Security News > 2021 > April > Contract Tracing Breach Impacts Private Info of 72K People
Workers at Atlanta-based Insight Global "Disregarded security protocols established in the contract and created unauthorized documents" outside the state's secure data system, Health Department spokesman Barry Ciccocioppo said.
About 900 Insight Global employees have been involved in contact tracing in the state, according to the Health Department.
In a statement Thursday, Insight Global said it became aware on April 21 that employees had set up several unauthorized Google accounts for sharing information, including the names of people who might have been exposed to COVID-19, whether they had any symptoms, how many people lived with them and, in some cases, their email addresses and phone numbers.
The Department of Health's emergency contract with Insight Global required the staffing agency to safeguard people's data and, in the event of "Any improper disclosure of information," to provide credit monitoring and other remedies.
Contract documents said Insight Global "Recognizes and accepts that the contact tracing workforce will have access to personal health information of contact tracing subjects and must ensure that and all other such information related to the services being provided must be kept confidential and secure."
The Health Department plans to drop Insight Global once its contract expires in three months.