Cyber Incident Victim: Rhode Island Department of Behavioral Health
Date:
Jun 2018
Location:
United States of America
Summary
A Rhode Island state agency responsible for behavioral health and developmental disabilities was among several government entities targeted by a malware attack, causing technical disruptions across affected systems. While operational difficulties occurred, officials confirmed no evidence of compromised personal data or impacts to critical monthly payments. Response efforts involved coordination with state police, the National Guard, and emergency management teams to contain the threat. Minor service interruptions persisted temporarily, but all departments maintained normal operating schedules during remediation. Customers were advised to anticipate possible delays as recovery measures continued.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 1, 2018, multiple Rhode Island state agencies experienced technical disruptions due to a malware attack. The affected entities included the Department of Children, Youth and Families, the Department of Human Services, and the Department of Behavioral Healthcare, Developmental Disabilities and Hospitals. State officials confirmed the coordinated cyber threat caused operational difficulties but emphasized no evidence indicated unauthorized access to personal data or compromise of monthly benefit payments. The incident prompted immediate collaboration between the Rhode Island State Police, the Rhode Island National Guard, and the Rhode Island Emergency Management Agency to contain the malware spread and restore systems. Technical teams worked through the weekend to mitigate the threat while agencies prepared to maintain public services despite ongoing minor disruptions.
Officials publicly assured residents that critical functions remained intact while advising customers to expect temporary service delays. The state maintained transparency by confirming all departments would reopen as scheduled the following Monday, June 4. Response efforts focused on isolating infected systems and preventing further propagation of the malware across state networks. No ransomware demands or specific attacker attribution were disclosed in available reports. The incident highlighted interdependencies across state agencies but concluded without confirmed data exfiltration or permanent operational damage. Recovery operations proceeded under coordinated oversight of law enforcement and emergency management units until full service restoration.