Rhode Island is tackling with a major cybersecurity breach that has compromised the personal information of thousands of residents. The Rhode Island cyberattack targeted the state’s online system for delivering health and human services benefits, known as RIBridges, potentially exposing sensitive data such as names, addresses, dates of birth, Social Security numbers, and even banking information.
Governor Daniel McKee and his administration are urging residents to take immediate action to protect their personal information as the threat of leaked data looms. Here’s what you need to know about the cyberattack, its implications, and the steps being taken to address the situation.
The Rhode Island Cyberattack: What Happened?
On December 5, 2024, Rhode Island’s vendor, Deloitte, informed state officials about a potential cyberattack on RIBridges system. At that time, it was unclear if sensitive information had been breached. Following an internal investigation and the implementation of additional security measures, Deloitte confirmed on December 10 that a breach had occurred.
Hackers provided a screenshot of file folders from the system as proof, which likely contained personal data of Rhode Island residents. By December 13, malicious code was detected within the system, leading the state to take RIBridges offline to contain the threat.
According to Deloitte, there is a high probability that cybercriminals have accessed files with personally identifiable information (PII). The attackers are demanding a ransom, but state officials have not disclosed the specifics of these demands.
Who Is Affected?
The data breach impacts individuals who have applied for or received benefits through the RIBridges system. Programs managed through this platform include:
- Medicaid
- Supplemental Nutrition Assistance Program (SNAP)
- Temporary Assistance for Needy Families (TANF)
- Child Care Assistance Program (CCAP)
- Rhode Island Works (RIW)
- Long-Term Services and Supports (LTSS)
- Health insurance purchased through HealthSource RI
The state is still determining the full scope of the breach, but it’s clear that both current and former beneficiaries could be affected.
What Information Was Compromised?
The stolen data may include:
- Names
- Addresses
- Dates of birth
- Social Security numbers
- Banking information
Deloitte is continuing its analysis to determine the exact extent of the breach.
State Response and Measures Taken
Governor McKee emphasized the urgency of addressing this breach during a media briefing on Friday, December 15. The state has taken the following actions:
- System Shutdown: RIBridges was taken offline on December 13 to mitigate the threat and begin remediation.
- Law Enforcement Involvement: Federal agencies, including law enforcement and the Rhode Island State Police, are assisting with the investigation.
- Dedicated Call Center: Rhode Islanders can contact a toll-free hotline, operated by Experian, for guidance on protecting their personal information. The call center is available Monday through Friday from 9 a.m. to 9 p.m. at 833-918-6603.
- Free Credit Monitoring: Impacted households will receive a letter by mail explaining how to access free credit monitoring services.
What Residents Should Do Now
The state advises Rhode Islanders to take proactive steps to safeguard their personal information:
- Monitor Financial Accounts
- Check bank accounts and credit card statements for any unauthorized activity.
- Contact your bank for guidance on securing your accounts.
- Freeze Your Credit
Consider placing a credit freeze or fraud alert with the three major credit bureaus to prevent unauthorized use of your information.
Credit Bureau Contact Information:
- Equifax: 1-800-349-9960
- Experian: 1-888-397-3742
- TransUnion: 1-888-909-8872
- Update Your Passwords
- Change any reused or weak passwords to strong, unique ones.
- Use a password manager to securely store and manage your credentials.
- Stay Alert for Scams
Be cautious of phishing emails or phone calls attempting to exploit this breach. Never provide personal information unless you are certain of the recipient’s identity.
- Stay Informed
Visit the state’s dedicated website for updates on the situation.
How Is the State Addressing the Breach?
The state and Deloitte are working together to:
- Identify how the breach occurred.
- Remediate vulnerabilities in the system.
- Restore the RIBridges platform as quickly as possible.
Law enforcement continues to investigate the cyberattack, but no further leads have been disclosed at this time.
Key Takeaways for Residents
While no instances of identity theft have been reported so far, residents should remain vigilant. Cybersecurity breaches of this magnitude can have long-term consequences, particularly when sensitive information like Social Security numbers and banking details are involved.
Governor McKee and state officials have expressed their commitment to transparency and timely updates. However, the incident underlines the importance of strong cybersecurity measures, especially for systems handling sensitive data.
What’s Next?
The state continues to investigate the breach and implement measures to prevent future attacks. Deloitte, as the system vendor, will likely face scrutiny over its cybersecurity protocols and response time.
For Rhode Islanders, the immediate focus should be on securing personal information and staying informed about developments in this case.
