Introduction
The State of Rhode Island has experienced a significant cybersecurity breach involving its RIBridges social services portal [6], managed by Deloitte [3] [8]. This breach, linked to the Brain Cipher ransomware gang [8], has potentially exposed the personal information of a substantial portion of the state’s population. The incident has prompted immediate response measures and raised concerns about the security of government IT systems.
Description
The State of Rhode Island has confirmed a significant cybersecurity breach involving its RIBridges social services portal [6], previously known as UHIP [5], which is managed by Deloitte. Governor Dan McKee announced the breach [7] [9], linked to the Brain Cipher ransomware gang [8], on December 10, 2024 [3] [4] [5] [8] [9]. The incident was initially identified on December 4 when Brain Cipher claimed responsibility for the attack, and Deloitte later confirmed that RIBridges was the affected client [8]. A hacker sent a screenshot of compromised file folders [9], prompting further investigation. On December 5 [2] [3] [4] [5] [6] [7] [8] [9], Deloitte alerted the state about a major security threat [1], indicating a high probability that personally identifiable information (PII) had been accessed [1]. Dangerous malware was subsequently discovered embedded in the RIBridges code, leading to the decision to take the system offline for remediation on December 13.
Individuals who have received or applied for health coverage and human services programs through RIBridges since its launch in 2016 may be affected. Programs potentially impacted include Medicaid [9], the General Public Assistance Program (GPA) [4] [6], the Supplemental Nutrition Assistance Program (SNAP) [4] [5], the Temporary Assistance for Needy Families (TANF) [1] [4] [5] [7], the Child Care Assistance Program (CCAP) [4] [5] [6], HealthSource RI [1] [3] [4] [5] [7] [9], the Rhode Island Works (RIW) [4] [5], Long-Term Services and Supports (LTSS) [1] [4] [5], and the At HOME Cost Share Program [1]. The breach may have exposed PII, including names [2] [5] [6] [9], addresses [2] [3] [4] [5] [6] [9], dates of birth [3] [5] [6] [9], Social Security numbers [2] [3] [5] [6] [7] [9], and certain banking details [6]. The extent of the data compromised remains unclear [8], but it could potentially affect hundreds of thousands of individuals [8], as RIBridges serves about one-third of Rhode Island’s population [8]. Cybercriminals claimed to possess one terabyte of data and demanded a ransom to prevent its release [2], although it was clarified that this was not a ransomware attack but rather an extortion attempt [2].
In response to the breach, a multilingual call center has been established by Deloitte in partnership with Experian [4]. The toll-free hotline [1] [3] [4], available at 833-918-6603 [4], opened on December 15, 2024 [3] [4], and operates from 11 a.m [4]. to 8 p.m [4]. on Sundays and from 9 a.m [4]. to 9 p.m [4]. on weekdays [4]. Call center staff can provide general information about the breach and protective measures [4], but cannot confirm if specific individuals’ data has been compromised until those individuals are identified and notified by mail [3]. Households with compromised data will receive notifications from the state regarding free credit monitoring services [9]. Governor McKee urged those potentially affected to take immediate steps to protect their personal information [3] [4], including changing passwords [7], requesting a credit freeze [3] [4], signing up for free credit monitoring [3] [4], and implementing two-step verification for financial accounts [3]. Additional resources for EBT fraud prevention are available online [4], and updates regarding the breach can be found at cyberalert.ri.gov [3].
As of now [9], no identity theft or fraud has been reported related to the breach [3] [9], and no breaches were detected in other state systems [2]. The Rhode Island Department of Human Services (DHS) advises individuals to monitor their accounts for unauthorized activity, consider freezing their credit [9], change passwords [2] [3] [7] [9], and consult their banks for additional security measures [9]. The DHS has committed to providing updates as the situation develops [6], and the incident reference number is B137035 [8]. Federal law enforcement and the Rhode Island State Police have been notified [3] [5], and additional security measures are being implemented [3] [7]. Concerns about vulnerabilities in government IT systems and the need for enhanced cybersecurity measures have been reignited [7], particularly as the breach coincided with HealthSource RI’s open enrollment period. During the system’s downtime [2], applicants for benefits must submit paper applications [2], and the state aims to restore the system before the next benefit cycle in January [2].
Conclusion
The cybersecurity breach of Rhode Island’s RIBridges portal has significant implications for the security of personal data and the integrity of government IT systems. Immediate measures, including the establishment of a call center and the provision of credit monitoring services, have been implemented to mitigate the impact on affected individuals. The incident underscores the urgent need for enhanced cybersecurity protocols to protect sensitive information and prevent future breaches. As the state works to restore the system and address vulnerabilities, ongoing updates and support will be crucial in safeguarding the personal information of Rhode Island’s residents.
References
[1] https://apnews.com/article/cybersecurity-breach-data-rhode-island-56875d6b20ce94de7b240c5b2f43e4a8
[2] https://www.providencejournal.com/story/news/politics/state/2024/12/13/rhode-island-computer-network-cyberattack-forces-shutdown-public-benefits-system/76975102007/
[3] https://eastprovidenceri.gov/ribridges-data-breach
[4] https://governor.ri.gov/press-releases/ribridges-data-breach-call-center-opens-today
[5] https://turnto10.com/news/local/rhode-island-ribridges-system-uhip-breached-cybersecurity-breach-deloitte-medicaid-snap-temporary-assistance-for-needy-families-child-care-assistance-program-healthsource-ri-december-13-2024
[6] https://www.infosecurity-magazine.com/news/deloitte-rhode-island-data-breach/
[7] https://www.csoonline.com/article/3625178/rhode-island-suffers-major-cyberattack-exposing-personal-data-of-thousands.html
[8] https://rhodeislandcurrent.com/2024/12/16/ribridges-attack-linked-to-brain-cipher-ransomware-gang/
[9] https://governor.ri.gov/press-releases/governor-mckee-issues-update-cybersecurity-breach-ribridges-system
