Insight Global And Pennsylvania Department Of Health Face Lawsuit over 72,000-Record Data Breach

The Pennsylvania Department of Health and also its COVID-19 contact tracing provider are getting sued because of a breach of the personal and medical information of 72,000 Pennsylvanians.

Insight Global and the Department of Health published the breach involved on April 29, 2021. The IT service management and staffing agency Insight Global won the deal to carry out the state’s contact tracing project and had received access to personal and health data to be able to deliver those services.

The information was employed to contact people possibly exposed to COVID-19 to find and handle the special support services necessary and to help deter the spread of COVID-19. Insight Global had given its contact tracers safe communication channels and had established security protocols, nevertheless, it was uncovered that several workers had pushed aside security standards established in the contract and produced unauthorized files. Those files, such as spreadsheets, were shared among contact tracers employing individual email accounts and consumer versions of cloud solutions for instance Google Sheets, which was missing proper security settings. That meant sensitive data was copied to servers beyond the state’s safe data system.

The persons whose personal information was exposed were contacted for contact tracing reasons from September 2020 to April 21, 2020. The compromised info included names, email addresses, telephone numbers, genders, ages, COVID-19 diagnoses, and the person’s exposure status. The Department of Health has stated that the agreement with Insight Global will conclude this July and won’t be renewed.

Purportedly, the Department of Health is aware of the breach a couple of months prior to the release of any notification. State Rep. Jason Ortitay mentioned he knew about the incident on April 1, 2021 and got in touch with the state governor to point out concerns. The governor affirmed that the issue was brought up a few months already and the remarks were determined to be unacceptable.

Today a lawsuit was sent in Federal court versus Insight Global And The Department Of Health. The lawsuit states the 72,000 people whose data was breached are presently vulnerable to identity theft, fraud, and credit troubles as a result of the breach of their personal information.

The head plaintiff, Lisa Chapman from New Kensington, started the legal action just after learning about the compromise of her information. The lawsuit claims both the Department of Health and Insight Global were responsible for not being able to implement correct cybersecurity measures and didn’t comply with industry specifications for securing the private health data of men and women. The lawsuit claims the state Department of Health was informed of the breach since November 2020 yet failed to do something about the incident right up until April and didn’t advise the men and women affected by the breach till April 29, 2021.

The lawsuit states information was placed in a public site where any person can access them. Anyone could perform a Google search and access the information without needing any password to sign in and see. Insight knew that its staff was utilizing unsecured data storage and communications options since November 2020.

The lawsuit wants class-action status, a jury trial, fair relief, repayment of credit monitoring and identity theft protection expenses for many years, refund of legal charges, and for the Department of Health and Insight Global to undertake proper security procedures.

Though the information was transmitted to unsecured services where it may likely have been viewed by unauthorized persons, Insight Global and the Department of Health aren’t informed of any incidents of actual or attempted improper use of any personal and medical data.

About Christine Garcia 1192 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA