Brain Cipher begins leaking stolen data from Rhode Island

Rhode Island Governor Dan McKee has confirmed that cybercriminals are attempting to leak stolen data after gaining unauthorized access to the state’s central platform for operating numerous health and human services, including social benefits.

WHY IT’S IMPORTANT

McKee’s office said Monday that, according to consultant Deloitte, the hackers who broke into the IT system for the state’s health and benefits programs earlier this month released a series of files on the dark web, WPRI reported.

“Today, cybercriminals have published at least some of the Rhode Island Bridge information and data files on the dark web,” McKee said at a press conference.

In an earlier update on its website, the state said Deloitte “has confirmed a high probability that a cybercriminal has obtained files containing personally identifiable information.”

The consultant works with the state to generate the list of affected individuals.

“Once we have that information, we will send letters to those individuals with instructions on how to access free credit monitoring,” the alert said.

HealthSource RI, the state’s marketplace for affordable health care coverage, is part of the Ocean State Department of Administration’s RIBridges system and is temporarily unavailable due to the cyberattack announced on December 13.

According to the state website, the system that Deloitte manages is the main operational system for state management, including legal services, accounting and auditing, management and budgeting, purchasing, auditing, human resources, certain human resources services, capital equipment management and maintenance, IT, energy resources and many internal services.

The state took the system offline after Deloitte discovered the network intrusion.

RIBridges also administers the state’s Medicaid, SNAP and other social programs, many of which have transitioned to manual processes.

Due to the outage, HealthSource RI has extended open enrollment from Tuesday’s deadline to February 28 through its call center. Patients with plans that do not automatically renew before 2025 will now be renewed until the system is restored and they can select new plans, the warning on the website said.

Government officials said they have identified about 650,000 people whose personal information — including Social Security and bank account numbers — was stolen from the system.

Databreaches.net reported on Monday that it had contacted Brain Cipher, and the ransomware group confirmed that they were responsible for the RIBridges attack and inspected the archive file of personal information provided by the threat actors.

However, reaching the threat actors’ dark web leak site is a challenge, said the story.

Brain Cipher told the publication that they suffered a denial-of-service attack to try to prevent them from leaking the data.

THE BIG TREND

State registries that contain protected health information are targets of cyberattacks, and criminals have been known to publish protected data.

In July, RansomHub began leaking Florida Department of Health employee data, prescription data, screening information, Social Security numbers, and more on a Tor-based leak site. The group claimed to have stolen 100 gigabytes of data from the Sunshine State’s public health network.

Cybersecurity challenges in healthcare are outpacing all other industries, according to an analysis of 2023 cyberattacks by SecurityScorecard, a supply chain cybersecurity firm.

The industry is also a leader in third-party data breaches, which ensnare providers, healthcare facilities, healthcare organizations and public health networks. Two years ago, a ransomware attack on a federal vendor, Healthcare Management Solutions, had the potential to affect up to 254,000 Medicare beneficiaries.

While the Centers for Medicare and Medicaid Services said the vendor breached its obligations, the federal agency is also being investigated by the U.S. Health and Human Services Office of Civil Rights for a cyber breach which ultimately affected 3,112,815 individuals, as reported in September.

The recent CMS data breach was one in a series related to a vulnerability in the file transfer tool MOVEit.

ON THE RECORD

“Our top priority is exactly what we talked about: informing people, getting the information out, letting people protect their identities and also getting those benefits out,” McKee said in response to a question about the state’s ongoing relationship with Deloitte in Monday’s television press. conference. “We will look at the issues related to IT on a day-by-day basis.”

Andrea Fox is editor-in-chief of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.