RIBridges Data Leak Impacts Hundreds of Thousands
PROVIDENCE, RI – The feared outcome has arrived. Hackers who breached Rhode Island’s RIBridges public benefits computer system, managed by Deloitte, have released data to the dark web, the governor’s office confirmed on Monday. RIBridges data leak affects an estimated 650,000 individuals.
The governor’s office stated in a news release at 11:52 a.m., “Right now, IT teams are working diligently to analyze the released files. We do not yet know the scope of the data that is included in those files, but as we’ve been saying for several weeks, we should assume that data contained in the RIBridges system has been compromised.”
The RIBridges hack, perpetrated by the group Brain Cipher, resulted in the compromise of sensitive information for individuals who have received or are currently receiving Medicaid and SNAP benefits, or who enrolled in private health insurance through HealthSourceRI. The system, formerly known as UHIP, contains records spanning years, including inactive cases. This means the leak could encompass data from individuals no longer receiving benefits.
James Beardsworth, Department of Human Services spokesman, clarified the 650,000 figure: “No, two thirds of the state are not currently receiving benefits. The RIBridges system hosts information about individuals, and sometimes their family members, who have applied for or received benefits. It also stores data from closed, or inactive, cases, such as individuals or families no longer receiving benefits or health coverage. DHS currently serves approximately 350,000 Rhode Islanders on a yearly basis. Additionally, present and past customers/applicants of HealthSource RI also make up some portion of this total. HSRI’s present enrollment is approximately 47,000 individuals, who are purchasing commercial health coverage through the exchange.”
The Timeline and Response to the RIBridges Data Leak
The RIBridges system has been offline since December 13th, following the initial disclosure of the hack. Brain Cipher had issued a ransom demand, seemingly directed at Deloitte rather than the state.
A screenshot of a message posted on social media, according to reports, stated: “It seems that it was easier to pay and calmly fix everything,” accompanied by a list of downloadable files. IT experts are currently scanning these files for malware before reviewing their contents.
The state is collaborating with Deloitte to identify impacted individuals and will send them letters with instructions on accessing free credit monitoring. While the data has been compromised and posted online, the governor’s office emphasized, “that does not mean it has been used for identity theft purposes – yet.”
The McKee administration recently extended Deloitte’s contract for two years, until June 30, 2026, at a cost of $77,029,843. This extension, according to a spokeswoman, aims to allow the state to solicit bids for a separate contract focused on modernizing the public benefits verification system. Eight vendors responded to the state’s request for proposals.
Protecting Yourself After the RIBridges Hack on This New Year’s Eve
The governor’s office urges Rhode Islanders to take proactive steps to safeguard their financial information:
- Freeze Your Credit: Contact all three credit reporting agencies to freeze your credit.
- Monitor Your Credit: Order a free credit report.
- Request a Fraud Alert: Ask a credit reporting agency to place a fraud alert on your files.
- Use Multi-factor Authentication: Implement multi-factor authentication for online accounts.
- Be Aware: Be cautious of suspicious emails, calls, or texts. Never share personal information unsolicited.
Further updates and information are available at cyberalert.ri.gov. This is a developing story.
