2 Suits Target SAIC in TRICARE Breach
TRICARE Already Faces Another Class Action LawsuitThree class action lawsuits have now been filed in the wake of a breach affecting 4.9 million beneficiaries in the TRICARE military healthcare program.
See Also: The Alarming Data Security Vulnerabilities Within Many Enterprises
The two latest lawsuits were filed against Science Applications International Corp., a TRICARE business associate involved in the breach. The third lawsuit, filed in October, was filed against TRICARE and the Defense Department and not SAIC (see: TRICARE Hit with $4.9 billion lawsuit).
The September 2011 breach incident in San Antonio involved unencrypted computer backup tapes containing patient information, including Social Security numbers, that were stolen from an SAIC employee's car. In December, five members of Congress sent a bipartisan letter to TRICARE asking detailed questions about the breach (see: Congress Probes TRICARE breach.
SAIC Lawsuit Details
One suit against SAIC, filed in a Texas state court by attorney Richard Coffman, seeks $4.9 billion in damages, or $1,000 for each person affected. It alleges SAIC failed to adequately protect the beneficiaries' information as required under federal and state laws.
The second suit against SAIC, filed by two law firms, seeks unspecified total damages on behalf of Californians affected by the breach. This lawsuit, filed by Robbins Umeda LLP and Blood Hurst & O'Reardon LLP, alleges violation of state privacy law.
An SAIC spokesman declined to comment on the lawsuits.
Based on the total number of individuals affected, the TRICARE breach is the largest so far on the federal tally of major breaches reported since the HIPAA breach notification rule took effect in September 2009.