Rhode Island’s public benefits computer system was shut down Friday after it was breached by hackers, potentially exposing the personal information of hundreds of thousands of Rhode Islanders, Gov. Dan McKee said.
Deloitte, a vendor of information products that has built and operates computer systems known as RIBridges and UHIP, first notified the government and the police about the possibility of an attack on Dec. 5. On Tuesday, the hackers posted screenshots of the vendor showing individual files.
McKee said the decision to shut down the system came late Friday afternoon after Deloitte discovered dangerous malware embedded in RIBridges computer code.
“As part of this investigation today, we discovered that within the Rhode Island Bridges system, a cybercriminal installed dangerous malware that posed an immediate threat,” McKee said at a press conference Friday night. “That is why tonight we have closed the system. This means that customers will not be able to access any customer service related to the work on Rhode Island Bridges.”
The hackers threatened to release personal data, including names, addresses, dates of birth, Social Security numbers and bank information, Chief Information Officer Brian Tardiff said Friday night.
More: Tolling the trucks is legal, but getting them back isn’t going to be a quick fix. Here’s why
It is not known how many families had their personal information stolen. No thefts connected to the break-in had been reported Friday night.
But government officials have urged anyone who has applied for benefits through the system since 2019 to change passwords and check their bank accounts for possible charges.
“I understand that this is scary,” McKee said at a news conference. “Please know that Deloitte and the state are working with law enforcement and IT professionals to minimize the impact on Rhode Islanders.”
Why did the government keep the weekend violation a secret?
McKee said he first learned of the break-in not long after Dec. 5, but the government has not announced that there may be a problem until the error can be confirmed and prevent the release of public information.
“According to Deloitte, the company received a message from a group of cyber criminals that they had one terabyte of data and demanded a ransom in order not to release the data in their possession,” said Tardiff. “When it first started, we weren’t sure about the truth of what the criminals were saying, and we didn’t do anything deliberately to prevent it from causing further harm to the community.”
More: Drug kingpin’s family ties to Providence police raise questions before sentencing
He would not say how much money the criminals wanted or whether money had been paid.
Although malicious code was detected, Tardiff said it was not an attack, where criminals threaten to shut down a computer if their demands are not met. Instead, the threat was to reveal classified information.
“This is a lot of extortion by this criminal group,” he said.
Tardiff said no breach has been detected in any other country’s computer system.
What is RIBridges?
Originally known as the Unified Health Infrastructure Project, RIBridges was launched in 2016 as a central fit-out system for a wide range of public services.
It serves as an entry portal for:
-
Supplemental Nutrition Assistance Program (SNAP)
-
Temporary Assistance for Needy Families
-
Child Welfare Program
-
The HealthSource RI health insurance exchange
-
Long Term Services and Support
-
General Public Assistance
While the system is down, anyone who wants to apply for benefits will need to submit an application form.
Families may be confused about the information people receive in letters from the government explaining how to get free credit checks.
The country is also setting up a dedicated call center for affected customers.
State Human Services Director Kimberly Merolla-Brito said the agency hopes to get the system back up and running before the aid program is scheduled for January.
The breach comes during open enrollment for HealthSource RI, the state’s health insurance exchange.
This article has been updated with new information.
This article originally appeared on The Providence Journal: RI computer network cyberattack forces shutdown of public utility system