A massive cyberattack led the state of Rhode Island to take down its online portal used by residents to obtain social services such as SNAP and Medicaid benefits, as well as health insurance purchased through HealthSource RI.
The cyberattack began on December 5, 2024, when Deloitte, the developer and maintainer of RIBridges system, alerted state officials to suspicious activity. Initially, it was unclear whether sensitive data had been accessed. Over the following days, Deloitte implemented additional security measures while investigating the breach.
On December 10, hackers provided a screenshot of file folders as proof of their access, prompting Deloitte to confirm that the RIBridges system had been compromised. Further analysis revealed a high probability that the stolen files contained personally identifiable information (PII). By December 13, Deloitte identified malicious code within the system, leading the state to shut down RIBridges to mitigate further damage and begin remediation.
While the exact infiltration method is still under investigation, early findings suggest that the attackers exploited vulnerabilities in the system’s architecture, likely either through phishing emails targeting administrative accounts or through unpatched software weaknesses. The malware deployed by the cyber criminals enabled unauthorized access and allowed the attackers to exfiltrate data unnoticed for several days.
The FBI and other federal agencies are assisting in the investigation, while Deloitte works to remediate the vulnerabilities and restore RIBridges
Read more about it here.