April 30, 2021
This message was shared for the 2020-21 school year.
The message below is being sent on behalf of the Pennsylvania Department of Health.
Pennsylvania Department of Health recently became aware that certain employees of Insight Global — a vendor contracted by DOH in 2020 to provide contact tracing and other similar services — disregarded security protocols established in the contract and created unauthorized documents outside of the secure data systems created by the Commonwealth. These documents existed separately from the official data that Insight Global employees were collecting and providing to DOH within secure data platforms. No Commonwealth IT assets or systems, including the COVID Alert PA app, were involved or compromised.
The Department of Health takes the safety and security of individuals' personal information extremely seriously. We are extremely dismayed that employees from Insight Global acted in a way that may have compromised this type of information& and sincerely apologize to all impacted individuals. Immediately after becoming aware, the Department took swift action demanding Insight Global properly secure the documents. Insight Global engaged third-party IT specialists and immediately began a forensic investigation to identify all individuals who might be impacted.
While the forensic investigation is ongoing, the documents did not contain financial account information, addresses, or social security numbers. We do know that some of the documents contained a minimum of 72,000 individuals' names and some of the names are associated with additional information such as phone numbers and email addresses along with personal information such as gender, age, sexual orientation, and COVID diagnosis and exposure status.
As a result of this incident, the Department of Health has informed Insight Global that it will not renew the contract when it expires July 31, 2021. The department is evaluating how to appropriately onboard resources to meet the public health needs of Pennsylvanians.
The Department is requiring Insight Global to notify all impacted individuals. Additionally, a toll-free hotline — 1-855-535-1787 — opened at 1 p.m. today, Friday, April 30, for anyone concerned that their information might have been subject to this security incident. The hotline will be staffed Monday through Friday, from 9:00 a.m. to 9:00 p.m. While no financial information was included, credit monitoring and identity protection services will be offered at no cost to anyone impacted by this incident.