC to offer one year of free credit monitoring and identity theft restoration services to all patients whose information may have been included in the compromise files.
Obviously, they had to let people know whether they were involved. The 4.9 million involved represents over half of all Tricare eligible beneficiaries in the entire world! Letters were sent to patients whose information may have been involved, including letters to parents if the patient was a minor. My family received some of these letters recently. It appears that there are several forms of the letter, because our letters specifically reference laboratory work and the fact that the patient was a minor.
It is important to note that the letter does not specifically mention that in order to utilize the credit monitoring service offered in the letter, you have to call the SAIC Incident Response Call Center mentioned in the last paragraph of the letter. They are open Monday through Friday, 9 a.m. to 6 p.m. US Eastern Time. You may call toll free to 855-366-0140. If you are calling from outside the US, you may call collect to 952-556-8312. This is the same place to contact if you have other questions that were not answered in the letter.