The personal information of approximately 1.2 million individuals was compromised in a ransomware attack at the University of Hawaiʻi Cancer Center.
The incident took place on August 31, 2025. It affected servers that support the center’s research operations, but did not impact clinical operations or patient care.
According to an incident notice published by the University of Hawaiʻi last week, the extensive encryption applied by the attackers made it challenging to restore the affected systems and to assess the compromised data.
The university stated that it engaged with the threat actors to protect individuals whose sensitive information may have been exposed. They successfully acquired a decryption tool and ensured the destruction of any data that had been exfiltrated. However, the university did not disclose whether a ransom was paid.
Most of the compromised data was linked to a study established in 1993, in which over 215,000 people were recruited between 1993 and 1996.
Records of 87,493 study participants were affected by the attack. These records included names, Social Security numbers, and, for some participants, additional research-related and health information was also compromised. Moreover, the names, driver’s license details, Social Security numbers, and voter registration records of approximately 1.15 million individuals were also impacted.
The university emphasized that there was no effect on information held by the UH Cancer Center’s Clinical Trials operations, patient care, or other divisions. Additionally, UH student records remained unaffected.
To assist those impacted, the University of Hawaiʻi is offering 12 months of free credit monitoring and identity theft protection services.
The university continues its investigation into any other potentially compromised information, with support from law enforcement and cybersecurity experts.
