The cybersecurity breach in Rhode Island has put thousands of residents at risk of having their personal information compromised. The cyberattack targeted the state’s online system for delivering health and human services benefits, known as RIBridges, potentially exposing sensitive data such as names, addresses, dates of birth, Social Security numbers, and banking information.
Governor Daniel McKee and his administration are urging residents to take immediate action to protect their personal information as the threat of leaked data looms. The cyberattack was initially detected on December 5, 2024, when the vendor, Deloitte, informed state officials about a potential breach. Following an internal investigation, it was confirmed on December 10 that sensitive information had indeed been compromised.
Hackers provided proof of the breach by sharing a screenshot of file folders from the system, likely containing personal data of Rhode Island residents. By December 13, malicious code was detected within the system, prompting the state to take RIBridges offline to contain the threat. Deloitte has indicated a high probability that cybercriminals have accessed files with personally identifiable information (PII) and are demanding a ransom, although specific details of these demands have not been disclosed.
The data breach impacts individuals who have applied for or received benefits through the RIBridges system, including programs like Medicaid, SNAP, TANF, CCAP, RIW, LTSS, and health insurance purchased through HealthSource RI. Both current and former beneficiaries could be affected as the state works to determine the full extent of the breach.
The stolen data may include names, addresses, dates of birth, Social Security numbers, and banking information, with Deloitte continuing its analysis to determine the exact scope of the breach. In response to the cyberattack, Rhode Island has taken several actions, including shutting down the RIBridges system, involving law enforcement agencies in the investigation, setting up a dedicated call center for residents, and providing free credit monitoring services to impacted households.
Residents are advised to monitor their financial accounts, freeze their credit, update their passwords, stay alert for scams, and stay informed through the state’s dedicated website for updates on the situation. Rhode Island and Deloitte are working together to identify the breach’s cause, remediate vulnerabilities, and restore the RIBridges platform. While no instances of identity theft have been reported, residents are urged to remain vigilant.
The state continues to investigate the breach and enhance cybersecurity measures to prevent future attacks. Deloitte, as the system vendor, may face scrutiny over its cybersecurity protocols and response time. Rhode Islanders are encouraged to focus on securing their personal information and staying informed about developments in this case to safeguard against potential risks.