Rhode Island's public benefits computer system was shut down Friday after it was hacked by hackers, potentially exposing the personal information of hundreds of thousands of Rhode Islanders, Gov. Dan McKee said.
Deloitte, the information technology provider that built and managed the RIBridges and UHIP computer system, first alerted the state and police on December 5 about a possible attack. On Tuesday, the attackers sent the vendor screenshots showing personal data files.
McKee said the decision to shut down the system came late Friday afternoon after Deloitte discovered dangerous malware embedded in the RIBridges computer code.
“As part of this investigation, we discovered today that a cybercriminal had installed dangerous malware within the Rhode Island Bridges system that posed an urgent threat,” McKee said at a news conference Friday evening. “As a result, we have shut down the system tonight. This means that customers will temporarily not have access to any customer portal related to Rhode Island Bridges services.”
The cybercriminals threatened to release personal information including names, addresses, dates of birth, Social Security numbers and banking information, Chief Information Officer Brian Tardiff said Friday evening.
More: Truck tolls are legal, but reintroducing them won't be a quick fix. This is why
It is unclear how many households had personal data stolen. As of Friday evening, no identity theft had been reported related to the breach.
But state officials urged anyone who has applied for benefits through the system since 2019 to change passwords and check their bank accounts for suspicious charges.
“I understand this is alarming,” McKee said at the news conference. “Please know that Deloitte and the state are working with law enforcement and IT experts to minimize the impact on Rhode Islanders.”
Why did the state keep the breach a secret for a week?
McKee said he first became aware of the breach not long after Dec. 5, but the state did not disclose there might be a problem until the breach could be confirmed and to prevent personal information from being released.
“According to Deloitte, the company received a message from a cybercriminal group that they were in possession of one terabyte of data and demanded a ransom not to release the data in their possession,” Tardiff said. “When it first started, we were unsure of the veracity of the cybercriminals' claims, and we purposely took no action to prevent potential further damage to the environment.”
More: The drug lord's family ties to Providence police raise questions before sentencing
He would not say how much the hackers demanded or whether any payments were made.
Although malicious code was detected, Tardiff said it was not a ransomware attack, where the hackers threaten to shut down a computer system if their demands are not met. Instead, the threat was to release private information.
“This is more of an extortion activity by this cybercriminal group,” he said.
Tardiff said no breaches were discovered in any other state computer system.
What is RIBridges?
Originally known as the Unified Health Infrastructure Project, RIBridges was launched in 2016 as a centralized eligibility system for a wide range of public benefits.
It serves as an access portal for:
-
Supplemental Nutrition Assistance Program (SNAP)
-
Temporary assistance for needy families
-
Childcare Assistance Program
-
The HealthSource RI health insurance exchange
-
Long-term services and support
-
General government assistance
As long as the system is not available, anyone who wants to apply for benefits must submit a paper application.
Households where personal information may have been compromised will receive a letter in the mail from the state explaining how to access free credit monitoring.
The state is also setting up a dedicated call center for affected customers.
Kimberly Merolla-Brito, director of State Human Services, said the agency hopes to have the system up and running again before the next scheduled benefits cycle in January.
The breach occurs during the open enrollment period for HealthSource RI, the state health insurance exchange.
This story has been updated with new information.
This article originally appeared in The Providence Journal: Cyberattack on RI computer network forces public benefits system to close
