IMPORTANT: Update on cybersecurity incident

The University of Hawaiʻi has reported a cybersecurity incident to the legislature involving a single research project at the UH Cancer Center. The incident did not affect clinical operations or patient care at the UH Cancer Center.

Upon discovery in late August, the affected systems were immediately disconnected, experts were engaged to conduct a comprehensive investigation and external stakeholders were notified. During this process, UH made the difficult decision to engage with the threat actors in order to protect individuals whose information may have been affected. A limited set of research files (not medical records), including some containing historical personal information, was involved. All other research and operational data were unaffected, protected by data security measures in place at the time of the incident.

As indicated in its report to the Legislature, the University has since strengthened system protections at the UH Cancer Center, continues to review affected data, and has conducted a third-party assessment to validate the security controls of the entire Cancer Center. Individuals whose information may have been involved will be notified and offered credit monitoring and identity theft protection where applicable. UH remains committed to safeguarding the privacy and security of its sensitive research data.

As our investigation into the incident remains ongoing, we cannot comment further at this time. Notifications will be made to affected individuals as soon as contact information has been determined. We recognize the concern events like this may cause and remain committed to protecting the privacy and security of data at the UH Cancer Center.

Naoto T. Ueno, MD, PhD, FACP
Director
University of Hawaiʻi Cancer Center