Insight Global — Public Health Data Security
Contact Tracing Contractor Pays $2.7 Million for Data Security Failures
Source: U.S. Department of Justice
TL;DR: Contact Tracing Contractor Pays $2.7 Million for Data Security Failures This case resulted in a $2.7 Million resolution and demonstrates the impact of whistleblower protections in recovering funds from fraud.
Summary
Insight Global agreed to pay $2.7 million to resolve DOJ allegations that it failed to implement adequate cybersecurity protections for personal health information collected during COVID-19 contact tracing performed for the Pennsylvania Department of Health and funded by CDC dollars. DOJ alleged issues including transmission of sensitive information via unencrypted emails, shared passwords, and storage/transmission through Google files lacking password protection and potentially accessible via public internet links.
Our Take
Public health data projects are often staffed fast and built under pressure—exactly when basic security hygiene is most likely to slip. These cases typically come from people who saw the shortcuts: shared credentials, unsecured file-sharing, lack of encryption, and absence of access controls. If you have internal documentation showing leadership knew about the risks (or treated them as acceptable), that knowledge—paired with invoices or certifications—often becomes the core narrative.
Read the full article from the original source:
View Original ArticleOpens in a new tab. Content from U.S. Department of Justice.
Notice
The summaries above are based on publicly available information released by the U.S. Department of Justice and are provided for informational purposes only. They do not constitute legal advice, investigative findings, or allegations by Disclosure Strategy. Our commentary reflects general, experience-based observations about how False Claims Act matters commonly arise and is not a statement about any party's liability.