Military Medical Breach Revealed

A government contractor handling sensitive health information for 867,000 U.S. service members and their families acknowledged yesterday that some of its employees sent unencrypted data — such as medical appointments, treatments and diagnoses — across the Internet.

Air Force investigators are probing the security breach at Science Applications International Corp. (SAIC) of San Diego, an $8 billion defense contractor that holds sensitive government contracts, including for information security.

The breach was discovered in May and involved data being processed by SAIC under nine health-care data contracts for the military. It was detected during routine scanning for questionable network traffic by a special military task force that directs the operation of the military’s computer network, said an Air Force spokeswoman, Jean Schaefer. The task force determined that medical data were being sent through a server that was not secure against hacker attacks, she said. It is illegal to transmit unencrypted health information over the Internet.

So far, there is no evidence that personal data have been compromised, but “the possibility cannot be ruled out,” SAIC said in a press release. The firm has fixed the security breach, the release said.

In a statement, the Pentagon’s Tricare office said the risk to those affected was “very low, but the Department of Defense takes these events very seriously.”

{When the Department of Defense ignores health privacy, it is a clear sign that old habits die hard.  To paraphrase Mel Brooks: “When the Pentagon or SAIC loses your health records it’s a comedy but when they lose their own it’s a tragedy.”  The fact that the Department of Defense believes there is ‘very low’ risk involved in a breach of military health records, highlights the reason legislation must be enacted that gives the right of control and consent back to the true owner of health records: you. ~ Dr. Deborah Peel, Patient Privacy Rights}

Leave a Reply

Your email address will not be published. Required fields are marked *