Rhode Island Social Services Portal Suffers Ransomware Attack; Citizens’ Data at Risk

The state of Rhode Island is dealing with a cyber attack by criminals who have accessed the personal data of citizens who depend on a state portal for health insurance and other social services. Negotiations are underway with the cyber criminals over a potential ransom payment, according to officials.

Governor Dan McKee said that on Friday, December 13, the state was informed by its vendor, Deloitte, that there was a major security threat to the RIBridges system. Any individual who has received or applied for health coverage and/or health and human services programs or benefits could be impacted by this leak. Hundreds of thousands of applicants may be affected, McKee said.

On Saturday evening, McKee administration officials said the state has been warned that personal data could be exposed as early as this week. They said experts including Deloitte are in negotiations with the cyber criminals over any ransom to be paid. “The urgency is there,” McKee said.

According to Deloitte, the RIBridges data system was the target of a potential cyber attack on Thursday, December 5. At that time, it was unclear if any sensitive information was breached. Federal law enforcement and agencies were notified, as well as the Rhode Island State Police.

Deloitte has since confirmed that there is a high probability that cyber criminals have obtained files with personally identifiable information from RIBridges. Deloitte indicated that the information involved may include names, addresses, dates of birth and Social Security numbers, as well as certain banking information.

“It was important, for security reasons, to keep this knowledge internal until we could secure the RIBridges system. At the same time, our team began an investigation into what data may have been compromised, and how a possible attack was able to occur,” the governor said.

Deloitte confirmed the presence of a malicious code in the system and implemented additional security measures. The system was taken offline to help the teams working on addressing the threat.

RIBridges provides access to Medicaid, Supplemental Nutrition Assistance Program (SNAP), Temporary Assistance for Needy Families (TANF), Child Care Assistance Program (CCAP), Health coverage purchased through HealthSource RI, Rhode Island Works (RIW), Long-Term Services and Supports (LTSS) and the General Public Assistance (GPA) programs.

Currently customers are not be able to log into their accounts through the portal or the mobile app while the system is offline. Those seeking to apply for benefits can still submit paper applications.

The state is sending notifications explaining how to access free credit monitoring by mail, email and text to households that may have had personal information compromised. A dedicated call center has been activated at 833-918-6603.

McKee said officials are unaware of any identity theft or fraud related to this data breach yet. However, the state advises customers to monitor their accounts for any unauthorized activity. He also urged citizens to take steps to freeze credit or place a fraud alert through the three major credit bureaus, change any common or reused passwords, and ask their bank what steps may be taken related to the security of their bank account.

The state has set up a site for updates on the RIBridges situation at cyberalert.ri.gov.