Investigation Launched into RIPTA Data Breach
A recently reported data breach impacting the Rhode Island Public Transit Authority (RIPTA) is to be investigated by the state's attorney general.
The protected health information (PHI) of thousands of individuals was involved in the data breach, which occurred when RIPTA was attacked by cyber-criminals last summer.
RIPTA reported the data breach to the Department of Health and Human Services’ Office for Civil Rights (OCR) as affecting 5,015 individuals who are members of the transport authority's group health plan.
The Providence Journal reports that the number of impacted individuals subsequently rose to 17,378.
Suspicious activity was identified on RIPTA's computer network on August 5, 2021, and – according to a breach notice posted to the authority's website – blocked the same day.
Digital forensic evidence of the cybercrime revealed that parts of RIPTA's network had been accessible to an unknown threat actor since August 3, 2021.
After reviewing what data the threat actor had been able to access, RIPTA determined that files containing the personal information of health plan members were stored in the comprised area of the network and that these files had been exfiltrated in the cyber-attack.
Data stored in the exfiltrated files included health plan