A ransomware attack targeted the Epidemiology Division of the University of Hawaiʻi Cancer Center in late August 2025. Attackers encrypted systems and potentially stole research files containing personal information. The incident affected research servers only and left clinical operations and patient care untouched.
The breach exposed data from historical recruitment records used in epidemiological studies. These files included Social Security numbers and driver’s licence numbers drawn from Hawaiʻi Department of Transportation records collected in 2000 and City and County of Honolulu voter registration records from 1998.
Up to 1.15 million individuals faced potential exposure of names, dates of birth, and Social Security numbers. An additional 87,493 participants in the long-running Multiethnic Cohort Study may have had protected health information compromised as well.
University officials discovered the incident on or around 31 August 2025. They immediately isolated the affected systems, notified law enforcement, and engaged external cybersecurity experts. The team secured a decryption tool and obtained confirmation that the attackers destroyed any accessed information. No evidence has surfaced of the data being published, shared, or misused to date.
Researchers had stored the sensitive identifiers decades earlier to recruit participants for major cancer studies focused on diet, colorectal issues, and multiethnic health patterns. Many records dated back to the 1990s. The university began notifying potentially affected individuals in early 2026 and offered 12 months of free credit monitoring plus one million dollars in identity theft insurance. Deadlines for enrolment in these protections approached in April 2026.
The centre responded by rolling out extensive cybersecurity and governance enhancements. Leaders emphasised that the attack highlighted risks in legacy research datasets that many organisations overlook.
How long can research institutions continue to treat historical data as low priority before another breach erodes public trust in vital medical studies?
Author:Oje. Ese