The consulting firm that built and manages RIBridges has paid $5 million to the State of Rhode Island for expenses associated with the December data breach of the public benefits and health insurance system.

“Deloitte has recognized that the state has immediate and unexpected expenses related to the breach, and we appreciate their willingness to lend financial support,” Gov. Dan  McKee said in a statement Tuesday. 

A breakdown of the $5-million payment was not immediately available on Tuesday afternoon. Part of the cash will cover expenses incurred as a result of directly enrolling roughly 2,000 customers with Blue Cross & Blue Shield of Rhode Island and Neighborhood Health Plan of Rhode Island for the months of January and February, after the shutdown of HealthSource RI, the state’s health-insurance marketplace, McKee’s office said.

The temporary direct-enrollment program was offered to connect customers directly to insurers if they needed coverage immediately for January and February. The HealthSource marketplace, along with the rest of the RIBridges network – which includes programs like food stamps and certain home-care services – was shut down after the breach was confirmed on Dec. 13.

“HealthSource RI worked with insurance providers to offer customers who needed active coverage starting the first of the year to enroll directly with Neighborhood Health Plan of Rhode Island and Blue Cross Blue Shield of Rhode Island,” according to the press release. At least part of the $5 million is meant to cover the costs incurred by these customers.

McKee’s office announced the payment Tuesday after postponing a morning briefing for reporters on the topic of RIBridges. No new date and time for the press conference were announced. McKee spokesperson Olivia DaRocha said in an email that an advisory would be sent ahead of time once a new date and time are set.

A Deloitte spokesperson did not immediately respond to requests for comment. Deloitte has paid an unspecified amount for credit-monitoring and identity-protection services for people who may be affected by the breach, a number estimated to be around 657,000. That number was determined during a forensic analysis of the breach, by examining which parts of the network had been affected by the cybercriminals, state officials said in January. 

Globally, Deloitte made $67.2 billion in its fiscal year 2024, of which $33 billion came from the United States.  

In the meantime, the RIBridges system’s customer-facing HealthyRhode.RI.gov portal is largely back online. After system access was restored for state employees and other back-end workers in early January, staggered waves of customers began to receive password reset emails after Jan. 23. The emails do not include links to reduce suspicion of phishing attempts. 

After receiving instructions on how to reset their passwords, customers can log on once more to the RIBridges portal and access their data and apply for benefits. A popup message on the site Tuesday indicates new-user sign ups are available again.  

Alexander Castro covers education, health and technology for Rhode Island Current. He previously worked as a visual arts critic, curator and adjunct professor. Rhode Island Current is part of States Newsroom, the nation’s largest state-focused nonprofit news organization.