A cybersecurity breach targeting Rhode Island's RIBridges system has exposed sensitive personal data of individuals applying for or receiving benefits through state-administered programs. Governor Dan McKee confirmed the breach during a press briefing this weekend, outlining the actions taken to address the incident and secure the affected systems.
RIBridges is a centralized data platform supporting critical social and health service programs for Rhode Island residents. Managed by Deloitte, it enables streamlined access to benefits such as Medicaid, TANF, and health insurance through HealthSource RI.
The breach was first identified on December 5, 2024, when Deloitte, the vendor managing RIBridges, notified the state of a potential cyberattack. Initially, it was unclear if any sensitive information had been compromised. After further investigation, Deloitte confirmed on December 10 that a hacker had accessed and shared screenshots of file folders containing personally identifiable information (PII). By December 11, there was a high probability that these files included sensitive data, such as names, addresses, Social Security numbers, and banking details. Malicious code was confirmed within the system on December 13, prompting the state to take RIBridges offline.
RIBridges, used by the Rhode Island Department of Administration, integrates multiple benefit programs, including Medicaid, Supplemental Nutrition Assistance Program (SNAP), and Rhode Island Works (RIW). The breach could impact any individual who has applied for or received benefits through these services.
The system remains offline, and Rhode Islanders cannot access their accounts via the portal or mobile app. Applications for benefits are temporarily restricted to paper submissions. Additionally, households potentially affected by the breach will receive notification letters from the state, offering free credit monitoring services. A dedicated call center began operations on Sunday to assist impacted individuals.
The state has engaged federal law enforcement agencies and the Rhode Island State Police to investigate the breach. While no cases of identity theft or fraud have been linked to the attack so far, officials are urging citizens to monitor their accounts and take precautionary measures, including:
- Freezing credit or placing fraud alerts with major credit bureaus.
- Changing passwords, especially if reused across accounts.
- Contacting banks for enhanced security options.
Governor McKee emphasized that the state is working with Deloitte to secure the system and prevent further incidents. “We take this matter seriously and are committed to restoring the integrity of RIBridges and protecting the information of Rhode Islanders,” he said.
As the authorities continue to assess the full extent of the breach and its implications, Deloitte is working to remove malicious code, enhance cybersecurity measures, and restore system functionality.
By publication time, no ransomware groups have taken responsibility for the attack on Rhode Island's system, so the perpetrators are unknown.
Russia Blocks Viber Messenger Over Alleged Legal Violations
Leave a Reply