PROVIDENCE – The state of Rhode Island has been hit with a major cyberattack, putting at risk the private data of possibly hundreds of thousands of people, including social security numbers and addresses, officials said.
The attack hit RIBridges, the benefits system formerly known as UHIP, which people use to apply for health insurance coverage, Medicaid, food stamps, and other public assistance.
In an emergency news conference Friday night, Governor Dan McKee said a “cybercriminal had installed dangerous malware that constituted an urgent threat,” causing state officials to shut down the system. The shutdown comes during open enrollment for HealthSourceRI, the state’s healthcare exchange.
Customers cannot currently access any services on the portal.
“I understand this is alarming,” McKee said at the news conference, which was televised. “Please know that Deloitte and the state are working with law enforcement as well as IT experts to minimize the impact on Rhode Islanders.”
State officials said Deloitte, the state’s vendor for the system, “confirmed that there is a high probability that a cybercriminal has obtained files with personally identifiable information from RIBridges.”
Advertisement
The information includes names, addresses, dates of birth, Social Security numbers and some banking data. An analysis is underway to determine the extent of the breach, officials said.
“To the best of our knowledge, any individual who has received or applied for health coverage and/or health and human services programs or benefits could be impacted by this leak,” McKee’s office said in a statement Friday night.
Officials urged residents who have accessed RIBridges from 2019 to present day to freeze their credit, change passwords and contact their banks to see if any security measures should be taken. People who are affected will receive a letter in the mail.
The full list of programs affected by the breach include Medicaid, Supplemental Nutrition Assistance Program (SNAP), Temporary Assistance for Needy Families, Childcare Assistance Program, HealthSource RI, Rhode Island Works, Long-Term Services and Supports, and General Public Assistance.
While the online portal is down, people applying for benefits will have to do so on paper. A website has been set up to provide updates to customers, and a call center will open on Sunday at 11 a.m. The phone number will be released on Sunday morning. The center will take calls Monday through Friday from 9 a.m. to 9 p.m, officials said.
Advertisement
State officials said they first learned of the potential threat on Dec. 5, when federal and state law enforcement was notified, but it was not immediately disclosed to the public.
“It was important, for security reasons, to keep this knowledge internal until we could secure the RIBridges system,” McKee’s announcement said.
On Dec. 10, the hackers sent Deloitte a screenshot of file folders containing personable identifiable data, state officials said. On Friday, the vendor “confirmed there was malicious code present in the system,” prompting state officials to order Deloitte to shut down the entire system.
“When it first began we were unsure of the veracity of the cybercriminals’ claims,” said Brian Tardiff, the state’s chief digital officer, when asked why the public was not notified sooner.
Tardiff said the hackers claimed to have obtained one terabyte of data and demanded a ransom.
Deloitte is working to “safely restore” the system so there will not be a disruption in Rhode Islanders’ benefits, he said.
The hack comes as government agencies, hospitals and schools across the country have faced cyberattacks, including in Rhode Island. The Providence Public School District was recently the victim of a cyberattack that impacted at least 12,000 employees and 20,000 students.
Steph Machado can be reached at steph.machado@globe.com. Follow her @StephMachado.