Military Health Insurance Has Knowledge-Based Authentication Information Data Breach

  • Security

TRICARE, the health insurance company that provides medical coverage to military personnel, military retirees, and their dependents, reported a data breach. The Science Applications International says the data breach involved personally identifiable and protected health information (PII/PHI) impacts an estimated 4.9 million military clinic and hospital patients.

The breach involved backup tapes from an electronic healthcare record used in the military health system to capture patient data from 1992 through Sept. 7, 2011 from patients who received care in the San Antonio area military treatment facilities. This includes persons who had prescriptions filled, and patients whose laboratory tests were processed in these facilities even if they received treatment elsewhere.

It is reported the backup tapes may have included the following knowledge-based authentication information:


  • Social Security Numbers
  • Addresses
  • Phone Numbers
  • Personal Health data (e.g.: clinical notes, lab tests, prescriptions)


Officials say there is no financial data on the backup tapes.

TRICARE officials say, the risk of harm to patients is judged to be low because the knowledge it would take to access the data requires specific hardware and software, and knowledge of the system and data structure. But even though the officials say the risk is low, we still caution possible victims of this data breach to be extremely careful with identity verification because this information is enough for you to fall victim to identity theft.

We encourage you to reach out to the credit reporting agencies, Experian, TransUnion and Equifax to monitor your credit report and make sure there is no fraudulent claims on there.