Skip to main content

Frequently asked questions regarding Brightline data security incident

The below information addresses common questions about a data security incident involving a health benefits vendor, described more fully on this page.

 

1. Who can I call if I have questions?

Brightline has engaged Cyberscout to provide a call center to answer your questions. The call center can be reached at 1-833-570-2987.

 

2. What happened?

Brightline reported to the group health plans for Stanford and its affiliated health care entities a data security incident involving its subcontractor, Forta LLC, a third-party provider of file transfer services. We understand that the security incident affected multiple organizations and businesses, not only the Stanford group health plans.

The vendor, Brightline, offers virtual behavioral and mental health services for the children of benefits-eligible employees and postdoctoral scholars across Stanford’s group health plans, including those of Stanford Health Care, Stanford Health Care Tri-Valley, Stanford Medicine Children’s Health, Stanford Medicine Partners, and Stanford University.

 

3. Why was my data shared with Brightline?

Data was shared with Brightline for verification of eligibility for services as well as potential outreach to plan participants who could benefit from Brightline’s services. We are working with our service providers to assure that information shared in the future is limited to the populations eligible for Brightline’s services.

 

4. Were all group health plan members affected?

Brightline has sent notifications to all individuals whose information was part of this incident. For benefits-eligible employees enrolled at any point between March 2022 and January 2023 in Stanford’s group health plans for Stanford Health Care, Stanford Health Care Tri-Valley, Stanford Medicine Children’s Health, Stanford Medicine Partners, as well as benefits-eligible postdoctoral scholars of Stanford University, only participants with dependents under 18 years old were affected.

Beyond these populations, to support determination of eligibility for Brightline’s services and population health objectives, Stanford University’s benefits administrator shared with Brightline demographic information for certain Stanford University employees and dependents who were enrolled in group health plans at any point between March 2022 and January 2023. This information was also affected by the breach. Stanford further understands that a third-party group health plan administrator also shared data with Brightline for certain Stanford University retirees and insureds outside of Brightline’s service provider range. This information also was affected by the data security incident.

 

5. What specific information was affected by the incident?

Brightline’s investigation determined that the incident involved data that were mostly demographic in nature, such as subscriber and dependent names, contact information, member ID, dates of birth, and coverage start/end dates.

 

6. Was my or my dependent’s Social Security number or financial information in the data?

The affected data did NOT contain employee or dependent Social Security number, credit card number, driver’s license number, financial account information, or other information.

 

7. Was I/Stanford the only one affected?

No, we understand that the security incident affected multiple organizations and businesses.

 

8. What should I do now?

If you are affected by this data security incident, you will have received a letter (or letters, if you have dependents) from Brightline. Each letter has a unique code for the member and/or dependent to register for free identity theft and credit monitoring.

 

9. Which vendor is Brightline using for identity theft and credit monitoring?

Brightline has contracted with Cyberscout to provide identity theft restoration and credit monitoring services for two years. These services will be provided by Cyberscout through Identity Force, a TransUnion company specializing in fraud assistance and remediation. When enrolling, you may be asked to verify personal information, including your Social Security number, for your own protection to confirm your identity.