Cyber Incident Victim: Department of Children, Youth and Families
Date:
Jun 2018
Location:
United States of America
Summary
A malware attack impacted multiple Rhode Island state agencies, including the Department of Children, Youth and Families, causing technical disruptions to operations. The incident prompted a coordinated response involving state police, the National Guard, and emergency management teams to contain the threat. Officials confirmed no evidence of compromised personal data and assured that critical monthly payments remained unaffected despite the attack. While minor service interruptions persisted, all affected departments maintained normal operating hours. Customers were advised to anticipate temporary delays as recovery efforts continued.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 1, 2018, multiple Rhode Island state agencies experienced technical disruptions due to a malware attack. The affected entities included the Department of Children, Youth and Families, the Department of Human Services, and the Department of Behavioral Healthcare, Developmental Disabilities and Hospitals. Officials confirmed the incident originated from an online malware threat but did not specify the exact attack vector or malware variant involved. The disruption occurred on a Friday, with agencies working through immediate operational challenges. State authorities emphasized there was no evidence of unauthorized access to personal data or compromised confidential information. Monthly benefit payments administered by these departments remained unaffected despite the incident. Initial public communications focused on assuring continuity of critical services while acknowledging system impairments.
Response efforts mobilized rapidly, with the Rhode Island State Police, National Guard, and Emergency Management Agency collaborating to contain the malware’s spread. Officials advised customers to expect minor ongoing service disruptions but confirmed all impacted departments would reopen for regular operations the following Monday. No ransomware demands or threat actor claims were referenced in official statements. The containment strategy prioritized isolating affected systems while maintaining essential functions. Public notifications stressed patience as recovery work continued through the weekend, though no specific restoration timelines or technical remediation details were disclosed. The coordinated response underscored cross-agency collaboration without federal law enforcement involvement being mentioned.