University of Hawaii Cancer Center Struck by Ransomware

A significant ransomware attack has impacted the University of Hawaii Cancer Center, compromising decades-old research data and highlighting persistent cybersecurity threats facing academic and research institutions. The August 2025 breach targeted a single research project, with investigators later discovering stolen files from the 1990s that contained Social Security numbers of study participants. While clinical operations and patient care were unaffected, the incident underscores the vulnerability of historical data within vital research environments.

The University of Hawaii System, a major educational network founded in 1907, includes the Cancer Center in Honolulu’s Kakaʻako district. The center employs over 300 faculty and staff alongside 200 affiliate members. According to a report submitted to the state legislature, the attack was discovered on August 31. Officials immediately disconnected the affected systems and engaged cybersecurity experts to manage the investigation and notify external partners.

The extensive system encryption caused substantial delays in restoration and forensic analysis. A university spokesperson explained that during the response, the difficult choice was made to engage with the threat actors. This engagement aimed to protect individuals whose information might have been exposed. The compromised data involved a limited set of research files, not medical treatment records, but included historical personal information.

Initial assessments suggested most files contained only research data without personal identifiers. A deeper review, however, revealed the older documents containing Social Security numbers. These identifiers were used for participant tracking before the university adopted more modern methods.

The university confirmed it paid a ransom to obtain a decryption tool and to secure the deletion of the stolen information. This action was taken to protect individuals whose sensitive data was illegally obtained by the attackers. While notification to affected individuals is pending, the university has committed to contacting them as soon as reliable contact information is verified.

In the attack’s aftermath, UH has implemented several security upgrades. These measures include installing new endpoint protection software, replacing compromised hardware, resetting passwords, updating firewall software, and initiating third-party security audits for the Cancer Center. These steps are part of a broader effort to fortify defenses against future intrusion attempts.

This incident is not isolated within Hawaii or the broader academic sector. Earlier in the year, Hawaiian Airlines reported a cyberattack that disrupted some IT systems, though it did not compromise flight safety. Furthermore, a wave of voice phishing attacks targeted prestigious U.S. universities like Princeton, Harvard, and the University of Pennsylvania starting in late October, compromising donor and alumni systems.

The Clop ransomware gang was notably active, breaching Harvard and the University of Pennsylvania by exploiting a zero-day vulnerability in Oracle E-Business Suite. This campaign resulted in the theft of sensitive personal and financial data from students, staff, and suppliers. In a separate incident, Baker University disclosed a data breach from the previous year that exposed the personal, health, and financial information of more than 53,000 individuals.

(Source: Bleeping Computer)