Cyber Incident Victim: RIBridges

On December 5, 2024, the Rhode Island Department of Administration’s vendor Deloitte notified the state that the RIBridges system—a platform managing health coverage and human services benefits—was targeted in a potential cyberattack. Initial assessments could not confirm whether sensitive data was compromised. The state immediately engaged federal law enforcement agencies, the Rhode Island State Police, and its IT department. Deloitte implemented additional security measures and initiated a threat assessment. Authorities withheld public disclosure to prioritize securing the system while investigating potential data exposure and attack vectors.

By December 10, Deloitte confirmed a breach after receiving a screenshot of file folders from the hacker, indicating unauthorized access. The following day, Deloitte assessed a high probability that these folders contained personally identifiable information (PII). On December 13, malicious code was detected within RIBridges, prompting the state to direct Deloitte to take the system offline for remediation. The breach potentially exposed names, addresses, dates of birth, Social Security numbers, and banking details of individuals who applied for or received benefits through programs including Medicaid, SNAP, TANF, Child Care Assistance, HealthSource RI, Rhode Island Works, Long-Term Services and Supports, General Public Assistance, and At HOME Cost Share. A multilingual call center operated by Experian opened on December 15 to provide breach-related guidance, though impacted individuals could not yet be confirmed due to ongoing forensic analysis. Affected households were promised mailed letters with instructions for free credit monitoring. System restoration timelines remained undetermined, forcing benefit applicants to use paper forms. No identity theft or fraud linked to the breach had been reported at the time of disclosure.