The lawsuit was filed on May 5 on behalf of Pennsylvania resident Lisa Chapman, one of the 72,000 residents who were affected by a data breach that left PHI exposed from at least September 2020 to April 2021.
Six details:
- According to court documents, Ms. Chapman is suing the Pennsylvania Department of Health and Insight Global, the state’s contact tracing vendor, for allegedly failing to secure residents’ PHI.
- The lawsuit said that there was no competitive bidding process for the approximately $23 million contract Insight Global received from the DOH.
- The lawsuit alleges Insight Global received the PHI of Pennsylvania residents who either tested positive for COVID-19 or had come into contact with those who had — as well as intimate information about the members of their household.
- The lawsuit alleges that Insight Global maintained information on tens of thousands of Pennsylvania residents, including names, phone numbers, email addresses and COVID-19 diagnoses. None of the information was password protected, and it was available to the public through a Google search.
- The DOH was notified about the breach as early as February, but neither DOH nor
Insight Global worked to secure the PHI until April, the lawsuit alleges. - As a result of the DOH and Insight Global’s alleged relaxed privacy measures, the PHI is in the hands of cybercriminals, thieves and other potentially hostile environments, the lawsuit claims.
