Children’s Personal Data Compromised In High-Profile Cyberattack Against Healthcare Company

Forta, major healthcare company, has been the victim of a brutal cyberattack that resulted in a personal data compromise of some 63,000 patients, including children.

By Brian Scheid | Published

cyberattack personal data

A major healthcare company has been the victim of a brutal cyberattack that resulted in a personal data compromise of some 63,000 patients. The ransomware attack on the virtual children’s mental health care startup Fortra is quite concerning when examining the massive amount of data the hackers were able to extract. Fortra specializes in counseling the mental health of children, which makes this data breach even more concerning, that most of the victims are children.

It is hard enough in this digital age to keep your personal information private as an adult. I can’t even imagine being a child and having all your information beamed across the dark web to every scam artist, criminal, and pedophile. They are just looking for someone to take advantage of; this would be Christmas in July for them.

These children have been put in a tough spot, and now their private information is in the hands of people just looking for someone to exploit. Children are naturally vulnerable to nefarious deeds and know. In this case, the bad guys will have personal knowledge of their personal information, their parent’s personal information, and the child’s medical history. This cyberattack against a virtual clinic provides coaching and much-needed therapy to troubled kids, and now the potential ramifications for these children are endless.

This cyberattack became public knowledge when a data breach disclosure was filed with the Maine US attorney general’s office. Blue Cross Blue Sheild of California confirmed that one of its providers, Brightline had data stolen from one of its Go Anywhere file transfer tools. The paperwork that was filed confirms that the Clop Ransomware Gang was responsible for the hack that allowed that group to gain access to the data.

This particular group has claimed to have breached over a hundred organizations in successful cyberattacks by utilizing an undisclosed security flaw. The gang uses Clop’s dark web leak site to publish the stolen files unless the company they victimized pays a hefty ransom before a deadline. The stolen personal data has not been released by Clop just yet, but they have said that Brightline is running out of time before they entirely release the data into the dark web.

Once that happens, that information will be out there for everyone to see and utilize as they see fit.  According to Tech Crunch, “has heard from other victims that they, too, only learned that data had been stolen after receiving a ransom demand — despite Fortra having assured them that their data was safe.” Victims and their parents were reassured by Fortra that their data was absolutely secure which was inaccurate information preventing the victims from taking proactive measures to limit the impact of the cyberattack. 

Other notable businesses that had been prior victims of a Clop attack were the city of Toronto, Canadian financing giant Investissement Quebec, and Virgin Red. Requests for comment from either Brightline or Fortra about the personal data breach have not been returned. It was confirmed in the breach notification that the types of data that were stolen were patient names, addresses, dates of birth, gender, Blue Shield subscriber ID numbers, phone numbers, e-mail addresses, plan names, and group plan numbers 

That is an awful lot of data they were responsible for keeping confidential, and they did not hold up their end of the bargain. This issue is a growing problem, and at some point, we are going to need to change our personal data across the board. We are almost to the point where hackers have obtained every type of information from everyone on the planet.