Vendor that mishandled Pennsylvania virus data to pay $2.7 million in federal whistleblower case
Advertisement
Read this article for free:
or
Already have an account? Log in here »
To continue reading, please subscribe:
Monthly Digital Subscription
$1 per week for 24 weeks*
- Enjoy unlimited reading on winnipegfreepress.com
- Read the E-Edition, our digital replica newspaper
- Access News Break, our award-winning app
- Play interactive puzzles
*Billed as $4.00 plus GST every four weeks. After 24 weeks, price increases to the regular rate of $19.00 plus GST every four weeks. Offer available to new and qualified returning subscribers only. Cancel any time.
Monthly Digital Subscription
$4.75/week*
- Enjoy unlimited reading on winnipegfreepress.com
- Read the E-Edition, our digital replica newspaper
- Access News Break, our award-winning app
- Play interactive puzzles
*Billed as $19 plus GST every four weeks. Cancel any time.
To continue reading, please subscribe:
Add Free Press access to your Brandon Sun subscription for only an additional
$1 for the first 4 weeks*
*Your next subscription payment will increase by $1.00 and you will be charged $16.99 plus GST for four weeks. After four weeks, your payment will increase to $23.99 plus GST every four weeks.
Read unlimited articles for free today:
or
Already have an account? Log in here »
Hey there, time traveller!
This article was published 01/05/2024 (531 days ago), so information in it may no longer be current.
A large staffing firm that performed COVID-19 contact tracing for Pennsylvania and exposed the private medical information of about 72,000 residents will pay $2.7 million in a settlement with the Justice Department and a company whistleblower, federal prosecutors announced Wednesday.
The Pennsylvania Department of Health paid Atlanta-based Insight Global tens of millions of dollars to administer the state’s contact tracing program during the height of the pandemic. The company was responsible for identifying and contacting people who had been exposed to the coronavirus so they could quarantine.
Employees used unauthorized Google accounts — readily viewable online — to store names, phone numbers, email addresses, COVID-19 exposure status, sexual orientations and other information about residents who had been reached for contact tracing, even though the company’s contract with the state required it to safeguard such data.
State health officials fired Insight Global in 2021 after the data breach came to light. A subsequent federal whistleblower lawsuit alleged that Insight Global secured its lucrative contract with Pennsylvania knowing that it lacked secure computer systems and adequate cybersecurity.
The whistleblower — a former Insight Global contractor — complained to company management that residents’ health information was potentially accessible to the public, according to the lawsuit. The company initially ignored her, then, when pressed, told the whistleblower “it was not willing to pay for the necessary computer security systems and instead preferred to use its contract funds to hire large numbers of workers,” the lawsuit said.
It took Insight Global five months to start securing residents’ protected medical information, according to the U.S. Justice Department.
“Contractors for the government who do not follow procedures to safeguard individuals’ personal health information will be held accountable,” Maureen R. Dixon, who heads up the inspector general’s office at the U.S. Department of Health and Human Services, said Wednesday in a statement on the settlement, of which the whistleblower is set to receive nearly $500,000.
Insight Global, which has about 70 offices in the U.S., Canada and the U.K., has previously acknowledged it mishandled sensitive information and apologized. The company said at the time it only belatedly became aware that employees had set up the unauthorized Google accounts for sharing information.
A message was sent to the company Wednesday seeking comment on the settlement.