Share this article on:
Paediatric behavioural healthcare organisation Brightline is the latest company to come out as a victim of the Fortra GoAnywhere cloud hack.
The records of 783,606 people were reportedly affected by the attack, responsibility of which has been claimed by the Clop ransomware group.
In a statement issued on its website, Brightline confirmed that it was a user of the Fortra GoAnywhere MFT and that when it was informed of the issue on 4 February, it immediately engaged measures to protect its customers.
“While Fortra’s investigation is ongoing, we understand that on January 30, 2023, Fortra was made aware of suspicious activity within certain instances of its GoAnywhere MFT service,” said Brightline.
“Through its investigation, Fortra states that it identified a previously unknown vulnerability which an unauthorised party used to gain access to certain Fortra customers’ accounts and download files, including ours.”
While Brightline said its investigation initially found that its network was not affected and that the incident was limited to Fortra, it has since found that certain files that were saved in GoAnywhere were accessed by threat actors.
“After making this determination, we immediately began to analyse the files to determine which individuals and data had been affected,” added Brightline.
“As part of that analysis, it was determined that those files contained a limited amount of protected health information.”
Brightline said that information includes “some combination” of names, addresses, dates of birth, member ID numbers, health plan coverage dates, and employer names.
David Benas, associate principal consultant at Synopsys Software Integrity Group, has said that the fact that Clop was able to acquire files even after listing Brightline on its site is “very telling of the current state of information security in the healthcare industry.
“While proactive protection against vulnerabilities is critically important, this incident goes to show that proving you have strong incident response capabilities before you get breached is just as important — if not even more important — in a situation like this,” he added.
Brightline has taken a number of steps to address the issue, including law enforcement, taking down the service and confirming that Fortra blocked the threat actors’ credentials by deactivating them.
It has also said it has rebuilt its version of the service to prevent the same vulnerabilities being utilised, while implementing a number of security measures to its processes, such as limiting ongoing access to verified users.
Affected individuals are being contacted and are eligible for two years of free identity theft and credit monitoring services.
“As ransomware targets across the technology and financial sectors become more difficult to exploit, I expect that we will keep seeing more healthcare companies fall victim to attacks like this,” concluded Benas.
“Unfortunately for the patients, it will likely continue until enough the healthcare industry as a whole starts taking their security more seriously.”