The theft of computer hard drives containing more than 500,000 medical records of military personnel and their families could become one of the largest identity thefts on record, calling into question the Pentagon’s current endeavor to build a network to computerize the entire military health-care system, reports the Associated Press.
The records, containing Social Security numbers, medical claims histories, some credit card numbers and other private information, were taken during a break-in on Dec. 12 at Phoenix-based TriWest Healthcare Alliance, a defense contractor that provides managed health care for 1.1 million active-duty personnel, their dependents and retirees in 16 states.
The case adds to a series of commercial data thefts across Arizona in the past six months, apparently targeting private information in computer hard drives, experts told The Arizona Republic.
They said there is no way of knowing who is behind the crimes or whether they are related. The list of likely suspects range from Russian organized-crime rings to methamphetamine addicts to Middle Eastern terrorists.
With a person’s name, birth date and Social Security number, a skilled identity thief can easily open credit accounts and create fake documents like driver’s licenses.
“There’s a potential for identity theft. It hasn’t occurred yet,” company spokesman Jim Kassebaum told the Republic. “It’s a dark cloud hanging over us right now. If you know anything about identity theft, it’s a little insidious because until it happens, you can’t do anything about it.”
TriWest President David McIntyre Jr. posted his regrets on the company website: “Since the motives for the crime are unknown at this time, it is important that you are aware that there is the possibility that the information may be misused. … I apologize to you for any inconvenience that this incident may cause you or your family members.”
McIntyre also told the AP that the U.S. Attorney’s office in Phoenix planned to unveil a reward to help capture the culprits.
TriWest set up a 24-hour hotline and an e-mail address for people who may be affected by the theft.
TriWest’s 16-state area encompasses Arizona, Colorado, Idaho, Iowa, Kansas, Minnesota, Missouri, Montana, Nebraska, Nevada, New Mexico, North Dakota, South Dakota, Utah, Wyoming and western Texas.
According to the Republic, the company obtained a four-year extension on its contract – worth $2.5 billion – last year.
Despite the theft, the Defense Department announced last week that its project to create a digitized, networked patient record system – the Composite Health-Care System II – has been green-lighted for deployment to serve all 8.7 million service members, retirees and their families who receive medical care under Pentagon programs.
The Composite Health-Care System II, or CHCS II, will debut at up to seven military hospitals across the nation within the next year, and then go worldwide by 2006. Global implementation could take up to five years.
Defense officials hailed CHCS II as a “data gold mine” for military physicians and other health-care professionals, providing them with fast, around-the-clock access to patient records anywhere in the world.
“We can use powerful computers to go in and ‘mine’ information to help us take better care of our patients,” Navy Cmdr. Dr. Robert Wah explained.
Computerized databases also provide more accurate record keeping for service members being immunized with the smallpox vaccine, Wah said, noting that such methods can quickly identify who was immunized by a particular vaccine batch or lot.
“If there ever is a problem, we can determine who got a shot from a particular vial, much more quickly than a paper system,” he pointed out.
Privacy advocates warn hackers could have a field day with the centralized data.
“This makes it easier to find the information but also makes it easier for criminals” to access it, Ari Schwartz, associate director at the Center for Democracy and Technology, told the AP.
The Pentagon recently received an “F” grade for its computer security from the House Government Reform subcommittee on government efficiency, financial management and intergovernmental relations.
Subsequently, Pentagon officials are taking the breech “very seriously” and are “going to learn from this issue and do what’s necessary” to better guard such information in the future, spokesman Jim Turner told the AP.