The front of a Rhode Island electronic bank transfer card, front. (Data source National Museum of American History CC0)
It is critical that hundreds of thousands of Rhode Islanders take steps to protect their digital identities after state officials on Friday acknowledged a major cyberattack on the state’s enrollment system Medicaid and other social service programs or sign up for commercial health care plans.
Governor Dan McKee called the deadline set by hackers who installed malicious malware on the RIBridges system and demanded a ransom a “moving target” at a news conference late Saturday afternoon.
“Based on the latest information we have, the data could be made public in the near future as soon as this week,” McKee said.
State officials declined to comment on the ransom amount.
RIBridges, formerly known as the Unified Health Infrastructure Project (UHIP), serves about one-third of the state’s population. That includes more than 46,000 individuals enrolled in health insurance through the state’s health insurance marketplace, HealthSource RI, and more than 8,000 more through the small group options offered to employers in the state.
According to the 2020 census, Rhode Island has a population of nearly 1.1 million.
No representative from Deloitte, the vendor that manages the RIBridges system, was present at the new conference.
McKee handed the podium to a federal cybersecurity expert who strongly encouraged residents to enable multi-factor authentication on their bank or credit card accounts, sign up online for free credit monitoring services through major credit bureaus and use passwords that are 10 to 12 characters long. .
“As we talk to the governor, it’s possible that we’ll have some additional credit monitoring done by Deloitte as part of the partnership and the work that they’re doing together,” he said. Michael Tetreault, cybersecurity advisor at the U.S. Department of Homeland Security’s CISA.
The RIBridges system is used to help vulnerable residents who rely on assistance for healthcare, food, childcare, daycare for adults and emergency housing.
The system was taken offline on Friday afternoon after Deloitte confirmed that a major security threat had occurred and that there was “a high probability that a cybercriminal may have obtained files containing personally identifiable information from RIBridges.” Networks are usually taken offline to prevent further breaches of systems.
Starting Monday, the Department of Human Services will return to processing paper applications, Director Kimberly Merolla-Brito said.
“We used to do this and are confident that we can help people in need of human resources and services,” Merolla-Brito said.
Merolla-Brito said Electronic Benefits Transfer (EBT) card holders can freeze their cards to prevent the card or benefits associated with the account from being used through the ebtEDGE. online portal. Cardholders who If you have lost or misplaced your cards, or are concerned that they have been compromised, you can also call EBT Customer Service at 1 (888) 979-9939.
State officials learned on December 5 of the possibility that the system was the target of a potential cyber attack from vendor Deloitte. At that point, the FBI and Rhode Island State Police were notified.
On Tuesday, December 10, Deloitte confirmed that RIBridges had been breached based on a screenshot of file folders sent to Deloitte by the hacker. On Friday, December 13, Deloitte confirmed that malicious code was present in the system, prompting the system shutdown.
The state will provide updates at https://admin.ri.gov/ribridges-alert.
SUBSCRIBE: GET THE MORNING HEADLINES IN YOUR INBOX
