cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Over 780,000 child mental health records exposed as GoAnywhere hack claims another

Paediatric behavioural healthcare organisation Brightline is the latest company to come out as a victim of the Fortra GoAnywhere cloud hack.

The records of 783,606 people were reportedly affected by the attack, responsibility of which has been claimed by the Clop ransomware group.

In a statement issued on its website, Brightline confirmed that it was a user of the Fortra GoAnywhere MFT and that when it was informed of the issue on 4 February, it immediately engaged measures to protect its customers.

“While Fortra’s investigation is ongoing, we understand that on January 30, 2023, Fortra was made aware of suspicious activity within certain instances of its GoAnywhere MFT service,” said Brightline.

“Through its investigation, Fortra states that it identified a previously unknown vulnerability which an unauthorised party used to gain access to certain Fortra customers’ accounts and download files, including ours.”

While Brightline said its investigation initially found that its network was not affected and that the incident was limited to Fortra, it has since found that certain files that were saved in GoAnywhere were accessed by threat actors.

“After making this determination, we immediately began to analyse the files to determine which individuals and data had been affected,” added Brightline.

“As part of that analysis, it was determined that those files contained a limited amount of protected health information.”

Brightline said that information includes “some combination” of names, addresses, dates of birth, member ID numbers, health plan coverage dates, and employer names.

David Benas, associate principal consultant at Synopsys Software Integrity Group, has said that the fact that Clop was able to acquire files even after listing Brightline on its site is “very telling of the current state of information security in the healthcare industry.

“While proactive protection against vulnerabilities is critically important, this incident goes to show that proving you have strong incident response capabilities before you get breached is just as important — if not even more important — in a situation like this,” he added.

Brightline has taken a number of steps to address the issue, including law enforcement, taking down the service and confirming that Fortra blocked the threat actors’ credentials by deactivating them.

It has also said it has rebuilt its version of the service to prevent the same vulnerabilities being utilised, while implementing a number of security measures to its processes, such as limiting ongoing access to verified users.

Affected individuals are being contacted and are eligible for two years of free identity theft and credit monitoring services.

“As ransomware targets across the technology and financial sectors become more difficult to exploit, I expect that we will keep seeing more healthcare companies fall victim to attacks like this,” concluded Benas.

“Unfortunately for the patients, it will likely continue until enough the healthcare industry as a whole starts taking their security more seriously.”

user icon Daniel Croft
Fri, 05 May 2023
Over 780,000 child mental health records exposed as GoAnywhere hack claims another
expand image
Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.