Incident & Breach Response , Managed Detection & Response (MDR) , Security Operations
TRICARE Breach Lawsuits Consolidated
Case to be Handled in Washington U.S. District CourtEight class action lawsuits filed in the wake of a 2011 data breach involving TRICARE, the military health program, and affecting nearly 5 million individuals have been consolidated into one case that will be handled by the U.S District Court in Washington, D.C.
See Also: Identity Security Trailblazers - Health First
In a transfer order issued by the U.S. Judicial Panel on Multidistrict Litigation, the court noted that five of the eight cases, including the first one filed, are pending in the Washington district. In addition, Science Applications International Corp., the TRICARE business associate involved in the breach, and the federal defendants, have headquarters in or near Washington, the order notes.
Besides TRICARE and SAIC, the other defendants in the cases include the U.S. Department of Defense and Secretary of Defense Leon Panetta. The defendants in each of the eight cases vary.
The consolidated cases include five filed in the District of Columbia, two in California and one in Texas.
"Centralization will avoid duplicative discovery, eliminate the risk of inconsistent pretrial rulings on class certification and other pretrial matters, and conserve the resources of the parties, their counsel and the judiciary," says the order signed by John G. Heyburn, chairman of the panel on multidistrict litigation.
Earlier, SAIC had filed a motion to consolidate the cases and dismiss five of them.
Breach Details
The cases stem from the September 2011 theft of unencrypted backup computer tapes containing information on about 4.9 million individuals. The tapes were stolen from the car of an SAIC employee who was to transport them between federal facilities on behalf of TRICARE.
Based on the total number of individuals affected, the TRICARE breach is the largest so far on the federal tally of major breaches reported since the HIPAA breach notification rule took effect in September 2009.
Responding to a request for comment, Melissa Koskovich, an SAIC spokeswoman, said, "The only thing we can say is SAIC sought the consolidation. There is no evidence there's been any unauthorized access to the data that was on the removable backup tapes stolen from the employee's vehicle on Sept. 14 2011."
TRICARE officials declined to comment on the lawsuit consolidation.