Brightline, Inc. Announces Third-Party Data Breach Affecting 27,742 Individuals

Console and Associates, P.C.

On April 7, 2023, Brightline, Inc. filed a notice of data breach with the Maine Attorney General’s Office after the company following a third-party data breach at Fortra, one of the company’s vendors. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ names, addresses, member IDs, dates of birth, phone numbers, employers’ names and group ID numbers, and coverage start/end dates. After confirming that consumer data was leaked, Brightline began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.

If you received a data breach notification from Brightline Inc., it is essential you understand what is at risk and what you can do about it. As we’ve recently mentioned in other posts, healthcare data breaches can provide hackers with the information they need to commit healthcare identity theft, which involves an unauthorized third party obtaining medical care in your name. Not only does healthcare identity fraud leave you footing the bill, but it also can result in inaccurate information being included in your medical records, which can cause serious problems the next time you go to the doctor. Those interested in learning more about the Brightline / Fortra data breach and what options they have in its wake should reach out to a data breach lawyer for assistance.

What We Know So Far About the Brightline Breach

News of the Brightline data breach is still fresh; however, what we know at this point comes from the company’s filing with the Maine Attorney General. According to this source, the incident didn’t impact Brightline Inc.’s computer system but instead involved the computer network of Fortra, a company that Brightline uses to perform file transfer services.

Evidently, on January 30, 2023, Fortra learned of suspicious activity within its computer system, specifically the company’s GoAnywhere MFT software-as-a-service. In response, Fortra launched an investigation into the incident to determine what led to the breach and whether any consumer data was compromised as a result.

The Fortra investigation identified a previously-unknown vulnerability that an unauthorized party used to gain access to certain Fortra customers’ accounts and download files.

On February 4, 2023, Fortra informed Brightline of the recent data security incident. Initially, both Fortra and Brightline believed that Brightline patient information was not involved; however, subsequent investigation confirmed that the unauthorized party acquired certain files that were saved in the Fortra service, which prompted Brightline to take a closer look. Brightline eventually determined that the affected files contained information relating to certain patients.

Upon discovering that sensitive patient data was made available to an unauthorized party, Brightline began to review the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, address, member ID, date of birth, phone number, employer’s name and group ID number, and coverage start/end dates.

On April 7, 2023, Brightline sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.

More Information About Brightline, Inc.

Founded in 2019, Brightline, Inc. is a technology and telehealth services company based in Palo Alto, California. The company provides behavioral health solutions specifically tailored to children and families with children. All Brightline visits are conducted through telehealth. Brightline is available nationwide through select plan sponsors for qualified Aetna members who are under 18. Brightline employs more than 140 people and generates approximately $20 million in annual revenue.

More Information About Fortra

Fortra is a cybersecurity company based in Eden Prairie, Minnesota. The company also provides cybersecurity consulting services. Fortra employs more than 3,000 people and generates approximately $800 million in annual revenue.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Console and Associates, P.C. | Attorney Advertising

Written by:

Console and Associates, P.C.

Console and Associates, P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide