Brightline, a mental and behavioral health provider, has suffered a data breach that impacted 783,606 people after a ransomware gang stole data using a zero-day vulnerability in its Fortra GoAnywhere MFT secure file-sharing platform.
Additionally, the data breach was conducted by the Clop ransomware gang, who used a zero-day vulnerability tracked as CVE-2023-0669. The threat actors began leveraging this vulnerability since January 18th, 2023. Brightline was listed on Clop’s extortion portal on March 16th, 2023, indicating that the health startup was among the firms the ransomware actors breached in their large-scale attack.
Furthermore, the company’s internal investigation revealed that the data stolen by the Clop ransomware gang included full names, physical addresses, dates of birth, member identification numbers, date of health plan coverage, and employer names.
At the same time, Brightline’s extensive partnerships with healthcare institutes and companies in the U.S. has resulted in a security incident impacting many entities. This includes well-known organizations like Diageo, Nintendo of America Inc., Harvard University, Stanford University, and Boston Children’s Hospital.
Brightline offers all impacted individuals two years of complimentary identity theft and credit monitoring services via Cyberscout. The Cl0p ransomware operation emailed BleepingComputer to say they deleted Brightline’s data from their data leak site.
The complete list of impacted entities can be found on the company’s website. The data breach is yet another example of how ransomware gangs are targeting healthcare providers, and it highlights the need for companies to take proactive measures to secure their networks and systems.
