PENNSYVLANIA — Republicans in the Pennsylvania legislature are calling for an investigation into the massive data breach which may have exposed the personal healthcare information of at least 72,000 state residents, alleging that the state was made aware of issues months ago but dismissed the concerns as false.

State Rep. Jason Ortitay said that he became aware of an issue on April 1, and contacted Gov. Wolf's office at the time. He said he was told that the issue was raised months previous, and there was no validity to it. Patch reached out to the governor's office for a response on these claims on Tuesday.

"Why didn't the department or the governor's office take action when they were notified months earlier and again by me in early April?" Ortitay said. "How many more people had their information compromised because the governor's administration failed to act immediately?"

The state contracted with an Atlanta-based firm, Insight Global, to assist in contact tracing during the height of the pandemic in 2020. The Department of Health told Patch that this company disregarded established security protocols by creating unauthorized copies of documents containing sensitive personal healthcare information. These copies were outside of the secure servers set up by the state.

The documents exposed contained personal and healthcare information like phone numbers, email addresses, ages, genders, sexual orientations, and COVID diagnoses. Credit card, social security, and home address information was not compromised, the state said.

Insight Global said they've hired IT security experts to look at how the breach occurred. They say there's no evidence thus far that exposed information has been maliciously used. The security issue appears to be in the way in which certain employees communicated sensitive personal information between each other.

"Although Insight Global has robust security on its in-house platforms, as part of an unauthorized collaboration channel, certain employees set up and used several Google accounts for sharing information," the company said in an emailed statement.

It's not yet clear if the issues allegedly raised months ago were due to this same security flaw.

But Republicans say that the state should be held accountable for how they've responded. Ortitay noted concern that the contract with Insight Global, which was awarded the contract without a bidding process, was not immediately terminated. The state said they plan not to renew the contract when it expires in July 2021.

Lawmakers are calling for the state attorney general's office, the House Government Oversight Committee, and federal law enforcement agencies to look into the incident

House Majority Whip Donna Oberlander said that the state's handling of the situation is the latest example of why there needs to be greater oversight of the governor's office from the General Assembly, pointing to oft-cited Republican frustrations with Wolf over vaccine rollout, the economic shutdown, and other aspects of the pandemic response.

"Sadly, we have seen a disturbing pattern of lack of openness and transparency from the administration that has claimed it is the most transparent ever," she said.

The issue of the governor's emergency powers has taken center stage in recent months, and will be addressed via ballot questions in the upcoming Pennsylvania primary election on May 18.

Anyone concerned they may have had their data compromised can call a hotline, 1-855-535-1787, from 9 a.m. to 9 p.m. on weekdays. Additionally, Insight Global is offering free credit monitoring and identity protection services through TransUnion, for free, for anyone impacted.

The rules of replying:

  • Be respectful. This is a space for friendly local discussions. No racist, discriminatory, vulgar or threatening language will be tolerated.
  • Be transparent. Use your real name, and back up your claims.
  • Keep it local and relevant. Make sure your replies stay on topic.
  • Review the Patch Community Guidelines.