In this light, Brightline has published a list of covered entities impacted by the breach. The day after the release of the GoAnywhere patch, the Clop ransomware gang contacted BleepingComputer and said they had used the flaw over ten days to steal data from 130 companies.įor many organizations, Brightline offers virtual behavioral and mental health services for the children of benefits-eligible employees. According to its website, it caters to more than 3,000 organizations, predominantly ones with over 10,000 employees and 1B USD in revenue.īrightline was just one of the many victims on the list that Cl0p made using the same vulnerability. GoAnywhere MFT, which stands for managed file transfer, allows businesses to manage and exchange files in a secure and compliant way. Malwarebytes Labs reported on the vulnerability in February, urging users to deploy a patch. The third-party service provider at the heart of the data breach is Fortra, which was recently targeted by the Cl0p ransomware gang in a string of attacks that leveraged an undisclosed vulnerability in the file transfer software called GoAnywhereMFT, which Fortra develops and which is used by businesses worldwide.
Though Brightline did not disclose the number of affected customers, recently updated records with the US Department of Health and Humans Services Office of Civil Rights showed that at least 964,301 people were impacted. "Based on the investigation, we identified a limited amount of protected health information/personal information in the files that the unauthorized party acquired, potentially including some combination of the following data elements: individuals’ names, addresses, dates of birth, member identification numbers, date of health plan coverage, and/or employer names," wrote Brightline in its public notice online. A pediatric behavioral health startup called Brightline informed its customers that their protected health data may have been stolen as part of a separate ransomware attack on a Brightline third-party service provider.
0 kommentar(er)
