An Atlanta-based IT staffing company has settled federal claims that it failed to protect confidential health information after Pennsylvania officials hired the company to oversee contact tracing during the Covid-19 pandemic.
The company, Insight Global LLC, has agreed to pay $2.7 million to resolve allegations that its handling of data violated the federal False Claims Act, according to the U.S. Attorney’s Office for the Middle District of Pennsylvania, which pursued the case.
“We will continue to work tirelessly here in the Middle District of Pennsylvania to make sure that those who do business with the government fulfill their commitments,” U.S. attorney Gerald Karam said in a statement. “Increasingly, cybersecurity is a critical part of most, if not all, federally funded contracts.”
A spokesperson for Insight said the company addressed the situation “long before” federal investigators opened their inquiry.
“While we believe that remediation was thorough and appropriate independent of the DOJ inquiry, we cooperated with their investigation, and we are pleased to have resolved this matter,” the spokesperson wrote in an emailed statement.
The background: The Pennsylvania Department of Health hired Insight in July 2020 under a nearly $23 million contract for contact tracing.
The federally funded effort was intended to track and contain the spread of Covid-19, which by that point had shut down large swaths of public life.
However, it came to light that Insight Global was not keeping the health and personal data it collected safe and secure, according to the U.S. Attorney’s office.
Between November 2020 and January 2021, confidential information was sometimes sent in the body of unencrypted emails; staff members shared passwords to access information; and information was stored and sent on Google files that lacked password protection and thus could have been found by the public via internet links, according to the government.
Insight responded at the time by strengthening its data protections.
Nearly $500,000 of the resolution payment is going to a whistleblower, a former Insight staff member who worked under the contact-tracing contract, the government said.