News Summary
A cyberattack on Rhode Island’s benefits system has compromised the personal data of over 644,000 residents. The breach, linked to the Brain Cypher group, revealed sensitive information including names and Social Security numbers. Deloitte, managing the RI Bridges system, has agreed to pay $5 million to address the incident’s fallout. Investigations revealed that security weaknesses facilitated the attack and led to nationwide scrutiny over data security protocols. The state is now taking legal action against Deloitte and implementing measures to strengthen the system’s security.
Providence, Rhode Island – A recent cyberattack on the state of Rhode Island’s benefits system has led to the exposure of sensitive personal data belonging to over 644,000 residents. The breach, which occurred in late 2024 and was attributed to a threat group known as Brain Cypher, exposed critical information, including names, addresses, dates of birth, and Social Security numbers.
In response to the incident, Deloitte, the company managing the RI Bridges system, has agreed to pay $5 million to the state to assist in covering the expenses associated with the breach. Investigators noted that unauthorized access to the RI Bridges system was facilitated through compromised Deloitte credentials, leading to significant disruption in state services such as Medicaid and Supplemental Nutrition Assistance Program (SNAP) benefits.
Initially, about 657,000 individuals were notified of the breach in January 2025, though further investigation revealed the actual number affected was 644,401, with an additional 107,757 individuals impacted without notification. This breach resulted in the sudden suspension of the RIBridges system, which was taken offline on December 13, 2024, stalling new enrollments in essential health services.
Investigation Findings
An independent investigation led by cybersecurity firm CrowdStrike uncovered that attackers managed to breach the RIBridges system between November and December 2024. The attackers initially authenticated to a non-production virtual private network (VPN) as early as July 2, 2024. CrowdStrike’s report highlighted that numerous alerts indicating suspicious activity were logged across 15 different systems during the breach, yet these warnings were overlooked.
The investigation raised questions about the security measures in place, particularly regarding the multifactor authentication (MFA) that Deloitte claimed was operational at the time. It was undetermined whether the MFA was bypassed or if log retention issues prevented verification of its effectiveness. The assailants exploited multiple methods to escalate privileges, harvest credentials, and maintain continuous access to the system for several months.
Future Actions and Legal Considerations
In light of the incident, the Rhode Island government is exploring legal actions against Deloitte, highlighting significant gaps in the firm’s security protocols. Governor Dan McKee conveyed dissatisfaction with Deloitte’s inability to identify the breach for four months prior to its discovery, underlining the urgency for stronger cybersecurity measures.
As part of the post-breach response, the state has taken steps to notify all individuals affected by the data exposure and is providing credit monitoring and identity protection services to those at risk. Additionally, Rhode Island officials are actively pursuing options to modernize the current RIBridges system to enhance security and reduce the likelihood of future breaches.
Background Context
The RI Bridges system is a crucial platform that manages statewide benefits such as Medicaid and SNAP, impacting thousands of Rhode Islanders relying on these services. The massive cyberattack laid bare vulnerabilities within both the security framework of the system and the monitoring capabilities of the firm responsible for its management. As incidents of cyberattacks increase in frequency and severity, the case in Rhode Island underscores the ongoing need for robust security protocols and vigilant monitoring to protect personal data from unauthorized access.
In summary, the cyberattack on Rhode Island’s benefits system is a significant concern for the state, residents, and cybersecurity professionals, as it highlights the potential risks associated with the management of sensitive personal information by third-party firms.
Deeper Dive: News & Info About This Topic
- TechTarget: Rhode Island publishes RIBridges hack investigation details
- Wikipedia: Cybersecurity
- Going Concern: Investigation finds it was Deloitte credentials that allowed hackers into the Rhode Island benefits system
- Google Search: Rhode Island data breach
- BankInfoSecurity: Rhode Island slams Deloitte over RIBridges data breach
- Encyclopedia Britannica: Data security
- HIPAA Journal: Rhode Island RI Bridges system hack
- Google News: Rhode Island cybersecurity
