Rhode Island is taking significant steps to notify individuals affected by a recent ransomware attack that targeted its social services database, known as RIBridges. During a press conference on Friday, Governor Dan McKee announced the mailing of notification letters to individuals impacted by the cyber incident that occurred in December. This attack reportedly compromised data belonging to an estimated 657,000 individuals; however, the state opted to send letters to 709,000 people. This discrepancy accounts for individuals in the database who receive care through relatives or guardians. Each victim will receive five years of complimentary credit monitoring along with additional identity protection services.
The attacking group, identified as Brain Cipher, has claimed responsibility for the breach of the RIBridges database, which manages an array of social services for Rhode Island residents, including food assistance, health coverage, and cash benefits. Following the breach, the perpetrators released stolen information on a leak site in late December, prompting government officials to analyze the data in order to ascertain the specific details of the compromised information. Reports suggest that the leaked data potentially includes sensitive details such as names, addresses, Social Security numbers, dates of birth, phone numbers, health records, and financial information.
As the state works through the issuance of notification letters to affected individuals, Deloitte is continuing its assessment of the data impacted by the breach and has provided an initial summary report. However, Governor McKee cautioned that further victims may still be identified in the days ahead, and those individuals will also receive appropriate notification. Deloitte has assumed responsibility for covering the costs associated with the ongoing investigation and remediation of the compromised database.
State officials have expressed confidence that security vulnerabilities from the breach have been effectively addressed, in alignment with findings from a third-party forensic investigation. Brian Tardiff, chief digital officer for Rhode Island, highlighted that the findings from these forensic reports provide a substantial degree of assurance regarding the breach’s execution and confirm that necessary measures have been implemented to restore the system safely.
To facilitate recovery, a two-phase restoration plan is currently in progress. According to Tardiff, the team is advancing towards the second phase, which involves restoring the public-facing components of the database. The goal is to have the system operational again by mid-January.
This incident underscores critical security concerns, particularly in the realm of government-operated databases that manage sensitive personal information. The nature of the attack aligns with several tactics outlined in the MITRE ATT&CK framework, particularly those pertaining to initial access, which may involve phishing or exploiting vulnerabilities within the database software. Techniques associated with persistence could have been employed to ensure continued access to the compromised environment, while privilege escalation tactics may have allowed attackers to access sensitive information across the system undetected.
As the situation unfolds, it remains imperative for organizations to bolster their cybersecurity protocols, particularly in safeguarding sensitive information from such malicious attacks. The ongoing investigation will provide further insights that may inform best practices for data protection and incident response strategies across similar agencies.
