University of Hawaiʻi Discloses Breach Impacting Cancer Research Study Participants

The University of Hawaiʻi has announced a recent data security incident involving its cancer research center, in which sensitive personal information of research study participants was compromised.

 

The University of Hawaiʻi (UH) Cancer Center is the only NCI-designated cancer center in Hawaiʻi and the Pacific, serving as the University of Hawaiʻi at Mānoa’s research arm. Based in Kakaʻako, it focuses on reducing cancer burden through research, clinical trials, education, and community outreach, with an emphasis on regional ethnic, cultural, and environmental health disparities.

 

In a data security incident notice published on its website, UH stated that on August 31, it identified a cyber security incident limited to specific servers supporting the Cancer Center’s research operations. The healthcare provider immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

It also took steps to secure the affected network and notified relevant law enforcement authorities about the incident.

 

“During the course of the investigation, it was determined that an unauthorised third party had access to and the opportunity to exfiltrate a subset of research files on the servers supporting the research operations at the Cancer Center,” UH said.

 

A preliminary investigation found that most affected files were tied to a specific cancer study and contained only research data, but a detailed review later confirmed that some files from the 1990s included Social Security numbers used at the time to identify participants.

 

UH, however, confirmed that the compromised data was limited to research files and did not include medical records of patients treated at or in connection with the Cancer Center.

 

UH said it is in the process of identifying affected individuals and will notify them soon, adding that it will offer complimentary identity protection and credit monitoring services where applicable.