On Monday, Gov. Dan McKee said his team has identified 650,000 people whose personal information was stolen in the recent cyberattack on the state’s IT system for social services.
...Earlier this month, the cyberattack shut down the state’s IT system known as RIBridges, which serves as an eligibility database for a host of social services, such as SNAP and Medicaid, along with subsidized health insurance through HealthSourceRI.
...According to McKee, the state aims to turn the system back on in January. In the meantime, R.I. Human Services Director Kim Merolla-Brito said people will still receive benefits through SNAP, Medicaid and other cash-assistance programs. She said EBT cards should be refilled for January under normal distribution methods.
She added that nobody will be terminated from Medicaid while the system is down.
Last week I reposted a press release & video from the Rhode Island Dept. of Administration explaining the details of a major security breach of the state's social services system.
Today it looks like the issue was a lot worse than I thought. via WPRI:
On Monday, Gov. Dan McKee said his team has identified 650,000 people whose personal information was stolen in the recent cyberattack on the state’s IT system for social services.
Yikes. FWIW, Rhode Island only has around 1.1 million people, so this basically means that 60% of the entire state population has had their personal info compromised.
...Earlier this month, the cyberattack shut down the state’s IT system known as RIBridges, which serves as an eligibility database for a host of social services, such as SNAP and Medicaid, along with subsidized health insurance through HealthSourceRI.
On December 13, 2024, the State was informed by its vendor, Deloitte, that there was a major security threat to RIBridges, the system that manages many of the state’s social services programs. Additionally, Deloitte confirmed that there is a high probability that a cybercriminal has obtained files with personally identifiable information.
This is the State of Rhode Island’s dedicated webpage for all the latest information on the breach. We understand this is an alarming situation, and we appreciate your patience as we investigate this matter. We will continue to navigate this challenge together.
Update 12/16/24: 5 Steps to Protect Your Personal Information Today
Governor McKee issued a public service announcement to encourage potentially impacted Rhode Islanders to take 5 steps to protect their personal information today. (see video above)
Update 12/15/24: RIBridges Data Breach Hotline Now Available
In response, a couple of weeks later the Centers for Medicare & Medicaid Services (CMS) issued a statement about the actions they're taking to resolve the issue,
In response, a couple of weeks later the Centers for Medicare & Medicaid Services (CMS) issued a statement about the actions they're taking to resolve the issue.
CMS is committed to protecting consumers in the Marketplace. CMS has received reports of consumers in HealthCare.gov states whose coverage was switched by agents and brokers without their knowledge. In response, CMS is taking swift actions to protect consumers from unauthorized activity by agents and brokers, and to root out bad actors who are violating CMS rules.
It's been a long time since I've reported on any significant cybersecurity problems at any of the ACA exchanges. The last one I can think of off the top of my head was nearly a decade ago, and even that was about how some early flaws had been fixed.
Unauthorized enrollment or plan-switching is emerging as a serious challenge for the ACA, also known as Obamacare. Brokers say the ease with which rogue agents can get into policyholder accounts in the 32 states served by the federal marketplace plays a major role in the problem, according to an investigation by KFF Health News.
Fire up the Wayback Machine, Peabody, and take us to September 2015:
AP's NEW "HC.gov Security Flaws" story attacks problems FIXED UP TO A YEAR AGO.
Last night I posted what seemed, at first, to be a merely-amusing (if a bit depressing) story about a Florida news station website accidentally (?) reposting a year-old AP newswire story about potential security vulnerabilities at Healthcare.Gov:
WASHINGTON -- The government's own watchdogs tried to hack into HealthCare.gov earlier this year and found what they termed a critical vulnerability - but also came away with respect for some of the health insurance site's security features.
Those are among the conclusions of a report released Tuesday by the Health and Human Services Department inspector general, who focuses on health care fraud.
The official tally of QHP selections nationally during the 2015 Open Enrollment Period (from 11/15/14 - 2/22/15) was 11,688,074 people.
The actual number of people still enrolled in effectuated plans (i.e., active) as of March 31, 2015, according to the HHS Dept., was 10,187,197 people. That's a net reduction of exactly 1,500,877.
On the surface, that may look bad, but bear in mind that with a 90% payment rate (which I suspect is actually pretty close to the non-ACA industry standard, and which is about 2 points better than last year), that means only about 10.5 million of the original enrollees would have been expected to actually be enrolled in March anyway. That leaves another 332,000 people who presumably paid up for January, February and/or March, but had dropped their policies by the end of March.
