Data Security Incident at Health Benefits Vendor Brightline Affects Stanford Community

Stanford University has issued a notice to inform its community about a recent data security incident experienced by health benefits vendor Brightline. Brightline, a provider of virtual behavioral and mental health services, experienced a data breach that impacted portions of the Stanford community, specifically those covered by Stanford’s group health plans. These plans include Stanford Health Care, Stanford Health Care Tri-Valley, Stanford Medicine Children’s Health, Stanford Medicine Partners, and Stanford University.

According to the notice, the data breach affected only Stanford group health plan participants who have dependents under the age of 18. Brightline will commence the process of notifying affected individuals on or around April 7, 2023. The investigation conducted by Brightline determined that the nature of the compromised data was mostly demographic, including subscriber and dependent names, contact information, member ID, dates of birth, and coverage start and end dates. Importantly, no Social Security numbers, financial accounts, or information related to medical services, conditions, diagnoses, or claims for the plan participants or their dependents were included in the breached data.

The group health plans’ files were shared with Brightline for verification of eligibility under the plans and for potential outreach to plan participants who may benefit from Brightline’s services. In light of the incident, Brightline will offer free identity theft and credit monitoring services to those affected, and each affected individual will receive a letter with a unique code for registration. Brightline has also established a call center to answer questions related to the incident and has made additional information available on its website.

In the notice, Stanford University expressed sincere regret for any inconvenience caused by the incident and emphasized its commitment to the confidentiality, privacy, and security of personal information, both for Stanford and for the vendors providing services to its community. The institution’s focus on maintaining data security remains a priority as it continues to work with vendors like Brightline to ensure the safety and well-being of its community.