HIPAA breaches don't always come from providers. Tricare, the massive U.S. military insurer, announced last week that backup tapes from an electronic health care record went missing while in the possession of a contractor, putting about 4.9 million San Antonio-area military clinic and hospital patients at risk of a privacy breach. The information on the tapes included patient data from 1992 through Sept. 7, 2011, and "may include Social Security numbers, addresses and phone numbers, and some personal health datasuch as clinical notes, laboratory tests, and prescriptions," Tricare says in a statement. However, the tapes contained no financial data. Despite the sensitive information stored on the missing tapes, the government ranks the risk of harm to patients as low because anyone attempting to access the data would have to be proficient in specific hardware and software systems. The government will not be notifying all patients who have been identified as being on the tapes, and will not provide credit monitoring and restoration services, due to the low risk that the government has assigned to the situation.