May 2, 2024 – Insight Global LLC, headquartered in Atlanta, Georgia, provides adequate cybersecurity to protect health information obtained during COVID-19 contact tracing. agreed to pay $2.7 million to resolve allegations that it violated the False Claims Act by failing to do so.
During the COVID-19 pandemic, the United States hired Insight Global to provide personnel for COVID-19 contact tracing, and the Pennsylvania Department of Health hired Insight Global to provide personnel for COVID-19 contact tracing. It claimed that it used the funds to make payments to Insight Global. Insight Global understood that the personal health information of its contact tracers had to be kept confidential and secure, but it failed to do so. For example, if certain personal health information or personally identifying information of a contact tracer is sent in the unencrypted email body, and staff access such information using a shared password, It was stored and transmitted using Google Files, which is not password protected. It could be accessed by the public via an internet link.
The United States further stated that between November 2020 and January 2021, Insight Global's managers received complaints from Insight Global staff that such information was not secure and could be publicly accessible, but Insight Global claimed it could not begin fixing the issue until April 2021. , Insight Global is committed to addressing this issue by protecting such information, investigating the cause and scope of the incident, strengthening internal controls and procedures, adding data security resources, and issuing public notices regarding potential breaches and the scope of the free offer. has been addressed. Credit monitoring and privacy services for affected persons. Insight Global also cooperated with the US investigation.
“The resolution announced today reflects our continued commitment to ensuring that government contractors meet their cybersecurity obligations,” said Brian M. Boynton, Chief Deputy Attorney General, Department of Justice's Civil Division. said the assistant secretary. “Failure to do so can put sensitive personal and government information at risk. The Department of Justice will hold contractors who knowingly fail to meet cybersecurity requirements accountable.”
“Here in the Middle District of Pennsylvania, we will continue to work tirelessly to ensure that those who do business with the government deliver on their promises,” said U.S. Attorney Gerald M. Cullum. “Cybersecurity is an increasingly important part of most, if not all, federally funded contracts. We appreciate the support of HHS-OIG and their cooperation in investigating this incident. I am grateful.”
“Government contractors who do not follow procedures to protect personal health information will be held accountable,” said Maureen R. Dixon, Special Agent in Charge of the Department of Health and Human Services Office of Inspector General (HHS-OIG). ). “HHS-OIG and our law enforcement partners remain dedicated to protecting the American public and securing personal health data.”
On October 6, 2021, the Deputy Attorney General announced that organizations and organizations that jeopardize confidential information by knowingly providing defective cybersecurity products or services or knowingly misrepresenting cybersecurity practices or protocols. Announced the Department's Private Cyber Fraud Initiative, which aims to hold individuals accountable. or knowingly violate your obligations to monitor and report cybersecurity incidents. Learn how to report cyber fraud.
The U.S. investigation was sparked by a lawsuit filed under the whistleblower provisions of the False Claims Act. The law allows private parties to sue on behalf of the government if they believe the defendant has submitted a false claim for government funds and will receive a portion of it. recovery. The proposed settlement of the case would provide that whistleblower Terralyn Williams-Sailkopf, a former Insight Global staffer who worked on the contact tracing in question, would receive a $499,500 share of the settlement. It is beingThe case has a caption US ex rel. Seilkop v. Insight Global LLCNo. 1:21-cv-1335 (MD PA.).
This matter is being handled by Senior Trial Attorney Albert P. Mayer of the Fraud Section, Commercial Litigation Division, Civil Division, Department of Justice, and Assistant United States Attorney Tamara J. Haken of the United States Attorney's Office for the Middle District of Pennsylvania. Support from the Department of Health and Human Services Office of Inspector General.
The claims resolved by the settlement are mere allegations and no determination of liability has been made.
