College of Hawaii Most cancers Heart hit by ransomware assault

​College of Hawaii says a ransomware gang breached its Most cancers Heart in August 2025, stealing knowledge of research individuals, together with paperwork from the Nineties containing Social Safety numbers.

Based in 1907, the College of Hawaii (UH) System now consists of 3 universities and seven group schools, in addition to 10 campuses and coaching and analysis facilities throughout the Hawaiian Islands. Its Most cancers Heart is situated within the Kakaʻako district of Honolulu and has over 300 college and workers, in addition to a further 200 affiliate members.

In a report back to the state legislature, UH mentioned the August 31 incident affected a single analysis venture on the UH Most cancers Heart, with out impacting scientific operations or affected person care.

Nevertheless, the in depth injury brought on by encrypting the compromised methods delayed UH’s restoration efforts and investigation into the assault’s influence.

“Upon discovery in late August, the affected methods had been instantly disconnected, specialists had been engaged to conduct a complete investigation and exterior stakeholders had been notified,” a UH spokesperson advised BleepingComputer.

“Throughout this course of, UH made the tough resolution to have interaction with the menace actors in an effort to shield people whose data might have been affected. A restricted set of analysis information (not medical therapy data), together with some containing historic private data, was concerned.”

Preliminary evaluations discovered that almost all affected information had been associated to a particular most cancers research and contained solely analysis knowledge, with out private identifiers. Nevertheless, additional evaluation uncovered information from the Nineties, containing Social Safety numbers used to establish analysis individuals earlier than the college adopted completely different identification strategies.

Ransom paid for decryptor, deletion of stolen knowledge

UH added that it additionally labored with exterior cybersecurity specialists to acquire a decryption device and “safe destruction of the knowledge the menace actors illegally obtained” to “shield the people whose senstive data might have been compromised.”

Though the college has but to inform these whose knowledge was stolen within the ransomware assault, UH advised BleepingComputer that it’s going to alert them “as quickly as contact data has been decided.”

In response to the assault, UH has additionally taken measures to safe its methods in opposition to additional breach makes an attempt, together with putting in endpoint safety software program, changing compromised methods, resetting passwords, changing firewall software program, and conducting third-party security audits of the Most cancers Heart.

In June, Hawaiian Airways additionally disclosed a cyberattack that had disrupted entry to a few of its IT methods, however did not have an effect on flight security.

A number of different universities in the US have additionally been breached in voice phishing assaults beginning late October, with Princeton College, Harvard College, and the College of Pennsylvania disclosing that their growth and alumni actions methods had been hacked to steal the info of donors, workers, college students, and alumni.

The Clop ransomware gang additionally breached Harvard College and the College of Pennsylvania once more, stealing delicate private and monetary knowledge from college students, workers, and suppliers in a knowledge theft marketing campaign that exploited an Oracle E-Enterprise Suite (EBS) zero-day vulnerability.

In December, Baker College additionally disclosed a data breach after attackers compromised its community the earlier yr and stole the private, well being, and monetary data of greater than 53,000 people.