Data breach demands accountability, swift action

By the Rhode Island House Minority Caucus
Posted 1/9/25

The debacle surrounding Rhode Island’s Unified Health Infrastructure Project (UHIP), later rebranded as RIBridges, which is a custom computer system, has once again highlighted the failure of state leadership and their ill-advised reliance on the contractor Deloitte. This latest catastrophe...

This item is available in full to subscribers.

Please log in to continue

E-mail
Password
Log in

Data breach demands accountability, swift action

Posted

The debacle surrounding Rhode Island’s Unified Health Infrastructure Project (UHIP), later rebranded as RIBridges, which is a custom computer system, has once again highlighted the failure of state leadership and their ill-advised reliance on the contractor Deloitte. This latest catastrophe – a cyberattack compromising the personal information of 630,000 Rhode Islanders – demands immediate accountability and swift corrective action.

Since Rhode Island initially contracted with Deloitte to in 2013, UHIP has brought nothing but a string of failures. Initially projected to cost up to $135 million, the system’s price tag has ballooned to an astronomical $794 million. Despite these staggering costs, the system has been plagued by operational disruptions, including a disastrous 2016 launch that left thousands of residents without essential services and created a backlog of over 20,000 cases, while also giving benefits to people who weren’t even eligible to receive benefits. All of those ineligible benefits paid out were never recovered. The federal government issued warnings and even levied fines against Rhode Island, including an $805,000 penalty for unauthorized contract modifications. These funds, which could have been used to help families in need, were squandered to address Deloitte’s inadequacies.

Yet, despite these complete failures, state officials continued to contract with Deloitte.

The December data breach resulted in the exposure of personal data of Rhode Islanders who have relied on the system for programs like Medicaid, SNAP and TANF since 2016. This massive cyberattack has left 63% of our residents at risk of identity theft and financial harm. Deloitte, the vendor entrusted to safeguard this information, failed catastrophically. This mismanagement of taxpayer resources is irresponsible and must end immediately.

The time for action is now. Rhode Island leaders must demand a full audit of all contracts and expenditures related to UHIP and RIBridges, and Rhode Island must immediately terminate its relationship with Deloitte and transition to a modular, AI-ready system from a trusted vendor with a track record of success, unlike Deloitte. The responsibility for this ongoing disaster lies squarely with those who ignored warnings, renewed failing contracts and prioritized vendor relationships over the welfare of our residents. Rhode Islanders deserve a government that puts their interests first, not one that excuses incompetence and failure. The people of this state demand accountability, and failure of our state leaders to pursue accountability is failure of those leaders to be responsible to the citizens they represent.

Rhode Island still lacks an Independent Office of Inspector General, leaving the state with inadequate oversight mechanisms. To address this gap, the House Minority Caucus is urging the Joint Committee on Legislative Services (JCLS) to convene an emergency meeting and order a comprehensive audit under the authority of RIGL 22-13-4(e). The proposed audit, to be conducted by the Auditor General, must thoroughly examine Rhode Island's contracts with Deloitte from 2013 to the present. It should include a detailed review of all state departments, employees and contractors involved in awarding, extending or executing contracts tied to the UHIP/RIBridges project since its inception.

Given that a partial review of UHIP was conducted by the Attorney General seven years ago, JCLS could alternatively choose to invoke its authority under RIGL 22-13-4(d) to facilitate this process. To ensure transparency, the JCLS should direct the Auditor General to use statutory subpoena powers to compel witnesses and gather all relevant testimony and documentation. This audit must uncover the full scope of failures and financial costs associated with this unacceptable misuse of taxpayer funds.

The Rhode Island House Minority (Republican) Caucus is comprised of the following elected members: Minority Leader Michael W. Chippendale, District 40 (Foster/Glocester/Coventry); Minority Whip David J. Place, District 47 (Burrillville/Glocester); Representative George Nardone, District 28 (Coventry); Representative Brian Newberry, District 48 (North Smithfield/Burrillville); Representative Robert Quattrocchi, District 41 (Scituate/Cranston); Representative Sherry Roberts, District 29 (Coventry/West Greenwich); Representative Brian Rea, District 53 (Smithfield/Glocester); Representative-elect Richard Fascia, District 42 (Johnston/Cranston); Representative-elect Marie Hopkins, District 21 (Warwick); Representative-elect Chris Paplauskas, District 15 (Cranston); Representative-elect Paul Santucci, District 53 (Smithfield/Glocester).

Comments

No comments on this item Please log in to comment by clicking here