Cyber Threat Radar – Brightline, Inc. has agreed to a $7 million settlement to resolve a proposed class action lawsuit following a significant data breach that occurred in January 2023.
Brightline is a provider of virtual therapy, coaching, and psychiatry healthcare services, and this breach exploited security gaps in Fortra’s file-transfer software, exposing the personal information of approximately one million individuals.
The court granted preliminary approval of the settlement on September 24, 2024, allowing affected individuals to receive cash payments, credit monitoring, and additional protections.
Attackers Accessed Sensitive Personal Data
The lawsuit was filed after cybercriminals targeted Brightline, leveraging a vulnerability in the Fortra GoAnywhere MFT application. Through this exploit, attackers were able to gain unauthorized access to sensitive data, including personal, medical, and financial information of individuals across the United States.
Under the $7 million settlement, individuals whose data was compromised in the breach are eligible for compensation. Residents who received notification about the incident from Brightline can submit claims for a one-time payment of $100. Additionally, affected individuals may claim up to $5,000 if they can demonstrate financial losses resulting from the breach. California residents are also entitled to a $100 statutory payment in line with state law.
Help To Detect Identity Theft And Fraud Risks
The settlement further includes three years of free credit monitoring services for all class members to help them detect and manage potential identity theft and fraud risks. Individuals previously enrolled in Brightline’s two-year credit monitoring program will automatically receive an additional year of coverage.
To ensure fair distribution, total payouts and benefits may be adjusted based on the number of valid claims submitted under the settlement. Eligible class members can expect a pro-rata adjustment of cash payments, California statutory payments, and credit monitoring services if necessary.
A final approval hearing is scheduled for February 10, 2025, at which point the court will determine whether to finalize the settlement. Once approved, payments and benefits will be distributed to eligible individuals, pending any appeals.
Healthcare Sector Continues To Face Sophisticated Threats
“The healthcare sector continues to face these sophisticated threats as attackers seek to exploit vulnerabilities in software and systems handling sensitive personal information,” said Paul Gilbert, Senior Cybersecurity Account Executive, SentryBay. “We are increasingly seeing cyber attackers using keystroke logging, screen capture, and malicious code injection malware to infiltrate healthcare systems and steal valuable patient data.”
Proven Protection Against Infostealer Malware
SentryBay’s Armored Client is the OEM at the heart of Citrix App Protection, and is now proven protection against infostealer malware for Microsoft AVD and W365 endpoints. The solution utilises endpoint access isolation in a manner which does not impact on performance and includes keystroke logging, screen capture, and malicious code injection protection.
