Rhode Island's state government system hit by cyberattack
Learn More
A cyberattack has hit Rhode Island's state government, targeting the RIBridges system (formerly known as UHIP), which manages critical social services including Medicaid, SNAP benefits, and HealthSourceRI.
The breach, confirmed by state officials on December 13, 2024, has potentially compromised the personal information of hundreds of thousands of Rhode Island residents and forced the state to take its online benefits portal offline.
Deloitte, the state's vendor, first notified Rhode Island officials about a potential cyberattack on December 5. By December 10, Deloitte confirmed the breach after receiving screenshots of file folders from the hackers. On December 11, they determined there was a high probability that the compromised folders contained personally identifiable information, and by December 13, the discovery of malicious code in the system prompted officials to shut down RIBridges completely.
Potentially compromised data includes
- names,
- addresses,
- dates of birth,
- Social Security numbers,
- banking information.
The breach affects anyone who has received or applied for various state health and human services programs, including
- Medicaid,
- SNAP,
- TANF,
- Child Care Assistance Program,
- HealthSource RI coverage,
- Rhode Island Works,
- Long-Term Services and Supports,
- General Public Assistance Program.
- HOME Cost Share
The number of affected individuals is not disclosed but it's estimated at minimum of 100,000.
A dedicated call center will open on Sunday, December 15, operating from 11 a.m. to 8 p.m., and then Monday through Friday from 9 a.m. to 9 p.m. EDT. The state will send letters to affected households explaining how to access free credit monitoring services. During the system outage, benefit applications will need to be submitted on paper.
Chief Digital Officer Brian Tardiff confirmed that while hackers installed malware and demanded a ransom, the state is characterizing this as an "extortion type activity" rather than ransomware. Officials delayed disclosure of the attack due to concerns about potential release of customer information.
This incident is particularly notable as it follows the troubled history of the system, which experienced a problematic rollout in 2016 under then-Governor Gina Raimondo's administration, despite federal warnings about its readiness. Deloitte has stated they are working with law enforcement and the state to resolve the situation, emphasizing their "unwavering commitment to the State of Rhode Island and the people they serve."
Update - as of 30th of December 2024, the hackers leaked some residents’ files to a site on the dark web. While the full scope of compromised data remains under investigation, state officials are operating under the assumption that all data within the RIBridges system has been potentially compromised.
The Brain Cipher ransomware gang has now begun leaking the stolen data on their data leak site. Cybersecurity researcher Connor Goodwolf, who analyzed the leaked data, reported that the stolen information includes personal identifiable information (PII) of both adults and minors. The leaked files reportedly contain Oracle databases, backups, and other sensitive data like:
- Names
- Addresses
- Dates of birth
- Social Security numbers
- Banking information
Number of affected individuals is estimated at 650,000 people
