ATLANTA — As Rhode Island deals with a serious data breach impacting the state’s benefits system, Georgia officials confirm no related issues in the Peach State.
On Friday, Rhode Island Gov. Daniel McKee announced a major cyberattack impacting that state’s online system for delivering health and human services benefits.
The system known as RIBridges was taken offline on Friday, after the state was informed by its vendor, Deloitte, that there was a major security threat to the system. The vendor confirmed that “there is a high probability that a cybercriminal has obtained files with personally identifiable information from RIBridges,” the state said. A timeline of events as conveyed by the state can be found here.
According to Rhode Island officials, families who have received or applied for programs or benefits including Medicaid, SNAP and TANF could be impacted by the leak with hackers demanding a ransom.
The state urged Rhode Islanders to take action to protect their personal information, which may include names, addresses, dates of birth, Social Security numbers and certain banking information.
According to Rhode Island NBC station WJAR, federal lawsuits have now been filed against Deloitte on behalf of two Rhode Islanders seeking damages, claiming Deloitte failed "to implement adequate and reasonable cyber-security procedures" and maintained customer information "in a reckless manner.”
Deloitte also manages the Georgia Gateway system, the site where Georgia families can apply for and manage benefit programs. Learning of the Rhode Island breach, 11Alive reached out to the Georgia Department of Human Services to check on any local impact, also inquiring whether Deloitte will be providing any security updates to bolster the Georgia system.
“The agency works closely with its vendor to ensure the security of applicant and beneficiary information,” a DHS spokesperson responded via email to 11Alive's questions. “At this time, we have no indication that any sort of breach has occurred, although we are continuing to monitor the situation.”
In a statement to 11Alive, a spokesperson for Deloitte confirmed that Rhode Island’s system is “the only client system impacted by the Brain Cipher data breach.”
“There is no impact to Georgia Gateway or to any other Deloitte clients,” the spokesperson said via email (italicizations part of original statement). “There is also no impact to any Deloitte systems. RIBridges sits outside the Deloitte network. The planned system maintenance in Georgia this weekend is unrelated to the Rhode Island cyber incident. For your information, here is the media statement that Deloitte issued on December 13, 2024 :
“Upon learning that a state system supported by Deloitte had been attacked by an international cybercriminal group, we launched an investigation in collaboration with our client and law enforcement officials. While that investigation is ongoing, we have shown over the past decade our unwavering commitment to the State of Rhode Island and the people they serve. We will continue to work around the clock to resolve this matter.”
Meanwhile, the Georgia Gateway website indicates site maintenance is planned for this week. A spokesperson for Georgia DHS called such maintenance “routine.”
