Rhode Island’s public benefits computer system was shut down Friday after it was breached by hackers, potentially exposing the personal information of hundreds of thousands of Rhode Islanders, Gov. Dan McKee said.
Deloitte, the information technology vendor that built and runs the computer system known as RIBridges and UHIP, first alerted the state and police about a potential attack on Dec. 5. On Tuesday, the attackers sent the vendor screenshots showing personal data files.
McKee said the decision to shut the system down came late Friday afternoon after Deloitte discovered dangerous malware embedded in the RIBridges computer code.
“As part of this investigation today, we discovered that within the Rhode Island Bridges system, a cybercriminal had installed dangerous malware that constituted an urgent threat,” McKee said at a Friday night news conference. “That is why tonight we have shut down the system. That means customers will temporarily not be able to access any customer portal related to the services on Rhode Island Bridges.”
The cybercriminals threatened to release personal data, including names, addresses, birth dates, Social Security numbers and bank information, state Chief Information Officer Brian Tardiff said Friday night.
More: Truck tolls are legal, but turning them back on won’t be a quick fix. Here’s why
It is unclear how many households may have had personal information stolen. No identify theft connected to the breach had been reported by Friday night.
But state officials urged anyone who has applied for benefits through the system since 2019 to change passwords and monitor their bank accounts for suspicious charges.
“I understand this is alarming,” McKee said at the news conference. “Please know that Deloitte and the state are working with law enforcement as well as IT experts to minimize the impact on Rhode Islanders.”
Why did the state keep the breach secret for a week?
McKee said he first learned of the breach not long after Dec. 5, but the state did not disclose that there could be a problem until the breach could be confirmed and to prevent triggering the release of personal data.
“According to Deloitte, the company received a message from a cyber criminal group that they were in possession of one terabyte of data and demanded a ransom in order to not release the data in their possession,” Tardiff said. “When it first began, we were unsure of exactly the veracity of the cybercriminals claims, and we purposely did not take action to avoid potential triggering of further damage to the environment.”
More: Drug kingpin’s family ties to Providence police raise questions before sentencing
He would not say how much the hackers demanded or whether any payments had been made.
Although malicious code had been detected, Tardiff said it was not a ransomware attack, where the hackers threaten to shut down a computer system if their demands are not met. Instead, the threat was to release private information.
“This is more of an extortion type activity by this cyber criminal group,” he said.
Tardiff said no breaches have been detected in any other state computer system.
What is RIBridges?
Originally known as the Unified Health Infrastructure Project, RIBridges launched in 2016 as a centralized benefit eligibility system for a wide range of public benefits.
It serves as the entry portal for:
-
Supplemental Nutrition Assistance Program (SNAP)
-
Temporary Assistance for Needy Families
-
Child Care Assistance Program
-
The HealthSource RI health insurance exchange
-
Long-Term Services and Supports
-
General Public Assistance
While the system is down, anyone wishing to apply for benefits will need to submit a paper application.
Households that may have had personal information compromised will receive a letter by mail from the state explaining how to access free credit monitoring.
The state is also setting up a dedicated call center for affected customers.
State Human Services Director Kimberly Merolla-Brito said the agency hopes to have the system back up and running before the next scheduled benefit cycle in January.
The breach comes during the open enrollment period for HealthSource RI, the state health insurance exchange.
This story has been updated with new information.
This article originally appeared on The Providence Journal: RI computer network cyberattack forces shutdown of public benefits system