University of Hawaii Cancer Center discloses august 2025 ransomware attack involving research participant data

The University of Hawaii Cancer Center confirmed that a ransomware attack discovered in late August 2025 resulted in the unauthorized acquisition of sensitive data belonging to participants in a research study, including some records containing Social Security numbers dating back to the 1990s.

The incident was identified on or around Aug. 31, 2025, when unauthorized access to the cancer center’s computer network was detected. Affected servers were immediately isolated, and an investigation was launched to determine the scope and impact of the intrusion. The University of Hawaii Cancer Center, a cancer research and treatment institution that is part of the University of Hawaii System, is located in the Kakaʻako district of Honolulu and is the only National Cancer Institute-designated cancer center in the state.

The investigation confirmed that a ransomware group breached the network, encrypted files, and exfiltrated research data containing patients’ protected health information. The cancer center said its electronic medical record system was not impacted. However, research files stored on compromised servers were accessed and removed by the attackers.

Most of the affected files were tied to a single research project. A review determined that some of those records included Social Security numbers used as patient identifiers in the 1990s. The cancer center said that practice has since been discontinued and replaced with alternative identification methods.

Citing the highly sensitive nature of the stolen data, the University of Hawaii made the decision to engage with the threat actor. The cancer center worked with third-party cybersecurity experts to obtain a decryption tool to restore encrypted files and paid a ransom to prevent public release of the stolen information. The center said it has received assurances that all exfiltrated data has been deleted.

A review of additional files unrelated to the research project is ongoing to determine whether they contain patient information. Notification letters have not yet been sent to affected individuals and will be mailed once current contact information is verified. Those impacted will be offered complimentary credit monitoring and identity theft protection services.

Recovery efforts have been prolonged due to the extent of file encryption, despite the payment of the ransom. The cancer center said it has implemented additional security measures, including replacing its firewall with a new system featuring enhanced security controls and deploying new endpoint protection software with continuous monitoring. Third-party cybersecurity experts have assessed and validated the updated security environment.

The incident has been reported to regulators. Because the file review remains incomplete, the total number of affected individuals has not yet been disclosed.