The State of Rhode Island has been rocked by a major security threat involving its social services portal, the RIBridges system, which has been compromised by cybercriminals. Rhode Island’s Department of Human Services (DHS) confirmed that personally identifiable information may have been accessed in the attack, which was detected by the vendor, Deloitte, on December 13.
An official statement from the DHS indicated that individuals who have received or applied for health coverage and various human services programs or benefits could potentially be impacted by the breach. Programs such as Medicaid, the General Public Assistance Program, and the Child Care Assistance Program are managed through the vulnerable RIBridges system, putting a significant amount of sensitive data at risk.
Names, addresses, dates of birth, Social Security numbers, and certain banking information may have been exposed in the breach, although the extent of the security breach is still being investigated by state officials. In response to the breach, the Rhode Island DHS promptly took the RIBridges system offline to collaborate with Deloitte on addressing the threat and restoring the system’s security.
Deloitte has also taken action by engaging Experian to operate a multilingual call center to assist individuals affected by the breach. The State and Deloitte are working diligently to manage the situation and provide updates as needed, prioritizing the security and integrity of the RIBridges system.
Prior to this security incident, Deloitte had faced allegations of a cyber-attack from Brain Cipher in early December, which the company later confirmed was related to one of its clients. Despite the false claim made by Brain Cipher about stealing 1TB of compressed data, the real threat to the RIBridges data system was only confirmed on December 5.
The Rhode Island DHS made a conscious decision to keep the news of the potential cyber-attack internal for security reasons until the RIBridges system could be secured. State police and federal law enforcement have been consulted for guidance, but no significant developments in the investigation have been disclosed thus far.
As Rhode Island grapples with the aftermath of this security breach, the focus remains on securing the RIBridges system, protecting affected individuals, and preventing any further unauthorized access to sensitive data. Stay tuned for updates on this developing story as state officials and cybersecurity experts continue their efforts to address the security threat and safeguard the integrity of the state’s social services portal.