Cybersecurity expert reacts to massive contact tracing data breach in Pa.


HARRISBURG, Pa. (WHTM) — We’re continuing to follow developments after a massive data breach exposed personal information of thousands of Pennsylvanians.

It stems from a state contractor doing COVID-19 contact tracing.

Data breaches are becoming more common, and though this case didn’t expose any financial details or social security numbers, the information that was exposed can still be exploited by cybercriminals.

The Pennsylvania Department of Health paid Atlanta-based Insight Global $29 million to do contact tracing.

“This has a lot of personal health records associated with it that most of us would not want public,” said John Sancenito, president of Information Network Associates Inc.

But the company says some employees shared information using Google accounts instead of secure systems.

“Whenever you’re dealing with an outside vendor, you have to do due diligence on that vendor to make sure that they’re following proper cybersecurity protocols,” Sancenito said.

Sancenito, a cybersecurity expert, says the Commonwealth awarded an emergency contract to Insight Global likely because the bidding process would take too long in a pandemic.

“Oftentimes they will find a contractor that is under state contract with DGS, Department of General Services, and they’ll release a contract to them because they’ve already been vetted and they are on the state list,” Sancenito said.

The breach exposed the names of at least 72,000 Pennsylvanians.

In some cases, those names came with phone numbers, emails, genders, ages, sexual orientations and COVID diagnoses.

“Most data breaches are not in and of themselves the sole thing that’s going to lead to someone committing identity theft, but what they do is they combine this information with other sources,” Sancenito said.

A Pa. Health Department spokesman says the state is extremely dismayed and apologizes to all those impacted, adding state computer systems and the contact tracing app was not affected.

For more information about the breach, click here.

If you have concerns you can call toll-free at 1-855-535-1787. The hotline is available Monday through Friday from 9 a.m. to 9 p.m.

Copyright 2021 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

Trending Stories

Don't Miss