A not long ago noted facts breach impacting the Rhode Island Public Transit Authority (RIPTA) is to be investigated by the state’s attorney typical.
The secured health and fitness info (PHI) of countless numbers of persons was involved in the knowledge breach, which happened when RIPTA was attacked by cyber-criminals last summer months.
RIPTA reported the data breach to the Office of Wellness and Human Services’ Place of work for Civil Rights (OCR) as influencing 5,015 folks who are customers of the transport authority’s group wellness plan.
The Providence Journal reports that the variety of impacted people today subsequently rose to 17,378.
Suspicious exercise was recognized on RIPTA’s computer system network on August 5, 2021, and – in accordance to a breach detect posted to the authority’s website – blocked the exact working day.
Digital forensic evidence of the cybercrime uncovered that pieces of RIPTA’s network had been accessible to an mysterious risk actor due to the fact August 3, 2021.
Just after reviewing what information the risk actor had been able to accessibility, RIPTA established that information containing the own information of health plan customers have been stored in the comprised space of the network and that these files experienced been exfiltrated in the cyber-attack.
Data stored in the exfiltrated information bundled health plan members’ names, addresses, dates of start, Social Security numbers, Medicare ID numbers, qualification info, wellness plan ID numbers, and statements data.
According to a document sent to condition staff members by the Division of Administration on Wednesday, some of the PHI exfiltrated in the attack experienced been “incorrectly shared” with RIPTA by the state’s preceding wellness insurance service provider, UnitedHealthcare.
RIPTA senior government Courtney Marciano mentioned that the PHI of people today with no connection to RIPTA experienced been despatched to the transportation authority in error by UnitedHealthcare. RIPTA has given that switched its insurance coverage supplier to Horizon BlueCross/Blue Shield of Rhode Island.
Rhode Island attorney basic Peter Neronha stated his intention to investigate the details breach to the Providence Journal. Neronha’s probe will ascertain irrespective of whether any point out legal guidelines have been violated, these types of as the Identification Theft Security Act of 2015.
It is achievable that the OCR may perhaps investigate UnitedHealthcare about the seemingly impermissible disclosure of point out employees’ PHI to RIPTA.
Some parts of this post are sourced from: