Brightline Hack Exposes Data of Over 780,000 Child Mental Health Patients

Written by

Pediatric mental health provider Brightline has warned patients that their data may have been compromised as a result of a breach  related to a zero-day vulnerability in Fortra's GoAnywhere MFT secure file-sharing platform.

“Through its investigation, Fortra states that it identified a previously-unknown vulnerability which an unauthorized party used to gain access to certain Fortra customers’ accounts and download files, including ours,” reads the notice.

Brightline said its investigation determined the incident was limited to the Fortra service and did not impact its network. However, the data stolen from the breach included patients’ confidential information.

“[This] potentially [includes] some combination of the following data elements: individuals’ names, addresses, dates of birth, member identification numbers, date of health plan coverage, and/or employer names,” the company wrote.

According to Bleeping Computer, these attacks were conducted by the Clop ransomware gang using the command injection vulnerability CVE-2023-0669.

Read more on the vulnerability and Clop here: Clop Ransomware Group Exploits GoAnywhere MFT Flaw

“The fact that this exploit led to patient data leakage from Brightline's environment is very telling of the current state of information security in the healthcare industry,” commented David Benas, an associate principal consultant at the Synopsys Software Integrity Group.

Writing to Infosecurity  in an email, Brightline said that the company acted immediately upon notification from Fortra, and confirmed with Fortra (whose system the vulnerability was on) that the Brightline-specific instance had been remediate. The company also noted that Clop never compromised Brightline’s systems, but Fortra's solution. 

Regardless, James Graham, VP of RiskLens, said healthcare industry members are often targeted by threat actors, which means healthcare organizations need to be exceptionally sure of their cybersecurity investments.

“Part of this is performing quantitative risk assessments using the FAIR standard to provide an overview of risk in terms of probability and cost, allowing for security investments to be made more efficiently.”

Article updated on 05/05/2023 with Brightline Comments.

What’s hot on Infosecurity Magazine?