Rhode Island Hit by Ransomware Attack Impacting Deloitte via RIBridges

• A ransomware attack hit Rhode Island’s HealthSourceRI portal, resulting in the leak of user data.
• First assessments evaluate that the data breach has impacted hundreds of thousands of residents and Deloitte via the RIBridges system.
• The name of the threat actor who claimed the attack has not yet been unveiled.

State officials in Rhode Island disclosed a significant data breach earlier this month when hackers infiltrated the state's RIBridges online portal. The compromised data reportedly includes Social Security numbers, banking details, and other personally identifiable information (PII) of people utilizing the state's government assistance programs. 

The hack comes six weeks into the open enrollment period for the state’s health insurance marketplace, HealthSourceRI, which includes the RIBridges system.

The programs and benefits managed through the RIBridges system include but are not limited to Medicaid, Supplemental Nutrition Assistance Program (SNAP), Temporary Assistance for Needy Families (TANF), Child Care Assistance Program (CCAP), Health coverage purchased through HealthSource RI, Rhode Island Works (RIW), Long-Term Services and Supports (LTSS) and General Public Assistance (GPA) Program. 

The breach, which compromises the personal and financial data of hundreds of thousands of residents, has escalated into a ransomware scenario as the attackers threaten to release the stolen information unless an undisclosed sum is paid, according to Reuters.

Anyone who has applied for or received benefits from these programs since 2016 might be at risk. Notifications will soon be sent to affected households, outlining protective measures and actions to safeguard their data and financial accounts.

The cyberattack is believed to have been executed by an international cybercriminal organization that has not been named yet.

The platform functions as Rhode Island's central system for managing social services applications. Despite this, the breach was only verified on Friday by the state's vendor, Deloitte, after state officials flagged irregularities earlier in the month.

"Deloitte confirmed that there is a high probability that a cybercriminal has obtained files with personally identifiable information from RIBridges," the governor's office stated on Saturday. 

Deloitte has since been directed to disable RIBridges entirely while remediation efforts are underway. At present, new applications for assistance will require manual, paper submissions until the system can be secured and restored.