Exploit: Third Party Data Breach
Pennsylvania Department of Health: State Government Agency
Risk to Business: 1.803 = Severe The Pennsylvania Department of Health received an unpleasant shock when it learned that the third-party firm it had employed to process contact tracing data had made data handling mistakes, potentially opening thousands of residents of the Keystone State up to trouble. The contractor, Atlanta-based Insight Global reported that several employees violated security protocols to create unauthorized documents outside of the secure data system that the state’s contract required using the data collected.
Individual Risk: 2.277 = Severe Some of the records in question associated names with phone numbers, emails, genders, ages, sexual orientations and COVID-19 diagnoses and exposure status. They did not include financial account information, addresses or Social Security numbers. A daytime hotline is available for anyone concerned they might have been involved at 855-535-1787. Free credit monitoring and identity protection services will be offered.
Customers Impacted: 72,000
How it Could Affect Your Customers’ Business: No business is an island. That’s why it pays to take precautions against potential intrusions and data theft that results from a service provider’s cybersecurity failure
Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
