A metro Atlanta staffing agency agreed to a $2.7 million settlement for exposing the private medical information of about 72,000 people while assisting with COVID-19 contact tracing during the height of the pandemic, according to federal prosecutors.
Dunwoody-based Insight Global agreed to pay the penalty as part of a U.S. Department of Justice Office of Public Affairs investigation, according to a May 1 news release. The Pennsylvania Department of Health paid Insight Global nearly $23 million to administer the state’s contact tracing program in 2020 but fired the firm the following year after the company sustained a data breach.
Insight Global identified and contacted Pennsylvania residents who had been exposed to COVID-19 so they could quarantine, but the company stored their names, contact information and health data in unauthorized Google accounts. Prosecutors say those data files were not password protected and were publicly accessible. The company’s contract had required Insight Global to safeguard such data.
A former Insight Global contractor acted as a whistleblower, filing a federal lawsuit that alleged the company secured its Pennsylvania contract while knowing it lacked the necessary cybersecurity systems. The whistleblower will receive nearly $500,000 from the settlement.
An Insight Global spokesperson said the company took remedial action before the DOJ began its investigation, adding that “we continue to make (data security) a top priority.” Prosecutors said Insight Global was made aware of the unsecure data in January 2021 but did not begin remediating the issue until three months later.
“While we believe that remediation was thorough and appropriate independent of the DOJ inquiry, we cooperated with their investigation, and we are pleased to have resolved this matter,” Insight Global said in a written statement.
Insight Global leases most of the 346,000 square-foot Twelve24 building near Perimeter Mall, a 16-story office tower that opened in spring 2020.
About the Author