HARRISBURG, Pa. (WHTM) — We’re continuing to follow developments after a massive data breach exposed personal information of thousands of Pennsylvanians.
It stems from a state contractor doing COVID-19 contact tracing.
Data breaches are becoming more common, and though this case didn’t expose any financial details or social security numbers, the information that was exposed can still be exploited by cybercriminals.
70,000 Pennsylvanian’s may have had COVID-19 contact tracing data leaked
The Pennsylvania Department of Health paid Atlanta-based Insight Global $29 million to do contact tracing.
“This has a lot of personal health records associated with it that most of us would not want public,” said John Sancenito, president of Information Network Associates Inc.
But the company says some employees shared information using Google accounts instead of secure systems.
UPMC Pulmonary rehab program helping long-haul COVID patients
“Whenever you’re dealing with an outside vendor, you have to do due diligence on that vendor to make sure that they’re following proper cybersecurity protocols,” Sancenito said.
Sancenito, a cybersecurity expert, says the Commonwealth awarded an emergency contract to Insight Global likely because the bidding process would take too long in a pandemic.
“Oftentimes they will find a contractor that is under state contract with DGS, Department of General Services, and they’ll release a contract to them because they’ve already been vetted and they are on the state list,” Sancenito said.
Rite-Aid expands COVID-19 vaccinations to all Pa. stores
The breach exposed the names of at least 72,000 Pennsylvanians.
In some cases, those names came with phone numbers, emails, genders, ages, sexual orientations and COVID diagnoses.
“Most data breaches are not in and of themselves the sole thing that’s going to lead to someone committing identity theft, but what they do is they combine this information with other sources,” Sancenito said.
Can Pennsylvanians get fired for not getting the COVID-19 vaccine?
A Pa. Health Department spokesman says the state is extremely dismayed and apologizes to all those impacted, adding state computer systems and the contact tracing app was not affected.
For more information about the breach, click here.
If you have concerns you can call toll-free at 1-855-535-1787. The hotline is available Monday through Friday from 9 a.m. to 9 p.m.