Cyberattack exposes personal data of thousands in Rhode Island breach
Cybercriminals may begin releasing the personal data of numerous Rhode Islanders as soon as this week following a significant cyberattack on the state’s online system for delivering health and human services benefits, Governor Daniel McKee announced.
State officials said on Saturday (Dec. 14) that the personal and banking information of hundreds of thousands of Rhode Island residents, including Social Security numbers, was likely compromised in a cyberattack by an international criminal group demanding ransom.
The state has urged Rhode Islanders to take steps to safeguard their personal information, which may include names, addresses, dates of birth, Social Security numbers, and certain banking details.
What was affected in the Rhode Island cyberattack?Governor Dan McKee announced Friday (Dec. 13) that the breached data impacts individuals have been using state government assistance programs since 2016, including the Supplemental Nutrition Assistance Program (SNAP), Temporary Assistance for Needy Families, and healthcare purchased through HealthSource RI.
The RIBridges system was taken offline after the state was notified by its vendor, Deloitte, of the security threat. According to the state, the vendor confirmed a “high probability” that a cybercriminal had accessed files containing personally identifiable information from RIBridges.
To assist affected Rhode Islanders, the state has partnered with Experian to provide a toll-free hotline offering information about the breach and guidance on protecting personal data.
Staff can provide info about the breach and data protection steps individuals can take today.
Once analysis is complete, impacted individuals will receive a letter with info on how to secure free credit monitoring.
— Governor Dan McKee (@GovDanMcKee) December 15, 2024
Writing on X, McKee stated: “Staff can provide info about the breach and data protection steps individuals can take today.
“Once analysis is complete, impacted individuals will receive a letter with info on how to secure free credit monitoring.”
According to The New York Times, Karen Walsh, a spokeswoman for Deloitte, stated that the attack was carried out by “an international cybercriminal group” and noted that the company launched an investigation “in collaboration with our client and law enforcement officials.”
Brian Tardiff, RI's Chief Digital Officer and Chief Information Officer calls the cyberattack "extortion type activity."https://t.co/KMnYmkMNl6 @wpri12 pic.twitter.com/hKrS3lca0f
— Alexandra Leslie (@AlexandraLeslie) December 14, 2024
Brian Tardiff, Rhode Island’s Chief Digital Officer, described the cyberattack as “extortion type activity.” He further explained that the malware discovered in the system had the potential to cause “catastrophic damage.”
It is not the first time the American healthcare system has faced this kind of breach. In February, ReadWrite reported that U.S. health tech giant Change Healthcare was targeted by a ‘Blackcat’ ransomware group.
Featured image: Ideogram
The post Cyberattack exposes personal data of thousands in Rhode Island breach appeared first on ReadWrite.