Here’s what we know so far.

At an emergency press conference on December 13, Governor Dan McKee said that a “a cybercriminal had installed dangerous malware that posed an urgent threat” prompting the government to close RIBridges.

State officials were notified of the potential threat on Dec. 5, but the McKee administration said officials chose not to publicly release that information until the RIBridges system was secure.

“At first, we weren’t sure how true the cybercriminals’ claims were,” Brian Tardiff, the state’s chief digital officer, told reporters when asked why the public hadn’t been informed more. early.

A few days later, on Dec. 10, the hackers sent Deloitte — the state vendor that oversees the system — a screenshot of records containing personally identifiable data, officials said. Deloitte later confirmed that malicious code was present in the system.

The hackers claimed to have a terabyte of data and demanded a ransom. Deloitte spokeswoman Karen Walsh later confirmed that the Brain Cipher group had claimed responsibility for the attack, and McKee said state officials believed the group could release the stolen data on the “dark web” at any time.

The McKee administration shut down the RIBridges site on Friday to minimize the impact of the cyberattack.

On Monday, a Deloitte spokesperson declined to say whether the company could pay the ransom or what the deadline was, emphasizing the ongoing investigation.

According to officials, the full list of programs known to be affected includes Medicaid, Supplemental Nutrition Assistance Program (SNAP), Temporary Assistance for Needy Families (TANF), Child Care Assistance Program, HealthSource RI, Rhode Island Works, Long-Term Services and Supports. , General public assistance and home cost sharing.

Other programs, such as employment benefits or temporary disability insurance, are not part of the RIBridges portal and are not affected, state officials said.

So far, officials have said the information of hundreds of thousands of people may have been exposed by the attack, and that people who may have only applied for benefits but not received them may also have been affected. The data stolen by the hackers dates back to at least 2019, officials said.

Karen Greco, a spokeswoman for the state Department of Administration, told the Globe Monday afternoon that officials could not provide a more precise estimate of the number of people potentially affected because the investigation is still ongoing. .

In an email released Tuesday, Jim Beardsworth, a DHS spokesperson, wrote that the department was unable to say how many people had applied for benefits from the agency since 2019 due to the closure of RIBridges .

But Beardsworth added that DHS serves about 350,000 Rhode Islanders each year, the vast majority of whom are Medicaid recipients.

Christina O’Reilly, a spokeswoman for HealthSource RI, the state’s health care exchange, wrote in an email Tuesday that it’s still unclear how many applicants or customers were affected.

O’Reilly also said there is limited data available on applicants and registrants. But she added that 107,720 people applied for state health coverage programs during open enrollment in 2024 — a figure that includes applicants for Medicaid, which HealthSource RI does not administer because it does not There is only one application for all state programs.

As of Oct. 31, there were 46,957 people enrolled in HealthSource RI programs, she said.

The state has opened a call center to help the public answer questions about the breach and how customers can take steps to protect their personal information.

The telephone number is 833-918-6603 and the reference number is B137035. The call center is open weekdays from 9 a.m. to 9 p.m. People can also visit cyberalert.ri.gov for more information about the violation.

Call center staff are unable to confirm whether caller information was included in the breach.

“Households whose personal information has been compromised will receive a letter in the mail from the state explaining how to access free credit monitoring,” the release said. website said.

State officials urged anyone who applied for the affected programs to freeze their credit with the three major credit reporting agencies, place a fraud alert on their accounts, change their passwords and use the multi-factor authentication to make it more difficult for unauthorized users. access accounts.

Officials are working on a backup plan for January benefit enrollment if RIBridges is not backed up by then.

In the meantime, DHS has returned to paper processing for new benefit applications, and additional staff have been deployed to field offices for those seeking in-person assistance in obtaining benefits, officials said.

Those trying to enroll in private health insurance for the first time through HealthSource RI can call 1-855-840-4774 to get a quote and learn their options, but cannot enroll while RIBridges is in breakdown, according to Lindsay. Lang, the director of this program. Open registration continues through Jan. 31, she said.

Those who have already enrolled or are automatically re-enrolling for benefits can pay their January bill by phone, in person, or at any CVS location (excluding locations inside Target stores) by bringing the barcode of their health insurance bill, Lang said. . Automatic payments should run normally in December.

HealthSource RI for Employers, a health insurance marketplace for small businesses, is not hosted on the RIBridges platform and remains operational.

Rhode Islanders whose information was exposed in the cyberattack filed class action lawsuits v. New York-based Deloitte Consulting on Sunday in Rhode Island and New York.

The complaints alleged that the company failed to properly secure, backup and encrypt people’s sensitive information, allowing a targeted cyberattack to compromise its network. The lawsuits also allege that Deloitte was careless with people’s private information and failed to properly monitor the network and computer systems.

Attorney General Peter Neronha said the state was also prepared to take legal action against Deloitte.

“We will pursue all legal actions to help those affected recover,” said Tim Rondeau, a spokesperson for Neronha.

Steph Machado of Globe Staff contributed to this report. Material from previous Globe articles was used in this report.

Christopher Gavin can be contacted at [email protected].