A file containing embedded personal information for an estimated 5,600 Rhode Island benefit recipients was recently discovered on the state's Transparency Portal and its General Assembly websites, according to a statement the Rhode Island Office of Health & Human Services released yesterday.
Rhode Island officials discovered the file earlier this month and took immediate action to remove the information, according to the statement. The state benefits system, called Unified Health Infrastructure Project, manages public-assistance programs, such as Medicaid.
"At this time, we are unaware of any misuse of personal information," according to the statement. "However, out of an abundance of caution we are offering one year of voluntary credit monitoring service at no cost to our customers."
Rhode Island officials expects Deloitte Consulting — the vendor building the UHIP system — to reimburse the state for the cost of the credit monitoring service, according to WPRI 12. The office is also working with Deloitte to determine the origin of the error, as well as the exact number of affected recipients.
"Security is important to us, and we will continue to take every possible measure to ensure personal information is protected," the statement concluded.
The state government has spent $364 million on the UHIP system since implementing it in September, according to WPRI 12. This error marks the project's third breach, after two other potential unintended disclosures of personal information occurred in February and fall 2016, Rhode Island Public Radio reports.