University of Hawaiʻi Cancer Center Ransomware Breach Exposes Data of Up to 1.2 Million People
The University of Hawaiʻi confirmed that a ransomware attack against the UH Cancer Center’s Epidemiology Division led to the theft of sensitive data affecting up to ~1.2 million individuals. The intrusion occurred in August 2025, and the university began issuing notifications in late February, including letters to 87,493 participants in the Multiethnic Cohort (MEC) Study and additional outreach tied to roughly 900,000 discovered email addresses. UH stated the incident did not impact Cancer Center clinical trials operations, patient care, other Cancer Center divisions, or UH student records.
Disclosed exposed data includes research and registry-related files containing names and Social Security numbers, and in some cases driver’s license numbers and health information associated with the MEC Study (1993–1996) and other diet/cancer studies, as well as historical datasets sourced from state transportation and voter registration records (late 1990s/2000s). Reporting also indicates the affected records include SSN identifiers from historical driver’s license and voter registration data, expanding the potential impacted population beyond the MEC cohort to approximately 1.15 million additional individuals whose information may have been present in those datasets.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
6 events from the most recent confirmed update back to the earliest known activity.
UH publicly discloses the ransomware breach and scope of impact
By 2026-03-03, the University of Hawaiʻi Cancer Center publicly confirmed that the August 2025 ransomware attack exposed sensitive data for nearly 1.2 million people. The disclosure clarified the affected division, the types of data exposed, and that the incident was confined to research operations.
UH begins mailing breach notifications to affected individuals
On 2026-02-23, the university began sending notification letters to more than 87,000 participants in the Multiethnic Cohort Study and started notifying other potentially impacted individuals. UH also offered 12 months of credit monitoring and identity theft protection to eligible victims.
Investigation finds legacy research data exposure affecting about 1.2 million
The investigation determined that compromised files included historical research and recruitment records dating back to the 1990s, exposing names, Social Security numbers, driver's license information, voter registration records, and some health-related data. UH said the breach affected approximately 1.2 million individuals, including Multiethnic Cohort Study participants and people tied to roughly 900,000 discovered email addresses.
UH engages attackers for decryptor and seeks destruction of stolen data
During response efforts, UH communicated with the threat actors to obtain a decryption tool and sought assurances that exfiltrated data would be securely destroyed. Multiple reports indicate the university acknowledged paying the attackers as part of this process.
UH disconnects systems, starts investigation, and notifies law enforcement
After identifying the attack, UH disconnected affected systems, removed the threat actor, notified law enforcement, and brought in external cybersecurity experts to investigate. Extensive encryption of affected data delayed restoration and the full impact assessment.
UH Cancer Center ransomware attack begins in Epidemiology Division
Around 2025-08-31, threat actors breached and encrypted systems supporting the University of Hawaiʻi Cancer Center's Epidemiology Division research operations. The university said the incident was limited to research systems and did not affect clinical trials, patient care, other divisions, or student records.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
5 references tracked. Mallory keeps watching after this page renders.
Ransomware Breach at University of Hawaii Cancer Center Affects 1.2M People
hackread.com
Open sourceData breach at University of Hawaiʻi Cancer Center impacts 1.2 Million individuals
securityaffairs.com
Open sourceRansomware attack exposes 1.2 million University of Hawaii Cancer Center records | news | SC Media
scworld.com
Open sourceUH Cancer Center data breach affects nearly 1.2 million people
bleepingcomputer.com
Open sourceteiss - News - University of Hawaiʻi Cancer Center says up to 1.2 million affected in ransomware breach
teiss.co.uk
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Ransomware and Data-Theft Incidents Impacting US Healthcare and Education Organizations
The University of Hawaiʻi Cancer Center confirmed a **ransomware-driven data breach** affecting its epidemiology division, with the potential exposure of data tied to up to **1.2 million individuals**. The university reported that attackers accessed files containing **SSNs and driver’s license numbers** sourced from historical Hawaiʻi DOT records and Honolulu voter registration data (dating back to 1998), as well as health-related research data connected to the **Multiethnic Cohort (MEC) Study** and other diet-and-cancer studies; the incident was discovered on **August 31, 2025**, and the university acknowledged it engaged with the threat actors while restoration and impact assessment were underway. Separately, a “cyber incident” caused a **five-school-day internet outage** at the Denmark School District in Wisconsin; the **INC Ransom** group claimed the victim on its leak site, alleging both **encryption** and theft of roughly **70.76 GB** of data, though the district had not publicly confirmed ransomware or data exfiltration. In the healthcare sector, **Insight Hospital and Medical Center** in Chicago reported unauthorized network access between **August 22 and September 11, 2025**, and the **Termite** group later claimed to have stolen and then **leaked ~360 GB** (about 900,000 files) of “confidential data,” including medical imaging files (e.g., `.dcm`), raising the likelihood of exposure of both identity data and protected health information.
Mar 21, 2026
University of Hawaii Cancer Center Ransomware Breach and Delayed Disclosure
The **University of Hawaii (UH) Cancer Center** disclosed that a ransomware intrusion affecting a single cancer research project led to the encryption of systems and the theft of a limited set of research files, including some legacy documents from the 1990s containing **Social Security numbers** used to identify study participants. UH reported the incident occurred in late August 2025 and said clinical operations and patient care were not impacted, but recovery and investigation were delayed due to the extent of encryption damage; UH also stated it engaged external experts, isolated affected systems, and negotiated with the attackers, including paying to obtain a decryptor and seeking assurances of deletion of stolen data. The disclosure drew scrutiny because UH reportedly notified the state legislature well after Hawaii’s **20-day breach reporting deadline**, and the university has not provided key details such as the specific research project, the number of affected individuals, or concrete measures proving the stolen data was not exposed after negotiations. Separate reporting on unrelated ransomware activity included **Everest** claiming a breach of **Nissan** with an alleged 900GB data theft and **Trellix** research describing **CrazyHunter** ransomware targeting Taiwan healthcare organizations; those items do not appear connected to the UH Cancer Center incident beyond being ransomware-related.
Mar 21, 2026
Healthcare Data Breach Notifications Following Ransomware and EHR Vendor Compromise
MACT Health Board confirmed patient data theft tied to a **November 2025 ransomware attack** claimed by **INC Ransom**. The organization reported network access by an unauthorized party from **Nov 12–20, 2025**, followed by a file review completed **Jan 9, 2026**; exposed data may include patient names plus clinical information (e.g., diagnoses, test results, treatment details, medical images) and, for some individuals, **Social Security numbers**. MACT began mailing notification letters **Jan 23, 2026** and is offering credit monitoring/identity theft protection where SSNs were involved. Munson Healthcare separately notified more than **100,000** patients impacted by a **Cerner (Oracle Health) compromise** involving access to **two legacy Cerner servers** (unauthorized access beginning as early as **Jan 22, 2025**, detected **Feb 20, 2025**) containing data awaiting migration to the Oracle Cloud. Reported exposed data includes names, **SSNs**, and typical EHR content (medical record numbers, diagnoses, medications, test results, care details, and providers’ names); Cerner/Oracle Health engaged third-party incident response and notified law enforcement, and reporting indicates notification delays were influenced by law-enforcement requests and ongoing investigation, with litigation alleging the incident may have affected up to **80 hospitals**.
Mar 21, 2026