Company at center of Pa. contact tracing data breach still working to secure personal information

PITTSBURGH — The company at the center of a contact tracing data breach is still working to secure personal information, according to Target 11′s Rick Earle.

Earle broke the story less than two months ago and since then has learned a letter was sent to current and former employees of Insight Global. That letter advises employees who have any paper or electronic files to return them as quickly as possible and to make sure internet links are not accessible by third parties.

>>>RELATED: Unsecured Pennsylvania COVID-19 contact tracing data exposed by whistleblower to Target 11

Insight Global received a $23 million contract from the state to conduct contact tracing during the COVID-19 pandemic.

“I was very surprised this wasn’t taken care of immediately, like the second they became aware that these documents existed and were out there. I was hoping that they would. I mean my expectation would have been that they would have worked immediately towards removing them or revoking access,” said state Rep. Jason Ortitay.

In April, Target 11 found unsecured links to spreadsheets containing the health and personal data of nearly 100,000 Pennsylvanians who had been contacted by Insight Global’s contact tracers. After the investigation aired, the state terminated the contract with the company and the Attorney General launched an investigation.

Insight Global officials said they were working to secure the personal information, but just last week, Target 11 learned there were still unsecured links to more spreadsheets with the same data for more than 70 people.

>>>RELATED: Pennsylvania investigating if contact tracers violated state’s recording law

“I’d like to say I’m surprised but this entire situation is just that, it’s been mismanaged from the beginning and we need to figure out how to fix it and how to address this. Moving forward there needs to be proper oversight put into place whether that’s through legislation or through another channel,” Ortitay said.

A state senator has already introduced legislation that requires swift notification of data breaches involving state agencies.

The Pennsylvania National Guard has been brought in to conduct contact tracing in the meantime.