Insight Global announced today that some personal information, collected by our employees during COVID-19 contact tracing in Pennsylvania, may have been accessible to persons beyond authorized employees and public health officials.
We deeply regret this happened and are committed to restoring the trust of any residents of Pennsylvania who may have been impacted. All necessary steps are being taken to secure any personal information, and we intend to learn and grow from this. We remain committed to continue helping slow the spread of COVID-19 in Pennsylvania.
Insight Global is contracted by the Commonwealth of Pennsylvania to provide services for the Pennsylvania Department of Health to obtain information to help slow the spread of the virus and to identify and address any needs for specific social support services.
At this time, we believe the impacted information consisted of names of individuals who may have been exposed to COVID-19, whether they were positive or negative for COVID-19, if they experienced symptoms, information about number of members in household, and for certain individuals, email and telephone numbers and information to address any needs for specific social support services.
These individuals were contacted for purposes of contact tracing between September 2020 and April 21, 2021, although only a portion of individuals contacted during this period were affected. Insight Global did not collect Social Security numbers, financial account information, or payment card information, and that type of information was not involved in this incident.
Although Insight Global has robust security on its inhouse platforms, as part of an unauthorized collaboration channel, certain employees set up and used several Google accounts for sharing information. Documents related to contact-tracing collection were included among the information that may have been vulnerable to access.
Also Read: Effective Security Strategies for CISOs to Consider
Insight Global leadership became aware of this security vulnerability on April 21, 2021 and immediately took steps, completed by April 23, 2021, to secure and prevent any further access to or disclosure of information.
To support this effort, leading third-party IT security specialists were engaged to help determine the nature and scope of the incident, and it is continuing those efforts to detect any unauthorized disclosure of this information.
In addition, we worked with these specialists to identify documents that may have been vulnerable, as well as determine the nature of the information that may have been vulnerable.
We have worked closely with the Pennsylvania Department of Health to identify any individuals whose information may have been affected. Individuals whose information may have been affected will also be notified by mail once address information is identified.
Although neither Insight Global nor the Commonwealth of Pennsylvania are aware at this time of the misuse of the information involved, we understand the concern that this potential access to such information may raise.
Insight Global is offering credit monitoring and identity protection services at no cost through TransUnion to those affected by this incident. A dedicated call center will open on Friday, April 30, 2021 at 1:00 pm Eastern time to help address questions about this incident.
For further information or to learn more about the credit monitoring being offered, individuals may call toll free: 1-855-535-1787, Monday through Friday, from 9:00 a.m. to 9:00 pm Eastern Time.
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.