What you need to know
- A staffing company that conducted COVID-19 contact tracing in Pennsylvania and exposed the personal medical information of nearly 72,000 residents will pay $2.7 million in settlement with the U.S. Department of Justice and whistleblower. is what happened.
- Federal prosecutors announced the settlement with Insight Global on May 1, 2024.
- The Pennsylvania Department of Health paid the Atlanta-based company tens of millions of dollars to manage the state's contact tracing program at the height of the pandemic.
A large staffing company that conducted COVID-19 contact tracing in Pennsylvania and exposed the personal medical information of approximately 72,000 residents has been awarded a $2.7 million settlement with the Department of Justice and the company's whistleblower. He will pay $1,000, federal prosecutors announced Wednesday.
The Pennsylvania Department of Health paid Atlanta-based Insight Global tens of millions of dollars to manage the state's contact tracing program at the height of the pandemic. The company was responsible for identifying people infected with the coronavirus and contacting them so they could be isolated.
Employees used unauthorized Google accounts that were easily viewable online to collect names, phone numbers, and electronic information of residents targeted for contact tracing, even though required by government contracts. It saved email addresses, COVID-19 exposure, sexual orientation, and other information. used to protect such data.
State health officials fired Insight Global in 2021 after the data breach was revealed. A subsequent federal whistleblower lawsuit alleged that Insight Global knowingly lacked secure computer systems and adequate cybersecurity to secure a lucrative contract with Pennsylvania.
According to the complaint, the whistleblower, a former Insight Global contract employee, complained to company management that residents' health information could be made public. The company initially ignored her, but when confronted, the company told the whistleblower that it had no intention of paying for the necessary computer security systems and instead used contract funds to hire a large number of employees. I am thinking of hiring him,'' he said.
According to the U.S. Department of Justice, it took Insight Global five months to begin securing people's protected health information.
“Government contractors who fail to follow procedures to protect personal health information will be held accountable,” Maureen R. Dixon, director of the U.S. Department of Health and Human Services Office of Inspector General, said in a statement Wednesday. Under the proposed settlement, the whistleblower will receive nearly $500,000.
Insight Global, which has about 70 offices in the U.S., Canada and the U.K., previously acknowledged and apologized for mishandling sensitive information. The company said at the time that it belatedly realized that an employee had set up an unauthorized Google account to share information.
A message seeking comment on the settlement was sent to the company Wednesday.