Rhode Island left scrambling as Deloitte confirms breach likely impacting thousands


Rhode Island’s main benefits system, RIBridges, was cut off after a likely ransomware attack on Deloitte. In the worst-case scenario, anyone who applied for health coverage has been exposed.

The smallest US state was forced to shut down its main benefits system after Deloitte, the company operating it, informed Rhode Island that “there was a major security threat to the RIBridges system.”

While having a state-wide system assisting the most vulnerable offline is not an ideal place to be, RIBridges users likely had their personal details exposed. According to Rhode Island’s governor’s office, Deloitte said there’s a “high probability” that attackers took files with personally identifiable data.

ADVERTISEMENT

Although the attacks’ culprits have not been announced, ransomware cartel Brain Cipher recently posted Deloitte on its dark web blog, which showcases the gangs’ latest victims.

Ransomware gangs often pressure victims to meet ransom demands by targeting their clients. Since attackers claim to have stolen 1TB of data from Deloitte, Rhode Island could be only the first casualty in a wave of Deloitte’s corporate clients.

While the connection is so far unconfirmed, the timeline of the events lines up perfectly: Brain Cipher hit Deloitte on December 4th, and Rhode Island was notified about the RIBridges breach on December 5th.

Meanwhile, Rhode Islanders are currently forced to apply for benefits and other state assistance using paper applications. The system was taken down as Deloitte informed the state that the RIBridges system was infected with malicious code. Both state and federal agencies are working on the case.

Deloitte
Deloitte posted on a ransomware gangs' dark web blog. Image by Cybernews.

The Rhode Island governor's office said that “any individual who has received or applied for health coverage and/or health and human services programs or benefits could be impacted by this leak,” meaning that hundreds of thousands of state residents could be affected by the attack.

Multiple programs managed through the system were impacted, including the following: Medicaid, Supplemental Nutrition Assistance Program (SNAP), Temporary Assistance for Needy Families (TANF), Child Care Assistance Program (CCAP), Health coverage purchased through HealthSource RI, Rhode Island Works (RIW), Long-Term Services and Supports (LTSS), General Public Assistance (GPA) Program.

ADVERTISEMENT

Individuals impacted by the attack may have had their personal details exposed, including:

  • Names
  • Addresses
  • Dates of birth
  • Social Security numbers
  • Banking information
Ernestas Naprys Paulina Okunyte Gintaras Radauskas vilius
Be the first to know and get our latest stories on Google News

While an investigation into the attack is still underway, exposed individuals face a number of threats. For one, systems such as RIBridge often contain comprehensive user profiles, which allow attackers to construct detailed profiles for identity theft, medical fraud, or targeted scams.

Malicious actors who obtained the data could utilize stolen data to fabricate benefits claims, disrupting legitimate access to essential services. Additionally, stolen details may also allow attackers to craft sophisticated social engineering attacks, making convincing impersonation attempts against the state's most vulnerable people.

“Households that may have had personal information compromised will receive a letter by mail from the State that explains how to access free credit monitoring,” Rhode Island's Governor’s office said.