The personal and private information of possibly hundreds of thousands of people who applied for government assistance in Rhode Island could be in the hands of hackers after a huge cyberattack, state officials said on Friday.
The cybercriminals said to be behind the attack threatened to release the data unless they received a payment, said Brian Tardiff, the state’s chief digital officer.
Rhode Island says personal data likely breached in social services cyberattack.
An “international cybercriminal group” harvested the personal data of potentially hundreds of thousands of people from the state’s social services and health insurance systems, officials said.
State officials said hundreds of thousands of Rhode Island residents could be affected by a cyberattack on the state’s online portal for social services, with a “high probability” that personally identifiable information was breached.
According to an update from Governor Dan McKee’s office, the attack targeted RIBridges, which Rhode Island residents use to apply for and access programs such as Medicaid and the Supplemental Nutrition Assistance Program (SNAP).
The attack also targeted the Healthsource RI insurance marketplace. McKee’s office said, “Any individual who has received or applied for health coverage and/or health and human services programs or benefits could be impacted by this leak.
The information accessed by the cyberattackers could include names, addresses, dates of birth, Social Security numbers, and banking information.
The RIBridges system is operated by Deloitte, which first notified the state of a potential cyberattack on December 5—but McKee’s office said it wasn’t clear then that sensitive information had been breached.
On Friday, December 13, Deloitte confirmed that there was “malicious code” in the system and worked with the state to “proactively” take the system down to address the threat.
In the meantime, the state said Rhode Island residents can still use paper applications to apply for benefits.
