University of Hawaii Cancer Center has recently disclosed an August 2025 ransomware attack involving the acquisition of the sensitive data of study participants. University of Hawaii Cancer Center, part of the University of Hawaii (UH) System, is located in the Kakaʻako district of Honolulu and is the only National Cancer Institute-designated center in the state. According to the cancer center’s press release and breach reports to state attorneys general, unauthorized access to its computer network was discovered on or around August 31, 2025.
The affected servers were isolated, and an investigation was launched to determine the nature and scope of the unauthorized activity. University of Hawaii Cancer Center confirmed that a ransomware group had breached its network, encrypted files, and exfiltrated research files containing patient information. University of Hawaii Cancer Center said its electronic medical record system was unaffected; however, files were obtained that contained patients’ protected health information.
The majority of the stolen files related to a single research project. The review of those files revealed that some contained the Social Security numbers of research participants dating back to the 1990s. The University of Hawaii Cancer Center said that in the 1990s, Social Security numbers were used as patient identifiers; however, that practice has since been halted, and alternative identifiers are now used…