The breach was detected Jan. 30 through Brightline’s vendor Fortra, according to a notice posted on the provider’s website. Fortra is the third-party provider of file transfers known as GoAnywhere MFT Software-as-a-Service.
According to the notice, Brightline was informed of the breach Feb. 4 and determined the incident was limited solely to the Fortra service and did not impact Brightline’s own network.
“As soon as we became aware of the incident, we took immediate action to investigate it by confirming Fortra deactivated the unauthorized user’s credentials, turned off the service and rebuilt our version so it was no longer vulnerable,” Brightline said in a statement to patients.
Based on Brightline’s investigation, the provider determined that a limited amount of protected health information was impacted, including individuals’ names, addresses, dates of birth, member identification numbers, dates of health plan coverage and/or employer names.
In response to the incident, Brightline is offering impacted individuals two years of complimentary identity theft and credit monitoring services by Cyberscout.
View the complete list of impacted parties here.