SUMMARY:
- RIBridges Breach: Hackers infiltrated Rhode Island’s health and benefits system, demanding ransom and threatening to leak sensitive data.
- Compromised Data: Names, addresses, Social Security numbers, and banking details of residents are at risk.
- Affected Programs: Medicaid, SNAP, TANF, and other state benefit programs may have exposed user data.
- State Response: RIBridges was taken offline; officials are investigating with Deloitte and providing support through a hotline and notifications.
- Public Advisory: Residents are urged to freeze credit, strengthen passwords, and enable multi-factor authentication to prevent identity theft.
Cybercriminals are demanding ransom from Rhode Island authorities and threatening to release the personal data of many residents. This comes after a major cyberattack on the State’s online system for health and human services benefits, RIBridges (Rhode Island Benefits System). The system was taken offline after the state was informed of a security threat by its vendor, Deloitte.
The state government is dealing with the aftermath of this breach, which may have serious consequences for those affected. Reportedly, on December 5, officials discovered an international cybercriminal group to have breached RIBridges, the state system used for various health and benefits programs. The hackers then sent a screenshot of file folders revealing malware had been installed on targeted devices.
Rhode Island Governor Daniel McKee confirmed that hackers have gained access to the state’s online system for RIBridges. “We know this situation is alarming, and it’s stressful,” he said. “There are things that can be done right now in advance of when potentially something could happen,” McKee stated in a press conference.
The compromised data may include a wide range of personal information, such as:
- Names
- Addresses
- Dates of birth
- Banking information
- Social Security numbers
Individuals who have been involved in programs like Medicaid, SNAP, TANF, Childcare Assistance, Rhode Island Works, Long-term Services and Supports, the At HOME Cost Share Program, or have purchased health insurance through HealthSource RI may be affected.
In response to the breach, the state has urged Rhode Islanders to take proactive steps to protect their personal information. The state has shut down the RIBridges system to prevent further damage and is working with Deloitte to investigate the breach. A dedicated toll-free hotline has also been established to help and provide information to affected individuals. Additionally, those directly impacted will receive a notification letter in the mail.
Per the APNews, cybercriminals behind the attack are demanding a ransom, and there is a high probability that the stolen data, including sensitive personal information, could be released to the public. This poses a significant risk of identity theft and financial fraud for affected individuals. You can also follow Rhode Island’s official updates about the incident here.
The impacted programs returned to paper applications on Monday the online portal “HealthyRhode” was taken offline after the attack. Cybersecurity advisor Michael Tetreault advises Rhode Islanders to strengthen passwords, activate multi-factor authentication, and contact credit-monitoring bureaus to freeze their credit.
Jim Routh, former CISO at AMEX and current Chief Trust Officer at cybersecurity company Saviynt, weighed in stating, “This breach is clearly from a sophisticated criminal syndicate that performs ransomware as a service. They first got access to an online account and then moved laterally to attack replication infrastructure (servers that run data management and replication applications).”
“Once they accomplish this, they exfiltrate data from core applications before encrypting the data. They increase their probability of getting an extortion payment by leaking the data from core systems publicly. All of these steps are designed to encourage the victim enterprise to pay the ransom,” he added.
