Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Military Healthcare Data Stolen

michael posted more than 11 years ago | from the sick-call dept.

Security 302

An anonymous reader writes "TriWest, a federal contractor providing healthcare to the military, had computer hardware stolen from one of their offices. Social security numbers, credit card numbers, and healthcare information about 500,000 US military personnel and their families is contained on the stolen hardware. The AP picked up the story. The theft is also being covered by the Salt Lake Tribune and the Arizona Republic. This opens the door to speculation about who would be interested in the data held by a military contractor and what they will do with the information."

Sorry! There are no comments related to the filter you selected.

BOred off my ass first fucking cock post bitches (-1, Troll)

Anonymous Coward | more than 11 years ago | (#4970618)

slut nigger bitch....

call 956 972 0032 for sex

matthew havener

Re:BOred off my ass first fucking cock post bitche (-1, Flamebait)

Anonymous Coward | more than 11 years ago | (#4970658)

Come on then bitch! Bend over & take it like a man! Are you sat on slashdot hitting reload every 30 seconds?!?!?!?

Try getting out more... Maybe getting a friend?!?!?!

Re:BOred off my ass first fucking cock post bitche (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#4970659)

Google search reveals: Janine Havener, (956) 972-0032, 1406 Mockingbird Ave, Mission, TX 78572 Yahoo! Maps MapQuest

You mean... (0, Offtopic)

drmofe (523606) | more than 11 years ago | (#4970626)

The files were IN the computer?

If the thief is a Linux user... (-1, Flamebait)

Anonymous Coward | more than 11 years ago | (#4970673)

...then that's OK. He's fighting for OSS. That makes it right.

Someone's been watching ben stiller movies (0)

Anonymous Coward | more than 11 years ago | (#4970720)

At least one too many.

one is too many (0)

Anonymous Coward | more than 11 years ago | (#4970806)

  • [yup]

Re:You mean... (0)

Anonymous Coward | more than 11 years ago | (#4970841)

Oh! Snap!

hmm... (5, Insightful)

Transcendent (204992) | more than 11 years ago | (#4970627)

This opens the door to speculation about who would be interested in the data held by a military contractor and what they will do with the information.

Well if the military keeps a record of imunizations of its soldiers, then any country wishing to use bio weapons upon the US could use their medical record to determine which viruses/bacteria/pathogens they are weakest against.

Re:hmm... (1)

niker (593109) | more than 11 years ago | (#4970646)

I ask: Is such information regarded as "secret" ?

Re:hmm... (4, Interesting)

Transcendent (204992) | more than 11 years ago | (#4970688)

Actually, because of a somewhat recent (clinton... 1996) democratic idea, a new act was passed called HIPAA (Health Insurance Portability and Accountability Act of 1996). This creates a lot of change in the way we handle patient information. New electronic billing formats, and even patient sign-ins. I think that they're also going to make it where any procedure done to you must be approved by the insurance first... which really pisses me off.

Anyway, a main goal of HIPAA is the Doctor-Patient confidentiality (which is in existance today, but not really upheld). Basically, the simple fact that you go to a certian doctor is concidered "secret" by federal law... I'd imagine that for the military, it's a little more strict.

Re:hmm... (2)

rodgerd (402) | more than 11 years ago | (#4970656)

Way too hard. Just identify people who may have important expertise (senior staf, technical specialists, and the like), and start arranging for a string of accidents.

Re:hmm... (0)

Anonymous Coward | more than 11 years ago | (#4970771)

Nah, that can not be done based on such simple yet large amount of data. Knowing vaccination programs US forces have would be of some help, but you don't need individual records? But most of that data is semi-public; that coupled with well-known data about efficiency and coverage (time span) of vaccination would be some help.

And still... why bother? Bioweapons just suck in actual warfare, are way too slow and random... that's why they weren't really pursued all that seriously by superpowers.

Re:hmm... (1)

pyrote (151588) | more than 11 years ago | (#4970831)

from what i recall, not too many superpowers were involved in september 11th

Identity Theft heaven (2, Interesting)

Anonymous Coward | more than 11 years ago | (#4970888)

One of my co-worker's husband recently
had to prep all of his vital information "in
the event of". This data probabaly contains
all the info one could ever desire to carry
out succesful ID theft:
  • *All* vital stats (in original form?) including
    for dependents?
  • Individuals that will be unable to detect
    the theft for an extended period
  • A SNAFU the size of Iraq to keep the
    authorities busy
My solution:
Dissolve the assets of the company
as a lesson for protectors of our data, and
make a slush fund to pay out when the
attacks start.

is it possible? (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#4970630)

to get a first and second post from the same comp?

Re:is it possible? (0)

Anonymous Coward | more than 11 years ago | (#4970735)

Yes, I've done it.. but only in an apple article, where the total number of posts before it got archived was like 11.

Who is stupid enough... (2, Informative)

YahoKa (577942) | more than 11 years ago | (#4970634)

To steal from somewhere the military has a huge interest. They'll probably spend the cashola on the investigation, and when they are caught someone is going to get it REALLY hard right up the ...

Re:Who is stupid enough... (5, Insightful)

rodgerd (402) | more than 11 years ago | (#4970702)

Yeah. Like the way the Mad Anthrax Mailer suddenly went from a "must get" when it was thought to be a filthy foriegner to a "drop like hot potato" when it started looking like ties to senior millitary research labs.

Re:Who is stupid enough... (0)

Anonymous Coward | more than 11 years ago | (#4970739)

it was a lot harder to blame a white guy when they were trying to pin it on a brown guy....

Big surprise? (5, Insightful)

Sad Loser (625938) | more than 11 years ago | (#4970639)

I work in healthcare
Healthcare sysadmins are often pretty poorly paid and are often people who would not make it in a business environment, and the security is often minimal. I know, I 'test' it.
I think we will have a few more of these disasters until the healthcare industry realises that IT is part of its core business and has to pay accordingly.

Re:Big surprise? (2)

joebagodonuts (561066) | more than 11 years ago | (#4970666)

You've got to be kidding. A good sysadmin would stop someone from breaking in and stealing the box? You might want to read the article, or even the submission.

Re:Big surprise? (1)

SparkyMartin (206236) | more than 11 years ago | (#4970875)

A good sysadmin would know that pumping iron and working on getting his blackbelt is simply part of the job. Heck, I keep sawed off ol' betsie under my desk just in case some riffraff wanna enter my network turf.

Just proves the hackers axiom (5, Insightful)

The Tyro (247333) | more than 11 years ago | (#4970717)


if you haven't got physical security, you haven't got ANY security.

Re:Big surprise? (2)

nege (263655) | more than 11 years ago | (#4970746)

people who would not make it in a business environment,

Sweet, I know where to apply for a job now! Awesome, thanks buddy! (and to think all those big companies laughed at my resume!!)

Not sexy, but effective (4, Interesting)

John Paul Jones (151355) | more than 11 years ago | (#4970641)

This makes me think of all the conference speeches I've given on security, watching folks yawn through the physical security sections.

Firewall indeed.

-JPJ

Re:Not sexy, but effective (3, Insightful)

iomud (241310) | more than 11 years ago | (#4970689)

That reminds me of the scene in wargames when the tour group enters through the obscenely thick door. Ironic to the point of insane.

In other news... (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#4970643)

Jim Bob from Texas (a soldier) just received personal invitations to join a rival health-care company.

In other news... (4, Funny)

bheerssen (534014) | more than 11 years ago | (#4970644)

The Defence Department learns that Windows are a problem in information security.

Re:In other news... (0)

Anonymous Coward | more than 11 years ago | (#4970728)

Unless you are trying to be funny, and mean "unlocked windows", you are an idiot.

What the heck does the OS have to do with the fact that the hardware was stolen?

Re:In other news... (0)

Spellbinder (615834) | more than 11 years ago | (#4970816)

maybe he thinks:
"if it was a linux / unix machine the thiefs would not know how to use it."
but i can assure you this way it is much better.
cause it's windows it will crash every time they try to access the data and finally the govs can trace 'em with help of the m$ spyware =))))))

Re:In other news... (0)

Anonymous Coward | more than 11 years ago | (#4970763)

Hey, mod this up as a 2, funny! It's a good groaner of an attempt at humor, not a swipe at MS.

Security (1, Insightful)

Anonymous Coward | more than 11 years ago | (#4970645)

Well, hopefully the systems were using linux or a BSD, had difficult passwords, and encrypted the records......

Re:Security (2, Insightful)

bheerssen (534014) | more than 11 years ago | (#4970684)

Nah, if the thieves were really after the information and not the hardware, they'd just mount the drives on a new computer. Access the files that way. This just proves that physical security is just as important as on-line security. Does you no good to secure a critical server against online attacks if you put the server in an insecure physical environment. The article implies that the building that contained these servers are standard office buildings. Simple locks on interior doors and many people with access to the building. Not exactly what I'd call secure.

Encryption is a good point, but what do you think the chances are any of the data is encrypted. Slim?

Re:Security (0)

Anonymous Coward | more than 11 years ago | (#4970719)

none... they even probably used win32 or mac

Re:Security (2, Informative)

Oob the Rhox (636966) | more than 11 years ago | (#4970750)

Because this is health care information, HIPAA [hhs.gov] , the health information portability and accountability act applies. Unfortunately, encryption is not required: under technical controls, they state:The following implementation feature must be implemented: Procedure for emergency access. In addition, at least one of the following three implementation features must be implemented: Context-based access, Role-based access, User-based access. The use of Encryption is optional. However, there are also physical access controls required, and clearly those failed.

The real guts of story might be that this will be a poster child for what can go wrong with centralized health care databases. In the long run, this might be a good thing to have happened.

NO! (0)

Anonymous Coward | more than 11 years ago | (#4970800)

Filesystem encryption is not well-supported in ANY of the free operating systems. Linux has some very cludgy loopback system support, which you would not want to use in a production system. Reiser 4 should have some very solid, thoughtfully-integrated crypto abilities, but other than that, nothing. Even the security-oriented OpenBSD scoffs at having encrypted FS. They think that anyone who wants that is "paranoid". Huh?

Protection (1, Insightful)

lamery (598414) | more than 11 years ago | (#4970648)

Hopefully the data is encrypted? You'd think (and hope) that having a government contract would mean the company has some decent security. This much information can be abused in any number of ways, not just by terrorists. Perhaps this is an argument against having people's entire lives stored in a database.

It isn't. (2)

StupidKatz (467476) | more than 11 years ago | (#4970843)

Trust me. Unless it's actually classified... it's not encrypted.

Healthcare data isn't classified.

What ?!?!? (5, Interesting)

Tin Weasil (246885) | more than 11 years ago | (#4970649)

What makes people so sure they were after the computer for that data? They probably stole it so they could play The Sims Online.

Re:What ?!?!? (2, Insightful)

Hex4def6 (538820) | more than 11 years ago | (#4970767)

Come one...
Who wouldn't want to know all that juicy data? Just think - blackmailing GI's who haven't got their latest TB shot...
learning the secrets to healthcare in the military.. .
The list goes on and on ;)

Re:What ?!?!? (2, Funny)

lgftsa (617184) | more than 11 years ago | (#4970783)

Just think - blackmailing GI's who haven't got their latest TB shot...

Yeah, I can just see Agents of a Foreign Power going round to their homes and threatening them with a rusty nail.

"You for us work now, comrade, or poke you with this, we do!"

RTFA (4, Insightful)

dackroyd (468778) | more than 11 years ago | (#4970851)

It's in the first line.

Thieves who broke into a government contractor's office snatched computer hard drives containing Social Security numbers, addresses and other records of about 500,000 members of the military and their families.

Only the harddrives were taken from the machines, so unless the thieves were desperate for more space to download mp3s onto, then it's quite probable that they were just after the data.

National Strategy to secure.... (3, Insightful)

sickmtbnutcase (608308) | more than 11 years ago | (#4970651)

maybe the US governement should secure their equipment a little better before they try to secure the internet.....

Re:National Strategy to secure.... (2)

neocon (580579) | more than 11 years ago | (#4970655)

<sarcasm>Oh, clearly. Heaven forbid they try to secure both the hardware and the network!</sarcasm>

Huh?

Re:National Strategy to secure.... (1)

BigBir3d (454486) | more than 11 years ago | (#4970657)

in a lot of facilities the hdd does not stay in the pc during the night time. locked in a safe somewhere.

Re:National Strategy to secure.... (0)

Anonymous Coward | more than 11 years ago | (#4970786)

Quiet, karma whore.

500,000 credit cards no. with SSN? (1)

jsse (254124) | more than 11 years ago | (#4970653)

That's a lot! Black market price of a valid credit card no. with associated information(or a real stolen credit card) is around $10, that's $5,000,000 in total!!

RTFA (0)

Anonymous Coward | more than 11 years ago | (#4970736)

It was 500,000 records including ssn's, and SOME credit card information. That doesn't mean that EVERY ONE of those people even HAVE credit cards, much less that each stolen record includes credit card numbers.

Re:RTFA (0)

Anonymous Coward | more than 11 years ago | (#4970759)

Even still, out of 500,000 'some' can add up to quite a lot of credit cards. Even those that lack credit card data can be used for some form of identity fraud. I would think that military-related data such as this would be more closely safeguarded, but as someone else mentioned already those healthcare workers are usually very badly paid.

Makes you wonder if the government should even bother pursuing their Big Brother-esque TIA program. As soon as it's created, it's only a matter of time until it is compromised.

HIPAA (1)

spanky1 (635767) | more than 11 years ago | (#4970661)

Now if the government contractor was only following the government mandated HIPAA regulations....

Re:HIPAA (1)

etcshadow (579275) | more than 11 years ago | (#4970714)

Well, actually HIPAA security regulations are not in effect yet. In fact, the security regulations are not even WRITTEN yet. The first *real* application of HIPAA is with the privacy regulations coming in April of this year.

However, the point is well made that when the final HIPAA security regulations do go into effect, they certainly should include provisions about minimal *physical* security measures, as well as the expected network and application security measures.

How? (1)

reitoei1971 (583076) | more than 11 years ago | (#4970662)

Few security questions here.. How can someone just walk out of a building with a computer? Isnt the data encrypted on disk? Why does a contractor even need SSN's, etc? But we all know we have no privacy anyway, right?

Re:How? (2)

iiioxx (610652) | more than 11 years ago | (#4970696)

How can someone just walk out of a building with a computer?

Smash window, climb through, grab computer, walk out.

Isnt the data encrypted on disk?

Don't count on it.

Why does a contractor even need SSN's, etc?

A soldier's military service number is his SSN (been that way since the 70's or so). All of a soldier's records are tied to it.

Re:How? (0)

Anonymous Coward | more than 11 years ago | (#4970699)

It's pretty easy to walk out of a building with a desktop computer. Burgalaries like this happen all the time, particularlly at smaller companies and offices without full-time security staff.

Hopefully it was encrypted, but then hopefully I will win $50 million in the lottery. The last company I worked for had an official policy that all data on laptops had to be encrypted -- of course they only paid it lipservice and didn't actually license any encryption software for the staff to use (and we all had laptops). Sadly, for the US, that's actually pretty progressive on privacy and security issues. :(

Regardless of the data security techniques used (encryption, passwords, etc.), this type of data should not be stored on a machine that is easy to walk away with.

People don't take information security serriously enough, and probably won't until a few high profile lawsuits for negligence rip into a few corporations.

Re:How? (2)

WetCat (558132) | more than 11 years ago | (#4970799)

When people say "the data on the computer should be encrypted" I usually reply "with what?"
You cannot just encrypt the data, you can only
encrypt a data with a key.
Storing key on the same computer with the data
is a waste of time and money, it's the same situation as storing the key from your apartment
under the rug at the apartment's door.
Of course some data can be mangled by MD5ng or
SHAing (hashing) it -
a good read about this (and related) technique is at Translucent Databases [slashdot.org] ,
but technically it's not an encryption.

Re:How? (2)

nege (263655) | more than 11 years ago | (#4970756)

Why does a contractor need SSNs?? Well for a primary key, goofus! They havent heard of the SERIAL thingy in PostgreSQL as of yet.

nerd joke rimshot!!

What list is your name on? (1)

vonkraken (228236) | more than 11 years ago | (#4970663)

If my name was on that list I would be very very worried about my family. If it was indeed for nefarious purposes that it was stolen, then there should be even more cause for alarm.

I only hope that this allows the government to realize the enormous burden upon them to protect our information as a national security priority in a non-conspiracy theory kind of a way (is this even possible?).

Cheers,

VonKraken

stiff penalties for careless companies (4, Insightful)

g4dget (579145) | more than 11 years ago | (#4970670)

Rather than spending money on tracking down and throwing a bunch of clueless hackers in jail, law enforcement should really focus on the criminals that are easy to identify and prosecute: companies that don't treat customer data with appropriate care. If a few high-profile cases resulted in hundreds of millions of dollars in fines, these cases would soon stop happening: companies would finally make the modest investments necessary to keep customer data secure.

Re:stiff penalties for careless companies (0)

Anonymous Coward | more than 11 years ago | (#4970743)

Wasn't there a recent slashdot article on encrypting data for this sort of thing?

It described a method of encryption, similar to password encryption, that the data would be safe even if the hardware was stolen.

All data is stored encrypted with a password, and the password itself isn't stored on the machine. If you don't know the password, you can't read the data.

Bear with me a moment... (2, Insightful)

StupidKatz (467476) | more than 11 years ago | (#4970859)

Mugging victim: ... gah! Police officer! That man over there just punched me in the face and stole my wallet! Help!
Policeperson: Sorry, you should have treated that wallet with more care. In fact, here's ticket for a few hundred million dollars that will help motivate you to "take better care" of your wallet.

Do they even know they have the data? (4, Interesting)

Tomah4wk (553503) | more than 11 years ago | (#4970671)

Most computer hardware is stolen to be sold on as computer hardware. These could be your standard issue thief who is only likely to sell on the hardware itself, without ever knowing he even has the data. Of course it could be someone who has an interest in the data, or someone who just wants to say a big F**** YOU at the guys in charge of these things. If this hardware isnt UV marked or otherwise, so it can be detected later, i would be very dissapointed. At my college we UV mark EVERY piece of hardware, and things like optical mice (i.e not the cheap ones no one wants to steal) are locked to the workstations, so you couldnt steal them without breaking them.

Re:Do they even know they have the data? (0)

Anonymous Coward | more than 11 years ago | (#4970768)

"...say a big F**** YOU..."

Now what's a bad 5 letter word that starts with an F?

talk about a HIPAA violation (4, Insightful)

The Tyro (247333) | more than 11 years ago | (#4970677)

forget about virtually protecting patient data with VPNs and encrytption... how about some physical security? They state that there was "reasonable security" for a company; hmmmm... obviously that hinges on your definition of reasonable.

Data like this is a gold mine if the thieves have any idea how to use it. I hope they are advising people to put fraud alerts on their credit reports... but there are things worse than identity theft. What might that information be worth to a foreign power, or terrorist organization?

Who was the target? (2)

phorm (591458) | more than 11 years ago | (#4970679)

My question would be, did the thieves know that the computers contained military data, or were they just hijacking computers?
It said that "hard drives" were stolen... what about the rest of the PC? If other electronic equipment was stolen, it could just be a simple theft.

Regardless of the target, I have a feeling the military will be doing a detailed investigation. If it's just common crooks, they could find themselves in a whole lotta trouble after messing with the military.

Re:Who was the target? (2, Insightful)

rmohr02 (208447) | more than 11 years ago | (#4970690)

I'm sure there's better people to steal a computer from than the military.

MODERATORS ON CRACK (0)

Anonymous Coward | more than 11 years ago | (#4970758)

Troll? What a waste of a modpoint.

Re:Who was the target? (2)

/dev/trash (182850) | more than 11 years ago | (#4970744)

I bet we'll never find out who stole it. They'll just be a pile of dust.

Re:Who was the target? (2)

jdunlevy (187745) | more than 11 years ago | (#4970882)

Yeah, when an AP story says the "hard drives" were stolen, I'm definitely not picturing a scenario in which thieves open the case, take out the drives, and then run. I bet they just took the whole computer, which to the AP writer probably means "monitor and hard drive." Speculation, but I'm betting they had no idea what they were taking.

Lord Satan (-1, Offtopic)

xmnemonic (603000) | more than 11 years ago | (#4970680)

Hmm. Personally, I think Satan is Lord.

What do you think?

Re:Lord Satan (-1, Troll)

Anonymous Coward | more than 11 years ago | (#4970734)

Actually, I think Latan is Sord.

I've noticed that repeating this over and over at the top of my lungs is a good way to get arrested.

Re:Lord Satan (1)

RabidOverYou (596396) | more than 11 years ago | (#4970871)

I think Salon is 'tard.

Bad, very bad... (3, Insightful)

TheSHAD0W (258774) | more than 11 years ago | (#4970682)

"Yes, Lieutenant. I've already heard your name, rank, and serial number, over and over again. Now, I'd like to show you this photo... Steady! (Hold him, please.) Our sources looked up your next of kin in your medical records... This is a recent photo of your mother and father, hm? Our operatives are quite good at photography, we train them well.

"Now where were we? Oh yes. Now, Lieutenant, I'd like you to begin talking. And please remember, your parents' lives depend on what you say. Name, rank and serial number are not acceptable."

Re:Bad, very bad... (1)

Hex4def6 (538820) | more than 11 years ago | (#4970780)

This seems a very unlikely scenario.
First of all, you wouldn't need a medical database to look up someone's next of kin - it's trivially easy to find it on the net.
Secondly, it would normally be hard to carry out that threat - they'd have to infiltrate an army base to get at the family - might as well snatch some "top secret" papers instead; lot less touble, more reliable info, etc etc.

Re:Bad, very bad... (4, Insightful)

prisoner-of-enigma (535770) | more than 11 years ago | (#4970793)

To a prisoner of war, sitting chained to a chair in some interrogation chamber after just being repeatedly subjected to beatings, whippings, and electric shock torture and probably doped up on sodium pentothal, even the threat of action against their family by someone who has even a sliver of information about them would seem very real indeed.

Suppose the following scenario: you are kidnapped, taken to a small room and tortured, then someone asks you for classified information, or to betray your country, or to do something that every fiber in your being resists. Then that person proceeds to enumerate the names, ages, addresses, and medical conditions of your family members. Perhaps they include a bit of data on where they go out to eat, or where they work, of if there's an alarm system on their house. They don't have to say where they got the data, the very fact that they have it at all could lead you to believe that they have much, much more of it. Most military members have family somewhere that doesn't live on base (parents, siblings, etc.) Information is the most valuable tool an enemy can have.

Shit, mod this up. (1, Offtopic)

Unknown Poltroon (31628) | more than 11 years ago | (#4970781)

i never even thought of that application.

Re:Bad, very bad... (1)

MrLint (519792) | more than 11 years ago | (#4970801)

i am afraid not only is this bad but its quite possibily worse than you can imagine. This is not the only high profile cause of SSN theft, and it wont be the last. However the future is dark, this is what I'm predicting, Beacuse of the highnumbers of SSNs stolen there will be a 'groundswell' of support for a more effective replacement. This will be a segway for national ID card, this will make it nice and easy for the US dept of spying on americans to get you properly registered. A dark day is on the horizon. you heard ithere first.

I wonder... (2)

jormurgandr (128408) | more than 11 years ago | (#4970685)

If the military will alert the persons whose data is on that machine to cancel their credit cards, put traces on any use of their SSN's (credit agencies will do this for a nominal fee), etc.
In other news: Next week you'll be reading about Bill Gates harping on how this could be prevented if we all used .NET. The following week will be Larry Ellison's turn to rant and rave. Life is getting so predictable...

Re:I wonder... (2)

Transcendent (204992) | more than 11 years ago | (#4970705)

In other news: Next week you'll be reading about Bill Gates harping on how this could be prevented if we all used .NET. The following week will be Larry Ellison's turn to rant and rave. Life is getting so predictable...

They'd harp over their "hardware protection" bull crap... Palladium...

...and then they'll even have the governments support. ::sigh::

Yeeeeaaaaahhhhh.... (2, Informative)

AirmanTux (636967) | more than 11 years ago | (#4970733)

I happen to be in the military, though just an Airman First Class, and due to the nature of my assignment I have to deal with contractors pretty often. Because of how the system works it seems like most of the time the military is getting hired by the contractors. More often than not we have to meet thier standards and I have yet to see an off base contractor that would meet DoD 'standards' for security. Furthermore, since all of our individual records are tracked by our social security numbers we don't really have much in the way of private information (there's "Privacy Act of 1974" stickers everywhere but that's pretty much a joke to begin with). I'm not sure why there'd be credit card information there and I've never heard of TriWest (Tricare is our health provider, typo maybe?) and judging on past experience I'd be surprised if the affected military are notified. Heck, I'd be surprised if they know which individuals it was. As for whether it was the hardware or software the theives were after, all I'm going to say is a lot happens right here in the Midwest that the general public is never aware of. There are active terrorist cells on US soil but for one reason or another there's not a lot we can do about them.

Re:Yeeeeaaaaahhhhh.... (3, Insightful)

Daniel Dvorkin (106857) | more than 11 years ago | (#4970809)

Good luck, A1C Tux. It's a hell of a military you've found yourself in -- yeah, yeah, I know, old soldiers bitch all the time (and I'm not that old; I was in from 1989 to 1997) but it really does seem like some things were going to hell right about the time I got out, and the whole Tricare thing is one of them. (My guess is that TriWest is a company formed specifically to handle Tricare contracts.) As a medic, I had to deal with all the harebrained ideas for patient administration that came down the pike, and I don't envy you. Sounds like it's just getting worse.

Business is not war, and war is not business, and outsourcing vital functions of our national security to private companies that don't give a shit about the welfare of people in uniform is not the way to keep our country safe. Actually, this is true of a whole bunch of governmental functions; the whole "run government like a business" bandwagon that Democrats and Republicans have jumped on with equal enthusiasm is a stupid idea. But that's a whole 'nother argument ...

Re:Yeeeeaaaaahhhhh.... (4, Informative)

The Tyro (247333) | more than 11 years ago | (#4970815)

Tricare is administered by regions. When you enroll in tricare, you are assigned to a region.

Northeast, Mid-atlantic, Gulfsouth, etc.

There is no TRICARE West region... but judging by the number of states mentioned in the article, I'd guess this contractor was dealing with the Central region (15 states), with the possible addition of california (1 state, obviously), or the Northwest region (2 states)

Just FYI.

Re:Yeeeeaaaaahhhhh.... (0)

Anonymous Coward | more than 11 years ago | (#4970884)

Well, this is just great. My father, who is in the army, my mother, and ourself all have our insurance managed by these people. We are currently in the midwest. I sure hope that this doesn't mess things up. My dad's security officer notified him recently, and letters are being mailed. There is also some information on http://www.triwest.com, that is supposed to be updated as new information arises.

Lowest Bidder (2)

core plexus (599119) | more than 11 years ago | (#4970754)

Is it any wonder? These contracts always go to the lowest bidder. I'd not be surprised to learn it was an "inside job", and that something nastier than identity theft or credit card fraud shall transpire. I hope I am wrong. I also remember how sloppy the military was (and still is I would presume) with my records.

Re:Lowest Bidder (1)

ogre2112 (134836) | more than 11 years ago | (#4970787)

Or maybe it was just some scrub that had no idea what he was stealing.

"Hey LOOK! 9 GIG SCSI Drives! Mine!"

Bring on the TIA! (5, Insightful)

Isao (153092) | more than 11 years ago | (#4970762)

So this suggests that the U.S. Government's Total Information Awareness [darpa.mil] program would be a nice, juicy target. After all, everything's in one place...

What obviously happened (2)

jaymzter (452402) | more than 11 years ago | (#4970773)

Some new sysadmin decided to show how forward thinking (can I say that on /.?) he was and decided to sneak linux in through the back door. Hmmmm, now where could he get a server that doesn't seem to be doing anything?? The server wasn't stolen, it's by his desk running samba!

Pfft. (0)

Anonymous Coward | more than 11 years ago | (#4970784)

You know who would really want that data?

Insurance companies.

Yes, that's right. What if insurance companies could get the records of servicemen?

You do know that the Veterans Affairs charges back to private insurance companies for some procedures, yes? And that insurance companies would love to get more information about medical procedures and treatment so they could refer said patients back to the VA?

HIPAA? (2)

phr2 (545169) | more than 11 years ago | (#4970789)

I don't see how a system with such crappy security could have been in compliance with HIPAA. Anyone understand that stuff well enough to say? It sounds like that company may be facing some penalties.

Re:HIPAA? (2)

SplendidIsolatn (468434) | more than 11 years ago | (#4970835)

speaking as someone who works for a business associate, not a covered entity...On a given day, i may have on my computer, or a department server, sensitive patient information. for my company, a business associate--NOT a covered entity, the physical security is no more and no less than for any other PC.

however, the primary point we've had drilled into us is that all data not being actively used must be encrypted or deleted. nothing just sitting around.

so in that respects, if this computer was in an office that was locked up at night, the physical security isn't really a hipaa violation (as far as I know). the unsecure data is.

On top of that, HIPAA isn't even fully enacted yet, so they don't have to worry about it to begin with. just because a law has been passed and people aer getting 'ready' and 'compliant' doesn't mean it is enforced yet.

hope that clears some stuff up. i'd use more caps, but it's late and i'm tired =)

Terrorists (2)

psyconaut (228947) | more than 11 years ago | (#4970791)

Imagine how much fear a terrorist group could install in US military personnel with that sort of date. Makes you think.

-psy

For sale... (0)

Anonymous Coward | more than 11 years ago | (#4970807)

1 Unreal Tournament server. Previous careful owner.

Made from high grade components! As seen on TV.

identity theft already rampant (2)

Longing (23218) | more than 11 years ago | (#4970820)

I'm currently serving in the military. Our SSNs are tied to all of our records - financial, medical, everything.

The number of credit card numbers that TriWest has is probably relatively small. I know they don't have mine. I think the only reason they would have to need credit card information is if a soldier had to pay for a medical procedure that isn't 100% covered (usually involving dependants/spouses).

The biggest threat that this theft creates would likely be identity theft, although due to the aforementioned prevalent use of the SSN in nearly all military records, this might not even substanially raise the exposure service members already face. Google shows scores of web sites and articles regarding military identity theft.

I guess that's what I get for serving my country. :-(

Encrypted Files? (2)

gizmo_mathboy (43426) | more than 11 years ago | (#4970823)

Did the DOD think to have these sensitive files encrypted? Don't most online stores encrypt their credit card databases now?

I may not be the most paranoid person I know and I think it's a bit crazy to go to such lengths but if a file is that important why wouldn't you?

Why not go the extra mile and use and encrypted file system as well? Wait, that's the paranoid side of my thinking again.

I guess it takes a lot of high profile incidents like this to get folks to wise up about security on all levels.

OHH NO! (0, Interesting)

grasshoppers (632679) | more than 11 years ago | (#4970825)

If we let people steal military data, then the terrorists have already won.

I never thought I would use that phrase in a case where it actually makes sense.

tricare is a POS (4, Interesting)

tf23 (27474) | more than 11 years ago | (#4970846)

If you have ever had to deal with Tricare, I feel your pain.

It is *the* worst insurance system in the world.
Call them twice - ask the same question - you will get a different answer 85% of the time. There are times, infact, where it's been better to *not* use them at all, and just pay outright.

I feel for all you who are forced to use tricare, and are now possibly screwed somehow because your info was stolen. Keep your eye on your accounts and whatnot, I know we will be doing so more then ever.

Or... (2, Funny)

VistaBoy (570995) | more than 11 years ago | (#4970847)

One of the doctors needed to back up his hard drive for a reformatting at home and thought "Oh, if i swipe it for the weekend, nobody'll notice."

Again Proving my Point... (1)

sickboy_macosX (592550) | more than 11 years ago | (#4970864)

That the US Government is Stupid. as a Dependednt of 2 Us Navy Officers, I know that tricare sucks. it was who took care of me when I was sick. They are bass ackward, and one hand doesnt know what the other hand is doing. You would think the government would do more than just set off a probe (i.e. change Social Security Numbers, etc etc.) The shit is going to hit the fan, and I feel sorry for the guys when and if they get cought because they will be labeld "Terrorists" and then have to go through that shit. Remember Kids- People who do things the government doesnt like are now just terrorists.

who would be interested?... (1)

NevermindPhreak (568683) | more than 11 years ago | (#4970883)

"Social security numbers, credit card numbers, and healthcare information about 500,000 US military personnel and their families is contained on the stolen hardware..."

"...who would be interested in the data..."

who would be interested in a bunch of people credit card numbers? gee, thats a though one. :P

Hmmm... (1)

MagFox (229571) | more than 11 years ago | (#4970886)

"Mitnick free!"
"Military Healthcare Data Stolen!"
Connection? ;)
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?