PROVIDENCE, R.I. — A recent cyberattack on Rhode Island’s health and benefits system has led to the release of sensitive files on the dark web, a scenario that the state government had been preparing for, as stated by Governor Daniel McKee on Monday.
To address the potential risks to personal information, the state has developed an outreach plan aimed at advising residents who may be affected. McKee mentioned that it remains uncertain whether all the stolen files from the RIBridges system have been made available on the dark web, which is a portion of the internet requiring specific tools for access and is typically encrypted for anonymity.
“Currently, our IT teams are actively working to investigate the released files. This is a complex undertaking, and we are still determining the extent of the data that may have been compromised,” a statement from the governor’s office indicated.
During a press briefing, McKee noted that Deloitte, the firm responsible for creating and operating RIBridges, has been in communication with the hackers involved in the breach. State officials are collaborating with Deloitte to create a list of individuals who may have been affected, and letters containing instructions on how to obtain free credit monitoring services will be dispatched to them.
The RIBridges system supports various state programs including Medicaid, the Supplemental Nutrition Assistance Program (SNAP), Temporary Assistance for Needy Families, the Childcare Assistance Program, Rhode Island Works, Long-term Services and Supports, the At HOME Cost Share Program, and health insurance obtained via HealthSource RI.
“While this data has been compromised, it doesn’t automatically imply that it has been exploited for identity theft at this point,” the statement clarified.
McKee also encouraged residents to take proactive measures to safeguard their financial information. Recommended actions include contacting the three major credit reporting agencies—Equifax, Experian, and TransUnion—to freeze their credit reports, request a free credit report, and place a fraud alert on their credit files. He emphasized the importance of using multi-factor authentication for securing accounts rather than relying solely on passwords and advised vigilance against potential phishing attempts via emails, phone calls, or text messages that might appear genuine.
Additionally, McKee mentioned that law enforcement is investigating the data breach, though he acknowledged that catching those responsible for the attack could prove to be a significant challenge given the complexity of the crime involved.
