A significant cyberattack targeting Rhode Island’s RIBridges portal has potentially compromised the sensitive personal data of hundreds of thousands of residents. State officials confirmed a “high probability” that personally identifiable information (PII) was accessed during the breach, which impacted systems used for essential social services.
Scope of the RIBridges Security Breach
Governor Dan McKee’s office announced that the attack hit the RIBridges system, a critical platform used by residents to apply for and manage benefits, including Medicaid and the Supplemental Nutrition Assistance Program (SNAP). Additionally, the HealthSource RI insurance marketplace was caught in the crosshairs of the incident.
According to an official update, any individual who has applied for or received health coverage, human services, or related benefits through these platforms may be affected. Exposed data could include:
- Full names and home addresses
- Dates of birth
- Social Security numbers
- Banking information
Timeline and Response to the Cyberattack
The RIBridges system is managed by Deloitte, which first alerted the state to potential suspicious activity on December 5. While initial assessments were inconclusive regarding the extent of the data compromise, the situation escalated rapidly. By Friday, December 13, Deloitte confirmed the presence of “malicious code” within the infrastructure.
In response, the state worked with Deloitte to proactively take the portal offline to neutralize the threat and secure the environment. To ensure continuity of services, Rhode Island is currently directing residents to utilize paper applications for benefit processing while the digital systems remain under investigation.
Extortion Threats and Ongoing Investigation
The New York Times reports that the situation involves an extortion element. During a press conference held on Friday, the state’s chief digital officer, Brian Tardiff, revealed that the cybercriminals responsible for the breach have issued threats to leak the stolen data publicly unless a ransom payment is made.
Authorities continue to investigate the depth of the intrusion as they work to restore system integrity and protect the affected population from further risk.