Key Highlights

• Hundreds of thousands likely affected by RIBridges hack
• System includes SNAP, Medicaid, HealthSourceRI, others
• 'HealthyRhode' website taken offline indefinitely
• Cybercriminals demand ransom to avoid release of data
• New website will provide updates; call center opens Sunday

---

PROVIDENCE, R.I. (WPRI) — Rhode Island's state government has suffered a major cyberattack involving the private data of hundreds of thousands of people who have used state programs over the last eight years, Target 12 has confirmed.

Gov. Dan McKee's office said the hackers accessed RIBridges, the online portal for obtaining social services such as SNAP and Medicaid benefits, as well as health insurance through HealthSourceRI.

There is a "high probability" the personal information of an undetermined number of people -- including Social Security and bank account numbers -- has been stolen, officials said.

McKee said state officials and its vendor, Deloitte, are still trying to get a handle on the scope of the hack, but he estimated it likely affected hundreds of thousands of Rhode Islanders.

"I understand this is alarming," McKee said during a hastily scheduled news conference Friday night. "Please know Deloitte and the state is working with law enforcement and IT experts to minimize the impact to Rhode Islanders."

Deloitte, the private company the state has paid to develop and maintain RIBridges, first warned state officials of a potential cyberattack on Dec. 5 and confirmed a "major security threat" on Friday.

In a statement Friday night, Deloitte spokesperson Karen Walsh blamed the cyberattack on "an international cybercriminal group."

"While that investigation is ongoing, we have shown over the past decade our unwavering commitment to the state of Rhode Island and the people they serve," Walsh said. "We will continue to work around the clock to resolve this matter."

The state then shut down its "HealthyRhode" website, which residents use to access programs maintained by RIBridges, meaning customers will no longer be able to access their accounts. State officials said they don't know exactly how long the system will be shut down.

Brian Tardiff, the state's chief digital officer, said the malware they discovered inside the system could have caused "catastrophic damage" to RIBridges. They had been working since Dec. 5 to determine the veracity of the hackers' claims, he said.

Tardiff said the cybercriminals also threatened to release people's stolen information if they weren't paid a ransom. He declined to disclose the total amount demanded, citing the ongoing investigation, but described it as "extortion."

The programs under RIBridges include Medicaid, the Supplemental Nutrition Assistance Program (SNAP), Temporary Assistance for Needy Families (TANF), the Child Care Assistance Program (CCAP), HealthSource RI health insurance, Rhode Island Works (RIW), Long-Term Services and Supports (LTSS), and the General Public Assistance (GPA) program.

Anyone who has applied for or received benefits through those programs since 2016 could be affected, state officials said.

Kimberly Merolla-Brito, director of R.I. Department of Human Services, said the state has already disbursed benefits under those programs to recipients for December. The goal now, she said, is to get the system back up and running before benefits need to be sent out for January.

"That's what we're hoping for," she said, adding that until then they would revert to a paper-based system for anyone seeking to apply for new benefits.

The cyberattack and system shutdown also comes at the same time HealthSourceRI is holding its annual open enrollment period, when people apply for or renew coverage.

The shutdown will inevitably disrupt that process, although HealthSourceRI Director Lindsay Lang noted there is still more than a month left until open enrollment ends on Jan. 31.

"We know we have time and we will be working very hard to get through open enrollment," she said.

State officials said future updates regarding the hack and system shutdown will be posted at the website admin.ri.gov/ribridges-alert. A call center will be open Sunday from 11 a.m. to 8 p.m., with a phone number to be published that morning. The call center will also be open throughout the day Monday through Friday.

State leaders urged residents who may be affected to consider freezing their credit, changing their passwords and contacting their banks.

State and Deloitte officials had spent the days since Dec. 5 examining the scope of the problem and how many people might be affected, according to Tardiff, who said they decided to withhold the information from the public "for security reasons."

Law enforcement agencies were notified immediately, he added, and they decided to make it public once they knew the threat was credible and the malware was discovered. McKee said he was told about the situation around Dec. 5, and authorized the system shutdown Friday.

He said the process took several hours and they waited to announce the shutdown until it was complete.

"It's not just like we can shut these lights off with one switch," he said. "It takes hours."

A spokesperson for the FBI declined to comment on the situation.

RIBridges was created as part of the Unified Health Infrastructure Project, or UHIP. Its development and launch was a major debacle for state government during the administration of former Gov. Gina Raimondo.

Raimondo's administration spent years in disputes with Deloitte -- which had been paid hundreds of millions of dollars to build UHIP -- for fixes and refunds on the system. In 2021, McKee agreed to a three-year contract extension for Deloitte valued at $99 million.

Tim White and Kayla Fish contributed to this report.