October 17, 2011, 1:50 PM — A healthcare system for military personnel and their families is suing the U.S. Department of Defense for $4.9 billion for losing the tapes containing private and identifiable personal data on 4.9 million veterans and active military personnel.
Tricare is asking a court to award it $1,000 for each record that was lost. The unencrypted tapes held recorts including Social Security numbers, names, addresses, phone numbers, personal health data and everything else you'd need to create a whole new virtual person or fill our any number of credit applications.
The records cover people who received medical care at the DoD's San Antonio area facilities between 1992 and Sept. 7, 2011.
The tapes were lost or stolen from the car of an employee of Science Applications International Corp., a contractor working for Tricare.
Courts tend to dismiss suits like this one, according to Computerworld, though there is at least one $4 million award on record.
Considering how often and how thoroughly DoD servers have been raided, if this suit is allowed to go forward, there's no telling how much of the military budget will end up going not for new weapons systems but to compensate victims of DoD's consistently inconsistent security.
Someone must have figured the tapes aren't on anything about secret weapons, battle plans or the cost of a General's wardrobe and living expenses, so they aren't even enough of a security risk to be worth encrypting. Or worth not leaving unattended in a car in an unsecured parking lot?
It would be negligent to leave your iPhone in the car under those circumstances, let alone 4.9 million complete, detailed personnel records, complete with SS# and medical history? Maybe HIPAA is one of the few acronyms the military doesn't know.
Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.
