PITTSBURGH (KDKA) — Information about private health conditions should remain private and not wind up on the other end of a Google search.
That’s why Pittsburgh-area attorneys say they filed a federal class-action lawsuit, the first of its kind related to COVID-19 contact tracing.READ MORE: 'It Could Get Worse Before It Gets Better:' Relief On Gas Prices Not On The Horizon
KDKA’s Meghan Schiller talked with the lead attorneys about why they claim the Pennsylvania Department of Health failed to notify the public.
On Friday, KDKA’s Meghan Schiller confirmed the state Senate will hold a hearing on Tuesday to discuss the breach and the Pennsylvania acting health secretary will testify.
“The representations that were made to people that this was going to be protected, this was going to be private, nobody was going to know about it. To the contrary, that was not what happened,” said Attorney Jack Goodrich.
Goodrich — along with attorneys Phil DiLucente, Lauren Nichols and Ken Nolan — spoke out for the first time Friday regarding the alleged statewide data breach that sparked a class-action lawsuit.
The attorneys filed the suit Thursday against the Pennsylvania Department of Health and Insight Global, Inc., the company contracted for COVID-19 contact tracing across the commonwealth.READ MORE: CDC Investigating Salmonella Outbreak Linked To Onions
“We would all agree that there is nothing more personal than a person’s private health information,” said DiLucente.
“We’re not just talking about someone’s name, gender, or their phone number or their sexual orientation or gender presentation or family size or members of their family. but health data, the place that they work,” said DiLucente.
Internal emails obtained by these attorneys allegedly show employees at Insight Global knew about the lack of passwords or encryptions used to safeguard this information.
“How does getting paid $29 million lead to using a Google document and private personal Gmail accounts, rather than some sort of secured internal server, secured network?” said Nichols.
The Atlanta-based company’s website addresses the breach of data, saying the breach only affected some people, adding anyone affected will be “notified by mail.”
Nolan said Friday that the ramifications could include identity theft or COVID-discrimination.MORE NEWS: Pittsburgh Weather: Cold Front Expected To Bring Afternoon Rain Showers And Possible Thunderstorms
“You look at persons who are applying for a job and there is information that should not be available on Google that was available for Google for these potential employers,” said Nolan.