Serviceteam IT Security News

Personal health information (PHI) belonging to tens of thousands of Pennsylvanians has been exposed following a data breach at a Department of Health vendor.

Atlanta-based company Insight Global was contracted by the Keystone State’s DOH in 2020 “to provide contact tracing and other similar services” following the outbreak of COVID-19. Now the Department is accusing the company of exposing the data of 72,000 individuals by willfully disregarding security protocols.

Pennsylvanians contacted by Insight Global in a contact tracing data collection operation reported to have cost $28.7m shared their information on the understanding that it would be kept confidential.

Department of Health spokesperson Barry Ciccocioppo stated “certain employees of Insight Global—a vendor contracted by DOH in 2020 to provide contact tracing and other similar services—disregarded security protocols established in the contract and created unauthorized documents outside of the secure data systems created by the Commonwealth.

“These documents existed separately from the official data that Insight Global employees were collecting and providing to DOH within secure data platforms.”

Information exposed in the data breach reportedly included names, phone numbers, and medical information. The DOH said that their data systems were not impacted by the breach.

“From the briefing I got this morning from the Governor’s Office, there were several employees of Insight Global that ignored or purposefully avoided security protocols, I don’t know whether to make their job easier or what,” said State Representative Jason Ortitay, who serves portions of Washington and Allegheny counties.

He added: “They were basically putting information and people’s names into Google documents and then they were sharing them amongst each other.”

A spokesperson for Insight Global told WXPI that contact tracing information “may have been made accessible to persons beyond authorized employees and public health officials.”

The company has launched an investigation into the security incident and taken steps to secure the PHI that was exposed. Free credit monitoring and identity protection services will be offered by the company to individuals affected by the breach.

Insight Global’s contract with the Department of Health expires on July 31. The Department has stated that it will not be renewed.

Source: Infosecurity Magazine

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply