"Brightline Hack Exposes Data of Over 780,000 Child Mental Health Patients"

Pediatric mental health provider Brightline has recently warned patients that it suffered a data breach on January 30, impacting 783,606 people.  Brightline said the breach was related to a zero-day vulnerability in its Fortra GoAnywhere MFT secure file-sharing platform.  Through its investigation, Fortra states that it identified a previously-unknown vulnerability which an unauthorized party used to gain access to certain Fortra customers' accounts and download files, including Brightline's.  Brightline said its investigation determined the incident was limited to the Fortra service and did not impact its network.  However, the data stolen from the breach included patients' confidential information.  Data impacted could consist of some combination of the following data elements: individuals' names, addresses, dates of birth, member identification numbers, date of health plan coverage, and/or employer names.  According to Bleeping Computer, these attacks were conducted by the Clop ransomware gang using the command injection vulnerability CVE-2023-0669.

Infosecurity reports: "Brightline Hack Exposes Data of Over 780,000 Child Mental Health Patients"