Rhode Island officials have confirmed that the state’s public assistance system, RIBridges, was breached by the Brain Cipher ransomware gang, potentially exposing the sensitive personal data of residents. Managed by Deloitte, the RIBridges system supports essential programs like Medicaid, SNAP, and Rhode Island Works, and its compromise has left thousands of vulnerable citizens in limbo.
Discovery and Response
The breach was detected on December 5, 2024, and Deloitte’s investigation revealed a “high probability” that personally identifiable information (PII) and financial data had been accessed by attackers. In response, Rhode Island authorities took the system offline on December 13, suspending online and mobile access to RIBridges while they assessed the damage.
"On December 13, 2024, the State was informed by its vendor, Deloitte, that there was a major security threat to the RIBridges system," read a statement from Rhode Island officials. "We have proactively taken the system offline so that the State and Deloitte can work to address the threat and restore the system as quickly as possible."
Officials have started notifying affected households and have set up a dedicated call center to assist residents. Those impacted are being advised to reset passwords, activate fraud alerts, and monitor banking accounts closely.
The Brain Cipher Threat
Brain Cipher, a ransomware group that surfaced in June 2024, has quickly become a formidable player in the cybercrime landscape. Leveraging tools like the leaked LockBit 3.0 ransomware builder, the group is known for sophisticated, double-extortion tactics, which combine data theft with system encryption.
“Brain Cipher often gains initial access to systems through phishing campaigns, tricking victims into downloading malicious files,” explained Jon Miller, CEO of cybersecurity firm Halcyon. “They frequently target Windows domain administrator credentials, allowing them to maximize their reach across networks. This group’s strategy of data exfiltration followed by ransom demands leaves victims with little choice but to negotiate.”
Brain Cipher’s diverse targeting has already impacted critical infrastructure and public services worldwide. Earlier this year, they were linked to the breach of Indonesia’s National Data Center, causing disruptions to immigration and customs services. Their latest attack on RIBridges underscores their willingness to exploit vulnerabilities in government systems.
Expert Insights on the Attack
Cybersecurity experts have weighed in on the implications of the breach and the broader lessons for organizations. Yossi Rachman, Director of Security Research at Semperis, highlighted the timing of the attack, noting that ransomware gangs often strike during holidays when cybersecurity staffing is reduced.
“This ransomware attack discovered by Deloitte is yet another sobering reminder so close to the holidays that threat actors are persistent and motivated by greed,” Rachman said. “Kudos to Rhode Island’s governor for shutting down the infected systems while investigations continue. This is a necessary step to contain the damage.”
Rachman also emphasized the importance of adopting an "assumed breach mindset," which prepares organizations to respond more effectively to attacks. “In 90% of ransomware attacks, the victim’s identity system, most commonly Active Directory, will be compromised,” he said. “Organizations must monitor for unauthorized changes in real time and secure their critical systems.”
Lawrence Pingree, VP at Dispersive, echoed similar sentiments. “Ransomware continues to plague many organizations, and the strategies of protection against these threat actors must evolve,” Pingree advised. “Endpoint prevention, micro-segmentation, and the isolation of identity systems are key to reducing the impact of ransomware threats.”
The Path Forward
While Rhode Island and Deloitte work to restore RIBridges and secure its systems, the breach raises serious questions about the cybersecurity resilience of state-managed infrastructure. Ransomware attacks on public services have become increasingly common, exposing systemic weaknesses in legacy systems and the critical need for robust cybersecurity measures.
As investigations continue, experts stress that proactive measures, including real-time monitoring of critical systems, employee phishing awareness training, and disaster recovery planning, are essential to mitigating the impact of future attacks.
For Rhode Island residents, the incident serves as a stark reminder of the risks posed by cybercrime and the importance of personal vigilance in protecting sensitive information. As one of Brain Cipher’s latest victims, the state’s experience will likely shape future discussions on cybersecurity at the intersection of public policy and digital infrastructure.