Hackers have posted some RIBridges data on the dark web, McKee says

Hackers have posted some RIBridges data on the dark web, McKee says

by:

PROVIDENCE, R.I. (WPRI) — The cybercriminals who hacked Rhode Island’s IT system for health and benefits programs have released a set of files from the system on the dark web, Gov. Dan McKee’s office announced Monday.

ORIGINAL NOTE: https://www.wpri.com/news/local-news/ri-data-breach/hackers-have-posted-some-ribridges-data-on-the-dark-web-mckee-says/

The governor has called a news conference Monday at 1:30 p.m. at the State House to discuss the situation alongside other officials.

12 News will stream the 1:30 p.m. news conference live on WPRI.com.

It’s unclear exactly what information has been posted online from the system, RIBridges, which is used for a host of programs including Medicaid, SNAP and HealthSource RI. McKee said last week the state had identified 650,000 people whose personal information — including Social Security and bank account numbers — was stolen from the system by the group Brain Cipher.

Brain Cipher had set a deadline of Monday morning for officials to pay a ransom in order to avoid release of the files. “It seems that it was easier to pay and calmly fix everything,” the group wrote above a long list of downloadable files from the system, according to a screenshot posted on social media by a cybersecurity expert.

“Right now, IT teams are working diligently to analyze the released files,” the governor’s office said in a statement. “This is a complex process and we do not yet know the scope of the data that is included in those files, but as we’ve been saying for several weeks, we should assume that data contained in the RIBridges system has been compromised.”

The “dark web” refers to an encrypted part of the internet that can only be reached using alternative browsers and other tools that allow users to keep themselves anonymous.

McKee’s office said the state continues to work with Deloitte, the company that built and maintains RIBridges, to compile a list of all individuals whose personal data was exposed in the cyberattack. Those people will be sent letters that also include instructions on how to obtain free credit monitoring.

State officials are urging anyone whose information may have been stolen to freeze and monitor their credit, including for minor children; request a fraud alert from credit agencies; turn on multi-factor authentication for all financial accounts; and be cautious about sharing information. Updates are being posted to the website cyberalert.ri.gov.

The RIBridges system has remained offline since Dec. 13, the day state leaders first disclosed the attack publicly. Some state departments have switched to paper applications, but HealthSourceRI has opted against doing so, and is instead extending its open-enrollment period through February.

The state programs that use RIBridges include Medicaid, SNAP, HealthSource RI, Temporary Assistance for Needy Families (TANF), the Child Care Assistance Program (CCAP), Rhode Island Works, Long-Term Services and Supports (LTSS), the General Public Assistance (GPA) program, and AT HOME cost-sharing.

This is a breaking news story and will be updated.