Last month, TRICARE disclosed that medical records of 4.9 million US military personnel and their families had been compromised as a result of a theft of backup tapes from an SAIC contractor’s car in San Antonio, Texas. The data included social security numbers, names, addresses, phone numbers, diagnoses, treatment information, provider names, provider locations, and other patient data.
In response to the announcement, four individuals have filed the lawsuit seeking $1000 in damages for each of the 4.9 million individuals affected by the data breach. The lawsuit charges TRICARE with "intentional, willful and reckless violation of the privacy rights” of the individuals affected, according to a report by GovInfosecurity.com.
TRICARE "inexplicably failed to properly encrypt the information” and “authorized an untrained or improperly trained individual to take the highly confidential information off of government premises and to leave the unencrypted information in an unguarded car parked in a public location, from which it was stolen", the suit alleges.
The plaintiffs are also asking TRICARE to give free credit monitoring services to all 4.9 million beneficiaries, the report noted.
In announcing the breach, TRICARE did not offer credit monitoring services and stressed that it considered the risks to the affected individuals as “low.”