Pennsylvania should immediately terminate the no-bid state contract of a company that performed COVID-19 contact tracing and exposed the private medical information of tens of thousands of residents, Republican state lawmakers said Monday.
GOP leaders also called for state and federal probes into the Atlanta-based contractor's mishandling of the data, and what they said was the slow response by the Wolf administration.
Employees of Insight Global used unauthorized Google accounts — readily viewable online — to store names, phone numbers, email addresses, COVID-19 exposure status, sexual orientations and other information about residents who had been reached for contact tracing. The company's contract with the state required it safeguard people's data.
The Department of Health said last week at least 72,000 people were impacted. The state plans to drop Insight Global once its contract expires at the end of the July.
But GOP lawmakers said at a news conference at the Capitol on Monday that the administration of Gov. Tom Wolf needs to find a new vendor immediately.
“The public trust in Insight Global is gone,” said state Rep. Jason Ortitay, R-Allegheny. “And as as long as the company continues to do contact tracing for our state, who is going to give them any information?”
Ortitay said he was alerted by a reporter for WPXI-TV about the mishandled data on April 1 and, in turn, immediately contacted the Wolf administration. On April 13, he said, administration officials told him the claims had been looked into months ago and were false.
“I just took their word for it,” he said.
An email seeking comment was sent to the Health Department.
The state has paid Insight Global nearly $29 million since last summer to administer the state's contact tracing program. Contact tracers identify people who have been exposed to the coronavirus so they can quarantine.
Insight Global has acknowledged it mishandled sensitive data and apologized. In a statement last week, the company said it became aware on April 21 that employees had set up the unauthorized Google accounts for sharing information. Insight Global said it took steps to secure the information and that it was unaware of “the misuse of the information involved."