(AP) — Pennsylvania is booting a company that performed COVID-19 contact tracing and exposed the private medical information of tens of thousands of residents, according to legislative Republicans who released a statement from the state Health Department on Thursday.
Employees of Insight Global used unauthorized Google accounts — readily viewable online — to store names, phone numbers, email addresses, COVID-19 exposure status, sexual orientations, and other information about residents who had been reached for contact tracing. The company’s contract with the state required it to safeguard people’s data.
The Department of Health said last month that at least 72,000 people were impacted. The state had planned to drop Insight Global once its contract expires at the end of July, but the Health Department told House Republicans on Thursday that it will terminate the contract early, on June 19.
The department said it was taking action “after more fully evaluating the circumstances,” according to the message released by the GOP.
Insight Global is required to notify impacted people, and the Health Department told the GOP those notifications would begin next week. The department said the state’s contact tracing operation would continue but did not immediately provide details.
State Rep. Jason Ortitay (R – Allegheny) who has accused the Wolf administration of being slow to act on the security lapse, said in a statement Thursday that he is pleased the state is severing ties with the Atlanta-based company, but said he is still seeking answers about the incident.
“This deserves a full investigation so we can learn what happened and how to prevent it from happening again moving forward,” he said.
The state has paid Insight Global tens of millions of dollars since last summer to administer the state’s contact tracing program. Contact tracers identify people who have been exposed to the coronavirus so they can quarantine.