Deloitte has provided Rhode Island with $5m to help cover costs arising from the RIBridges data breach, following a request from the state’s Governor Dan McKee. The funding will support ongoing response efforts following the cyberattack, which compromised the personal data of approximately 650,000 individuals.
RIBridges is the state’s integrated eligibility system, managing Rhode Island’s social services programmes, including Medicaid, Temporary Assistance for Needy Families (TANF), and the Supplemental Nutrition Assistance Program (SNAP). It also facilitates HealthSource RI, the state’s health insurance exchange.
The financial support from Deloitte will help address costs related to around 2,000 HealthSource RI customers who were directly enrolled in health coverage for January and February.
The breach, which took place in December 2024 and was attributed to the ransomware group Brain Cipher, resulted in unauthorised access to sensitive records, including Social Security numbers, addresses, dates of birth, and banking details. In addition to the financial commitment, Deloitte is funding a dedicated call centre, credit monitoring, and identity protection services for those affected.
“Deloitte has recognised that the state has immediate and unexpected expenses related to the breach, and we appreciate their willingness to lend financial support,” said Governor Dan McKee.
Cyberattack exploited state IT infrastructure
Deloitte first detected unauthorised activity within RIBridges on 5 December 2024 and immediately alerted Rhode Island officials. Five days later, hackers published screenshots of stolen files on dark web forums, confirming data exfiltration. By 13 December, forensic analysts identified malicious code within the system, prompting a full shutdown of RIBridges to contain the threat and prevent further compromise.
The attack exposed vulnerabilities in the state’s IT infrastructure, raising concerns about the security of public-sector platforms managing highly sensitive citizen data. Brain Cipher, which claimed responsibility for this, is a ransomware group active since mid-2024. The group is known for using LockBit 3.0 malware to infiltrate networks. Its attackers likely gained initial access through phishing campaigns, leveraging compromised administrator credentials to escalate privileges and exfiltrate data.
Following the breach, Rhode Island engaged federal law enforcement agencies, the Rhode Island State Police, and third-party cybersecurity experts to assess the full impact. Deloitte has since implemented additional security measures and continues to work with state IT teams to reinforce system defences.
After extensive security audits and system validation, Rhode Island has begun a controlled relaunch of the HealthyRhode customer portal, part of the RIBridges system. Authorities are allowing limited user access to reset passwords and verify account security before a full public rollout. Last month, the state successfully reactivated the system’s internal employee portal after confirming its stability.
To prevent further disruptions, the phased approach is designed to monitor system performance and identify potential vulnerabilities before expanding access. The state will determine the timeline for full restoration based on initial test results.
Read more: LockBit 3.0 ransomware gang claims responsibility for Royal Mail cyberattack
