Incident & Breach Response , Security Operations

TRICARE Breach Lawsuits Consolidated

Case to be Handled in Washington U.S. District Court
TRICARE Breach Lawsuits Consolidated

Eight class action lawsuits filed in the wake of a 2011 data breach involving TRICARE, the military health program, and affecting nearly 5 million individuals have been consolidated into one case that will be handled by the U.S District Court in Washington, D.C.

See Also: OnDemand | Protect Your Cloud Landscape Cost-effectively with Deepwatch, Splunk, and AWS

In a transfer order issued by the U.S. Judicial Panel on Multidistrict Litigation, the court noted that five of the eight cases, including the first one filed, are pending in the Washington district. In addition, Science Applications International Corp., the TRICARE business associate involved in the breach, and the federal defendants, have headquarters in or near Washington, the order notes.

Besides TRICARE and SAIC, the other defendants in the cases include the U.S. Department of Defense and Secretary of Defense Leon Panetta. The defendants in each of the eight cases vary.

The consolidated cases include five filed in the District of Columbia, two in California and one in Texas.

"Centralization will avoid duplicative discovery, eliminate the risk of inconsistent pretrial rulings on class certification and other pretrial matters, and conserve the resources of the parties, their counsel and the judiciary," says the order signed by John G. Heyburn, chairman of the panel on multidistrict litigation.

Earlier, SAIC had filed a motion to consolidate the cases and dismiss five of them.

Breach Details

The cases stem from the September 2011 theft of unencrypted backup computer tapes containing information on about 4.9 million individuals. The tapes were stolen from the car of an SAIC employee who was to transport them between federal facilities on behalf of TRICARE.

Based on the total number of individuals affected, the TRICARE breach is the largest so far on the federal tally of major breaches reported since the HIPAA breach notification rule took effect in September 2009.

Responding to a request for comment, Melissa Koskovich, an SAIC spokeswoman, said, "The only thing we can say is SAIC sought the consolidation. There is no evidence there's been any unauthorized access to the data that was on the removable backup tapes stolen from the employee's vehicle on Sept. 14 2011."

TRICARE officials declined to comment on the lawsuit consolidation.

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.