On Dec. 5, Rhode Island was informed that its RIBridges data system was the target of a potential cyberattack. The RIBridges system centralizes and automates the process of applying for state benefits and determining who does not qualify for them.
The state’s vendor, Deloitte, later confirmed that there was a successful attack against the RIBridges system, as initially it was unclear whether personal identifiable data was compromised. However, late last month, Deloitte confirmed that the cybercriminal responsible for the attack has released at least some RIBridges files to a site on the dark web.
Currently, IT teams within the state and Deloitte are working to analyze the released files. The state said that while they do not yet know the scope of the data that is included in those files, they assume that data contained in the RIBridges system has been compromised. However, the state did stress that the data being compromised does not mean it has been used for identity theft purposes. Stressing that residents need to take steps to protect their financial information, including monitoring and freezing their credit and staying alert for potential scams using compromised information.
Individuals who could be impacted by the data breach include anyone who has received or applied for health coverage and/or health and human services programs or benefits. This includes residents who have applied for or received Medicaid, Supplemental Nutrition Assistance Program (SNAP), Temporary Assistance for Needy Families (TANF), Child Care Assistance Program (CCAP), Health coverage purchased through HealthSource RI, Rhode Island Works (RIW), Long-Term Services and Supports (LTSS), and General Public Assistance (GPA) Program.
“Rhode Islanders who have received or applied for services and benefits from such programs as SNAP, Medicaid, and Temporary Assistance for Needy Families need to take crucial steps to protect their personal information now,” said Gov. Dan McKee. “Our team remains committed to supporting those individuals and families through this challenge.”
Since the data breach was uncovered, the state has launched an outreach strategy to encourage potentially impacted Rhode Islanders to protect their personal information. Households that may have had personal information compromised will receive a letter by mail from the state that explains how to access free credit monitoring. Additionally, the state has opened a dedicated call center for impacted customers. The state has also created a dedicated website with resources and updates.
