The old adage, “Fool me once, shame on you; fool me twice, shame on me,” needs a little bit of updating in light of the recent RIBridges data breach that has exposed more than 600,000 …
This item is available in full to subscribers.
If you are a current print subscriber, you can set up a free website account by clicking here.
Otherwise, click here to view your options for subscribing.
Please log in to continue |
|
The old adage, “Fool me once, shame on you; fool me twice, shame on me,” needs a little bit of updating in light of the recent RIBridges data breach that has exposed more than 600,000 Rhode Islanders to identity theft and other forms of financial crime.
In this situation, the adage should read something more like: “Fool me once, shame on you; fool me twice, shame on me … now, do you really, really promise this time not to fool me again? Be honest.”
And if something doesn’t change in regard to the state’s relationship with Deloitte, it is vulnerable Rhode Islanders and our state’s constantly dinged reputation that will continue to be made into fools.
There hardly seems much point in piling admonishment onto this situation. It is well documented at this point that the problematic rollout of the system formerly known as UHIP back in 2016 should have served as a warning call that at least one of two things was true about the state’s approach to setting up a “one-stop shop” for people to digitally shop and pay for a slew of critical social services.
One: that such an approach was always too ambitious, and such a “convenient,” unprecedented system where so much sensitive data was ferried into one place was always a bad idea (and unprecedented for a reason).
Two: the vendor hired to create and safeguard that system was either dishonest in its promises or inadequate to deliver on them. It should not have been given the trust to do so, much less given multiple contract extensions and options that span more than a decade which have to date generated over three quarters of a billion dollars in overall costs and overages, not to mention the unknown level of fraud that will hit some of Rhode Island’s most at-risk people.
The only thing – absolutely the only thing – that state leadership can do at this point is to cut ties with Deloitte and start over. If that means going back to pen-and-paper applications for a year or longer for services, so be it. If that means taking Deloitte to court and letting a federal judge adjudicate a punishment for this wanton mishandling of sensitive information, let it be done. To do anything less would indicate that state leadership is completely out of touch with just how much trust has been eroded between them and the people they serve.
And beyond leaving this disastrous relationship, Rhode Islanders should demand full transparency on exactly what happened in this data breach, and how it happened.
Did Deloitte do everything it was required to do to encrypt and secure this data? Could the information have been spared from being leaked if Deloitte had paid a ransom demanded by the hackers? Did it refuse to do so, despite being able to pay it? Will Deloitte be on the hook to restore any money lost to fraud as a result of its incompetence?
Will state leaders and legislators seek answers to these questions and deliver the truth to us, or will they hide behind a growing sense of public cynicism that such data breaches are just part of life now and we should just take our free TransUnion credit-monitoring coupon and get over it?
Comments
No comments on this item Please log in to comment by clicking here