Cybersecurity and Compliance Lessons From the Insight Global Settlement

Cybersecurity and Compliance Lessons From the Insight Global Settlement

In May, Insight Global, an international staffing and consulting firm, settled a case with the DOJ by agreeing to pay $2.7 million under the False Claims Act. According to an article by Dunlap Bennett & Ludwig, the allegations stemmed from their handling of COVID-19 contact tracing for the Pennsylvania Department of Health (PADOH), where they were accused of improper billing and inadequate cybersecurity practices.

Insight Global failed to secure sensitive data properly, violating its contract with PADOH and federal privacy regulations. For instance, they reportedly sent unencrypted emails containing personal health information and shared passwords among staff. 

They also stored sensitive information on Google files without adequate security measures, exposing it to potential breaches. Despite early warnings from their own staff about these vulnerabilities, Insight Global delayed addressing them until April 2021, which the DOJ deemed inadequate.

The article highlights the importance of robust cybersecurity and contractual compliance for organizations. Compliance programs should align with federal and state laws, industry standards, and best practices to mitigate risks. Insight Global’s case also underscores the significance of adhering to traditional compliance regulations like FAR/DFARS, which ensure fairness and security in government contracts.

To avoid similar legal and financial consequences, the article suggests organizations should update their policies regularly, conduct comprehensive compliance reviews, and provide tailored training to employees. By prioritizing compliance across cybersecurity and traditional regulations, businesses can protect client data, maintain trust, and mitigate the risk of legal disputes like the one faced in the Insight Global settlement.