Rhode Island’s social service platform is finally relaunching after a hacking incident.
What happened
On December 5th, 2024, Rhode Island state officials learned that RIBridges was facing a large threat. Vendor company, Deloitte, confirmed that it was highly likely that cybercriminals had obtained files from the system with personally identifiable information. Soon after, the threat actor sent Deloitte a screenshot of file folders likely containing data.
Deloitte also confirmed that malicious code remained present in RIBridges, resulting in the website and its corresponding app shutting down.
RIBridges manages Rhode Island’s social service programs. Some of the services provided include Medicaid, the Supplemental Nutrition Assistance Program (SNAP), and additional social programs.
Impacted data included names, addresses, dates of birth, Social Security numbers, and some banking information. Approximately 650,000 individuals had their data compromised.
What’s new
On January 23rd, officials announced that users who needed the portal for benefits and health insurance would soon be able to access their accounts.
To make RIBridges available again, Deloitte conducted extensive testing alongside a third party, which ultimately deemed it safe to use.
Some users are now already able to log in, and will receive instructions on resetting their passwords for the online portal.
To ensure the system does not get overwhelmed, the state will monitor activity and periodically allow more users to access the system. Eventually, every user will be able to access RIBridges. Currently, no new users will be able to create an amount, but if individuals need to apply for benefits they can do so in person, by phone, or via mail.
Why it matters
RIBridges data breach showcases how state-run departments and organizations can be just as vulnerable as other healthcare companies. This breach also shows the impact of a data breach, which likely affected individuals’ ability to access their benefits and may have caused confusion.
While data breaches can result in identity theft or fraud, they can also have a tangible impact on the well-being of individuals. Breaches in the past have been known to directly impact patient care.
Lastly, this incident shows the general timeline it can take for a breach to be resolved and for a system to be put back online. RIBridges was unavailable to users for nearly two months, potentially causing complications for Rhode Island residents.
The big picture
While HealthRhode is now slowly relaunching, that doesn’t necessarily mean the incident is resolved. Protected health information could still be available on the dark web, and RIBridges could face additional consequences as investigations into the incident unfold. Fortunately, users will be able to access the online system, hopefully encouraging individuals to access the services they may need.
Related: HIPAA Compliant Email: The Definitive Guide
Abby Grifno
