Black Basta claims responsibility for a cyberattack against Yellow Pages Group
April 24, 2023
Avos ransomware gang hijacks university alert system to issue threats
May 4, 2023

Cl0p ransomware attack impacts 783k Brightline patients

This week, Brightline, a pediatric mental health provider released a data notice warning patients that it suffered a data breach impacting 783,606 people following a cyberattack by the Cl0p ransomware gang. It is believed that the ransomware gang used a zero-day vulnerability (CVE-2023-0669) in its Fortra GoAnywhere MFT secure file-sharing platform to steal the data from 130 organisations including Brightline. The incident has resulted in a major impact for Brightline due to its extensive partnerships with healthcare institutes and companies in the U.S. including Nintendo of America Inc., Harvard University, Stanford University, and Boston Children’s Hospital.

Brightline has stated they took immediate action to investigate the incident and have implemented additional security measures. Brightline has offered all impacted individuals two years of complimentary identity theft and credit monitoring services via Cyberscout. Brightline’s internal investigation has revealed that the data stolen by the Cl0p ransomware gang included the following personal information:

  • Full names
  • Physical addresses
  • Dates of birth
  • Member identification numbers
  • Date of health plan coverage
  • Employer names

The cyberattack was confirmed by the Cl0p ransomware gang when they listed Brightline on their data leak site on Thursday 16th of March 2023. However, following media attention to this incident, the Cl0p ransomware gang has contacted the BleepingComputer news site to say they deleted Brightline’s data from their data leak site.

Leave a Reply

Your email address will not be published. Required fields are marked *