Spotlight PA Is an independent, nonpartisan news room run by The Philadelphia Inquirer in partnership with PennLive / The Patriot-News, TribLIVE / Pittsburgh Tribune-Review, and WITF Public Media. Sign up for a free newsletter..
Harrisburg, PA — Personal information collected during a coronavirus contact tracing call in Pennsylvania remains online in a document accessible to anyone with a link.
The information contained in a valid Google Sheets includes notes related to the name, date of birth, phone number, country of residence, test status and other personal information of people who may have been infected with the coronavirus. ..
Entry dates from October 22, 2020 to November 10, 2020, and according to the birthdays listed, approximately 66 people have been identified, many of whom are minors. The link to the sheet was provided to Spotlight PA as part of a cache of links containing call scripts used by contact tracers, training materials, and other resources.
Insight Global — a federal-funded emergency contract of $ 23 million for the State Department to conduct a follow-up in July — did not respond to a request for comment.
Barry Chicochoppo, a spokesman for the Ministry of Health, said the Ministry of Health was unaware that the additional links were active and was investigating.
A spreadsheet valid at 5:30 pm on Wednesday is associated with the Google Drive account of a former Insight Global employee. An employee contacted on Wednesday said he was unaware that the information was stored in his personal account.
This situation raises the question of how much other documents containing personal information may exist in the Google accounts of current and former employees.
James Lee, Chief Operating Officer of the Identity Theft Resource Center, a non-profit organization that tracks security breaches and helps businesses and consumers with cybersecurity issues, also links unless they decide: He said that blocking the problem would not solve the problem. Certainty that the information has not been copied, downloaded, or stored.
Contact tracking data does not include financial information, but details such as birthday, family name, place of residence, etc. are used for phishing scams, password recovery, unemployment and other programs He said he could pass a certification test to get rid of it.
“This seemingly harmless information can be misused,” Lee said. “And now it’s a more general use of information than we’ve ever thought of in terms of data breaches and theft of personal information.”
In late April, the state and Insight Global admitted that the personal information of as many as 72,000 people was not securely stored in Google Docs, accessible to anyone who knew the link.The statement has responded Report by Pittsburgh NBC affiliate WPXIGot links to several spreadsheets containing details of the person who was contacted.
In a statement issued April 29, the company apologized for the security deficiencies and said it was “committed to regaining the trust of potentially affected Pennsylvania residents.” Recognizing that the data was compromised on April 21, the company “completed by April 23, 2021 and immediately took steps to protect and prevent further access and disclosure of information.” Said.
The company also said it would “determine the nature and scope of the incident” in collaboration with anonymous information technology security experts. In addition, Insight Global said it would contact the person whose information was compromised and provide monitoring of credit and personal information theft.
A spokeswoman for the Ministry of Health told WPXI, “The top priority was to isolate and protect the information there.” The link that WPXI provided to state authorities in April was closed shortly after inquiring about this issue. The Department of Health announced in late May that it would terminate its contract with Insight Global by the end of this month.
In an interview with Spotlight PA, several current and former Insight Global contact tracers described the chaotic and chaotic work environment exacerbated by lack of communication between state health authorities, companies, and their employees. did. The guidelines for conducting contact tracking calls changed frequently, and trackers were often not properly trained, they said.
The protocol for assigning and recording completed calls is inconsistent, and the platform used to manage this information (at various times, a combination of Google Drive, Microsoft Forms, Salesforce, and Sharepoint) is defective. Yes, it was tedious and not suitable for organizing data. And it’s safe, the contact tracker said.
“I don’t think the Insight Global people were surprised at all that these things became public,” a former contact tracer told Spotlight PA, “well aware of the security issues.” I’m doing it. “
Employees were not authorized to speak on behalf of the company and were afraid of retaliation and asked not to be identified in this report.
Atlanta-based Insight Global and the State Department of Health are named in a federal proceeding on May 5 by a woman in Allegheny County, one of the victims of a personal information leak. The proceedings seeking status allege that the company was aware of security vulnerabilities as early as November and the state was aware of them as early as February.
The November 30 email from the contact tracer to Insight Global’s Operations Manager attached to the proceedings filed with a variety of security concerns, including privacy breaches and concerns about personal health and improper handling of employee information. It outlines the problem.
“We overuse the system that is not provided and have many problems. Many features are not available / restricted or employee’s personal email address (Google Docs, Sheets, It’s not a secure way to handle sensitive information using email, Slack, Zoom), “the contact tracker wrote.
Another email attached to the complaint was sent to the Health Department’s Legal Counseling Office on February 25, explaining a former Insight Global employee explaining his health information security concerns.
“IG didn’t try to fix my concerns (I found multiple issues and some exposures), so I wasn’t sure what to do with the knowledge I had about the lack of security,” Insight said. Employee emails mentioning Global said.
Phil Dilsente, a lawyer representing those affected by the proceedings’ security breach, said he could not comment directly on active links as of Wednesday, but insecure files are maintained by Insight Global. He added that he suggested again that it was being done.
Insight Global has been hired by the state health department to deploy over 1,000 contact tracers. Contact followers would have called the person who came into contact with the person infected with the coronavirus, informed them of the contact, and discussed quarantine and testing options. This was intended as a strategy to track and prevent the spread of the virus.
According to an emergency procurement request filed by the Ministry of Health in July, the Ministry of Health evaluated whether it could start a contact tracking program quickly “in cooperation with partners of multiple dispatch companies.”
“After at least two discussions with each agency,” the ministry asked several companies for price suggestions. The request said it included details of the equipment it could offer, such as hourly wages, benefits, laptops, headsets, and mobile phones for each position. ..
Insight Global responded to the request “in the most appropriate way” and was qualified because he had done a similar job in New York, the request said.
During the pandemic, contact tracing efforts in many parts of the state are terrible by those who do not want to answer the tracker’s phone or provide personal information, claiming to be a privacy breach. I was hindered.
While you are here … If you learn something from this story, pay it in advance and become a member of Spotlight PA So someone else can do it in the future spotlightpa.org/donate.. Spotlight PA is funded by Basics And readers like you Those who work on accountability journalism to get results.
Pa. Personal data from your contact tracking remains online, even though it is guaranteed to be protected. Spotlight Pa
Source link Pa. Personal data from your contact tracking remains online, even though it is guaranteed to be protected. Spotlight Pa