More than 780k Brightline Patients Exposed in Serious Data Breach
Table of Contents
- By Steven
- May 08, 2023
Brighline is a virtual counseling service that provides help to children, teenagers, and whole families. This pediatric counseling service offers a range of mental health care services to patients throughout the world. Brightline stores a significant amount of personal data to maintain these patient records and offer reliable care, but the company recently suffered from a dangerous data breach, exposing hundreds of thousands of patient records to the internet. It's a serious breach and a major blow to the company. Many patients won't trust Brightline again after this. Learn more about the attack and how to protect your data.
How Did the Attack Occur?
Brightline was breached through the Fortra GoAnywhere file-sharing tool's Zero-Day security vulnerability. GoAnywhere is a file transfer tool that's supposed to project information reliability, and the service is being hit hard by a ransomware gang that used a security vulnerability to steal data from more than 130 different companies. Brightline was one of those organizations involved and lost information for more than 783,606 patients overall. The attacks first started on January 18, 2023, and Brightline was listed as one of the victims starting on March 16, 2023.
What Information Was Viewed or Stolen?
Although a wide variety of data was taken during the ransomware attacks by the Clop gang, Brightline patients, in particular, had the following data points exposed.
- Birth Date
- Employer names
- First and Last name
- Home Address
- Health plan coverage date
- Member ID number
Each of these personal data points exposed by the data breach puts Brightline patients at risk for phishing attacks and is a serious breach of trust. The compromised information isn't likely to result in an identity theft attack, but it could lead to other complications for the impacted patients.
How Did Brightline Admit to the Breach?
Brightline issued a security notice to its patients, informing them of the Fortra GoAnywhere vulnerability and how it exposed patient data to the outside world. If your information was kept with Brighline, it may be available for the whole world to see and to use against you.
What Will Become of the Stolen Information?
The stolen information will be put up online for other people to see, and the Clop gang will use it as leverage to get companies like Brightline to pay ransoms. It's unclear if Brightline will pay out a ransom to protect the data, but if not, the information will likely be available for anyone to take and use.
What Should Affected Parties Do in the Aftermath of the Breach?
If your data was involved in this ransomware breach with Brightline, you should start monitoring your credit and any related accounts as soon as possible. Brightline is offering anyone identified as being involved in this breach credit monitoring services through Cyberscout for two years. Take advantage of this protection, and you'll have a way to monitor your credit for any strange changes. Stay on top of these issues, and you can avoid the more serious problems.