Rhode Island

The Donald W Wyatt Detention Facility discovered a data breach in November 2023. This breach affected 2,000 inmates, vendors, and staff. It involved malware that was installed on its computer systems. The facility released a statement indicating it believed different information types were taken from its systems and then posted on the dark web. These included names, medical data, financial details, and current as well as former staff records. Immediately after discovering the breach, Wyatt increased its security. The facility also worked with an external security expert to determine the cause of the incident. It also issued a notification to everyone involved.

Prospect Medical Holdings discovered a data security incident that disrupted the operation of its IT systems in August 2023. The company immediately shut down the access points to prevent further damage and began an investigation to assess the scope of the incident. Prospect Medical's investigation found that an unauthorized party had accessed its IT systems and acquired documentation related to facility patients. The information varied depending on the patient but generally entailed names, birth dates, diagnoses, medications, treatment information, dates of treatment, and financial data. The organization also notified patients who were affected via letters. The company also provided credit monitoring and identity protection services for those affected by the incident.

In December 2022, the Rhode Island Department of Health indicated that its systems were breached because a link to a spreadsheet was accidentally set in emails sent by a staff member. According to a spokesperson for the Department, the file contained information about people getting food box deliveries while they were in COVID-19 isolation or quarantine. To the department's knowledge, the file was accidentally emailed to 46 individuals on the list to get food box services. The spreadsheet had data such as names, personal needs, household details, addresses, and contact dates. An estimated 8,800 individuals were affected due to the data breach. These were notified following the discovery and investigation. The Department also claimed that anyone who wants to see if their information was compromised during the breach may contact their support team.

In July 2022, the Narragansett Bay Commission, which is in charge of the sewer systems in the Metropolitan Providence, experienced a cyberattack. One of the spokeswomen for the organization, Jamie Samons, said the attack involved an encryption of data on specific computers within the Commission's network. Though the spokeswoman did not specify if the ransom was paid, the spokeswoman indicated that those systems affected were those that controlled the sewage system. Law enforcement agencies were also contacted to assist with the investigation. It was reiterated that the Narragansett Bay Commission does not have Social Security or payment information. It enhanced security measures and trained all personnel on the importance of data security.

In June 2022, the city of Newport discovered unusual network activity, causing some of its systems to become unavailable. When the city learned about the activity, it immediately secured its networks and began an investigation into the event. Preliminary investigations revealed that hackers may have accessed the city's network. The information accessed included names, birth dates, Social Security numbers, addresses, financial account numbers, and group health insurance information. According to the notice, no customer information is believed to have been used negatively. That said, Newport also began mailing letters to all affected by the hack and arranged for credit monitoring and identity theft protection.