$5 Million Deloitte Fund to Cover Rhode Island Ransomware Attack Expenses

February 13, 2025HIPAA News0

Rhode Island Governor Dan McKee has reported Deloitte’s decision to pay the state of Rhode Island $5 million for expenses sustained due to a ransomware attack in December 2024. The ransomware attack resulted in an extended shutdown of Rhode Island’s RI Bridges system. The system is used for managing the eligibility of state residents for public benefit programs, such as Medicaid, HealthSource RI, SNAP, and RI Works.

Deloitte discovered the cyberattack on December 5, 2024, and suffered an extended shutdown of the RI Bridges system. Over 650,000 Rhode Islanders’ personal data was stolen during the attack, and the information was uploaded to the ransomware group’s data leak website because no ransom was paid. The stolen data published online included names, contact details, Social Security numbers, and work information.

For about two months, the shutdown of the RI Bridges system kept roughly 2,000 Rhode Islanders from signing up for state-paid medical care insurance through Blue Cross & Blue Shield and Neighborhood Health. Lindsay Musser Hough of Deloitte Consulting stated that agreeing to pay the state $5 million does not signify an admission of fault or wrongdoing. The fund is being provided to assist the state and its constituents respond to the cyberattack. Governor McKee said when he announced the $5 million payment that Deloitte acknowledged the state’s urgent and unforeseen expenditures associated with the breach, and it willingly lent financial assistance.

Deloitte has likewise purchased identity theft protection and credit monitoring services for the 650,000+ people whose data were stolen during the ransomware attack and additionally paid for the expense of the data breach support center.

Because of this incident, stronger cybersecurity standards need to be implemented in government IT systems. Experts suggest using zero-trust security models, performing routine vulnerability assessments, and investing more in cybersecurity infrastructure. HIPAA law must also be observed to ensure the privacy of protected health information.

About Thomas Brown
Thomas Brown worked as a reporter for several years on ComplianceHome. Thomas is a seasoned journalist with several years experience in the healthcare sector and has contributed to healthcare and information technology news publishers. Thomas has a particular interest in the application of healthcare information technology to better serve the interest of patients, including areas such as data protection and innovations such as telehealth. Follow Thomas on X https://x.com/Thomas7Brown

ComplianceHome is a registered trademark. Copyright © 2025 ComplianceHome. All rights reserved.