State lawmakers have amended a bill to deal with data breaches after a Target 11 investigation

PITTSBURGH — State lawmakers are trying to crack down on third party vendors hired by the state after an exclusive Target 11 investigation revealed a massive data breach.

Last month, Channel 11 discovered that Insight Global -- the company hired by the state to do Covid-19 contact tracing -- had exposed the personal data of more than 70,000 Pennsylvanians.

On Monday, state senators held a hearing about how to handle contracts similar to Insight Global and have amended a bill about data breaches -- which they were already working on -- to include third party vendors hired by the state.

Senate Bill 696 would require all state agencies, counties, municipalities and school districts in the state who are involved in a data breach to alert those impacted within seven days.

Insight Global waited nearly a month to begin notifying people about that massive data breach.

“We are calling for transparency from all state agencies and these agencies are entrusted to handle our personally identifiable health and financial data and we want to ensure that information they are in charge of is safe,” said Sen. Kristin Phillips-Hill (R-York)

State agencies would also have three days to notify the attorney general of a breach.

Lawmakers said they still don’t have answers about what happened in the Insight Global breach.

“We still don’t have clear answers from the department of health as to what exactly happened with this contractor,” said Sen. Pat Stefano (R-Connellsville). “When did the data get breached? How did it happen?”