RI Bridges System Breach Impacts Rhode Island Residents’ Data

December 18, 2024 Christine Garcia HIPAA News

The data of hundreds of thousands of residents in Rhode Island were stolen during a cyberattack on the Rhode Island Bridges system. State residents use this online portal to get social services and medical insurance. On December 5, 2024, vendor Deloitte discovered a possible RI Bridges system breach. After verifying the unauthorized access, Deloitte shut down the online site on December 13 as a safety measure. With the help of state officials, IT specialists, and law enforcement, the subsequent investigation limited the impact of the cyberattack and data breach.

Although the cyberattack wasn’t at first identified as a ransomware attack, Chief Digital Officer Brian Tardiff of Rhode Island stated that a threat actor had deployed malware and demanded a ransom payment to stop publishing the stolen information. The number of affected individuals or the type of stolen data during the attack is not yet confirmed. According to Deloitte, it is still analyzing the data theft incident but the following information likely involved PHI such as names, birth dates, addresses, Social Security numbers, and bank account details.

People who requested or got benefits or medical insurance via the RI Bridges system are potentially impacted. The following services and benefits programs are handled using the RI Bridges system:

  • Child Care Assistance Program (CCAP)
  • General Public Assistance (GPA) Program
  • Health insurance bought through HealthSource RI
  • Long-Term Services and Supports (LTSS)
  • Medicaid
  • Rhode Island Works (RIW)
  • Supplemental Nutrition Assistance Program (SNAP)
  • Temporary Assistance for Needy Families (TANF)

Rhode Island Governor Daniel McKee stated that hundreds of thousands of Rhode Islanders were possibly impacted. Deloitte will mail individual notifications to all people impacted by the Rhode Island data breach as soon as the investigation is finished. Because of the sensitivity of the information stolen in the ransomware attack, any person who sent an application or received benefits or medical insurance via any of the listed programs must be watchful against fraud and identity theft, keep track of the accounts carefully, and use the available complimentary credit monitoring services. They were likewise urged to look at filing a credit freeze or fraud notification with a credit bureau (choose one of the three available) and to alter passwords. State officers have not received reports of misuse of the affected information to date. Hackers still expect a ransom payment and leak stolen information when the ransom is not paid. The state of Rhode Island created helpline 833-918-6603 to assist state residents know more about the Rhode Island data breach. The helpline is available from Monday to Friday, 9 a.m. to 9 p.m.

About Christine Garcia 1200 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA
Twitter