Alex - stock.adobe.com
Brightline to pay $7M to resolve Fortra hack lawsuit
A judge approved a $7M settlement to be paid by virtual mental health provider Brightline over the 2023 Fortra hack claimed by Clop ransomware actors.
Brightline, a virtual mental health provider that specializes in therapy, psychiatry and coaching for kids and teens, will pay $7 million to resolve a class action lawsuit filed against it in connection with the 2023 Fortra cyberattack.
In January 2023, Clop ransomware targeted a vulnerability in Fortra's GoAnywhere managed file transfer (MFT) solution. Clop claimed more than 130 victim organizations through its exploitation of a zero-day vulnerability. Brightline was one of the many organizations that used Fortra as a vendor and were impacted by the hack.
In May 2023, Brightline notified approximately 964,000 individuals that their information had potentially been compromised during the hack.
Several lawsuits arose as a result of this incident and were later consolidated into four tracks, including a track focused on Brightline. In April 2024, plaintiffs filed a consolidated complaint against Brightline, alleging negligence, breach of fiduciary duty, breach of implied contract and violations of state-level consumer protection statutes.
The consolidated complaint alleged that Brightline breached its duties by "developing unsafe and unprotected remote access tools and implementing inadequate data security measures and protocols that failed to properly safeguard and protect Plaintiffs' and Class Members' Private Information from a foreseeable cyberattack on its systems."
A Florida judge approved the $7 million settlement. Brightline did not admit wrongdoing but agreed to the terms of the settlement.
Settlement class members are eligible to receive up to $5,000 if they provide reasonable documented losses related to the data breach, or a flat cash payment of $100. California subclass members can also receive an additional $100. The settlement also includes additional credit monitoring for breach victims.
As previously reported, data breach lawsuits have been on the rise in a variety of industries in recent years, especially as data breach volumes increase. Settlements are a common result of these lawsuits, as they are often preferred over spending additional time and money to fight the allegations in court.
Jill McKeon has covered healthcare cybersecurity and privacy news since 2021.
