URGENT UPDATE: A significant ransomware attack at the University of Hawaii Cancer Center has affected a staggering 1.24 million individuals, according to the latest reports. The attack, first detected on 31 August 2025, compromised vital research systems, raising alarms about data security in healthcare.
The breach specifically impacted servers within the center’s Epidemiology Division, although officials have confirmed that clinical operations, patient care, and student records remain secure. The university’s swift response has revealed that the breach involved two primary groups: approximately 1.15 million individuals from historical records and 87,493 participants from the long-running Multiethnic Cohort (MEC) Study.
The first group’s data dates back to 1998 and 2000, sourced from voter registration and the Department of Transportation. Unfortunately, many of these records contained Social Security numbers (SSNs) as primary identifiers. The second group’s stolen files include names, addresses, SSNs, and health-related information.
In a difficult decision, the university reportedly engaged with the attackers and agreed to pay a ransom to obtain a decryption tool and ensure the destruction of the stolen data. “The UH Cancer Center deeply regrets that this incident occurred,” stated Director Naoto T. Ueno, emphasizing their commitment to transparency and strengthening data protections.
This breach marks a troubling continuation of cyber threats for the University of Hawaii, following a previous incident in June 2023 involving the NoEscape ransomware group.
If you believe your information may have been compromised, the university is providing 12 months of free credit monitoring and $1 million in identity theft insurance. A dedicated call center is now open at (844) 443-0842 to assist affected individuals. However, it is crucial to act quickly, as the deadline for these services is 31 May 2026.
Cybersecurity experts are voicing their concerns about the implications of such breaches. John Bambenek, President at Bambenek Consulting, highlighted the dangers of delayed notification, noting that the attackers might have had access to sensitive data for months. He stated, “Many laws do not require a notice if the data is encrypted, but this case could lead to identity fraud while victims remained unaware.”
Jason Soroko, Senior Fellow at Sectigo, stressed the importance of robust network segmentation and backup systems to prevent such attacks in the future. He explained that proactive measures, including certificate-based authentication, can significantly reduce vulnerabilities.
Guru Gurushankar from ColorTokens warned that attacks on the healthcare and research sectors are increasing. He stated, “Organizations have to become breach-ready to maintain their resilience against these relentless threats.”
As the situation develops, the University of Hawaii Cancer Center is under pressure to enhance security measures and restore trust among its community. This incident serves as a stark reminder of the persistent threat posed by cybercriminals in today’s digital landscape.
Stay tuned for more updates as authorities continue to respond to this urgent situation.
