Tens of thousands of Pennsylvanians health data exposed following data breach

News
By published

Coronavirus tracing company is at the heart of the exposure

Locks on a screen with one open and in red

A data breach at a coronavirus contact tracing company has exposed the personal health information of tens of thousands of Pennsylvanians.

According to a report from the Pittsburgh Post-Gazette, officials at Pennsylvania’s Department of Health alleged that employees at Atlanta-based Insight Global “disregarded security protocols established in the contract and created unauthorized documents” outside the state’s secure data system.

Apple and Google block NHS COVID-19 app update How businesses were left to scramble over data collection for coronavirus contact tracing The government’s contact tracing app was always going to be DOA

In an email, the agency’s spokesman Barry Ciccocioppo said "we are extremely dismayed that employees from Insight Global acted in a way that may have compromised this type of information and sincerely apologize to all impacted individuals."

He added that the state’s computer systems, including Pennsylvania's contact tracing app, were not implicated. The exposed information included names, phone numbers, emails, genders, ages, sexual orientations, and COVID-19 diagnoses and exposure status.

WPXI-TV in Pittsburgh first reported the data breach. Former employees of Insight Global told the TV station they told supervisors that information had been improperly secured, but the company took no action. A spokesperson for Insight told WPXI that contract tracing information "may have been made accessible to persons beyond authorized employees and public health officials."

Pennsylvania will not be renewing the company’s contract, which expires in three months. Free credit monitoring and identity protection services will be available to affected people.

Trevor J. Morgan, product manager at Comforte AG, told ITPro the situation is a cautionary tale. Whether through contractual obligation or regulatory mandate, enterprises working with sensitive data need to meet the acceptable threshold of data security.

“However, vendors can’t trust that sensitive data such as PHI will always remain protected if it travels outside protected perimeters because data is vulnerable even when resting within the security perimeters,” he said.

Morgan added that when data is on the move, it is especially prone to mishandling and compromise, which means that a more data-centric approach to security should be part of those minimum data security standards.

“Data-centric security such as tokenization and format-preserving encryption replaces sensitive data with benign representational information, so even if it falls into the wrong hands the data cannot be compromised by the wrong parties. For more and more regulatory agencies and individual enterprises, data-centric security measures are now part of minimum data security standards because of the ability to protect data even while in motion,” he added.

Rene Millman
Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.

More about data breaches
Man browsing through items for sale at a flea market stand.

‘It’s your worst nightmare’: A batch of €5 hard drives found at a flea market held 15GB of Dutch medical records – and experts warn it could’ve caused a disastrous data breach
Data breach concept image showing a red-colored warning symbol imposed over glowing binary code.

3.3 million people were exposed in the DISA data breach – it took the firm 10 months to disclose the incident
Female job candidate with short hair participating in a video call interview while using AI tools on small tablet device out of view of the recruiter.

‘If you want to look like a flesh-bound chatbot, then by all means use an AI teleprompter’: Amazon banned candidates from using AI tools during interviews – here’s why you should never use them to secure a job
See more latest
Most Popular
Female job candidate with short hair participating in a video call interview while using AI tools on small tablet device out of view of the recruiter.
‘If you want to look like a flesh-bound chatbot, then by all means use an AI teleprompter’: Amazon banned candidates from using AI tools during interviews – here’s why you should never use them to secure a job
Jeremy Fleming, former head of GCHQ, onstage with Haider Pasha, chief security officer, EMEA & LATAM at Palo Alto Networks at Ignite London 2025.
Businesses must get better at sharing cyber information, urges former GCHQ chief
A Dell Inspiron 14 AI PC pictured inside a Best Buy store on Black Friday in Pinole.
AI PCs are becoming a no-brainer for IT decision makers
Wifi symbol, internet connection, business, global communication, mobile network, 5g, mobile phone
94% of Wi-Fi networks are vulnerable to deauthentication attacks
UK Prime Minister Keir Starmer speaking during a Q&A session after delivering a speech on plans to reform the civil service, during a visit to Reckitt Benckiser Health Care UK.
Starmer bets big on AI to unlock public sector savings
Ransomware concept image showing digitized padlock pictured on a laptop screen on red background
February was the worst month on record for ransomware attacks – and one threat group had a field day
Programming code and big data wave on a black background.
Open source security in the spotlight as UK gov publishes fresh guidance
Cartoon-style recruitment concept image showing male job candidate sitting across desk from female hiring manage during an interview.
Tech talent shortages mean firms are scrapping traditional recruitment strategies
Agentic AI concept image showing human brain split in two halves, with one side digitized on a grid pattern and the other illuminated in yellow with brainwaves emitting.
National Grid investment wing backs AI startups to boost energy efficiency
Layoffs concept image showing line of cartoon-style laid-off workers leaving an office space with belongings in cardboard boxes.
Laid-off workers are ditching full-time work: 70% of staff caught up in brutal layoffs opted for part-time roles and freelance gigs – and flexibility was the big appeal for many