Investigation into data breech sought
Pennsylvania lawmakers are calling for an investigation into a data breach that compromised personal information of over 70,000 residents participating in the state’s contact tracing efforts.
A news report from Target 11 published last week said a whistleblower from the Atlanta-based Insight Global alerted the outlet to the security breach after concerns about the company’s data collection processes were ignored.
The state Department of Health awarded Insight Global a no-bid $23 million contract for its contact tracing services last year. Rep. Jason Ortitay, R-Bridgeville. said the agreement, set to expire in July, won’t be renewed.
Ortitay said he first learned of the issue when a reporter asked for comment April 1. He took the information to Gov. Tom Wolf’s administration. Wolf’s staff said they got the same alert “months ago” and decided it was untrue.
About three weeks later, the Department of Health confirmed to a reporter that the breach occurred, but provided no further information. Ortitay questioned why the department had denied the existence of the breach to him last month. He wondered how many more residents’ information was compromised as a result of the administration’s inaction.
“Also, why isn’t the department immediately terminating the contract of this company? Who is going to trust them moving forward?,” he said. “We need a full investigation.”
House Majority Leader Kerry Benninghoff, R-Bellefonte, and Majority Whip Donna Oberlander, R-Clarion, joined Ortitay at Monday’s news conference to blast the Wolf administration for dodging initial questions about the incident.
‘Disappointed but not surprised’
“I’m very disappointed that the people of this commonwealth have been let down again; and their personal information exposed to the world,” Oberlander said. “But, I’m not surprised.”
She pointed to security breaches with the state’s unemployment compensation system. The Department of Labor & Industrysaidlast month 84% of the nearly 1 million claimants that applied for pandemic-related jobless benefits between October and March were deemed fraudulent. In total, the state has recouped $800 million in stolen benefits since May 2020.
“We have seen a disturbing pattern of a lack of transparency and openness from an administration that claims to be the most transparent ever,” Oberlander said.
Benninghoff said its just another failure of the governor’s broad emergency powers awarded to him under the 90-day disaster declaration. Wolf has since extended that declaration four times. Voters will decide in the May 18 primary election whether the legislature should have the authority to limit those declarations to 21 days.
“This contract was issued under sole-sourcing no-bid contract authority of the governor’s emergency disaster declaration,” he said. “That means that the Wolf administration did not need to seek other bids; did not have (to) seek better security maintenance, and did not have additional scrutiny over the issuance of this contract.”
The Center Square reached out to the Department of Health for comment but did not receive an immediate response.
Christen Smith follows Pennsylvania’s General Assembly for The Center Square. She is an award-winning reporter with more than a decade of experience covering state and national policy issues for niche publications and local newsrooms alike.