As Pentagon Computerizes Medical Records, Contractor Suffers Theft

The theft earlier this month of computer hard drives containing more than 500,000 records with Social Security numbers, medical claims histories and other private information from an Arizona company could become one of the largest identity thefts on record if the information is misused, the Federal Trade Commission said.

Prosecutors and TriWest Healthcare Alliance on Tuesday jointly announced a $100,000 reward for information leading to the arrest and conviction of those who stole the information.

The Phoenix-based company, which posted the reward, has no indication that any client's information has been misused, said David McIntyre, chief executive officer of TriWest.

'We are considering all motives and possibilities,' said U.S. Attorney Paul Charlton, declining to detail possible motives.

Charlton said there is nothing to indicate the crime was tied to terrorism. A person couldn't get into a secure area of a military base with the stolen information, Charlton said.

Authorities said thieves took computer equipment and files with the sensitive information during a break-in Dec. 14 at TriWest, a defense contractor that provides managed health care for military personnel in 16 states.

With a person's name, birth date and Social Security number, someone could easily open credit accounts and create fake documents like drivers licenses, Broader said, but officials say they do not yet know the motives or skill level of the thieves.

McIntyre said that health care service would not be disrupted as a result of the theft.

The breech comes as the Pentagon is building a network to computerize the entire military health care system, including the patient records of 8.7 million service members, retirees and their families who receive medical care under Pentagon programs.

The Pentagon is planning to roll out the project at up to seven military hospitals across the nation after successfully testing the concept at four locations. The system eventually will be expanded worldwide.

The Defense Department hailed the Composite Health Care System II, or CHCS II, as a potential 'data gold mine' for military physicians and other health care professionals that will provide quick and easy access to military patient records worldwide.

Though the TriWest computers have no connection to the larger project, they did include information gathered for military health care, including names, addresses, medical claim histories and a small number of credit card numbers.

Pentagon officials nonetheless are taking the breech 'very seriously' and are 'going to learn from this issue and do what's necessary' to better guard such information in the future, spokesman Jim Turner said.

When the large computerization of military health records is completed, the bigger threat won't be a physical removal of computer hard drives but rather the potential theft of records from hackers who try to break into military computer networks, officials said.

Privacy experts are on the lookout for potential security lapses or unnecessary intrusions into people's personal information as the Pentagon puts more personal information into digital form.

'This makes it easier to find the information but also makes it easier for criminals' to access it, Ari Schwartz, associate director at the Center for Democracy and Technology, said of CHCS.

The Pentagon recently received an 'F' grade for its computer security from the House Government Reform subcommittee on government efficiency, financial management and intergovernmental relations.

Bonnie Heald, the subcommittee's staff director, referred to the Pentagon's score of 38 out of 100 as 'an abysmal failure.'

The report did not take into account CHCS, which was too new to be included.