Insight Global LLC, an Atlanta-based staffing company, has agreed to a $2.7 million settlement for allegedly failing to secure sensitive health information during COVID-19 contact tracing. The Pennsylvania Department of Health hired Insight Global for contact tracing, funded by the CDC. However, the company reportedly transmitted personal health information via unencrypted emails, used shared passwords, and stored data in unsecured Google files accessible to the public.
Despite staff complaints between November 2020 and January 2021, Insight Global only began addressing these issues in April 2021. The company then secured the data, investigated the breach, strengthened internal controls, and offered credit monitoring services to those affected.
The Civil Cyber-Fraud Initiative was announced by the Deputy Attorney General to hold entities accountable for cybersecurity failures. The investigation was prompted by a whistleblower lawsuit under the False Claims Act, with whistleblower Terralyn Williams Seilkop receiving $499,500 from the settlement.
It is imperative that when dealing with sensitive data, use encryption and take steps to ensure privacy.
.
1