For TRICARE, the aftermath of last year’s massive breach incident has proved to be an ongoing nightmare. Being the largest health information breach reported since the HIPAA breach notification rule came into effect in September 2009, the TRICARE breach has repeatedly attracted aggressive legal action. Nearly 4.9 million beneficiaries were affected by the breach, and 3 class action lawsuits were filed against TRICARE, one of which demanded $4.9 billion in damages.
As the latest addition, some of the 4.9 million affected beneficiaries reported financial fraud in their credit card or bank account. An amended complaint tied to the original class action lawsuit provides details on five individuals affected by the TRICARE breach who have reported that they have been victims of financial fraud related to the breach. Out of these five individuals one has reported cancellation of credit card due to suspicious activity, and the other four reported unauthorized or fraudulent charges on their credit/debit cards or bank accounts. The complaint is also said to include new allegations contending that the data theft was intentional, and specifically targeted confidential information stored in the stolen backup tapes.
Eight class action lawsuits have now been filed against TRICARE. However, on March 8, Science Application International Corporation (SAIC) has requested to have all eight lawsuits consolidated into one. The attorneys involved in five cases filed in Washington, D.C., are also seeking to consolidate these cases.
In terms of the number of people affected, the TRICARE breach has been the largest so far on the federal tally of major breaches. And likewise, this breach incident has also been the first to attract such severe legal action. With eight class action lawsuits to fight, TRICARE stands testimony to the fact that no organization can escape the consequences of an information breach. This further proves that data breaches are best prevented rather than corrected. But preventing a data breach is not easy unless your organization is equipped with a comprehensive security and compliance management solution like SecureGRC.
eGestalt’s SecureGRC is completely automated, and includes all security and IT-GRC functions required to be compliant. It provides end-to-end support for HIPAA and HITECH regulations and comes with built-in best practices, policy and procedure templates which can solve all security and compliance challenges. It can help you curb threats and prevent incidents of data theft/loss, thus saving your organization from the drastic consequences of a breach.