It happened at a company called Tricare, which provides medical services for active and retired military personnel. The company admitted that records of 4.9 million current and past patients, stored on backup tapes and dating back to 1992, were breached on September 14th of this year.
The information may include Social Security numbers, addresses and phone numbers, and some personal health data such as clinical notes, laboratory tests and prescriptions, the release stated.
According to the release, there is no financial data, such as credit card or bank account information on the backup tapes.
Tricare is saying the risk to patients is low since the hackers would need special equipment and training to read the material on the tapes. This means, however, that there wasn't any encryption on records dating back nearly 20 years. The records were protected merely by knowledge. Anyone trained on this system could access them.
That's the part that would bug me as a patient.