News Summary
Rhode Island is reopening its RIBridges health insurance portal after a month-long closure due to a cyberattack that compromised the personal data of over 644,000 residents. Governor Dan McKee announced the phased reopening, allowing limited access to selected users while enhancing security measures. Affected individuals will receive free credit monitoring from Deloitte, who has agreed to pay the state $5 million as part of the settlement. The state extends the open enrollment period for health plans until February 2025 as it addresses the repercussions of the data breach.
Rhode Island is set to relaunch its RIBridges health insurance and public benefits portal after a month-long shutdown due to a significant cyberattack that resulted in data theft involving sensitive personal information of over 644,000 individuals. Governor Dan McKee announced that the portal has received a “clean bill of health” and will gradually reopen with select user access to ensure system readiness.
The initial phase of the reopening will allow a few thousand randomly chosen accounts to log in, with the first password reset emails being sent out shortly. These emails will come from the address [email protected] and will contain no clickable links. Customers who do not receive these emails will not have access to their accounts, and new account creations are currently suspended. The phased reopening could last one to two weeks, depending on the system’s progress.
In light of the cyber incident, Rhode Island has extended the open enrollment period for health plans to the end of February 2025. The data breach, which first came to light in December 2024, involved the theft of approximately one terabyte of sensitive information, including names, Social Security numbers, addresses, and health information associated with various social services programs.
Initially, it was estimated that about 657,000 Rhode Islanders were impacted by the breach, but as per recent analyses, the number has been revised to 644,401 individuals whose personal information was compromised. The state will also notify an additional 107,757 individuals who were affected but had not yet been informed.
The cyberattack was conducted by the Brain Cipher threat group, who gained unauthorized access using Deloitte’s credentials. Reports indicate that the attackers accessed 28 out of 338 systems within the RIBridges environment. A third-party forensic investigation is ongoing to fully understand the extent of the data theft and noted severe weaknesses in security protocols within the system.
As part of a settlement for the damages incurred, Deloitte has agreed to pay the state of Rhode Island $5 million and is also providing affected individuals with free credit monitoring and identity theft protection for a period of five years. Governor McKee has expressed significant criticism towards Deloitte for their inability to detect and address the breach in a timely manner.
As Rhode Island aims to enhance its cybersecurity measures after this incident, plans are underway to increase the IT workforce and explore modernization options for the RIBridges system. Password requirements for accessing the portal have been updated, and users are strongly encouraged to implement robust password practices across various sites, especially if they suspect that their credentials may have been compromised in this breach.
Cybersecurity experts recommend that individuals take precautions such as changing passwords on their accounts elsewhere if they used the same credentials as those that were breached. CrowdStrike will continue its investigation and update the public as findings about the breach and affected individuals become available.
In summary, as Rhode Island prepares to reopen its RIBridges portal, the state is taking measured steps to enhance security and address the consequences of the devastating cyber breach that affected so many residents. Ongoing support and vigilance will be crucial in restoring confidence in the system and protecting the personal information of its users.
Deeper Dive: News & Info About This Topic
- HIPAA Journal
- Wikipedia: Cybersecurity
- BankInfoSecurity
- Google Search: Rhode Island RIBridges data breach
- WPRI
- Encyclopedia Britannica: Cyberattack
- TurnTo10
- Google News: Rhode Island RIBridges cyberattack
- Cybersecurity Dive
- TechTarget
- Rhode Island Current
- The Newport Buzz
