Rhode Island says personal data may have been breached in social services cyberattack

State officials said hundreds of thousands of Rhode Island residents could be affected by a cyber attack on the state’s social services website, with a “high probability” of personal information being breached.

According to an update from Governor Dan McKee’s office, the attack targeted RIBridges, which Rhode Island residents use to apply for and access programs such as Medicaid and the Supplemental Nutrition Assistance Program (SNAP).

The attack also targeted Healthsource RI’s insurance market. McKee’s office said “any person who has received or applied for health care and/or health and social care programs or benefits could be affected by this leak.”

Information accessed by hackers can include names, addresses, dates of birth, Social Security numbers, and banking information.

The RIBridges system is operated by Deloitte, which first reported the potential cyberattack on December 5 – but McKee’s office said it was unclear at the time whether sensitive information had been breached. On Friday, December 13, Deloitte confirmed that there was “malicious code” in the system and that it was working with the government “progressively” to downgrade the system to address the threat.

For now, the state said Rhode Island residents can still use paper applications to apply for benefits.

The New York Times reports that at a press conference on Friday, the state’s chief digital officer, Brian Tardiff, said the cybercriminals responsible for the attacks threatened to release information unless they received payment.