December 02, 2011

Dec. 2, 2011: Bipartisan Group of Lawmakers Query TRICARE After Security Breach

Lawmakers cite multiple security breaches, contractor conduct as concerns

WASHINGTON, D.C. – Representatives Edward J. Markey (D-Mass.), Joe Barton (R-Texas), Cliff Stearns (R-Fla.), Diana DeGette (D-Colo.) and Robert Andrews (D-N.J.), today sent a letter to the TRICARE Management Agency (TMA) after one of the company’s contractors, Science Applications International Corporation (SAIC), was involved in a major breach of personal and confidential health information of 4.9 million military clinic and hospital patients. Computer backup tapes containing patient data such as Social Security numbers, addresses and health diagnoses were stolen from the vehicle of an SAIC employee in San Antonio, Texas on September 14, putting patients at risk of identity theft. SAIC, the recipient of $20 billion in federal contracts over the previous three fiscal years despite complaints from federal officials, has had at least six prior security incidents including one last year that also involved stolen computer backup tapes. In the letter the lawmakers ask what steps TMA has taken since these breaches as well as what future action will occur to prevent future data leaks.

The letter to TRICARE Management Authority can be found HERE.

“This breach by a firm responsible for handling the military health provider’s patient data represents an extremely serious and substantial lapse in security,” write the lawmakers in the letter.

The lawmakers ask TRICARE to respond to questions that include:

What security precautions and protections does TMA require SAIC or other technology contractors to utilize in the handling of patients’ personal health information?
Does TMA require SAIC or other contractors to have a formal documented policy that requires personal health information to be encrypted or otherwise be made indecipherable to unauthorized individuals?
Was TMA aware of SAIC’s prior data breaches before awarding this contract?
Will TMA require SAIC and its other contractors to eliminate the physical transport of backup tapes containing personal health information in favor of a more secure and reliable method?
Why does TMA continue to contract with SAIC for its data handling and IT needs despite these major performance problems?

Rep. Markey is co-Chairman of the Bi-Partisan Congressional Privacy Caucus and author of key medical privacy provisions in the American Recovery and Reinvestment Act. Rep. Barton is co-Chairman of the Bi-Partisan Congressional Privacy Caucus. Rep. Sterns is Chairman of the Subcommittee on Oversight and Investigations. Rep. DeGette is Ranking Member on the Subcommittee on Oversight and Investigations. Rep. Andrews is a member of the House Armed Services Committee (HASC) and last year served as chairman of the Defense Acquisition Reform Panel, tasked by HASC with providing recommendations for addressing deficiencies in the military’s procurement system.

###