The governor of Rhode Island announced a large-scale cyber attack on the RIBridges social services system, through which the personal data of hundreds of thousands of citizens, including social security numbers and bank details, could be stolen.
At a news conference, Gov. Dan McKee said hackers gained access to user data on the RIBridges system, which processes payments for Medicaid, SNAP and other social services. The attackers sent a message to Deloitte, the consultant that manages the system, that 1 TB of data had been stolen. At first the threat was not confirmed, but later the hackers provided evidence in the form of screenshots of the files; after the malicious files were discovered on December 15, the state government shut down RIBridges to prevent further interference.
According to Mackey, the incident is being treated as a malicious attack rather than a classic case of ransomware because the data was not encrypted. The authorities urge citizens to use credit monitoring services, implement two-factor authentication and freeze their credit data. The temporary switch to paper documents may delay payments in January.
RIBridges is the key platform for managing Rhode Island’s social programs. The cyber attack occurred at a difficult time – registration for health insurance began at the end of January. Such attacks are becoming more and more frequent: 82 cyber attacks on government organizations have already been recorded in the US this year, and this incident only emphasizes the vulnerability of critical social security systems and the need to strengthen cyber security in government institutions. The government of Rhode Island plans to review its cooperation with Deloitte after the resolution of the crisis.