In a concerning development, cybercriminals have successfully infiltrated Rhode Island’s public benefits system, leading to significant disruptions. State officials swiftly reacted by shutting down online services, which allowed residents to apply for Medicaid and other vital assistance programs. This decisive action was announced by Governor Dan McKee during a recent press conference, as reported by The Providence Journal.
The vendor responsible for managing the Rhode Island Bridges system, Deloitte, confirmed a high probability that personally identifiable information, including names, addresses, Social Security numbers, and banking information, might have been compromised. This assertion by Deloitte was echoed in a press release from the governor’s office, which emphasized that the system has been taken offline to address the threat adequately.
The disruption of services and the data breach have sparked a class-action lawsuit against Deloitte, filed in federal court. This hack affects various state programs, including Medicaid and the Supplemental Nutrition Assistance Program (SNAP), as stated by the governor’s office.
The history of the Unified Health Infrastructure Project (UHIP), now called Rhode Island Bridges, has been turbulent. Despite earlier failures causing massive cost overruns and operational issues, the state signed a new contract with Deloitte in 2021. Extensive details about this contract can be found in a WPRI report from 2021.
At this time, Rhode Island’s administration, along with Deloitte, continues to focus on mitigating this cybersecurity threat, although there is no clear timeline for the restoration of the RIBridges system. The state has made alternate arrangements for individuals to apply for benefits through paper applications, keeping the needs of applicants in mind during this disruption, as detailed on the updates page.
For further details about the ongoing investigation, see the article on Ars Technica.