Lawmakers in the Commonwealth of Pennsylvania are asking for a data breach to be investigated. The incident pertains to the contact tracing information of 72,000 Pennsylvanians which includes sensitive data that was distributed through unauthorized routes without the required security measures.
Insight Global is a company located in Atlanta that has been supporting the Commonwealth of Pennsylvania perform COVID-19 contact tracing for the duration of the pandemic. Many people hired by Insight Global were determined to have produced and shared unauthorized duplicates of files with one another while conducting their contact tracing tasks. Paperwork and spreadsheets were provided by means of nonsecure routes like personal Google accounts, which supposed|suggested} sensitive data were routed to servers beyond the regulation of Insight Global or the state.
Insight Global reported the breach on April 29, 2021 and stated in its substitute breach notice that the information linked to contract tracing of persons from September 2020 to April 21, 2021. An investigation into the incident was started and third-party security professionals were assisting to identify the scope of the security matters and their consequences. Thus far, no proof has been identified that indicates the misuse of any private data or PHI. The investigation into the security matters is in progress.
Insight Global states that the exposed information contained names of people likely infected with COVID-19, positive/negative test condition, whether there were signs and symptoms or not, details on the names of family members, and phone numbers, email addresses, and other details needed for certain social support services.
Insight Global mentioned it knew about the security concern on April 21, 2021 and took prompt actions to answer the problems, and those steps were finished by April 23. Insight Global has been in partnership with the Pennsylvania Department of Health regarding the finding of the security concerns and will be informing impacted persons through mail when address details have been validated. Insight Global explained there was no compromise of Social Security numbers or financial data and, as a security measure, affected people receive free credit monitoring and identity protection services.
Target 11’s investigators learned that employees were utilizing free versions of Google Sheets to copy contact tracing information and were giving those spreadsheets and other paperwork to co-workers via their private email accounts. The free versions of Google services aren’t HIPAA compliant, so they should never be used.
Insight Global had safety standards set up to make certain that contact tracing data can be documented and shared safely. It is at the moment not clear whether this was merely a case of singled out employees bypassing security practices and producing unauthorized records and spreadsheets to make their job less complicated. Nonetheless, no matter what the cause, sensitive information has been compromised.
The Commonwealth of Pennsylvania has determined not to renew its agreement with Insight Global relating to the security breach. The deal is going to expire on July 31, 2021. A Pennsylvania Department of Health spokesperson stated the company’s frustration concerning Insight Global workers that worked to compromise this kind of data and seriously apologize to all affected persons.
State Representative Jason Ortitay (R- Allegheny, Washington) remarks that after knowing about the breach, it was brought up to the state Governor’s office on April 1, 2021. Republican lawmakers are today asking for an investigation into the data breach by the federal law enforcement agencies, state Attorney General’s office, House Government Oversight Committee.