The 2011 breach occurred when backup tapes from an electronic health record used by TRICARE were stolen from an SAIC employee’s vehicle.
As a result of the breach, multiple class-action lawsuits were filed against TRICARE and SAIC by the affected recipients alleging they faced an increased risk of identity theft as a result of their medical records being stolen. All of the lawsuits were consolidated in Washington, D.C.
The D.C. federal judge dismissed 31 of the 33 TRICARE recipients named in the consolidated lawsuit. In support of the dismissal the court stated the degree to which the recipients’ risk of identity theft is increased due to the data breach is irrelevant because it is not an “actual injury.” The plaintiffs must show “harm is certainly impending,” which many of them failed to do.
Plaintiffs who suffered identity theft as a result of the data breach remain as named plaintiffs in the consolidated case.
More Articles on Data Breaches:
FTC Responds to LabMD’s Motion For Summary Determination
1,981 Baylor Regional Medical Center Patients’ Information Compromised By Phishing Scheme
Insider Breach at BCBS of Kansas City Affects 2,546 Members
