Make us your home page
Instagram

Today’s top headlines delivered to you daily.

(View our Privacy Policy)

SOCom investigating claim that consultant gained entry to health care data

U.S. Special Operations Command is investigating a claim by a cybersecurity consultant that he was able to breach a database containing the personal information of hundreds of health care workers who treat commandos and their families.

The investigation was confirmed by Ken McGraw, a spokesman for SOCom, the command based at MacDill Air Force Base that helps guide the work of the military's commandos. Consultant Chris Vickery told the Tampa Bay Times he gained entry into the database of a Virginia company that provides health care workers for a SoCom program called Preservation of Force and Family.

The files he acquired do not appear to contain health care information about commandos, Vickery said. It is unknown whether anyone outside the company other than him had accessed the data, he said.

The information contains names, Social Security numbers, home and work addresses, email addresses, phone numbers, resumes and security clearances for employees with Potomac Healthcare Solutions.

It also includes the company's jobsite locations around the United States as well as in Japan, Ireland and other foreign lands. As part of the program, the health care workers travel to locations where commandos are based.

Potomac Healthcare Solutions is a subcontractor with Booz Allen Hamilton, which in 2013 won a contract worth up to $475 million to run the Preservation of the Force and Family program. The SOCom program provides mental, physical and spiritual care to commandos with the Navy SEALs, Army Green Berets and Rangers, Delta Force members and Air Force and Marine commandos, according to the Potomac website. Families also are covered.

The program is aimed at "decreasing the rate of physical and emotional injuries from all causes, and significantly accelerating return to duty times," the website says.

Many of the employees in the database hold the highest federal security clearance, said Vickery, who still has the data.

Potomac officials said in a statement to the Times on Monday that they are aware of Vickery's claim. They said internal and external reviews have turned up no sign yet that any sensitive information was compromised.

"The privacy and security of information remains a top priority, and we will continue to work diligently to address any issues or concerns," Potomac said.

Vickery said he found the data by using a search engine that sweeps the so-called Internet of Things, a networking of devices connected to the Internet including security cameras, refrigerators and even light bulbs.

Vickery is the recipient of the 2016 Data Detective Award from Patient Privacy Rights and Harvard University's Data Privacy Lab. He said he has helped in investigations conducted by the Federal Trade Commission, FBI, Texas Attorney General's Office, Secret Service and the state of Kansas.

He gained entry to the Potomac data during a Christmas Day search but did not realize until the next day what he had found, he said. On Sunday, Vickery posted redacted copies of some of the data on his blog at MacKeeper, an Internet security firm. The blog item was first reported by ZDNet, an Internet technology website.

"We take any allegation of a data breach very seriously, including those from our subcontractors," said James Fisher, a Booz Allen Hamilton spokesman, in an email message to the Times. "We are looking into this alleged event."

Aside from health care workers' personal information, Vickery was able to obtain a list of hundreds of millions of dollars in future contracts Potomac is seeking, as well as a number of password-protected financial databases he said he does not want to try breaching.

On his blog post, Vickery said he had difficulty persuading Potomac officials to take his breach seriously. He said that as of Monday afternoon, no one from SOCom had contacted him.

"It's not hard to imagine a Hollywood plot line in which a situation like this results in someone being kidnapped or blackmailed for information," Vickery wrote in his blog. "Let's hope that I was the only outsider to come across this gem. Let's really hope that no hostile entities found it. Loose backups sink ships."

Contact Howard Altman at haltman@tampabay.com or (813) 225-3112. Follow @haltman

SOCom investigating claim that consultant gained entry to health care data 01/02/17 [Last modified: Monday, January 2, 2017 7:41pm]
Photo reprints | Article reprints

© 2017 Tampa Bay Times

    

Join the discussion: Click to view comments, add yours

Loading...
  1. Rays waste repeated opportunities in 5-3 loss to Blue Jays

    The Heater

    TORONTO — Rays manager Kevin Cash made a case for urgency before Thursday's game, in both actions and words, making significant changes to the structure of the lineup and sincere comments about time running short.

    Trevor Plouffe of the Rays reacts as he pops out with the bases loaded in the sixth inning. [Photo by Tom Szczerbowski/Getty Images]
  2. Spanish PM voices solidarity with Barcelona

    World

    BARCELONA, Spain — Spanish Prime Minister Mariano Rajoy says his country is mourning in solidarity with the city of Barcelona and other cities in Europe that have been hit by deadly extremist attacks.

    An injured person is treated in Barcelona, Spain, Thursday, Aug. 17, 2017 after a white van jumped the sidewalk in the historic Las Ramblas district, crashing into a summer crowd of residents and tourists and injuring several people, police said. [Associated Press]
  3. Confederate statue: Why Bucs, Lightning, Rays took a stand

    Bucs

    They didn't want another Charlottesville.

    Marc Rodriguez, a member of the "Florida Fight for $15" organization, stands in protest along with other activists demanding the Confederate  monument be removed from the old Hillsborough County Courthouse in Tampa. [OCTAVIO JONES   |   Times]
  4. Rep. Larry Ahern gets roughed up by Clearwater City Council

    State Roundup

    It seemed innocuous enough: an "end of session report" from state Rep. Larry Ahern, R-Seminole, to the Clearwater City Council.

    Then Ahern got taken to the woodshed.

    Rep. Larry Ahern is vying for a seat on the Pinellas commission.
  5. Hillsborough County erects wooden barrier to protect Confederate monument from vandalism

    Public Safety

    TAMPA — Hillsborough County workers began constructing a wooden barrier around the base of the Confederate monument by the old county courthouse Thursday evening.

    A Hillsborough County construction crew erects a wooden barrier around the Confederate monument at the old county courthouse Thursday, out of concern about potential vandalism. [Courtesy of WTSP]