Sign up to get breaking news and interesting stories from Rhode Island in your inbox each weekday.
At an emergency news conference on Dec. 13, Governor Dan McKee said a "cyber criminal had installed dangerous malware that constituted an urgent threat," prompting the government to shut down RIBridges.
State officials were notified of the potential threat on Dec. 5 but the McKee administration said officials opted not to publicly disclose that information until the RIBridges system had been secured.
"When it first began we were unsure of the veracity of the cybercriminals' claims," Brian Tardiff, the state's chief digital officer, told reporters when asked why the public was not notified sooner.
Days later, on Dec. 10, the hackers sent Deloitte -- the state's vendor that oversees the system -- a screenshot of file folders with identifiable personal data, officials said. Deloitte later confirmed there was a malicious code present in the system.
The hackers claimed to have one terabyte of data and demanded a ransom. Deloitte spokesperson Karen Walsh later confirmed that the group Brain Cipher had claimed responsibility for the attack, and McKee said state officials believe the group could release the stolen data onto the "dark web" at any time.
On Friday, the McKee administration shut down the RIBridges site in order to minimize the impact of the cyber attack.
On Monday, a Deloitte spokesperson declined to say whether the company might pay the ransom or what the deadline is, pointing to the ongoing investigation.
According to officials, the full list of programs known to be affected include Medicaid, Supplemental Nutrition Assistance Program (SNAP), Temporary Assistance for Needy Families (TANF), Childcare Assistance Program, HealthSource RI, Rhode Island Works, Long-Term Services and Supports, General Public Assistance, and At HOME Cost Share.
Other programs, such as employment benefits or temporary disability insurance, are not a part of the RIBridges portal and are not affected, state officials said.
So far, officials have said that the information of possibly hundreds of thousands of people may have been exposed by the attack, and that individuals who may have only applied for benefits but did not receive them may also have been affected. Data stolen by the hackers dates back to at least 2019, officials said.
Karen Greco, a spokesperson for the state Department of Administration, told the Globe on Monday afternoon officials could not provide a more precise estimate of the number of people potentially impacted because the investigation is still ongoing.
In an email on Tuesday, Jim Beardsworth, a spokesperson for DHS, wrote the department was unable to say how many people have applied for benefits from the agency since 2019 because RIBridges was shut down.
But Beardsworth added that DHS serves approximately 350,000 Rhode Islanders every year, the vast majority of which are Medicaid recipients.
Christina O'Reilly, a spokesperson for HealthSource RI, the state's healthcare exchange, wrote in an email on Tuesday it remains unclear how many applicants or customers were affected.
O'Reilly also said available data about applicants and enrollees was limited. But she added that 107,720 people applied for state health coverage programs during open enrollment in 2024 - a figure that includes applicants for Medicaid, which HealthSource RI does not administer, as there is only a single application for all state programs.
There were 46,957 people enrolled in HealthSource RI programs as of Oct. 31, she said.
The state has opened a call center to assist the public with questions about the breach and how customers can take steps to protect their personal information.
The phone number is 833-918-6603 and the reference number is B137035. The call center is open weekdays from 9 a.m. to 9 p.m. People can also visit cyberalert.ri.gov for more information about the breach.
Call center staff are unable to confirm whether a caller's information was included in the breach.
"Households that have had personal information compromised will receive a letter by mail from the State that explains how to access free credit monitoring," the website says.
State officials have urged anyone who has applied for the programs affected to freeze their credit with the three major credit bureaus, place a fraud alert on their accounts, change their passwords, and use multi-factor authentication to make it more difficult for unauthorized users to access accounts.
Officials are working on a backup plan for January benefits enrollment if RIBridges is not back up before then.
In the meantime, DHS has reverted to paper processing for new benefit applications, and additional staff have been deployed in field offices for those who want assistance with benefits in person, officials said.
Those who are attempting to enroll in private health insurance for the first time through HealthSource RI can call 1-855-840-4774 to get a quote and learn about their options, but are not able to enroll while RIBridges is down, according to Lindsay Lang, the director of that program.Open enrollment continues until Jan. 31, she said.
Those who have already enrolled or are automatically re-enrolling in benefits can pay their January bill by phone, in person, or at any CVS location (excluding locations that are inside Target stores) by bringing the barcode from their health insurance bill, Lang said. Automatic payments are expected to go through as normal for December.
HealthSource RI for employers, a health insurance marketplace for small businesses, is not hosted on the RIBridges platform and remains up and running.
Rhode Islanders whose information was exposed in the cyberattack filed class-action lawsuits against New York-based Deloitte Consulting on Sunday in both Rhode Island and New York.
The complaints alleged the company failed to properly secure, safeguard, and encrypt people's sensitive information, thereby allowing a targeted cyberattack to compromise its network. The lawsuits also allege Deloitte was reckless with people's private information and failed to properly monitor the computer network and systems.
Attorney General Peter Neronha indicated the state is also prepared to take legal action against Deloitte.
"We will pursue any and all legal actions in order to help make those affected whole," Tim Rondeau, a spokesperson for Neronha, said.