OAKLAND, Calif. (March 27, 2023) – A Blue Shield of California provider, Brightline Medical Associates, has reported to Blue Shield that Brightline’s subcontractor, Fortra, LLC, suffered a security incident between the dates of January 28, 2023, and January 31, 2023.
Blue Shield members impacted by Fortra’s cyber security breach have been notified of the incident and provided no-cost credit monitoring. Blue Shield takes this situation very seriously and is committed to protecting the privacy of members.
On the evening of January 30, 2023, Brightline’s subcontractor, Fortra, was made aware of suspicious activity within certain instances of its GoAnywhere Managed File Transfer as-a-service (MFTaaS). Through its investigation, Fortra states that it identified a previously unknown vulnerability which an unauthorized party then used to access certain GoAnywhere MFTaaS customers’ accounts and download files. Fortra immediately deactivated the unauthorized user’s credentials, disabled the vulnerable application, and rebuilt the application and gateway. Additionally, Fortra removed all data provided by Blue Shield from the GoAnywhere MFTaaS and notified law enforcement. Blue Shield does not own or operate the impacted systems and is relying on Fortra for reports of forensic advice.
The investigation revealed that the incident may have affected some members' personal information including names and one or more of the following: date of birth, address, gender, phone number, member ID number, employer name, and e-mail address. No Blue Shield member social security numbers, financial information, or health information were affected and there is no evidence that Blue Shield’s systems and emails were ever affected or vulnerable to this attack.
For more information, members can call 800-910-5033.
Blue Shield of California Contact: