The consulting firm Deloitte that built and manages Rhode Island’s popular RIBridges portal has paid the state $5 million to compensate for the ransomware attack that compromised and shuttered the benefits site in December.
Separately, Deloitte is also covering the cost of the data breach call center, credit monitoring, and identity protection for impacted customers, according to Governor Dan McKee, who said he requested the firm’s payments.
“Deloitte has recognized that the state has immediate and unexpected expenses related to the breach, and we appreciate their willingness to lend financial support,” said McKee.
According to the state, the $5 million payment will help defray costs including those associated with the approximately 2,000 HealthSource RI customers who were enrolled directly in coverage for the months of January and February. HealthSource RI worked with insurance providers to offer customers who needed active coverage starting the first of the year to enroll directly with Neighborhood Health Plan and Blue Cross Blue Shield.
The RIBridges system that is used by more than 650,000 people has been offline since mid-December due to a ransomware attack that exposed some users’ private information.
Deloitte has determined that the Brain Cipher international ransomware gang was behind the breach. Deloitte has also confirmed that some of the information breached contained names, addresses, dates of birth and Social Security numbers, as well as certain banking information.
The state has learned that hackers responsible for the ransomware attack have posted some of the stolen information to the dark web. On January 10, the state sent letters to all users affected by the breach confirming that personal data was breached and providing directions on how to access free credit monitoring. The deadline to sign up for free credit monitoring online or via phone is April 30, 2025.
Since the attack, Deloitte has been hit with class action lawsuits over the cyber breach alleging that as the services provider for RIBridges, it has been negligent for failing to protect the plaintiffs’ sensitive data and for being slow to notify them of the breach.
The RIBridges system is undergoing a phased relaunch. Currently, customers can access the HealthyRhode portal, submit applications, and interact with their accounts.
RIBridges provides access to Medicaid, Supplemental Nutrition Assistance Program, Temporary Assistance for Needy Families, Child Care Assistance Program, health coverage purchased through HealthSource RI, Rhode Island Works, Long-Term Services and Supports, and general public assistance programs.
Topics Cyber
Was this article valuable?
Here are more articles you may enjoy.
Berkshire, Progressive Are Underwriting Profit Leaders; Industry Sets Income Record 
FEMA to Borrow $2 Billion to Pay Flood Claims After Hurricanes Helene and Milton 
Liberty Mutual to Sunset Safeco Brand in 2026 
HUD Rejects Helene Relief Grant for Asheville Due to DEI Program Mention 
