I'm sorry, that company does what? It is absolutely insane that temps off Craigslist could be trusted with such sensitive information under any circumstances. That company is asking for a data breach and to be sued into oblivion.
The fundamental problem here is that that company is cutting corners to save money. Full stop.
Under HIPAA laws, basically any healthcare data is "sensitive" data. An "extremely seasonal" healthcare job that deals with "sensitive data" could be someone that works in a call center that answers questions about health insurance -- just my guess.
Per other note, everyone in the space does it. It’s a fairly commodity business so paying more or keeping people all year when there are only two months of work would put them out of business quickly. If anything it’s a flaw in the underlying law that creates that seasonality
A trained ape reading a script for insurance enrollment is handling "sensitive" data, but your prescription history is sold in real-time to data brokers.
The fundamental problem here is that that company is cutting corners to save money. Full stop.