Army waited to tell of possible security breach
6,000 beneficiaries receive letters detailing loss of info on laptop
By KEVIN DOUGHERTY | STARS AND STRIPES Published: December 2, 2008
VILSECK, Germany — U.S. Army medical officials in southeast Germany waited nearly two months before notifying more than 6,000 beneficiaries of a possible security breach regarding their personal information stored on a lost laptop computer.
Authorities know the names, Social Security numbers and health information of at least 26 individuals were stored on the laptop, according to a news release sent Monday from the U.S. Army Medical Department Activity, Bavaria.
However, officials said similar information on approximately 6,000 other patients also may have been on the missing computer, though they don’t know for sure.
According to the release, the laptop went missing on Oct. 4.
Notices that were sent to the beneficiaries on Nov. 24 were characterized as a precaution.
The letters were addressed to not only beneficiaries in the affected region, but to people from other regional commands in the United States and elsewhere who may be affected, the release states.
The release did not explain why Army medical officials waited so long to notify the public.
In a phone interview late Monday, Lt. Col. Henry Spring, the unit’s deputy commander of clinical services, attributed the delay to bureaucracy, privacy issues, the need to provide reliable information and a concern over unduly scaring people.
"Privacy is important," Spring said.
"We are concerned about people’s privacy."
The employee who lost the laptop apparently had it in their backpack while at Nuremberg’s main train station, according to the release.
The employee, who was not named, was en route to a temporary duty assignment when they lost track of the backpack prior to boarding their train, said Anne Torphy, a unit spokeswoman.
Officials believe whoever took possession of the laptop "could not access" the data on it "because of the encryption software program," Spring said.
The user must have connection to a U.S. government network, a secure Common Access Card, and a password to access the computer, the release said.
"At no point," Spring added, "did we underestimate the concern it would cause folks."
Army officials in Vilseck have established a hotline for those who have received letters.
The number is: (DSN) 476-4627, or civilian at 09662-83-4627. There is also an e-mail address people can write to: BMEDDAC.Privacy@amedd.army.mil.