In this Nov. 4, 2020, file photo, Pennsylvania Gov. Tom Wolf adjusts his face mask to protect against COVID-19 during a news conference in Harrisburg, Pa.
Julio Cortez / AP Photo
In this Nov. 4, 2020, file photo, Pennsylvania Gov. Tom Wolf adjusts his face mask to protect against COVID-19 during a news conference in Harrisburg, Pa.
Julio Cortez / AP Photo
(Harrisburg) — Pennsylvania should immediately terminate the no-bid state contract of a company that performed COVID-19 contact tracing and exposed the private medical information of tens of thousands of residents, Republican state lawmakers said Monday.
GOP leaders also called for state and federal probes into the Atlanta-based contractor’s mishandling of the data, and what they said was the slow response by the Wolf administration.
Employees of Insight Global used unauthorized Google accounts — readily viewable online — to store names, phone numbers, email addresses, COVID-19 exposure status, sexual orientations and other information about residents who had been reached for contact tracing. The company’s contract with the state required it safeguard people’s data.
The Department of Health said last week at least 72,000 people were impacted. The state plans to drop Insight Global once its contract expires at the end of the July.
But GOP lawmakers said at a news conference at the Capitol on Monday that the administration of Gov. Tom Wolf needs to find a new vendor immediately.
“The public trust in Insight Global is gone,” said state Rep. Jason Ortitay, R-Allegheny. “And as as long as the company continues to do contact tracing for our state, who is going to give them any information?”
Ortitay said he was alerted by a reporter for WPXI-TV about the mishandled data on April 1 and, in turn, immediately contacted the Wolf administration. On April 13, he said, administration officials told him the claims had been looked into months ago and were false.
“I just took their word for it,” he said.
The Wolf administration asserted late Monday that it was unaware of the issue with Insight Global until April 19.
Health Department spokesperson Barry Ciccocioppo said Ortitay “did not raise any data security concerns” in his April 1 email to the department but “simply asked questions about the vendor.” Ciccocioppo said agency officials “immediately took action” once it learned about the problem from WPXI.
“The incident occurred because certain employees of Insight Global disregarded security protocols established in the contract and created unauthorized documents outside of the secure data systems created by the commonwealth. That situation has been corrected,” he said.
The state has paid Insight Global nearly $29 million since last summer to administer the state’s contact tracing program. Contact tracers identify people who have been exposed to the coronavirus so they can quarantine.
Insight Global has acknowledged it mishandled sensitive data and apologized. In a statement last week, the company said it became aware on April 21 that employees had set up the unauthorized Google accounts for sharing information. Insight Global said it took steps to secure the information and that it was unaware of “the misuse of the information involved.”
Insight Global has hired about 900 people as part of its contract with the state. Ciccocioppo said the Health Department plans to “transition away” from the company when its contract ends.
We spotlight and uplift the creators around us, featuring amazing artists, musicians, authors, chefs, dancers, designers, photographers, and more.