Rhode Island Government Targeted in Cyber Extortion Attempt, Public Benefits System Shut Down
In a significant security breach, hackers allegedly infiltrated Rhode Island’s public benefits system with the intention of extorting the state government. This cyberattack prompted state officials to take immediate action, resulting in the suspension of online services that enable residents to apply for Medicaid and other critical assistance programs.
During a press conference, Governor Dan McKee disclosed that malicious malware had been found within the Rhode Island Bridges system, heightening the urgency of the response. "That is why tonight we have shut down the system, which means clients will temporarily be unable to access any service portals associated with Rhode Island Bridges," McKee stated. The decision underscores the severity of the threat, emphasizing the necessity of mitigating potential risks to residents’ personal information.
The vendor responsible for managing the system, Deloitte, confirmed a significant risk associated with the breach, indicating that there is a high likelihood that the cybercriminals accessed files containing personally identifiable information. McKee’s office noted in a press release that actions were being taken to effectively address the security threat while working diligently to restore the system.
The context of this incident highlights a troubling history with Deloitte’s management of the Rhode Island Bridges system, originally known as the Unified Health Infrastructure Project (UHIP). Launched in 2016, the project faced extensive criticism for cost overruns and operational failures. Despite this history, the state extended its contract with Deloitte in 2021, raising questions about cybersecurity preparedness.
The fallout from the attack has already led to a class-action lawsuit filed against Deloitte in federal court, reflecting increasing concern over the handling of sensitive data. Information potentially compromised in this breach may include sensitive data such as names, addresses, dates of birth, Social Security numbers, and banking information, impacting any individual who has interacted with health coverage or human services programs.
Rhode Island officials have communicated that any resident who has received or applied for assistance programs—including Medicaid, SNAP, TANF, and others—may be affected by this data breach. Currently, the state and Deloitte are prioritizing the containment of the threat, although no timeline has been provided regarding when the system will be restored.
While the specifics of the techniques employed in the attack remain unclear, it is plausible that adversary tactics outlined in the MITRE ATT&CK framework were utilized. Potential methods could include initial access through phishing or exploiting vulnerabilities in the system, persistent access to maintain a foothold, or privilege escalation to gain further control over sensitive resources.
As the investigation continues, it serves as a reminder of the critical importance of robust cybersecurity measures for government systems, particularly those managing sensitive public data. The responses initiated following this breach will be closely watched by business owners and industry stakeholders to gauge the effectiveness of current protective strategies against evolving cyber threats.
