The Department of Defense is facing a $4.9 billion class action lawsuit over a recent data breach involving TRICARE beneficiaries, according to a Nextgov.com report.
TRICARE beneficiary Virginia Gaffney, her two children and TRICARE beneficiary Adrienne Taylor have filed the lawsuit to seek damages from the Sept. 13 theft of a computer tape containing personal and sensitive health information of 4.9 million members of the military. TRICARE and Defense Secretary Leon Panetta are named as defendants.
The suit charges that TRICARE "flagrantly disregarded" its beneficiaries' privacy rights by failing to implement adequate safeguards of their identity and "compounded its dereliction of duty by authorizing an untrained or improperly trained individual to take the highly confidential information off of government premises and to leave unencrypted information in an unguarded car in a public location," according to the report.
The suit is asking the court to direct TRICARE to provide free credit monitoring services to all 4.9 million beneficiaries who were affected by the breach and to reimburse those who had already purchased these services. Based on credit monitoring services the Department of Veterans Affairs usually provides members after a loss, theft or exposure of data, this requirement could cost TRICARE $146.8 million, according to the report.
The suit is also asking the court to require TRICARE, the Department of Defense and Science Applications International Corp., whose employee was responsible for the records that were stolen, to implement certain security precautions for data covered under the Privacy Act.
Data Breach at Delaware Nemours Facility Affects 1.6M Patients, Employees
10 Best Practices for Securing Protected Health Information
TRICARE beneficiary Virginia Gaffney, her two children and TRICARE beneficiary Adrienne Taylor have filed the lawsuit to seek damages from the Sept. 13 theft of a computer tape containing personal and sensitive health information of 4.9 million members of the military. TRICARE and Defense Secretary Leon Panetta are named as defendants.
The suit charges that TRICARE "flagrantly disregarded" its beneficiaries' privacy rights by failing to implement adequate safeguards of their identity and "compounded its dereliction of duty by authorizing an untrained or improperly trained individual to take the highly confidential information off of government premises and to leave unencrypted information in an unguarded car in a public location," according to the report.
The suit is asking the court to direct TRICARE to provide free credit monitoring services to all 4.9 million beneficiaries who were affected by the breach and to reimburse those who had already purchased these services. Based on credit monitoring services the Department of Veterans Affairs usually provides members after a loss, theft or exposure of data, this requirement could cost TRICARE $146.8 million, according to the report.
The suit is also asking the court to require TRICARE, the Department of Defense and Science Applications International Corp., whose employee was responsible for the records that were stolen, to implement certain security precautions for data covered under the Privacy Act.
Related Articles on Data Breaches:
Data Breach Affects Nearly 5M TRICARE PatientsData Breach at Delaware Nemours Facility Affects 1.6M Patients, Employees
10 Best Practices for Securing Protected Health Information