Rhode Island Benefits and Services Systems Hit by Ransomware
The personal data of hundreds of thousands of Rhode Island residents may have been stolen in a ransomware attack earlier this month on the state’s online human services program.
The information stolen incudes names, addresses, dates of birth, Social Security numbers, and some banking information of some residents who received benefits through the RIBridges program, and the attacks have threatened to release the information, Governor Dan McKee said during a press conference over the weekend.
“The data could be exposed in the near future, as early as this coming week, based on the information we currently have,” McKee said.
State officials, federal agencies including CISA, and Deloitte – the vendor running the data system for the RIBridges program – are continuing to sort through the information to see how much data was stolen, the kind of information that was taken, and which residents were affected, the governor said.
Services offered through RIBridges include Medicaid, the Supplemental Nutrition Assistance Program (SNAP) food stamp program, Child Care Assistance Program (CCAP), Rhode Island Works, General Public Assistance, and health coverage bought through the state’s HealthSource RI.
Alerted December 5
According to a statement from Rhode Island officials, Deloitte notified the state on December 5 that the RIBridge system was being targeted in a cyberattack, prompting the state to contact federal law enforcements and agencies as well as the R.I. state police.
Deloitte put addition security measures in place and began assessing the threat, with state officials saying they needed to keep news of the attack under wraps until they could secure the RIBridges system.
Five days later, Deloitte confirmed the data breach, having been sent a screenshot of file folders sent by the hacker. Over the next several days, the consultancy said there was a “high probability” that the folders contained personally identifiable information and that there was malicious code found in the system.
Rhode Island officials took the RIBridges offline to mitigate the attack.
“To the best of our knowledge, any individual who has received or applied for state health coverage or health and human services programs or benefits could be impacted by this breach,” the state said in a statement.
Government Agencies are a Target
Government entities are climbing the ladder of favorite targets of threat groups. Threat researchers with cybersecurity firm Arctic Wolf noted in a report this year that the FBI said that in 2023, such government organizations were the third most-targeted sector by ransomware attackers. In addition, Arctic Wolf said the average ransom for government organizations topped $1 million last year, noting that 70% of such entities were hit with business email compromise (BEC) attacks during the previous 12 months, reaching into 2023.
“Cybercriminals tend to follow the path of least resistance, and that path has, time and time again, led them toward state and local governments,” Arctic Wolf wrote. “The main reasons are not unique to these organizations but are seen across industries.”
Those reasons include having access and storing huge amounts of private data, like financial information and Social Security numbers, that sell at a high price on the dark web. Government organizations also have much downtime given the central role they play in communities.
“Those two factors make them a strong initial target for ransomware groups and individual hackers, and once a little research is done by the cybercriminals, key weaknesses can expose themselves, motivating the threat actors to launch sophisticated attacks,” the vendor wrote.
There also are other reasons, including such government agencies lacking funding and skilled talent and being so highly connected. In addition, there are a lot of local governments in the United States – about 90,000, according to Arctic Wolf, which this week announced it was acquiring cybersecurity company Cylance from BlackBerry.
Residents Told to Protect Their Data
As officials from Rhode Island, the federal government, and Deloitte work to determine the extent of the attack on RIBridges, they’re urging residents who have received services through the program since 2016 to proactively take steps to secure their data. That includes requesting a credit freeze from the three top credit bureaus – Equifax, Experian, and TransUnion – signing up for free credit monitoring, and implementing two-factor authentication to financial accounts.
In the press conference over the weekend, McKee said he went online to protect his mother’s data, including changing the password on her account and contact the credit services.
Rhode Island also has set up a call center – 833-918-6603 – to answer questions about the breach and noted that the reference number for the incident is B137035. In addition, residents can go to the cyberalert.ri.gov website. The state will send letters to those residents whose data was stolen.
In an unrelated move earlier this month, Rhode Island next year will become the first state to deploy a cybersecurity tool, the Protective Domain Name Service, to protect K-12 schools from ransomware attacks.
