HARRISBURG, PA — Atlanta-based company, Insight Global LLC, has agreed to settle for $2.7 million amidst allegations of violating the False Claims Act. It is claimed that they failed to properly secure health information collected during COVID-19 contact tracing.
Reports suggest that throughout the pandemic, the Pennsylvania Department of Health had contracted Insight Global for COVID-19 contact tracing staff. The cost was then covered by the U.S. Centers for Disease Control and Prevention. Despite understanding the importance of confidentiality, the company is said to have fallen short on security measures.
Allegations include personal health data being sent through unencrypted emails, shared access via communal passwords, and the storing and transfer of data through unprotected Google files, potentially accessible to the public through internet links.
From November 2020 to January 2021, reports argue that Insight Global management received multiple staff complaints regarding this lack of security, although no action was supposedly taken until April 2021. It was only then that the company began to secure data, investigating the extent of the incident, improving internal procedures, boosting data security resources, and publicizing the potential exposure along with offering free credit monitoring and identity protection services to those affected.
Principal Deputy Assistant Attorney General Brian M. Boynton highlighted this settlement as a reflection of the government’s commitment to enforcing cybersecurity obligations among government contractors. United States Attorney Gerard M. Karam echoed this sentiment, stressing that cybersecurity is increasingly becoming a crucial aspect of federally funded contracts.
Maureen R. Dixon, the Special Agent in Charge with the Department of Health and Human Services, Office of Inspector General (HHS-OIG), declared that government contractors failing to follow procedures to protect personal health information would indeed be held accountable.
Ultimately, this settlement is indicative of a wider effort to hold entities accountable for failing to provide adequate cybersecurity measures. It has also prompted a wider investigation and the introduction of a Civil Cyber-Fraud Initiative, aiming at preventing future incidents like this.
The whistleblower, Terralyn Williams Seilkop, a former staff member of Insight Global who worked on the contact tracing at hand, is to receive a $499,500 share of the settlement sum. Meanwhile, the case, listed as United States ex rel. Seilkop v. Insight Global LLC, continues.
For the latest news on everything happening in Chester County and the surrounding area, be sure to follow MyChesCo on Google News and Microsoft Start.