McKee Says “HealthyRhode” Customers to Get to “RI Bridges” Via “UHIP” - Are You Confused?

Name: Go Local Prov
Price range: $

Thursday, January 23, 2025

GoLocalProv News Team

Governor Dan McKee. PHOTO: Richard McCaffrey for GoLocal

If you are confused by Governor Dan McKee’s announcement on Thursday about the latest state workaround for the hacked Rhode Island database, join the club.

McKee and members of his administration announced at a press conference that if you were one of the 650,000 impacted, then you may be getting an email at some point in the future.

Further, the new workaround has been built by the state’s vendor, Deloitte, which is the same Deloitte that is being sued in federal court in multiple class action lawsuits for their failure to protect Rhode Islander's most sensitive data.

GET THE LATEST BREAKING NEWS HERE -- SIGN UP FOR GOLOCAL FREE DAILY EBLAST

McKee’s office said in the announcement, “This development comes after a successful relaunch of the system’s internally facing employee portal earlier this month. Previously, the State proactively took the RIBridges system offline due to security concerns associated with the recent data breach. After extensive testing and validation by Deloitte—the manager of RIBridges, the State, and the State’s third-party risk assessor, it has been determined that RIBridges is safe to use.”

GoLocal asked McKee’s office why Deloitte who the firm being blamed for the cyberattack, is working on the workaround.

McKee's office did not respond.

SEE THE HISTORY OF DELOITTE IN RI BELOW

It is believed that the personal data, including social security numbers, personal banking information, dates of birth, and additional personal information for 650,000 have been stolen by cyber attackers. Some of it has been found on the so-called "dark web."

Lawsuits Against Deloitte

Law firm Motley Rice wrote in its recent federal lawsuit against Deloitte, that the consulting company is to blame.

“Defendant disregarded the rights of Plaintiff and Class Members by, among other things, intentionally, willfully, recklessly, or negligently failing to implement adequate and reasonable measures to protect its data systems against unauthorized intrusions; failing to take standard and reasonably available steps to prevent the Data Breach; and failing to provide Plaintiff and Class Members prompt and accurate notice of the Data Breach,” according to the lawsuit.

Moreover, the lawsuit asserts the breach has the capacity to cause present and future harm.

“With access to the Private Information obtained in the Data Breach, data thieves have already engaged in identity theft and fraud. Additionally, the data thieves can and will commit crimes in the future including, for example, opening new financial accounts in Class Members’ names, taking out loans in Class Members’ names, using Class Members’ information to obtain government benefits, filing fraudulent tax returns using Class Members’ information, obtaining driver’s licenses in Class Members’ names but with another person’s photograph, and giving false information to police during an arrest,” the lawsuit alleges.

According to McKee's office, this is the new process:

The customer [those 650,000 that were hacked] e-mails will originate from the following address: [email protected]. Customers who do not receive an e-mail should not attempt to log in; if they do, they will be denied access.

What Customers Should Know

• At this time, customers with accounts can only log in after receiving an e-mail from [email protected]. During the phased relaunch, if a customer has not received an e-mail and attempts to log in early, they will not be able to log in. Customers should check their email periodically for updates about when they can access their accounts.

• The e-mail from [email protected] will not include any clickable links, as we want customers to be confident that this is not a phishing attempt or fraudulent message. Customers can go to healthyrhode.ri.gov to log in to their accounts. The email will have the state seal at the top and customers can scroll for Spanish and Portuguese translations. The state will not publish the e-mail online.

• Customers will log in with their username and current password and then be prompted to reset their password. After successfully resetting their password, they should be able to access their account. If a customer forgets their username or password, they should click on the “Forgot username/password” link for assistance. A customer will be locked out after three failed attempts to sign in and can only change their password once every 24 hours.

• During the initial relaunch process, existing or prospective customers who do not currently have a HealthyRhode account will not be able to create one. Account creation will be enabled soon. In the meantime, customers who need to manage existing benefits or apply for benefits can do so by contacting the Rhode Island Department of Human Services (DHS) or HealthSource RI (HSRI) directly. Likewise, the HealthyRhode Mobile app is not yet available.

• If customers have trouble logging in, resetting their password, or navigating their account, they should call the DHS or HSRI call center. Information about phone numbers and call center hours can be found at cyberalert.ri.gov.

History of Deloitte and UHIP in Rhode Island

2013 — “Original” Budget

The project — which goes back to the Chafee administration, which saw federal funding on the table for the technology for both boosting enrollment and tracking beneficiaries under Obamacare — was originally budgeted to cost between $110 and $135 million.

UHIP officially launched in 2013 with the “ultimate” goal of saving Rhode Islanders “more than $90 million each year, including more than $40 million in state general revenue.”

2015 — Costs Tripled

The UHIP cost tripled to $364 million by 2015 — even before the hybrid portal was launched. And taxpayer groups weighed in.

“With a similar net cost to Rhode Islanders as the 38 Studios debacle and the initial 38 Stadium proposal, the UHIP project is yet another example of government inefficiency and special interest spending, which will consume upwards of $77 million in state taxpayer dollars as well as hundreds of millions from federal taxpayers," wrote the Rhode Island Center for Freedom and Prosperity in September 2015.

2016 — Rollout By Raimondo Administration "Beyond Embarrassment"

“Impatience on behalf of state agencies’ leaders and inadequate preparation resulted in a half-baked program being thrust upon Rhode Islanders," said Finance Chairwoman Patricia Serpa in October of 2016.

"This time, it went beyond embarrassment and inconvenience, leaving our most vulnerable citizens — children, the elderly, the disabled, the needy — without support. This avoidable blunder affected thousands of human lives, and those responsible for it should account for their actions,” she added.

Rhode Island's biggest-ever IT project launched at the end of September — and what was originally a $135 million budget turned into $364 million the prior year. The state requested an additional $124 million in federal funding to bring the total to nearly a half billion dollars, for roughly $487.4 million from 2011 through 2018.

2016 — RI's Consultant, Deloitte, Had Problems With a Similar Project in Kentucky

Program vendor Deloitte had come under fire in Kentucky for the rollout of their “one-stop shop for benefits,” called “benefind.”

Deborah Yetter wrote for the Courier-Journal:

The launch of a new state public benefit system drew harsh criticism Thursday from lawmakers, with one calling for a state attorney general's examination of the contract with Deloitte Consulting, the company that built the $100-million system known as benefind.

"It seems like our most vulnerable populations are the ones who have paid for the shortcomings," Sen. Danny Carroll, a Paducah Republican, said of the system that caused massive disruptions in public benefits such as Medicaid and food stamps earlier this year. "Maybe that's something the attorney general should take a look at."

Carroll, co-chairman of the joint House-Senate Program Review and Investigations Committee, which held Thursday's hearing, suggested the attorney general could review whether Kentucky could recoup any of the funds it paid Deloitte and whether the contract offered sufficient protection to Kentucky in light of problems with the launch.

2017 — More Money Needed to Fund UHIP and Deloitte

Rhode Island then looked for an additional $124 million from the federal government for Fiscal Year 2018.

‘’This project continues to come in under the $364M that we have stated will be the cost for the first 5 years of the project. The request...to the federal government for authorization [is] for up to an additional $123.6M,” said Sophie O’Connell with the Rhode Island Office of Health and Human Services.

"This request preserves the state’s ability to consider policy options for accessing an elevated level of federal matching funds in the future. These are not base project costs and this represents a request for authorization for federal funding which may or may not become part of an EOHHS budget request to the Governor and then the General Assembly for FY18. We expect to receive a response from the federal government on this request this fall," said O'Connell.

January, 2017 — Raimondo Takes "Decisive Action" Months Later

As GoLocal reported in 2017:

Governor Gina Raimondo announced on Thursday that she took “decisive action” nearly four months following the botched UHIP rollout by accepting the resignations of two high-level staffers and withholding millions in payments to vendor Deloitte.

Critics of UHIP, which has adversely impacted thousands and is the subject of an ACLU lawsuit, were not impressed, however, by Raimondo’s assertion that action was taken quickly or effectively — and questioned the ousting of Melba DePena and Thom Guertin while keeping Secretary of Health and Human Services, Elizabeth Roberts.

“After four long months, the issue is not firing two people who weren't the real decision-makers,” said House Minority Leader Patricia Morgan. “The issue is why the top leaders chose to launch a woefully incomplete system to begin with. Those leaders knew it was not ready. "

“This is Governor Raimondo's total failure of leadership and the height of her arrogance,” said Republican Party Chair Brandon Bell. “She ignored warnings about launching from the federal government, she fired approximately 40 people prematurely and she hired political people who had no business running the Department of Human Services."

Among those who criticized Raimondo on Thursday was Nicholas Oliver with the Rhode Island Partnership for Home Care, who has seen significant ramifications result from the UHIP problems.

“Removing DHS Director DePena and Chief Digital Officer Guertin does not resolve provider reimbursement delays, nor resolves the current access to healthcare barriers caused by this UHIP implementation failure. I was underwhelmed by the Governor’s remarks today,” said Oliver.

February 2017 — Roberts Out, Wood Demoted

GoLocal reported:

Former Rhode Island Lt. Governor Elizabeth Roberts will resign as Secretary of Health and Human Services. In addition, Jennifer Wood who has served as Roberts' long-time deputy will be demoted.

The most damning development will be the release on Thursday of a report drafted in part by top Raimondo staffer Eric Beane.

That report will be released to the House Oversight Committee and is expected to unveil serious issues in management, decision-making, and a technology that is more flawed than previously reported.

February 2017 — Raimondo Speakes at Deloitte Conference

GoLocal unveiled that then-Governor Gina Raimondo was in California - at an event sponsored by UHIP consultant Deloitte, who she blasted earlier that week.

As GoLocal reported:

Raimondo's schedule for Friday lists partial details about the "Girls Who Code" summit.

But the Girls Who Code Facebook page provides even more information, including sponsor Deloitte.

"We paid them a lot of money, we didn’t get what we paid for," Raimondo said on Wednesday, of Deloitte's involvement in the UHIP debacle. "And they represented to us that it was in much better shape than in fact it was: defective functionality, incomplete interfaces, engines that still aren’t working."

"Deloitte is not paying for any of the travel," said Raimondo spokesperson David Ortiz on Friday. "She had already committed to be at the event, and was able to have a private conversation with the CEO of Deloitte consulting, who committed to being in regular communication with the Governor."

2017 — More Deloitte Problems

In 2017, there were more problems linked to Deloitte.

- Settlement Reached in Lawsuit Over Food Stamp Benefit Delays Caused by UHIP

- Federal Court Appoints Special Master

- Latest Deloitte-UHIP Debacle - Incorrect Tax Forms Sent to 3,000 HealthsourceRI Members

2019 — $11 Million Paid to Dead People and Other Key Findings of RI State Audit

GoLocal reported:

The Office of the Auditor General of Rhode Island issued a blistering report unveiling the payment of approximately $11 million paid to 10,800 dead people and other serious failures.

The report released before the House Oversight Commission by Rhode Island Auditor General Dennis Hoyle found serious flaws in compliance with federal requirements, potential technology security controls, and failed fiscal management.

The 443-page report found that a number of the failures were tied to the state's controversial UHIP computer system -- the program that the administration of Governor Raimondo has been trying to rebrand it as RIBridges.

The mismanagement of UHIP has led to oversight by the Federal Court to ensure the Raimondo administration complied with federal law.