May 11, 2021 | Steve Alder | HIPPA Journal |
“The Pennsylvania Department of Health and its COVID-19 contact tracing vendor are being sued over a breach of the personal and health data of 72,000 Pennsylvanians.
The breach in question was announced by Insight Global and the Department of Health on April 29, 2021. Insight Global, an IT service management and staffing firm, had been awarded the contract for the state’s contact tracing program and had been given access to personal and health data to provide those services.
The information was used to contact individuals potentially exposed to COVID-19 to identify and address the need for specific support services and to help slow the spread of COVID-19. Insight Global had implemented secure communication channels for its contact tracers and had security protocols in place, but it was discovered that some employees had “disregarded security protocols established in the contract and created unauthorized documents.” Those documents, including spreadsheets, had been shared between contact tracers using personal email accounts and consumer versions of cloud services such as Google Sheets, which lacked appropriate security controls. That meant sensitive information was transferred to servers outside the state’s secure data system.”
Wireless infrastructure enables unwarranted surveillance and hacking.
“The personal information of more than 72,000 Pennsylvanians was exposed in a data breach last month, and questions and calls for an investigation are mounting.” LINK
Warrantless surveillance violates Pennsylvania & US Constitution.
Pennsylvania Constitution
§ 8. Security from searches and seizures.
Fourth Amendment US Constitution
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” LINK