Rhode Island Delayed Action on Benefits System Breach, Exposing Data of Thousands

Hackers infiltrated Rhode Island’s RIBridges benefits system, potentially exposing the personal data of hundreds of thousands of residents, state officials said on Friday. Deloitte, the system’s vendor, first notified the state of a potential attack on December 5, 2024, but the system was not shut down until December 13, when malicious code was discovered. The breach compromised sensitive data, including Social Security numbers, names, and banking details, from users who applied for public benefits such as Medicaid, food assistance, and health insurance since 2019. The system was taken offline during the open enrollment period for HealthSource RI, disrupting access to vital services.

Officials said they delayed the shutdown to assess the threat and avoid triggering further harm, such as releasing personal information. By December 10, hackers had sent Deloitte a screenshot of stolen files, confirming a breach had occurred. State officials worked with law enforcement to evaluate the situation but waited until December 13, when malware was confirmed, to take the system offline. Governor Dan McKee called the cyberattack an “urgent threat” and urged residents to monitor financial accounts and freeze credit. Affected households will receive letters offering free credit monitoring, and a dedicated call center will open on December 15. Recovery efforts are ongoing to restore the system before the January benefit cycles. This breach highlights growing concerns about cyberattacks on government systems following previous technical failures and lawsuits tied to RIBridges since its 2016 launch.

Source

Subscribe to The Dysruption Hub

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
[email protected]
Subscribe