Whistleblower led Target 11 to unsecured contact tracing data from the state

PITTSBURGH — A major Target 11 investigation impacts about 70,000 people across the state.

Investigator Rick Earle discovered that health and other personal information of tens of thousands of Pennsylvanians that was collected during contact tracing has been compromised.

Multiple investigations are now underway by the Pennsylvania Health Department and the company hired to collect the information and data. Those investigations began after Earle was able to view personal information and informed the state health department what he had discovered.

“The tracer was able to reach you? There’s your number. Is that your cell? Earle asked.

“Yes,’ replied Lisa Chapman of New Kensington after we showed her the entry on the spread sheet next to her name.

We tracked down another woman who was on the list.

“Is that you? They spoke to you? Earle asked.

“Yep,” said Zari Price of Washington, Pennsylvania.

“Contact currently reporting quarantine for 28 days as it’s a household exposure,” Earle read.

“We were under the impression that this was the health department, and no one’s going to see this but the health department. I’m shocked,” said Chapman.

“I’m very angry that I have like this information is just out there. I’m also very disturbed because who else has access to this information?” said Price.

Insight Global, a staffing company based in Atlanta, Georgia, received a $23 million contract to hire 1,000 contact tracers in an effort to control the spread of covid-19.

But some former employees tell Target 11 that the company failed to secure the information they collected from contacts. And the former workers say they told supervisors but nothing was done to protect the information.

Target 11 received links to spread sheets containing names along with health and personal information collected from contacts between last September and March of 2021.

Earle was easily able to clink on the links and they revealed the information without using a log in or password.

We are not releasing any of the names, but here’s some of the personal information contained on the spread sheets.

“His wife was positive. She should have been in isolation. It sounds like neither are following protocol.”

“Four children in home…in full emotional support and ADHD diagnosis.”

“She’s on psych meds for depression. She says she is suicidal.”

Earle took his findings to state representative Jason Ortitay of Bridgeville.

“I’m looking through it. I can’t believe the level of detail in here. I think it’s absolutely ridiculous. Just to start and as my first thought sitting there thinking one how can we let any of this happen, I mean we’re supposed to be you know good stewards of our constituents’ information especially from the state government level, people trust us with this stuff,” said Ortitay.

Earle also reached out to the Pennsylvania Health Department and told them what we had discovered.

“The department of health takes the safety and security of personal information extremely serious. We Appreciate you bringing this to our attention, and as soon as you did our first priority was to isolate and protect the information that was out there that you alerted us to,” said health department spokesman Barry Ciccocioppo.

The links containing the personal information were shut down the day after Earle reached out to the state health department.

“We have some information from a whistle blower indicating that the company you contracted with did not take the proper precautions to secure this data,” Earle asked the spokesman from the state health department.

“Well in fact it appears that the documents that were shared with WPXI were created outside, entirely outside of the commonwealth’s normal secure data handling process,” said Ciccocioppo.

Insight Global released a statement to Target 11.

“We regret that information collected by our employees during COVID-19 contact tracing may have

been made accessible to persons beyond authorized employees and public health officials. Our first

priority has been to secure and prevent any further access to or disclosure of information. While an

active investigation is underway by leading third-party IT security specialists, we also have a team

working to determine what information is or remains at risk. At this time, we believe information

consisted of names of individuals who may have been exposed to COVID-19 and a range of information

designed to help manage the spread of the virus, and identify and address any needs for specific social

support services. We understand the concerns the potential access to such information may raise, and

we are urgently and closely working with the Pennsylvania Department of Public Health to notify

individuals whose information may have been affected.”

We also spoke with a cyber security expert about the compromised date.

“My initial evaluation showed that all of the links that you provided were online and accessible to the public without being able to or having to log in and presenting any kind of authentication to a widely available to the public, said Todd Hollis, who also discovered some of the same documents by doing a google search.

“They are accessible and discoverable by a fairly crafty google search,” said Hollis.

While the initial contract with Insight Global was for 23 million dollars, Target 11 has learned from documents obtained through the State Treasurer, that the company has now been paid 29 million since last September.

And those are all tax dollars.

“It’s very disturbing that none of this is protected and they got so much money to do this contact tracing. And like I said taxpayer dollars. It’s our dollars going to this and it’s not protected,” said Price.

Ortitay is calling for a federal investigation and a state house hearing.

“We need to launch an immediate investigation form the state and I think we need to involve the feds in this too. They definitely need to be involved in any kind of investigation. We should call them in. We should call the department of health in for a hearing immediately, have them explain what’s going on, the contractor should be in there and I want to know what they’re doing and what they did wrong,” said Ortitay.