UH Cancer Center Ransomware Leaks Records from >1M
A ransomware attack on the University of Hawaiʻi Cancer Center (UHCC) has exposed sensitive personal information belonging to approximately 1.2 million individuals after attackers infiltrated systems supporting the center’s Epidemiology Division research infrastructure. The attack involved the encryption of large amounts of research data and potential exfiltration of files containing names, SSNs, driver’s license data, voter registration records, and limited health information. The breach included records tied to a study which tracked more than 200K participants since the 1990s.
The incident highlights the growing ransomware threat to research institutions and public health datasets, which often store large volumes of historical data with highly sensitive identifiers. Attackers were able to encrypt systems and demonstrate potential data exfiltration before being removed, forcing the organization to engage the threat actors to obtain a decryption tool and assurances that stolen data was destroyed. Breaches involving academic research can have massive consequences because datasets frequently aggregate information from multiple records, registries, and health studies.
Security teams must leverage a unified platform like NIKSUN to correlate file access logs, privilege escalation events, process execution telemetry, and data transfer activity with network session data such as DNS queries, traffic flows, and outbound connections to detect ransomware staging and exfiltration early. By combining EDR/XDR telemetry, network detection and response (NDR), SIEM correlation, and full packet capture with historical forensic analysis, organizations can trace how the attacker entered, identify which systems were accessed, and detect lateral movement or bulk data extraction. With this level of visibility, defenders can block ransomware deployment, isolate compromised systems, and prevent sensitive research data from leaving the network before attackers can monetize it. Read more about this story on our LinkedIn page
The incident highlights the growing ransomware threat to research institutions and public health datasets, which often store large volumes of historical data with highly sensitive identifiers. Attackers were able to encrypt systems and demonstrate potential data exfiltration before being removed, forcing the organization to engage the threat actors to obtain a decryption tool and assurances that stolen data was destroyed. Breaches involving academic research can have massive consequences because datasets frequently aggregate information from multiple records, registries, and health studies.
Security teams must leverage a unified platform like NIKSUN to correlate file access logs, privilege escalation events, process execution telemetry, and data transfer activity with network session data such as DNS queries, traffic flows, and outbound connections to detect ransomware staging and exfiltration early. By combining EDR/XDR telemetry, network detection and response (NDR), SIEM correlation, and full packet capture with historical forensic analysis, organizations can trace how the attacker entered, identify which systems were accessed, and detect lateral movement or bulk data extraction. With this level of visibility, defenders can block ransomware deployment, isolate compromised systems, and prevent sensitive research data from leaving the network before attackers can monetize it. Read more about this story on our LinkedIn page