The incident was discovered late on May 31, according to Channel 12 WPRI news. It affected devices at three state agencies, the departments of Children, Youth and Families; Human Services; and Behavioral Healthcare, Developmental Disabilities and Hospitals, according to newspaper The Providence Journal.
The Journal’s Madeleine List reported that the “malware, which originated from a generic phishing email,” made some state computers crash and resulted in “technical issues” on June 1 — but ultimately only “minimal service disruptions." Business hours and first-of-the-month benefits payments were unaffected, List wrote.
Channel 12’s Susan Campbell reported that less than 4 percent of 10,000 state devices were affected, and there had been no data breach and no data was compromised.
“In this case, we believe this could be through a generic phishing attack, clicking on a link in an email, just an external site which is clicked," Bijay Kumar, the state’s chief information officer and chief digital officer, told Channel 12. "We did some proactive upgrades and have since mitigated the issue."
Kumar told the TV station that devices that had crashed were at the agency level, and were “smaller PCs with lower processing power. That was the only impact we saw," he added. The May 31 incident puts Rhode Island in the company of several other local-level agencies that have experienced incidents or breaches during the past six months.
In the most high-profile incident on March 22, the city of Atlanta’s court and police department systems were among those compromised by a ransomware cyberattack that a university professor said at the time could have originated with a virus from the Samas or SAMSAM family. The incident, from which Atlanta has largely recovered, impacted a spectrum of city services, requiring police to temporarily produce handwritten incident reports; interrupting the processing of ticket payments; and disrupting the online payment of water and sewer bills.
On Dec. 5, hackers believed to be from Iran or Ukraine, froze data at Mecklenburg County, N.C., using a new type of ransomware called LockCrypt, before demanding payment in bitcoin. (Mecklenburg County didn’t pay; the city of Atlanta is believed to not have paid its attackers either.)
The North Carolina breach required the county to briefly shutter all online systems, including the public-facing areas of tax payments and code enforcement, but it relaunched core Tier One services within the month and had fully recovered by late March.
And on March 25, Baltimore’s 911 system was breached through an unprotected port, temporarily shuttering automated dispatch on 911 and 311 calls. City CIO and Chief Digital Officer Frank Johnson told The Baltimore Sun at the time that the agency was able to “isolate and take offline the affected server, thus mitigating the threat,” while continuing operations manually.
UPDATE: A recent incident of malware making its way onto state computers originated with a “phishing email,” Rhode Island Chief Information Officer Bijay Kumar confirmed to Government Technology in an email.
The incident came to light when officials “were alerted to instances of some of the state’s computers crashing,” said Kumar, who is also the state’s chief digital officer.
The agency’s IT team was “able to quickly identify, isolate and contain the malware over the weekend,” Kumar said, referring to the weekend of June 2-3. The state has “around 10,000 devices,” but “fewer than 400 computers may have been impacted,” he said, noting that Rhode Island “proactively updated” its systems to “quickly isolate and contain the incident.”
For security reasons, he declined to disclose exact details of how the malware was contained but said the state is “not seeing disruptions at this point,” although officials continue to monitor systems closely.
“We take security very seriously. As soon as we identified malware, we pulled in the Rhode Island State Police, the Rhode Island National Guard and the state’s Emergency Management Agency. Their cybersecurity experts worked successfully and quickly with our team to contain the problem,” he said.
In a changing threat environment, Rhode Island’s CIO said the evaluation and assessment of IT security is a continuous process, and that it’s more important than ever to invest in cybersecurity and employee education. Gov. Gina Raimondo has made this a focus, he said, forming the state’s Cybersecurity Commission in 2015 and hiring its first cybersecurity officer, Mike Steinmetz.
Rhode Island recently conducted a statewide cybersecurity assessment, Kumar said, which is being addressed to help enhance its cybersecurity across the enterprise.
“Our ability to identify, isolate and contain this so quickly is, in part, due to the investments we’ve made in people, processes and technology,” Kumar said, emphasizing the critical need public-sector agencies have for security awareness.
“Training employees how to identify a suspicious email may seem like a simple task, but it can make a world of difference. The state has implemented cybersecurity training for its employees, and we will continue to cultivate a cybersecurity-aware culture among our ranks,” he added.