Rhode Island Cyberattack: Stolen Data Leaked by Hackers
Rhode Island Governor Dan McKee has reported an alarming cyber incident where hackers have compromised the state’s central IT platform that supports various health and human services, including social benefits. Following the breach, which occurred earlier this month, the cybercriminals have begun releasing stolen data on the dark web. This breach comes as part of a troubling trend affecting healthcare record systems across the United States.
McKee’s office, citing its consultant Deloitte, confirmed that files containing sensitive information from the Rhode Island Bridge program have indeed been published online. "Today the cyber criminals did in fact publish at least some of the Rhode Island Bridge’s information and data files onto the dark web," McKee stated during a press conference. Deloitte has reported a “high probability” that cybercriminals have accessed files containing personally identifiable information (PII), leading the state to mobilize efforts to notify those affected.
The state is currently identifying the individuals whose data may have been compromised. "Once we have that information, we will send letters to those individuals with instructions on how to access free credit monitoring," the state indicated. This development poses significant risks as experts estimate that the personal information of approximately 650,000 residents, including Social Security and bank account numbers, has been jeopardized.
As part of the response, the state implemented a complete shutdown of the RIBridges system, which oversees various essential services such as Medicaid and SNAP. This disruption has forced many processes into manual operation, adding further complexities for residents relying on these programs. HealthSource RI, the state’s marketplace for affordable health coverage, is also affected and has extended its open enrollment period until February 28 as part of its response to the ongoing crisis.
Deloitte has been working closely with state officials to assess the breach’s impact and develop a strategy for containing the fallout. Moreover, the ransomware group, operating under the name Brain Cipher, has publicly acknowledged its involvement in the RIBridges attack. In a statement, Brain Cipher reported facing denial-of-service attacks aimed at preventing the data leak, which adds another layer of complexity to the incident.
This situation aligns with a larger trend in which state records systems, especially those housing protected health information, are increasingly targeted by cybercriminals. Recent analysis has shown that the healthcare sector experiences higher-than-average cybersecurity threats, with incidents often leading to significant data exposures. A prior incident involving Florida’s Department of Health serves as a stark reminder, where 100 gigabytes of sensitive data were leaked on a dark web leak site.
In terms of cyber tactics, the initial access likely involved exploiting unpatched vulnerabilities in the state’s IT infrastructure. Techniques associated with persistence and privilege escalation may have been employed to maintain access and escalate their privileges within the system. These tactics are commonly outlined in the MITRE ATT&CK framework, which serves as a useful reference for understanding adversary behaviors during such incidents.
As state officials navigate the complexities of this cyber breach, the focus remains on protecting residents’ identities and ensuring that beneficial services continue to operate despite technological challenges. Governor McKee emphasized the urgency of informing the public and securing their data, stating, "Our top priority is exactly what we talked about – informing people, getting the information out, having people protect their identity and also get those benefits out."
As this incident unfolds, it underscores the critical need for robust cybersecurity measures in safeguarding sensitive information across all sectors, particularly those handling personal health data. The implications of such breaches extend far beyond immediate disruptions, potentially impacting the trust citizens place in their government’s ability to protect personal information.
