The impact of a massive Fortra ransomware attack continues to grow, with hackers claiming new victims.
In a data breach disclosure filed with the Office of the Attorney General of Maine, U.S. healthcare giant California Blue Shield said one of its providers, Brightline, had stolen data stored on its GoAnywhere file transfer tool. I have confirmed that I have stolen data from
Brightline, which provides virtual coaching and therapy to children, was identified by TechCrunch as a likely victim of a large-scale breach last week.
The breach notification states that hackers (possibly the Russia-linked Clop ransomware gang, who claim to have compromised over 100 organizations using undisclosed security flaws) compromised more than 63,000 patients. Confirmed that personal data was accessed and potentially stolen.
Unless a ransom is paid, Clop’s dark web leak site, which the gang uses to expose stolen files, says the gang will “soon” leak the data stolen from Brightline.
Brightline has not publicly acknowledged any infringement on either its website or social media channels. Brightline spokesperson John O’Conner declined to answer TechCrunch’s question, but did not dispute that the breach affected 63,000 of his people. It is unknown how many of Brightline’s child users are affected.
Blue Shield will indicate in the breach notice that the breach affected includes the patient’s name, address, date of birth, gender, Blue Shield subscriber ID number, phone number, email address, plan name, and plan group number. It says it will.
Brightline is said to be one of 130 organizations attacked by the Clop group, but it’s not the only healthcare company. US Wellness, which offers corporate health and wellness programs, also confirmed that the hackers had access to personal data such as users’ names, addresses, dates of birth, and member ID numbers.
The Fortra vulnerability’s impact on healthcare organizations is so widespread that the Cybersecurity Coordination Center (HC3) of the US government’s healthcare sector issued an alert in February to protect against Clop attacks.
Outside of healthcare, the group’s list of known victims continues to grow, including the city of Toronto, Canadian financial giant Investments Quebec, and Virgin Red.
Jodie Burton, a spokesperson for Virgin Red, told TechCrunch that the attackers were “illegally After being contacted by Klopp, it obtained the Virgin Red files via a cyberattack on its supplier, GoAnywhere. I heard that you found out about
Fortra spokespeople Mike Devine and Rachel Woodford have repeatedly declined to answer TechCrunch’s questions.
