PA Senate to have emergency hearing following data breach at state health department, exposed by Target 11

Update: On Thursday, a class action lawsuit was filed against the Pennsylvania Department of Health and Insight Global, following a massive data breach first reported by Target 11′s Rick Earle.

“There is nothing more personal to a person than their personal health information. It goes beyond money,” said Phil DiLucente, attorney.

Target 11 first broke the story, when Rick Earle alerted the State Health Department, Channel 11′s investigative team discovered links to unsecured data, tied to contact tracing.

Insight Global was hired by the state, following a $29 million contract, to conduct contact tracing for the Commonwealth.

Attorneys representing the plaintiffs accused Insight Global of failing to protect personal health information.

“How does being paid $29 million lead to using a Google document and private personal Gmail accounts, than some sort of internal secured server or secured internal email,” said Lauren Nichols, attorney.

Target 11 also reported employees of Insight Global informed supervisors about potential security issues in November 2020, and the state health department was alerted in early February.

“The people that were violated, it could be up to 72,000, should have been notified there were issues with their personal data being put on the dark web; and as they say – once it’s on the web, it’s there forever,” said Jack Goodrich, attorney.

Insight Global tells Channel 11 their lawyers have not obtained a copy of the lawsuit and they have taken steps to secure the information of the Pennsylvanians impacted by the security breach.

So far, they are not aware of any misuse of information.

“All we know at this juncture is, there is potentially 72,000 people that had been contacted for contact tracing based upon reports from Channel 11.

This needless to say, is concerning,” said DiLucente. Insight Global tells Target 11′s Rick Earle, they will offer free credit monitoring and identify protection services.

The Pennsylvania Department of Health has not commented on the pending litigation.

Thursday: The first federal lawsuit has been filed in the massive contract data tracing breach uncovered by Target 11 last week.

Target 11′s Rick Earle has learned Insight Global, the company involved in the breach, and Pennsylvania are named in the lawsuit.

>>RELATED STORY: Unsecured Pennsylvania COVID-19 contact tracing data exposed by whistleblower to Target 11

The lawsuit alleges the data breach was a, “direct results of Defendants’ failure to implement adequate and reasonable cybersecurity procedures and protocols.”

The plaintiffs accuse Insight Global of maintaining “unsecure spreadsheets, databases and or documents containing the PHI (public health information).”

The court documents claim those impacted now face an increased risk of identify theft.

Target 11 reported the data breach after being able to easily access the personal and health information of more than 70,000 people who had been contacted by contact tracers.

Channel 11′s Rick Earle reached out to Insight Global after learning about the lawsuit. The company issued the following statement:

“Insight Global has not been served with the lawsuit and will need time to analyze any allegations, but can say that we are working closely with the Pennsylvania Department of Health to identify any individuals whose information may have been affected and have taken steps to secure and prevent any further access to, or disclosure of, information. Although neither Insight Global nor the Commonwealth of Pennsylvania are aware at this time of the misuse of the information involved, we understand the concern that this potential access to such information may raise and we will be offering credit monitoring and identity protection services at no cost to those affected by this incident. We have established a call center (toll-free 1-855-535-1787) to help address questions about this incident.”

A handful of state representatives gathered in Harrisburg on Monday and demanded answers. They called for the immediate termination of the contract, an independent state or federal investigation, and a state House Oversight Committee investigation.

Multiple investigations are now underway by the Pennsylvania Health Department and the company hired to collect the information and data.