The Defense Department is computerizing the medical records of all military personnel and their families, but just as the project gets past the experimental phase officials are grappling with the theft of thousands of records from a Pentagon health care contractor.
The theft earlier this month of computer hard drives containing more than 500,000 records with Social Security numbers, medical claims histories and other private information from an Arizona company could become one of the largest identity thefts on record if the information is misused, the Federal Trade Commission said.
"I am not aware of a larger case, but at this point we don't know if any people have experienced identity theft," said Besty Broader, assistant director of the FTC's division of planning and information.
The U.S. Attorney's office in Phoenix planned to unveil a reward Tuesday to help capture the culprits, according to the Phoenix-based TriWest Healthcare Alliance, which suffered the theft.
Authorities said thieves took computer equipment and files with the sensitive information during a break-in Dec. 14 at TriWest, a defense contractor that provides managed health care for military personnel in 16 states.
With a person's name, birth date and Social Security number, someone could easily open credit accounts and create fake documents like drivers licenses, Broader said, but officials say they do not yet know the motives or skill level of the thieves.
David McIntyre, TriWest president and chief executive, said health care service would not be disrupted as a result of the theft.
The breech comes as the Pentagon is building a network to computerize the entire military health care system, including the patient records of 8.7 million service members, retirees and their families who receive medical care under Pentagon programs.
The Pentagon is planning to roll out the project at up to seven military hospitals across the nation after successfully testing the concept at four locations. The system eventually will be expanded worldwide.
The Defense Department hailed the Composite Health Care System II, or CHCS II, as a potential "data gold mine" for military physicians and other health care professionals that will provide quick and easy access to military patient records worldwide.
Though the TriWest computers have no connection to the larger project, they did include information gathered for military health care, including names, addresses, medical claim histories and a small number of credit card numbers.
Pentagon officials nonetheless are taking the breech "very seriously" and are "going to learn from this issue and do what's necessary" to better guard such information in the future, spokesman Jim Turner said.
When the large computerization of military health records is completed, the bigger threat won't be a physical removal of computer hard drives but rather the potential theft of records from hackers who try to break into military computer networks, officials said.
Privacy experts are on the lookout for potential security lapses or unnecessary intrusions into people's personal information as the Pentagon puts more personal information into digital form.
"This makes it easier to find the information but also makes it easier for criminals" to access it, Ari Schwartz, associate director at the Center for Democracy and Technology, said of CHCS.
The Pentagon recently received an "F" grade for its computer security from the House Government Reform subcommittee on government efficiency, financial management and intergovernmental relations.
Bonnie Heald, the subcommittee's staff director, referred to the Pentagon's score of 38 out of 100 as "an abysmal failure."
The report did not take into account CHCS, which was too new to be included.