PHILADELPHIA (KYW Newsradio) — A company that the Pennsylvania Department of Health hired to handle COVID-19 contact tracing apparently stored personal and medical information in unsecured, online documents. The department said the personal information of thousands of Pennsylvanians may have been compromised.
According to the department, employees with Atlanta-based Insight Global ignored security protocols and created the document.
Department of Health Communications Director Barry Ciccocioppo says the document had at least 72,000 names on it. And while there was no financial information or social security numbers, it did have information such as age, gender, sexual orientation and COVID-19 diagnosis.
The document was first reported by Pittsburgh TV station WPXI. The station reported that the names, email addresses and phone numbers were attached to private, personal information. For example, one person was shown as being on anti-depressants and having considered suicide.
The health department is requiring Insight Global to reach out to everyone whose name was on the document.
Related
The state partnered with Insight Global in July 2020 for nearly $23 million to recruit, hire, train and support 1,000 paid COVID-19 contact tracing staff members.
The company says it learned about the unsecured documents on April 21 and had them secured by April 23.
In a statement, Insight Global said the unauthorized documents were made “outside of the secure data systems created by the Commonwealth. These documents existed separately from the official data that Insight Global employees were collecting and providing to DOH within secure data platforms. No Commonwealth IT assets or systems, including the COVID Alert PA app, were involved or compromised.”
The statement continues, in part:
“We are extremely dismayed that employees from Insight Global acted in a way that may have compromised this type of information and sincerely apologize to all impacted individuals. Immediately after becoming aware, the Department took swift action demanding Insight Global properly secure the documents. Insight Global engaged third-party IT specialists and immediately began a forensic investigation to identify all individuals who might be impacted.
"Although neither Insight Global nor the Commonwealth of Pennsylvania are aware at this time of the misuse of the information involved, we understand the concern that this potential access to such information may raise. Insight Global is offering credit monitoring and identity protection services at no cost through TransUnion to those affected by this incident."
As a result of the incident, the Department of Health will not renew its Insight Global contract, which is set to expire on July 31.
Pennsylvania is starting a hotline on Friday for people who are worried that their information may have been compromised. Concerned residents can call 855-535-1787 Monday through Friday, 9 a.m. to 9 p.m.