Covid-19 contact tracing vendor Insight Global has allegedly compromised the contact tracing information of thousands of Pennsylvanians announced the Department of Health last Thursday, April 29, 2021. In total, around 72,000 people from Pennsylvania may have been affected by the incident.
The data breach occurred after the Pennsylvania Department of Health announced its contract with Insight Global last summer.
Insight Global is an Atlanta-based firm hired by the Department of Health to conduct contact tracing procedures, with the company now being paid a total of $28.7 million since March of 2020, notes the Associated Press.
In a statement from the Pennsylvania Health Department representative Barry Ciccocioppo, he said that employees of the firm “disregarded security protocols in established in the contract and created unauthorized documents” outside the system.
In addition, Ciccocioppo also said that the Department of Health is “extremely disappointed that employees from Insight Global acted in a way that may have compromised this type of information and sincerely apologize to all impacted individuals.”
Reuters reports that Insight Global acknowledged the incident, with the company saying it only became aware of the data breach on April 21, 2021. Following this, the news site reveals that the firm took action to prevent further unauthorized access against malicious threat actors two days after on April 23, 2021.
According to CBS Local, the company workers resulted to using Google accounts to share confidential information and left the documents on these accounts unprotected, resulting in the system being compromised and over 72,000 Pennsylvanians being made vulnerable.
Among the compromised information including the names of individuals, their phone numbers, age, gender, email address, sexual orientation, Covid-19 diagnoses or results, as well as their related exposure status, reveals the Associated Press.
Insight Global, however, was quick to say that they do not collect nor store financial details of individuals, such as their financial account information, payment card details, Social Security numbers, and the like.
As of writing, Reuters states that the contact tracing company is currently working with the Pennsylvania Department of Health to determine individuals whose information may have been affected by the breach. The company is also working with relevant authorities following the incident to identify the extent of the matter.
Last Friday, April 30, 2021, CBS Local reports that Insight Global has since set up a hotline for individuals who are concerned about their personal and health data being exposed. On top of this, the company will also be extending credit monitoring checks and identity protection services.