Hackers Hit Rhode Island Benefits System In Major Cyberattack (apnews.com) 20
A cyberattack on Rhode Island's RIBridges system has exposed personal data of individuals involved in programs like Medicaid, SNAP, and others, with hackers demanding a ransom. The breach may include sensitive details like Social Security numbers and banking information. The Associated Press reports: Anyone who has been involved in Medicaid, the Supplemental Nutrition Assistance Program known as SNAP, Temporary Assistance for Needy Families, Childcare Assistance Program, Rhode Island Works, Long-term Services and Supports, the At HOME Cost Share Program and health insurance purchased through HealthSource RI may be impacted, McKee said Saturday.
The system known as RIBridges was taken offline on Friday, after the state was informed by its vendor, Deloitte, that there was a major security threat to the system. The vendor confirmed that "there is a high probability that a cybercriminal has obtained files with personally identifiable information from RIBridges," the state said. The state has contracted with Experian to run a toll-free hotline for Rhode Islanders to call to get information about the breach and how they can protect their data.
The system known as RIBridges was taken offline on Friday, after the state was informed by its vendor, Deloitte, that there was a major security threat to the system. The vendor confirmed that "there is a high probability that a cybercriminal has obtained files with personally identifiable information from RIBridges," the state said. The state has contracted with Experian to run a toll-free hotline for Rhode Islanders to call to get information about the breach and how they can protect their data.
Re: (Score:1)
Re: (Score:2)
Will bank account details, SSN, etc even matter for people on Medicaid or SNAP? That seems the opposite of a target rich environment.
Medicaid recipients do have bank accounts, and many of them likely get various stipends (SSI disability payments, for example) direct deposited to those accounts. If the attacker has these people's account info + their personally identifiable information, there's a decent chance the attacker can access those funds remotely. Even if it's "only" $700-1000 a pop, multiply that by thousands of people... not to mention the fact that these people don't have the buffer to cover that sort of loss, unlike you or me.
IT system vendor management (Score:2)
> Friday, after the state was informed by its vendor, Deloitte
The state should simply prevent Delotte from bidding on any state level or local government level contracts for 20 years and require a surety bond or equivalent on each contract to pay for an outside audit and remediation by the vendor.
Re: (Score:1)
They should ... but they won't. Otherwise the revolving door will not be open when the State workers need to move into the private sector.
Re: (Score:1)
Identity theft doesn't just mean "money they have" (Score:1, Troll)
... it also means that their personal information could be used for other things. [nfp.com]
Their identity used for fake green cards / work visas / travel documents. This is one of the reasons Republican intransigence on cleaning up the immigration system and eliminating the backlogs is so terrible (the other being that the crossburning klanfucks use it as an excuse to spew racism everywhere).
Credit cards/etc... opened in their names without their knowledge... until bill collectors start harassing them for loans an
It's Russia...Look, we know it's Russia! (Score:1)
A cyberattack on Rhode Island's RIBridges system has exposed personal data of individuals involved in programs like Medicaid, SNAP, and others, with hackers demanding a ransom. The breach may include sensitive details like Social Security numbers and banking information.
Our very capable intelligence apparatus tells us it's Russia...
Deloitte (Score:1)
I believe Deloitte should be the one taking the heat here, not the state of Rhode Island, quote "the state was informed by its vendor, Deloitte" who presumably was responsible for the cybersecurity of the systems they are vending.
Hope the State of Rhode Island built some provisions into the contract around cybersecurity performance by Deloitte that allows them to minimallly pass through the cost of cleaning up the mess, if not impose fines on "its vendor". Until such things are commonplace, we'll continue t
Re: (Score:1)
mandatory arbitration puts the state on the hook (Score:2)
mandatory arbitration puts the state on the hook as you can't sue Deloitte in court.
Re: (Score:1)
You say this because of some special knowledge of this vendor:customer relationship? Or is Deloitte's MO to always put mandatory arbitration into their service contracts?
And in other Soft Target Deloitte News... (Score:2)
"Ransomware Gang Says Deloitte Sucks at Their Job"
https://www.goingconcern.com/ransomware-gang-says-deloitte-sucks-at-their-job/ [goingconcern.com]
Re: (Score:1)
Given this cluster of news, the assertion that Deloitte sucks at their job is prima facie true.