Free Essay

Tricare

In:

Submitted By bmurchison1
Words 1448
Pages 6
Tricare Medical Targeted
UMUC
Brandon Murchison

Table of Content
Abstract ……………………………………………….3
Tricare/Data Breach……………………………..4
Stolen medical price/Chart…….……………..5
Hackers Motivation………..……………………..6
Conclusion…………………………………………….7
Reference……………………………………………..8

Abstract
Hackers, while this term originally referred to a clever or expert programmer, it is now associated commonly in reference to someone who can gain unlawful access to other computers. A hacker can "hack" his or her way through the security levels of a computer system or network. This can be as simple as figuring out somebody else's password or as complex as writing a custom program to break another computer's security software. Hackers are the reason software manufacturers release periodic "security updates" to their programs. While it is unlikely that the average person will get "hacked," some large businesses and organizations receive multiple hacking attempts a day. In this instance the organization falls under health care, with digital medical records becoming more and more common this allow massive amounts of personal data to become vulnerable to hackers. This paper will cover not only hackers but the motivations of the hackers and ways to help defend and prevent.

Medical records have become similar to finding gold during the California gold rush for identity thieves. This is exactly why healthcare provider’s cyber-attacks have become more and more frequent. These data breaches exposes millions of records that are used by cyber criminals for illegal activities. But why is the data in health care so important? A data Breach in the healthcare industry causes major threat of financial issues for the organization attacked but also an instant inconvenience for those who choose to entrust the organization with personal information that was breached. A particular health care which will be discussed Is Tricare medical, which deals with health insurance for the military, motivation for the hackers and defenders of attacks. Lastly, policy or technology controls to protect the organization against similar attacks.
In 2011, TRICARE medical which is a health insurance that covers military personnel found themselves victim of their own data breach, when they had back up computer tapes that were being transported to another location stolen from one of its contractors in Virginia. The tapes contained names, Social Security numbers, home addresses and, in some cases, clinical notes and lab test results for nearly 5 million patients, making it the largest medical data breach since the Department of Health and Human Services began tracking incidents (UNGERLEIDER, 2012). Although the tapes that was stolen did not contain personal banking or financial information, the data on the backup tapes were however unencrypted and possessed all the key elements, which was previously stated, to steal a person identity. This information wasn’t taking through some form of cyber-attack like through brute force or some so, it was indeed a theft. According to Vacca. J (2013) this theft would fall under the descriptive label of Crackers (criminal hackers): Crackers are hackers with a criminal intent to harm information systems. Crackers are generally working for financial gain and are sometimes called black hat hackers
Regarding to the threat actors the type of people that would go after this information would be black hat criminals because the motive for this crime is financial gain. They would want information that health care providers have because it has all the ingredients that can lead to multiple types of fraud or identity theft and with such a large amount of identities available, like with TRICARE medical (4.9 million) the risk is completely worth the reward in the eye of the criminal. According to a group called cyber squared (2012) there was a forum entitled “The World AND LIVES AT RISK Privacy Forum”. This released information that shows the value of stolen medical information. It stated that stolen medical information had fifty times the original dollar amount of just a stolen social security number. The RSA (2010) also stated the medical identity theft has a ten times average payout compared to a typical identity theft. If someone was receiving $5,000 for a regular identity theft, an medical theft would receive up to $50,000. Why is this? Medical information fraud takes more than twice as long to identify as compared to regular identity theft (RSA, 2010).
Below is a chart retained from Navigant (2011) of breaches from 2011 and 2012 it shows how healthcare providers have increasingly become the number 1 target.

In order to understand the reason for the data breach the motive most must be made clear. Different hackers have different motives, we have the black hat hackers who motives usually start with greed, these are the hackers who are to be responsible for the Tricare medical attacks and other medical organizations data breaches. Then there is the white hat hacker or ethical hacker who motive is to assist others either for recognition or pay, an ethical hacker specializes in penetration testing and in other testing procedures to ensure the security of an organization's information systems. In terms of Tricare medical and other health organizations they used these white hat hackers to find weaknesses and develop ways to lessen the likely hood of a data breach. The first step of course to encrypt all data so in case an incident like Tricare medical happen at least the data is encrypted so the likely hood of it being discovered is improbable. Secondly, TRICARE medical should have a type of detection and prevention software which would be able to recognize and eliminate possible threats. In an article titled A CYBER VICTIM: BILLIONS STOLEN AND LIVES AT RISK (Cyber square, 2011) the mention of a Threat Intelligence seemed as if it would good for prevention, a direct quote from the article states “Threat Intelligence (TI) which is an information security discipline that seeks to recognize and understand sophisticated cyber adversaries, specifically why and how they threaten data, networks, and business processes; while also developing better protective measures against them.” (Cyber square, 2011). However, Tricare medical lacked not only encryption, policy, and a program like the TI program to prevent a theft or hacking. This eventually lead to a lawsuit against the Department of Defense (DOD) for almost 5 billion dollars, the amount requested one thousand dollars per person who information was stolen. The lawsuit was for inadequately protecting sensitive data and “intentional, willful and reckless disregard” for patients’ privacy rights. Unfortunately, the majority of these files were dismissed. The courts saw it as ideal of suing because of the possibility of becoming victim of a data breach is not basis for a claim. Nevertheless this massive lawsuit did bring attention to the importance of protecting data with medical organizations and set up a new beginning of policy change and prevention techniques

Conclusion

TRICARE medical unveiled that a data breech had occurred including Social Security Numbers, names, addresses, phone numbers and personal health data belonging to almost 5 million active and retired U.S. military personnel after unencrypted backup tapes containing the data went missing. The tapes information was from an electronic healthcare application used to capture patient data. The backup tapes were stolen from the car of an employee at Science Applications International Corp. (SAIC), a TRICARE contractor. The breach affects all those who received care at the military’s San Antonio area military treatment facilities between 1992 and Sept. 7. 2011. This theft seemed to be motivated by potential financial gain. Because of the payout of medical records the medical industry will continue to be a risk to non-ethical or Black hat hackers. It’s up to Business leader to use white hat hackers to help strengthen their cyber-attack defense to reassure an incident like Tricare medical will not happen again otherwise risk loss of revenue, embarrassment, operational interruptions, legal issues, and other unforeseen consequences for themselves and the people whose identity was inappropriately handled.

References

RSA. (2010). Cyber Crime and the Healthcare Industry. Retrieved 2012 17-March from RSA: http://www.rsa.com/products/consumer/whitepapers/11030_CYBHC_WP_0710.pdf
Blasco, J. (2012 2-July). Sykipot is back. Retrieved 2012 15-July from Alien Vault: http://labs.alienvault.com/labs/index.php/2012/sykipot-is-back/
Goodrich, M., & Tamassia, R. (2011). Malware. In Introduction to computer security. Boston.
Vacca, J. (2013). Computer and information security handbook (pp. 242-260). Waltham, MA.
Valacich, J. & Schneider, C. (2014). Information Systems Today (Ch. 5). University of Arizona.
Cost of Data Breach Study: Global. (2012, March 1). Ponemon Institute. Retrieved from http://www.symantec.com/
Cyber Squared. (2012, January 1). A CYBER VICTIM: BILLIONS STOLEN AND LIVES AT RISK. Retrieved from http://www.cybersquared.com/wp-content/uploads/downloads/2013/03/Medical-Industry-A-Cyber-Victim-Billions-Stolen-and-Lives-At-Risk.pdf

Similar Documents

Free Essay

Tricare

...The TRICARE Provider Handbook provides important information about TRICARE, while emphasizing key operational aspects of the program and program options (Bryant & Stratton, 2012, p. 1). The information that I think would be most important to me to keep as a quick reference would be the information on how to submit claims. There are certain requirements when submitting electronic and paper claims. Electronic claims can be broken down into different categories. For example, one can submit a claim as an Xpress claim, eZ TRICARE Claim, Claims clearinghouse, and Electronic Data Interchange Gateway (Bryant & Stratton, 2012). According to Bryant & Stratton TRICARE provider handbook (2012), Xpress claims are claims that are submitted and the payments are received by the providers instantly. Providers are also able to print a summary receipt with this type of submission. There is no cost to use this service by providers. EZ TRICARE claims allow providers to upload groups of claims directly from their practice management system. There is no software to install, no data entry, and no cost to file TRICARE claims. EZ TRICARE claims can accept a variety of claims formats. This is a no cost service to providers as well. Paper claims are sent via mail. Although these are more seldom used, they do still circulate. There are more chances that a claim will be denied when using paper claims. The person that is filing the claim must ensure the CPT codes are correct as well as making...

Words: 336 - Pages: 2

Free Essay

Contracting and Ethics

...Contracting and Ethics Author: Alfred Turner Professor: Michael Hanners Strayer University 20 January 2012 Abstract This paper will discuss the GAO analysis to determine whether Aetna Government Health Plans LLC (AGHP), should be excluded from the competitive bid based on alleged unfair competitive advantage stemming from AGHP’s hiring of former TMA (TRICARE Management Activity) employee. Health Net argues that the award to AGHP has been irreparably tainted do the fact that AGHP has hired one of Health Net top level with access to inside, non public source selection information and contract proprietary information. This paper will also go into details on some of the tactics to prevent this from happening if he or she knew about this contract. I will try to identify and legal and ethical issues related to the issue. While reading this Case and carefully and thinking this out after reading the FAR. If the employee that Aetna hired from TMA (TRICARE Management Activity. There is little to nothing that the FAR states that this contract shouldn’t be awarded to Aenta. There is nothing stating that the former TRICARE employee knew anything about this RFP, therefore by law you can not exclude AGHP from the competitive bid range. Actions for TMA to take Why there appears to be little TMA can do. TMA may want to do an investigation and start by going to their former employee contract history to see was a pattern started with him and AGHP. Was he ever on the awarding...

Words: 627 - Pages: 3

Premium Essay

Tricare

...This paper is to provide an overview of TRICARE with its history, available insurance products, organization and number of enrollees. In July 1775, the Congress established a hospital or what they called it then a medical department in Massachusetts with a chief physician of the hospital, four surgeons, a pharmacist, and nurses, which are usually wives or widows of military personnel to care for military members. (TRICARE Timeline). Today health care has come a long way especially for the military; we have better equipment and more than enough surgeons, physicians, and of course, our spouses or widows are no longer our nurses. Now we have qualified individuals that are very capable of making sure that they are patched and ready to get back to doing what we do best protect our Nation. The timeline for the history of TRICARE (TRICARE Timeline) • 1818, Secretary of War John C. Calhoun established a permanent medical department. A Congressional direction in • 1884 set the stage for a medical program to serve the Forces. It stated, rather simply, "Medical officers of the Army and contract surgeons shall whenever possible attend the families of the officers and soldiers free of charge." • In 1943, Congress authorized the Emergency Maternal and Infant Care Program (EMIC) that: *Provided maternity care and care of infants up to one year of age for wives and children of Service members in the lower four pay grades. • December 7, 1956 saw the birth of the Dependents Medical Care...

Words: 891 - Pages: 4

Free Essay

Tricare

...I chose the profession that utilizes health information management which is called the Chief Information Officer (CIO). It is a job title for the head of information technology within an organization. The CIO typically reports to either the chief financial officer or, in IT-centered organizations, to the chief executive officer. CIO is a job title commonly given to the person in an enterprise responsible for the information technology and computer systems that support enterprise goals. As information technology and systems have become more important, the CIO has come to be viewed in many organizations as a key contributor in formulating strategic goals. Typically, the CIO in a large enterprise delegates technical decisions to employees more familiar with details. Usually, a CIO proposes the information technology an enterprise will need to achieve its goals and then works within a budget to implement the plan. Typically, a CIO is involved with analyzing and reworking existing business processes, with identifying and developing the capability to use new tools, with reshaping the enterprise's physical infrastructure and network access, and with identifying and exploiting the enterprise's knowledge resources. Many CIOs head the enterprise's efforts to integrate the Internet and the World Wide Web into both its long-term strategy and its immediate business plans. The prominence of the CIO position has risen greatly as information technology has become a more important...

Words: 405 - Pages: 2

Free Essay

Tricare

...Case Brief SUBJECT is an employee of the Widget Corporation. SUBJECT is assigned a computer and thumb drive. During basic maintenance, Mr. I am Helpful, Human Resource Specialist, for the Widget Corporation, was presented with what appeared to be an image of a young child depicted in a sexually explicit manner. Mr. I am Helpful telephoned myself, and employee of the Widget Corporation assigned as a technical specialist to the company’s Intellectual Property and compliance section. I responded and observed the image and confirmed it to be a violation of a state statue. I then removed the evidence from Mr. I am Helpful and presided to recover the evidence. Objective: To determine whether SUBJECT possessed child pornography. This was complicated by the number of people who handled the devices. Offense: Possession of child pornography Chain of Custody: See attached form Processing Packaging: Toshiba disk drive was taken from Mr. I am Helpful and placed in a clear antistatic bag. The bag was then sealed and marked with initials DPF. USB thumb drive was taken from Mr. I am Helpful and placed in clear antistatic bag. The bag was then sealed and marked with initials DPF. Toshiba disk drive and USB thumb drive were then placed in cardboard boxes surrounded by Styrofoam inserts. The cardboard boxes were finally labeled on the outside with the time, and date stamp of the packaging. Transportation: The cardboard boxes containing the evidence are loaded into the van. The boxes...

Words: 304 - Pages: 2

Premium Essay

Pros And Cons Of Tricare

...Tricare is a health care program utilized by the United States Department of Defense. The program provides civilian health benefits for active duty military personnel, military retirees, families of active duty members or retirees, as well as survivors and former spouses. In order to address the issue of decreased access to medical care in military facilities due to lack of resources and growing demand, Congress passed the Dependents Medical Care Act of 1956 and the Military Medical Benefits Amendments of 1966. These legislations allowed the Secretary of Defense to contract medical care to civilian health care providers. The civilian health care program became known as the Civilian Health and Medical Program of the Uniformed Services, or...

Words: 301 - Pages: 2

Premium Essay

Tricare Prime Advantages And Disadvantages

...Tricare Prime is a managed care option that is used for Active duty members. Active duty family members may choose this plan or one of the others. This option has fewer out of pocket costs and less freedom of choice for a provider to choose. With this option you have an assigned primary who you see. The care is usually provided in a military facility. With Prime there are no out of pocket costs, no enrollment fees, no network co-payments or no point of service fees. Tricare Extra is an option where you choose your provider that is in network. This plan is available to active duty family members, survivors, retired service members, non- active guard/reserves. You have an annual deductible you must meet then you only pay your co-pays as long...

Words: 277 - Pages: 2

Premium Essay

Organization Behavior in Management

...The History and Future of TRICARE and HIPP Abstract In this term paper I will discuss the history and future of Tricare and HIPAA. Tricare is the program that the military provides for active duty and retired service personnel, their eligible family members and survivors' healthcare. I will be discussing the history and the future of Tricare. I will also discuss the types of Tricare. HIPAA stands for Health Insurance Portability and Accountability Act. It was enacted by the U.S. Congress and signed by President Bill Clinton in 1996. Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers. I will also discuss the differences, if any on how HIPPA is applied at military and civilian hospitals. History of Tricare In 1884, Congress set the stage for a program to serve the Armed Forces' medical needs. It was a very simple statement: “Medical officers of the Army and contract surgeons shall whenever possible attend the families of the officers and soldiers free of charge.” In 1943, Congress gave the go ahead for the Emergency Maternal and Infant Care Program (EMIC). This program provided maternity and infant care up to one year of age for wives and children of Service members...

Words: 3193 - Pages: 13

Premium Essay

Wgu Ltt1 Task 2

...Intro to task two: The Indian Health Service (IHS): The IHS is a health care system for nearly 2 million American Indians and Alaska Natives who belong to the 566 different, federally recognized, tribes in 35 states. 1 IHS is an agency within HHS, which is the Department of Health and Human Services.  2 The Indian Health Service was established in 1955 taking over from the Bureau of Indian Affairs. It is based on Article I, Section 8 of the Constitution and the relationship developed from numerous treaties, Executive Orders, and Supreme Court decisions 3. The IHS is the primary health care provider for the American Indian people 4, and it’s dedicated to raise their health and well-being to the highest level. Health Information Exchange(s): A Health Information Exchange is the virtualization of healthcare information electronically, and access to said information exchanged between HIE members. This data spans across organizations within a community, or hospital system, or even whole regions. HIEs facilitate transmitting protected health information to other organizations and government agencies according to national standards. HIEs often include collaboration among physicians, home health, nursing homes, hospitals, and mental health facilities. 5 Federal Employees Health Benefits Program: The FEHB Program is for Federal employees present and retired as well as their survivors. Members have the widest selection of health plans in the country. With the ability to choose...

Words: 1485 - Pages: 6

Premium Essay

Health Informatics

...The challenges which are met in today’s healthcare are vast. It would seem that there are obvious reasons for the incorporation of health informatics to justify apparent flaws in the government programs such as Medicaid, TRICARE and Federal Employees Health Benefits Program are three legislative policies which impede its progress. With most disciplines there exists certain parameters which provide the basic focus for which the disciplines fashion themselves around. In all there are seven elements in the public health sector; http://www.cdc.gov/mmwr/preview/mmwrhtml/su6103a5.htm, and in this scope exist, planning and systems design, data collection, data management and collation analysis, interpretation, dissemination, and finally the application to public health programs. Like most new technologies; robust changes to processes can be delivered, but are met with opposition. Health information technology can defeat a lot of the lethargic processes comprised in healthcare management, but arguably by some as the use of terms such as unintended consequences can slow growth to the field and prospects of health information exchange http://www.amia.org/amia2012/panels. It is believed that while the Electronic Health Record would be composed and stored within secured database systems that there is huge risk which exist; patient privacy, as mandated by the Health Insurance and Portability and Accountability Act (HIPPA). The opposition that some have towards health informatics...

Words: 2164 - Pages: 9

Premium Essay

Healthcare

...families’ healthcare is currently proposed to be cut saving the Federal Government approximately $1.8 billion by 2013. TRICARE, the health care program for active duty, retirees, and military families, was enacted May 1997. TRICARE replaced Civilian Health and Medical Program of the Uniformed Services “CHAMPUS” and was intended to increase quality of care for eligible beneficiaries. TRICARE has several different plans that make up the overall TRICARE health care program. TRICARE Prime the plan for active duty, their dependents and retired personnel. TRICARE Prime is a HMO style plan with no enrollment fee. Beneficiaries have a primary care provider, typically at a military installation’s medical facility; they see and attain referrals from for all specialty care. TRICARE Reserve Select is available to all military reservists. TRICARE Reserve Select has a monthly premium and allows beneficiaries to see civilian healthcare providers that are payable under TRICARE regulations. In May 2001 TIRCARE for life was added for retired military personnel and their families who prior to TFL lost their TRICARE benefits once enrolled in Medicare. TRICARE for Life pays the remaining patient responsibility of medical costs after Medicare coverage has been utilized. TRICARE Young Adult is available to unmarried military dependents ages 21-23 years old attending college full time. TRICARE Young adult was...

Words: 1028 - Pages: 5

Premium Essay

Hospitalization In Healthcare

...than four million babies born annually in U. S. hospitals (Kozhimannil), and more than 100,000 babies born to Tricare beneficiaries annually (Abramson), the cost of maternity and newborn care exceeds any other hospital expense – and those costs are rising (Truven Analytics). With budget cuts necessitating review of Tricare benefits and payments for medical services of all kinds for beneficiaries, it would seem counterintuitive to suggest that a way for Tricare to save money on maternity and newborn care would be to cover a new service. However, research shows that the cost savings associated with doula support during labor and delivery are significant...

Words: 1433 - Pages: 6

Free Essay

Va Claims

...Veteran Health Administration Disability Claims Introduction The United States Armed Forces serve the nation selflessly; therefore, they deserve the compensation guaranteed to them by the federal government, especially after engagement in combat. American troops are will begin departing from Afghanistan this year after 11 years at war; however, it seems that the government is not committed in compensating former armed service personnel. This is due to the increasing number of veterans’ claims accumulating in the Veterans Affairs offices. Combat has severe impact on veterans and this impact may not only be physical, but mental as well. Many veterans suffer from post-traumatic stress disorder after witnessing the events of war. As a result, many cannot hold jobs to their families. Regardless of their service, there are more than 400,000 veterans who have not yet received resolution of their disability claims. A claim is considered a backlog case if it takes more than 125 days to be processed. Some veterans have been forced to wait over two years and hence suffered severe financial strains. Problem Statement Due to the wars in Iraq and Afghanistan, a vast number of disabled veterans have flooded the Veterans Health Administration system. Although it is the largest health care system in America, it has failed to effectively care for its veterans. There are currently over 400,000 unprocessed medical...

Words: 1840 - Pages: 8

Premium Essay

Healthcare

...Healthcare Ecosystems LTT2 The challenges which are met in today’s healthcare are vast. It would seem that there are obvious reasons for the incorporation of health informatics to justify apparent flaws in the government programs such as Medicaid, TRICARE and Federal Employees Health Benefits Program are three legislative policies which impede its progress. With most disciplines there exists certain parameters which provide the basic focus for which the disciplines fashion themselves around. In all there are seven elements in the public health sector; http://www.cdc.gov/mmwr/preview/mmwrhtml/su6103a5.htm, and in this scope exist, planning and systems design, data collection, data management and collation analysis, interpretation, dissemination, and finally the application to public health programs. Like most new technologies; robust changes to processes can be delivered, but are met with opposition. Health information technology can defeat a lot of the lethargic processes comprised in healthcare management, but arguably by some as the use of terms such as unintended consequences can slow growth to the field and prospects of health information exchange http://www.amia.org/amia2012/panels. It is believed that while the Electronic Health Record would be composed and stored within secured database systems that there is huge risk which exist; patient privacy, as mandated by the Health Insurance and Portability and Accountability Act (HIPPA). The opposition that...

Words: 2167 - Pages: 9

Free Essay

Paper

...RESERVE  COMPONENT  HEALTH  COVERAGE  REQUEST PRIVACY  ACT  STATEMENT   AUTHORITY:      10  U.S.C.  1076d  and  1076e.   PRINCIPAL  PURPOSE(S):    This  form  is  used  by  certain  Reserve  Component  members  and  retired  members  to  purchase  or  make  changes  to   coverage  under  the  TRICARE  Reserve  Select  and  TRICARE  Retired  Reserve  (TRR)  health  plan.    Please  see  32  CFR  199.24(c)  and  199.25(b)  for  a   list  of  eligible  beneficiaries.     ROUTINE  USES(S):    In  addition  to  those  disclosures  generally  permitted  under  5  U.S.C.  552a(b)  of  the  Privacy  Act,  disclosures  may  be  made  to   Federal,  State,  local  and  foreign  government  agencies,  private  business  entities,  and  individual  providers  of  care  on  matters  relating  to  entitlement,   fraud,  program  abuse,  program  integrity,  or  civil  and  criminal  litigation  related  to  the  operation  of  the  TRICARE  Reserve  Select  and  TRICARE  Retired   Reserve  programs.     DISCLOSURE:    Voluntary;;  however,  failure  to  furnish  all  requested  information  will  result  in  the  applicant  being  unable  to  obtain  TRICARE  Reserve   Select  or  TRICARE  Retired  Reserve  health  plan  coverage. INSTRUCTIONS Please  review  the  information  in  Block  1  for  accuracy  and  provide  corrections  in  Block  2.    Then,  verify  the  information  printed  in  Blocks  3  -­  6  and  sign   Block  6  if  paying  initial  payment  by  Visa  or  MasterCard...

Words: 606 - Pages: 3