Data Breach at University of Hawaiʻi Cancer Center Impacts 1.2 Million Individuals
On August 31, 2025, the University of Hawaiʻi Cancer Center suffered a significant data breach affecting nearly 1.2 million individuals. A ransomware attack compromised personal data, including names, Social Security numbers, driver's license details, voter registration records, and health-related information. This incident highlights the importance of robust cybersecurity measures in protecting sensitive information.
The Attack and Its Impact
The University of Hawaiʻi Cancer Center reported that the ransomware attack was isolated to specific systems supporting its Epidemiology Division, with no impact on clinical care or patient services. The organization engaged with the threat actors to obtain a decryption tool and secure assurances that exfiltrated data was destroyed. However, it is unclear whether a ransom was paid.
The breach involved three main groups of stolen data: names and Social Security numbers from Hawaii driver's license and voter registration records (1998-2000); files related to the Multiethnic Cohort Study and other cancer research projects; and additional research registry files with names and SSNs collected from public health sources. Most of the exposed data relates to a long-running study launched in 1993, which recruited over 215,000 participants.
Key Facts About the Breach
* **Number of Affected Individuals**: Approximately 1.2 million individuals have been impacted by the breach. * **Types of Stolen Data**: Names, Social Security numbers, driver's license details, voter registration records, and health-related information were compromised. * **Duration of the Breach**: The attack occurred on August 31, 2025, with the breach discovered shortly thereafter.
Why This Incident Matters
This data breach highlights the need for robust cybersecurity measures to protect sensitive information. Ransomware attacks can have severe consequences, including financial losses and damage to an organization's reputation. The University of Hawaiʻi Cancer Center's response to the attack demonstrates the importance of collaboration with law enforcement and external cybersecurity experts in investigating and mitigating security breaches.
What Can Be Learned From This Incident?
This incident serves as a reminder that even well-established organizations can fall victim to cyber attacks. The University of Hawaiʻi Cancer Center's response to the breach demonstrates the importance of having robust cybersecurity measures in place, including regular backups, employee training, and incident response plans.
Conclusion
The data breach at the University of Hawaiʻi Cancer Center serves as a stark reminder of the importance of robust cybersecurity measures. By understanding the impact of such breaches and taking proactive steps to prevent them, organizations can better protect sensitive information and minimize the risk of financial losses and reputational damage.
Stay informed about the latest cybersecurity news and trends by following me on Twitter: @securityaffairs and Facebook and Mastodon (SecurityAffairs – hacking, University of Hawaiʻi Cancer Center).