Malware
“Urgent Alert: Over 780K Pediatric Mental Health Patients at Risk After Brightline Data Breach”
A data breach at Brightline, a telemedicine provider, has exposed the sensitive information of 783,000 pediatric mental health patients. The breach occurred in May, when an unauthorized third-party accessed the company’s email system. The compromised data includes names, dates of birth, medical record numbers, and clinical information. Brightline has since implemented enhanced security measures and is offering affected patients complimentary identity theft protection.
What Precautionary Measures Should Pediatric Mental Health Patients Take After the Brightline Data Breach?
In light of the Brightline data breach, pediatric mental health patients should take precautionary measures to safeguard their sensitive information. Capita advises data breach precautions, such as regularly monitoring financial statements, changing passwords frequently, and being cautious of suspicious emails or phone calls. By adopting these measures, patients can protect themselves from potential identity theft and privacy breaches.
Brightline Warns Patients of Data Breach Impacting Over 780K People
IT Services provider Brightline, which offers virtual counseling for children, teenagers, and their families, has notified patients of a data breach affecting 783,606 people. The breach occurred after the Clop ransomware gang exploited a zero-day vulnerability in Fortra GoAnywhere MFT, the company’s secure file-sharing platform.
Brightline confirmed that the stolen data contained protected health information and has taken immediate action to investigate the incident. The company has also implemented additional security measures, including limiting access to verified users and removing all data from the service.
According to Fortra, the threat actors began leveraging the vulnerability from January 18th, 2023. Brightline was listed on Clop’s extortion portal on March 16th, 2023, indicating that the health startup was among the firms the ransomware actors breached in their large-scale attack.
The company’s internal investigation revealed that the stolen data included full names, physical addresses, dates of birth, member identification numbers, dates of health plan coverage, and employer names. However, Aetna member IDs have not been compromised due to this incident.
The breach has impacted many entities, including Diageo, Nintendo of America Inc., Harvard University, Stanford University, and Boston Children’s Hospital. The complete list of impacted entities can be found on Brightline’s website.
Data published today on the breach portal of the U.S. Department of Health and Human Services indicates that the incident has impacted a total of 783,606 people. Brightline offers all impacted individuals two years of complimentary identity theft and credit monitoring services via Cyberscout.
Update 5/3/23: The Cl0p ransomware operation has emailed IT Services to say they deleted Brightline’s data from their data leak site. While it cannot be determined if they actually deleted all of the data in their possession, BleepingComputer can confirm that Brightline is no longer listed on the gang’s data leak site.