As Rhode Island state officials feared would happen, hackers responsible for a ransomware attack on a popular state-administered benefits portal have posted some of the stolen information to the dark web.
Governor Dan McKee told the public that experts are still working to determine how much personal data of the estimated 650,000 citizens who use the portal known as RIBridges has been released and what exactly is in the files.
The cyber attack took place December 5. After an initial investigation, the site’s administrator — consulting firm Deloitte— confirmed that some of the information breached contained names, addresses, dates of birth and Social Security numbers, as well as certain banking information. Any individual who has received or applied for health coverage and/or health and human services programs or benefits could be impacted by the leak.
About a week after the attack, the state and Deloitte were warned by the hackers that stolen data would be exposed. The state has been urging citizens to take safety measures.
“Unfortunately, Deloitte has informed us that the cybercriminal released at least some RIBridges files to a site on the dark web. This is a scenario that the State has been preparing for, which is why earlier this month we launched a statewide outreach strategy to encourage potentially impacted Rhode Islanders to protect their personal information,” McKee said in his latest annoucement.
Rhode Island Social Services Portal Suffers Ransomware Attack; Citizens’ Data at Risk
Negotiations have been underway with the cyber criminals over a potential ransom payment, The release of some of the stolen data suggests that the hackers have not yet been paid. Deloitte has indicated the Brain Cipher international ransomware gang is behind the breach.
State officials also said that Deloitte is handling negotiations with the criminals, although state and federal officials will be consulted before any ransom is paid.
McKee said the IT teams are analyzing the released files. “This is a complex process and we do not yet know the scope of the data that is included in those files, but as we’ve been saying for several weeks, we should assume that data contained in the RIBridges system has been compromised.” McKee stated.
The governor also noted that while the data has been compromised, that does not mean it has been used for identity theft purposes, at least not yet.
Since the attack, Deloitte Consulting has been hit with class action lawsuits over the cyber breach. The suits have been brought in Rhode Island and New York federal courts on behalf of individuals who applied for or are enrolled in benefits offered by RIBridges and whose personal private information may have been hacked. The suits claim that Deloitte, as services provider for RIBridges, has been negligent for failing to protect the plaintiffs’ sensitive data and for being slow to notify them of the breach.
Deloitte Faces Class Action Lawsuits Over Rhode Island Cyber Breach
Deloitte has acknowledged the presence of a malicious code in the system and implemented additional security measures. The system was taken offline to help the teams working on addressing the threat.
RIBridges provides access to Medicaid, Supplemental Nutrition Assistance Program (SNAP), Temporary Assistance for Needy Families (TANF), Child Care Assistance Program (CCAP), Health coverage purchased through HealthSource RI, Rhode Island Works (RIW), Long-Term Services and Supports (LTSS) and the General Public Assistance (GPA) programs.
Currently customers are not be able to log into their accounts through the portal or the mobile app while the system is offline. Those seeking to apply for benefits can still submit paper applications.
A dedicated call center has been activated at 833-918-6603. The state has also set up a site for updates on the RIBridges situation at cyberalert.ri.gov.
Was this article valuable?
Here are more articles you may enjoy.