State senator DiPalma wants answers on how RIPTA breach happened — so there isn't a repeat [The Providence Journal]
The
Among them: Who within RIPTA received files containing personal information about state workers with no connection to the agency? Why was that data not deleted?
And do we know where else similar data might be stored on state servers?
"We're talking about 17,000 individuals that are impacted, and could be impacted for life," DiPalma said. "How do we ensure this doesn't happen again?"
RIPTA revealed in late December that hackers had obtained files that contained information including
'Reviewing this incident': Attorney general will probe whether RIPTA's handling of data breach complied with the law
That data was "incorrectly shared" with RIPTA by the state's previous health insurance provider, according to a lengthy FAQ document that was sent to state employees by the
The state's current health insurer is
Meanwhile, the office of Health Insurance Commissioner
DiPalma said it will be important to know exactly how the data was shared with RIPTA: Was it in an email to the transit agency, or did someone at RIPTA have to click a link to gain access?
"Neither one is good," he said — but it's context that's necessary because avoiding a repeat requires knowing more about how RIPTA acquired the data in the first place. Similarly, it's important to know how long the data was sitting on RIPTA's servers, and if it was all shared with RIPTA on one occasion or in separate incidents that span multiple years.
Hacker hit RIPTA: Here's why over 17,000 state employees discovered their data was stolen
Initially, the DOA told state workers that the compromised files appeared to contain information from 2013 to 2015. The agency has since corrected that statement, saying "the subject period of the data files extends to a currently undetermined point in early 2020."
IT officials should do a "sweep" to find out where else information like
The state's
"Someone at some point should have raised their hands and said, 'Should I have this?'" DiPalma said. He's seeking clarity on whether there was a protocol in place that should have been followed — which might indicate that there needs to be more training so that state employees are aware of what to do if they inadvertently end up possessing sensitive data in the future.
"There's still many more questions to be answered for us to have a complete understanding of the situation, and I'll be looking to get those answers," DiPalma said.
In Providence:: Elorza proposes millions for housing, reparations in new COVID-relief fund spending plan
RIPTA has not answered questions about who received the data that was improperly shared with the agency, and why it wasn't deleted.
"As the situation continues to be examined, it is important to note that RIPTA has complied with and fulfilled all of its legal obligations and continues to cooperate fully with the attorney general's investigation," senior executive officer
The exact number of people whose data was stolen in the RIPTA breach has been an ongoing source of confusion.
Letters mailed out to victims state that the incident "involves 17,378 people in
Winter storm watch: 4 to 6 inches of snow likely Friday, heavy during morning commute
A third number can be found on the
Marciano said on Wednesday that the discrepancy reflects that "the total number of individuals whose personal health information was affected by the incident pursuant to HIPAA" was 5,015.
According to the DOA, employees who received a letter saying that their personal data had been compromised are "encouraged to actively monitor for the possibility of fraud and identity theft by reviewing your credit reports and account statements for any unauthorized activity regularly," and sign up for the free credit monitoring provided by RIPTA.
Receiving a letter doesn't necessarily mean that you have been a victim of identity fraud, the guidance notes.
RIPTA did not say who would be footing the bill for the full year of Equifax credit monitoring that is being offered to people whose information was compromised.
©2022 www.providencejournal.com. Visit providencejournal.com. Distributed by Tribune Content Agency, LLC.


Marijuana users' risk of deadly complication doubles after rare type of bleeding stroke
State leaders, insurance experts outline how Marshall Fire victims can get help
Advisor News
- Dutch gambling tax hike falls short as prediction markets eye World Cup
- Caregiving: A challenge that costs employers billions
- Could your practice benefit from an advisory board?
- SEC nears settlement with accused scammer Tai Lopez
- The 3 things that shrink your Social Security income
More Advisor NewsAnnuity News
- Globe Life Inc. (NYSE: GL) Highlighted for Surprising Price Action
- Trademark Application for “EMPOWER YOUR MONEY” Filed by Empower Annuity Insurance Company of America: Empower Annuity Insurance Company of America
- Built-in guaranteed annuities: What advisors should know
- Malibu Life Holdings Completes Acquisition of TruSpire, Establishing Malibu USA and Accelerating Entry into the U.S. Retail Annuity Market
- Why job boards are failing insurance agencies
More Annuity NewsHealth/Employee Benefits News
- They Harvest the Nation's Food, but a New Rule May Strip Them of Health Insurance
- Colorado hospitals poised to receive $455 million Medicaid funding boost
- State Health Plan brings back Blue Cross NC, approves Novant and UNC Health deals
- Findings in Type 2 Diabetes Reported from Institute of Urban and Demographic Studies (Impact of Health Insurance Coverage on Diabetes Care Quality: A Systematic Review and Meta-analysis of Racial, Ethnic, and Gender Disparities in U.S. Adults …): Nutritional and Metabolic Diseases and Conditions – Type 2 Diabetes
- Nassau University Medical Center Researchers Provide New Study Findings on Health and Medicine (Health insurance payor type and care deviations in patients with trauma with lower extremity fractures): Health and Medicine
More Health/Employee Benefits NewsLife Insurance News
- Could your practice benefit from an advisory board?
- AM Best Revises Outlooks to Stable for Missouri Farm Bureau Group’s Members and Farm Bureau Life Insurance Company of Missouri
- Globe Life Inc. (NYSE: GL) Highlighted for Surprising Price Action
- AM Best Assigns Credit Ratings to China Ping An Insurance (Hong Kong) Company Limited
- Reliance Matrix Expands Employee Navigator Integration with New Evidence of Insurability (EOI) API Enhancement
More Life Insurance News