Lawmakers in the Commonwealth of Pennsylvania want a data breach to be investigated. The case relates to the contact tracing information of 72,000 Pennsylvanians including sensitive data that was shared through unauthorized avenues without the required security protections.
Insight Global is a firm based in Atlanta that has been helping the Commonwealth of Pennsylvania do COVID-19 contact tracing throughout the pandemic. A number of people working at Insight Global were found to have made and shared unauthorized copies of files with each other during the conduct of their contact tracing responsibilities. Files and spreadsheets were shared by means of non-secure ways for example personal Google accounts, which supposed|suggested} sensitive data were transmitted to servers outside the control of the state or Insight Global.
Insight Global made an announcement about the breach on April 29, 2021 and stated in its substitute breach notice that the information associated with contract tracing of persons between September 2020 and April 21, 2021. An investigation into the breach was begun and third-party security specialists have been helping to find out the magnitude of the security problems and their effect. To date, no evidence has been discovered that suggests the misuse of any personal data or PHI. The investigation into the security concerns is ongoing.
Insight Global reports that the exposed information included names of people possibly exposed to COVID-19, positive/negative test status, whether there were symptoms or not, data on the names of household members, and telephone numbers, email addresses, and other information needed for particular social support services.
Insight Global mentioned it learned of the security problem on April 21, 2021 and took quick steps to fix the issues, and those steps were done by April 23. Insight Global has been working with the Pennsylvania Department of Health concerning the identification of the security problems and will be notifying affected persons via mail as soon as the address details have been confirmed. Insight Global stated there was no exposure of Social Security numbers or financial data and, as a safety precaution, affected people are given complimentary credit monitoring and identity protection services.
Target 11’s investigators found out that employees were using free versions of Google Sheets to record contact tracing information and were sending those spreadsheets and other files to colleagues through their individual email accounts. The free versions of Google services are not HIPAA compliant, therefore they must not be used.
Insight Global had security practices implemented to make sure that contact tracing data may be logged and shared securely. It is presently uncertain whether this was just a case of isolated employees circumventing security standards and making unauthorized records and spreadsheets to make their work less difficult. Nevertheless, regardless of the cause, sensitive information has been compromised.
The Commonwealth of Pennsylvania has made the decision not to renew its agreement with Insight Global regarding the security breach. The deal will expire on July 31, 2021. A Pennsylvania Department of Health spokesperson mentioned the company’s dismay regarding Insight Global workers that acted to compromise this type of data and truly apologize to all impacted persons.
State Representative Jason Ortitay (R- Allegheny, Washington) states that after learning about the breach, it was raised to the state Governor’s office on April 1, 2021. Republican lawmakers are currently calling for an investigation into the security breach by the federal law enforcement agencies, state Attorney General’s office, House Government Oversight Committee.