top of page

Clop Ransomware Gang Steals Data of Over 63,000 Patients from Children's Mental Health Startup

Blue Shield of California, a US healthcare company, has confirmed that data of over 63,000 patients of Brightline, a children's virtual mental health care startup, was stolen in a recent ransomware attack. This was confirmed in a data breach disclosure filed with the Maine attorney general’s office. Brightline, which provides virtual coaching and therapy to children, was identified last week as a likely victim of a mass breach. The attack is believed to have been carried out by the Clop ransomware gang, who claim to have breached over a hundred organizations through an undisclosed security flaw.

Clop's dark web leak site, which the gang uses to publish the stolen files unless a ransom is paid, has stated that it will soon leak the data stolen from Brightline. Blue Shield's breach notification confirms that the hackers accessed and potentially exfiltrated the personal data of over 63,000 patients. The stolen data includes patient names, addresses, dates of birth, gender, Blue Shield subscriber ID numbers, phone numbers, email addresses, plan names, and plan group numbers. Javvad Malik, Lead Awareness Advocate at KnowBe4, commented on how other organizations can learn from the ransomware attack and how they can prepare and defend themselves against similar attacks:

"The ransomware attack on Children's Data Network highlights the need for all organizations to take cybersecurity seriously. The attack shows that even organizations dealing with vulnerable data can fall prey to cybercriminals. Cybersecurity requires ongoing investment and a culture of continuous improvement. It's important to note that most cyberattacks are successful through social engineering tactics such as phishing emails, taking advantage of weak login credentials, or exploiting unpatched vulnerabilities. These methods may seem straightforward and relatively easy, but they can have significant consequences, leading to data breaches, ransomware attacks, and other types of cybercrime. To prevent security breaches, it's essential to train employees to recognize the signs of potential threats, ensure robust password policies, keep software and systems up-to-date with the latest security patches and use multi-factor authentication where possible."

Brightline has not publicly acknowledged the breach on its website or social media channels. It is unclear how many of Brightline's child users are affected. US Wellness, another healthcare company, has also confirmed that hackers accessed the personal data of its users. The Clop group has hit around 130 organizations, including the City of Toronto, Canadian financing giant Investissement Québec, and Virgin Red. Virgin Red learned that attackers had "illegally obtained some Virgin Red files via a cyber-attack on our supplier, GoAnywhere" after being contacted by Clop. ###


bottom of page