Rhode Island's RIBridges computer system, previously known as UHIP, has reportedly experienced a cybersecurity breach that may have compromised the personal data of state residents. This announcement was made by Governor Dan McKee and state officials during a press conference on December 13, 2024.
"On December 13, 2024, the State was informed by its vendor, Deloitte, that there was a major security threat to the RIBridges system," stated McKee. The RIBridges system is integral in delivering an array of health and human services benefits to Rhode Islanders, underscoring the urgency surrounding this incident.
"On December 13, 2024, the State was informed by its vendor, Deloitte, that there was a major security threat to the RIBridges system,"
The breach affects individuals who are currently receiving benefits or have applied through the system, with the state highlighting a range of services that might be impacted. The RIBridges system handles various programs, including Medicaid, Supplemental Nutrition Assistance Program (SNAP), and Temporary Assistance for Needy Families (TANF).
Career Journey
Deloitte alerted the state about a potential cyberattack on the system as early as December 5, leading to increased concerns about the security of sensitive information. The type of data that might have been exposed includes names, addresses, dates of birth, Social Security numbers, and banking information.
"We understand this is an alarming situation for our customers," said McKee, emphasizing the state's commitment to keeping the public informed during this crisis. Current users of the RIBridges system will be unable to access their accounts while the system is offline for remediation.
"We understand this is an alarming situation for our customers,"
As part of its response, the state will mail notifications to those possibly affected, offering free credit monitoring as a precaution. A call center is also being set up to assist affected individuals, with operational hours beginning December 15 from 11 a.m. to 8 p.m.
State officials, including law enforcement and federal agencies, are closely monitoring the situation. "On December 10, the State received confirmation from Deloitte that there had been a breach of the RIBridges system based on a screenshot of file folders sent by the hacker to Deloitte," the state's update indicated.
"On December 10, the State received confirmation from Deloitte that there had been a breach of the RIBridges system based on a screenshot of file folders sent by the hacker to Deloitte,"
The severity of the breach deepened on December 11 when Deloitte confirmed the likelihood that the folders involved encompassed personal identifiable data from RIBridges. Just two days later, on December 13, a confirmation of malicious code present in the system prompted the immediate shutdown of RIBridges to address and remedy the threat.
Deloitte has expressed its commitment to resolving the situation swiftly, stating, "Upon learning that a state system supported by Deloitte had been attacked by an international cybercriminal group, we launched an investigation in collaboration with our client and law enforcement officials."
The history of the RIBridges system has not been without challenge; its rollout back in 2016 under former Governor Gina Raimondo faced significant obstacles, prompting concerns even before this breach. It is crucial for state officials to navigate this fallout effectively to restore public confidence around the security of these essential services.
Impact and Legacy
As the investigation continues, residents are urged to stay updated via the state’s website for alerts and further instructions regarding the matter. Given the sensitive nature of the data at risk and the potential lasting impact on individuals, managing this crisis effectively will be paramount as Rhode Island moves forward.