The University of Hawaii Cancer Center ransomware attack exposed sensitive personal data belonging to nearly 1.2 million individuals. University officials confirmed that attackers breached research servers and accessed historical datasets containing Social Security numbers and other identifiers.
The incident began in August 2025 but the center disclosed the full scope months later after investigators completed a forensic review.
How the Attack Happened
Attackers infiltrated servers within the Cancer Center’s Epidemiology Division on August 31, 2025. They encrypted systems and exfiltrated research files before security teams detected the intrusion.
Cybersecurity specialists worked with the university to contain the attack and restore access. The recovery process required months of technical review to identify which files attackers accessed.
The ransomware incident targeted research infrastructure rather than clinical treatment systems.
What Data Was Exposed
The compromised files primarily supported long-running epidemiological research programs, including the Multiethnic Cohort Study launched in 1993.
Exposed information may include:
- Names paired with Social Security numbers
- Historical Hawaii driver’s license numbers
- Older voter registration records
- Additional demographic research data
The affected records contain identifiers that researchers historically used for participant tracking and recruitment. The breach did not involve medical treatment records or direct patient care systems.
Number of People Affected
The university notified approximately 87,000 individuals who directly participated in the Multiethnic Cohort Study. However, historical state driver’s license and voter registration data within the research files expanded the scope.
Investigators determined that the total number of potentially affected individuals approaches 1.2 million.
University Response
The University of Hawaii Cancer Center reported the attack to law enforcement and engaged external cybersecurity experts. Officials obtained a decryption tool and began restoring systems while reviewing compromised data.
The university is offering:
- Twelve months of credit monitoring
- Identity theft protection services
- Dedicated support resources
Officials stated that they have not identified confirmed misuse of the stolen data. However, they continue monitoring for potential exposure.
Operational Impact
The ransomware attack did not disrupt patient care, clinical trials, or student systems. It specifically affected research data servers within the Epidemiology Division.
Following the breach, the university strengthened network monitoring, access controls, and data segmentation measures to reduce future risk.
What Affected Individuals Should Do
Anyone who may be affected should monitor financial accounts and credit reports closely. Enrolling in offered credit monitoring services provides additional protection.
Because Social Security numbers were part of the compromised data, long-term vigilance remains important.
Conclusion
The University of Hawaii Cancer Center ransomware attack exposed sensitive research data tied to nearly 1.2 million individuals. Attackers targeted research infrastructure and accessed historical identifiers, including Social Security numbers. While patient care systems remained intact, the scale of exposed personal data makes this one of the largest university-related ransomware incidents reported this year.
0 responses to “University of Hawaii Cancer Center Ransomware Attack Affects 1.2 Million”