A new call center that opened on Sunday received 1,100 calls in the first day, Governor Dan McKee said Monday, and the state is planning to add more staff to address calls. The phone number is 833-918-6603. A new website has been set up at cyberalert.ri.gov .
PROVIDENCE — Rhode Island state officials are scrambling to set up backup plans for those who receive public assistance or buy private insurance on the state’s health care exchange after the shutdown of the state’s online benefits portal, RIBridges, due to a cyberattack last week.
The massive cyberattack could potentially affect anyone who has applied for state benefits through the RIBridges system or its predecessor, UHIP, which amounts to hundreds of thousands of people. The system handles applications for Medicaid, food stamps, and private health insurance coverage through HealthSourceRI, the healthcare exchange marketplace.
Advertisement
State officials urged anyone who has applied for these programs — even if they didn’t ultimately receive benefits — to freeze their credit with the three major credit bureaus, place a fraud alert on their accounts, change their passwords, and use multi-factor authentication to make it more difficult to access accounts. Social security numbers, dates of birth, and possible banking information were stolen by hackers who are demanding a ransom from Deloitte, the private vendor that runs the system.
Get Rhode Island News Alerts Sign up to get breaking news and interesting stories from Rhode Island in your inbox each weekday. Enter Email Sign Up
Deloitte spokesperson Karen Walsh confirmed that the group Brain Cipher is the one extorting the company. The group claims to have one terabyte of data.
McKee said state officials believe the group could release the stolen data at any time. He released a video with a five-step process people can take to protect their data.
“I know this is concerning,” McKee said at a news conference Monday. He also said he had instructed Deloitte to expand the call center to seven days a week.
While December benefits have already gone out for those on public assistance, state officials are preparing for a backup plan for January, if the system is not back up in time. The Rhode Island Department of Human Services has reverted to paper processing for new benefit applications.
Kim Brito, the director of the Rhode Island Department of Human Services, said back-office staff has been deployed into field offices for those who want help with benefits in person. She said existing beneficiaries remain enrolled in their programs.
Advertisement
But those who are trying to enroll for the first time in private health insurance through HealthSource RI cannot currently do so, according to Lindsay Lang, the director of that program. Lang said those who have already enrolled or are automatically re-enrolling in benefits can still pay their January bill by phone, in person, or at any CVS location, excluding locations that are inside Target, by bringing the barcode from their health insurance bill.
Open enrollment continues until Jan. 31. Lang said people can call to get a quote and learn about their options, but cannot currently enroll in new coverage as of Monday.
HealthSource RI for employers, a health insurance marketplace for small businesses, is not hosted on the RIBridges platform and remains up and running. But the program was previously hosted on RIBridges until March 2019, and Lang said a review is underway to determine if any private data from that program was part of the breach.
She said several hundred people called Health Source RI in a three-hour period on Monday.
The full list of programs known to be affected include Medicaid, Supplemental Nutrition Assistance Program (SNAP), Temporary Assistance for Needy Families (TANF), Childcare Assistance Program, HealthSource RI, Rhode Island Works, Long-Term Services and Supports, General Public Assistance, and At HOME Cost Share.
Other programs such as employment benefits or temporary disability insurance are not a part of the RIBridges portal and are not affected, state officials said.
Deloitte said it would “work around the clock to resolve this matter,” but declined to say whether it would be back online before January benefits are distributed. A spokesperson declined to say if the company might pay the ransom or what the deadline is to pay, citing the ongoing investigation.
Advertisement
State officials said they were still conducting a “full root cause analysis” into what caused the breach, which they learned about on Dec. 5. Officials said the hackers sent Deloitte a screenshot of file folders containing personable identifiable data on Dec. 10, and on Dec. 13 the vendor “confirmed there was malicious code present in the system,” prompting state officials to order Deloitte to shut down the entire system.
Asked why the private data was not encrypted, particularly after the Providence public school system was recently targeted in a similar ransomware attack, the state’s chief digital office Brian Tardiff said that would be part of the investigation.
State and federal law enforcement are also investigating the cyberattack.
Steph Machado can be reached at steph.machado@globe.com. Follow her @StephMachado.
Suspect in insurance CEO’s killing is not a folk hero
