Tricare files stolen from Central Region
December 26, 2002
Enrollment and claim files of 550,000 Tricare beneficiaries across the 16-state Central Region of the military’s managed-care network have been stolen, officials announced Monday.
Missing are computer hard drives with names, addresses, phone numbers, Social Security numbers, claims data and other information on every servicemember, family member and retiree enrolled in Tricare through TriWest Healthcare Alliance Corp., the managed-care support contractor for the Central Region.
“This is theft of information, pure and simple,” said David J. McIntyre Jr., president of TriWest, in a phone interview.
The Central Region comprises Arizona, Colorado, Idaho, Iowa, Kansas, Minnesota, Missouri, Montana, Nebraska, Nevada, New Mexico, North Dakota, South Dakota, Utah, Wyoming and western Texas.
Among potential victims of one of the largest identity theft cases in recent memory are tens of thousands of active-duty servicemembers listed as sponsors to family members.
The threat of financial mischief through credit card applications, access to e-mail, rerouting government checks and false identifications is clear. But the stolen data also would seem to create risks to national security and to personal safety, in light of the war on terror.
The break-in occurred Dec. 14, when every hard drive out of TriWest “servers” used to store enrollment and claims was stolen. TriWest for the past year has housed its servers in industrial park offices in northwest Phoenix.
The thief or thieves apparently gained access to a property manager’s office, stole a master electronic key and entered TriWest spaces, according to reports. The office was not protected by surveillance cameras. Electronic-door records show the thief was confident enough about not getting caught to make two trips, in and out, of the secured area.
“We and the Department of Defense obviously are concerned for individuals whose personal records were stolen,” said McIntyre. “We hope that the intent was not to steal the identities of individuals. … But we are operating on the assumption we need to take every measure to assist beneficiaries [understand] steps they can take to protect their information.”
The FBI, Defense Criminal Investigative Service and other law enforcement agencies are investigating the incident.
TriWest is one of four contractors having deals with the Military Health System to provide care to servicemembers, retirees and their families. The four and, presumably, other managed-care contractors, were to deliver their bids in January for the next generation of Tricare support contracts. DOD has delayed the filing deadline by several weeks.
TriWest used backup tapes to restore stolen files within three hours of the theft’s discovery, McIntyre said. But irked Defense officials said in a statement they got word of the theft from TriWest on Dec. 20, six days after it occurred, and then “began working with them to ensure uninterrupted delivery of medical benefits in the wake of the break-in.”
Tricare officials have ordered other managed-care contractors to reassess their physical and electronic security.
— Comments and suggestions are welcomed. Write to Military Update, P.O. Box 231111, Centreville, VA. 20120-1111, or send e-mail to: firstname.lastname@example.org