Insight Global LLC, based in Atlanta, has agreed to pay $2.7 million to resolve allegations of violating the False Claims Act. The company is accused of failing to implement adequate cybersecurity measures to protect health information gathered during COVID-19 contact tracing. This settlement addresses concerns that personal health data was inadequately secured, leading to potential public exposure through unencrypted emails and shared passwords.
The allegations involve the Pennsylvania Department of Health hiring Insight Global to staff COVID-19 contact tracing efforts, funded by the U.S. Centers for Disease Control and Prevention. Despite understanding the need for confidentiality and security, Insight Global did not adequately protect the personal health information of those being traced. The data was often stored and transmitted using unsecured methods, making it accessible to unauthorized parties.
From November 2020 to January 2021, Insight Global received complaints from staff about the security issues but did not take corrective action until April 2021. Once the issue was addressed, the company implemented security improvements, investigated the breach, and offered free credit monitoring and identity protection services to affected individuals. They cooperated fully with the U.S. government’s investigation into the matter.
The case was initiated by a whistleblower lawsuit under the False Claims Act, leading to the settlement and a substantial share going to the whistleblower, Terralyn Williams Seilkop. The settlement underscores the Justice Department’s commitment to enforcing cybersecurity requirements for government contractors and holding them accountable for any lapses in protecting sensitive information.
Reference:
