Brightline data breach impacts 783K pediatric mental health patients

Brightline logo

Pediatric mental health provider Brightline is warning patients that it suffered a data breach impacting 783,606 people after a ransomware gang stole data using a zero-day vulnerability in its Fortra GoAnywhere MFT secure file-sharing platform.

Brightline is a mental and behavioral health provider offering virtual counseling for children, teenagers, and their families. 

In a new ‘data security notice’ displayed on the company’s website, Brightline confirmed that data was stolen from its GoAnywhere MFT service that contained protected health information.

These attacks were conducted by the Clop ransomware gang, who utilized a zero-day vulnerability tracked as CVE-2023-0669 to allegedly steal data from 130 companies.

According to Fortra’s latest update on its investigation, the threat actors began leveraging this vulnerability since January 18th, 2023.

Brightline was listed on Clop’s extortion portal on March 16th, 2023, indicating that the health startup was among the firms the ransomware actors breached in their large-scale attack.

The company’s internal investigation revealed that the data stolen by the Clop ransomware gang included the following personal information:

  • Full names
  • Physical addresses
  • Dates of birth
  • Member identification numbers
  • Date of health plan coverage
  • Employer names

The notice clarifies that Aetna member IDs have not been compromised due to this incident.

“As soon as we became aware of the incident, we took immediate action to investigate it by confirming Fortra deactivated the unauthorized user’s credentials, turned off the service, and rebuilt our version so it was no longer vulnerable,” reads Brightline’s security notice.

“Further, we implemented additional security measures, including limiting ongoing access to verified users, removing all of our data from the service, and continuing ongoing measures to reduce data exposure until an alternative file transfer solution is identified and implemented.”

Brightline’s extensive partnerships with healthcare institutes and companies in the U.S. has resulted in a security incident impacting many entities. This includes well-known organizations like Diageo, Nintendo of America Inc., Harvard University, Stanford University, and Boston Children’s Hospital.

The complete list of impacted entities can be found here.

Data published today on the breach portal of the U.S. Department of Health and Human Services indicates that the incident has impacted a total of 783,606 people.

However, this figure may increase as internal investigations progress. Brightline only submitted eight individual entries on the government portal, presumably corresponding to eight affected entities, but its website lists a more significant number of impacted organizations.

Brightline offers all impacted individuals two years of complimentary identity theft and credit monitoring services via Cyberscout.

Update 5/3/23: After the publication of this article, the Cl0p ransomware operation emailed BleepingComputer to say they deleted Brightline’s data from their data leak site.

“We delete the data and we did not know what this company is doing, because not all companies are analyzing. And we ask for forgiveness for this incident,” Clop emailed BleepingComputer.

While we have no way determining if they actually deleted all of the data in their possession, BleepingComputer can confirm that Brightline is no longer listed on the gang’s data leak site.


  • johnlsenchak Photo johnlsenchak – 2 days ago

    We ask for forgiveness ? They are criminals who are not going to stop stealing data and encrypting computers .

  • h_b_s Photo h_b_s – 2 days ago

    This is every one with a mental illness's worst nightmare whether they are children, adults, care givers, or parents. No forgiveness, no quarter. This isn't "just business". Things like this have very real consequences to those named and outed. Attacks on city infrastructure emergency services gets people killed. No more pussy footing around dictators egos. Identify and rendition them if their governments refuse to do so.

  • Malwarebytes Anti-Malware Logo

    Malwarebytes Anti-Malware

    Version: 4.5.27 4M+ Downloads

  • AdwCleaner Logo


    Version: 56M+ Downloads

  • Windows Repair (All In One) Logo

    Windows Repair (All In One)

    Version: 4.13.1 2M+ Downloads

  • Everything Desktop Search Logo

    Everything Desktop Search

    Version: 22,816 Downloads

  • Zemana AntiLogger Free Logo

    Zemana AntiLogger Free

    Version: 53,802 Downloads


Related posts

New Worok cyber-espionage group targets governments, high-profile firms

Sarah Henriquez

Emby shuts down user media servers hacked in recent attack

Sarah Henriquez

New ‘HinataBot’ botnet could launch massive 3.3 Tbps DDoS attacks

Sarah Henriquez

Leave a Comment