Exploit: Third Party Data Breach
Pennsylvania Department of Health: State Government Agency
![cybersecurity news represented by agauge showing severe risk](https://www.idagent.com/wp-content/uploads/2020/03/pngbase64ebf23a169271a0cd.png)
Risk to Business: 1.803 = Severe
The Pennsylvania Department of Health received an unpleasant shock when it learned that the third-party firm it had employed to process contact tracing data had made data handling mistakes, potentially opening thousands of residents of the Keystone State up to trouble. The contractor, Atlanta-based Insight Global reported that several employees violated security protocols to create unauthorized documents outside of the secure data system that the state’s contract required using the data collected.
![cybersecurity news represented by agauge showing severe risk](https://www.idagent.com/wp-content/uploads/2020/03/pngbase64ebf23a169271a0cd.png)
Individual Risk: 2.277 = Severe
Some of the records in question associated names with phone numbers, emails, genders, ages, sexual orientations and COVID-19 diagnoses and exposure status. They did not include financial account information, addresses or Social Security numbers. A daytime hotline is available for anyone concerned they might have been involved at 855-535-1787. Free credit monitoring and identity protection services will be offered.
Customers Impacted: 72,000
How it Could Affect Your Customers’ Business: No business is an island. That’s why it pays to take precautions against potential intrusions and data theft that results from a service provider’s cybersecurity failure