Rhode Island says personal data likely breached in social services cyberattack
State officials said hundreds of thousands of Rhode Island residents could be affected by a cyberattack on the state’s online portal for social services, with a “high probability” that personally identifiable information was breached.
According to an update from Governor Dan McKee’s office, the attack targeted RIBridges, which Rhode Island residents use to apply for and access programs such as Medicaid and the Supplemental Nutrition Assistance Program (SNAP).
The attack also targeted the Healthsource RI insurance marketplace. McKee’s office said “any individual who has received or applied for health coverage and/or health and human services programs or benefits could be impacted by this leak.”
The information accessed by the cyberattackers could include names, addresses, dates of birth, Social Security numbers, and banking information.
The RIBridges system is operated by Deloitte, which first notified the state of a potential cyberattack on December 5 — but McKee’s office said it wasn’t clear then that sensitive information had been breached. On Friday, December 13, Deloitte confirmed that there was “malicious code” in the system and worked with the state to “proactively” take the system down to address the threat.
In the meantime, the state said Rhode Island residents can still use paper applications to apply for benefits.
The New York Times reports that at a press conference Friday, state’s chief digital officer Brian Tardiff said cybercriminals claiming responsibility for the attack have threatened to release the data unless they receive a payment.