好的,我现在需要帮用户总结这篇文章的内容。用户的要求是用中文,控制在100个字以内,而且不需要以“文章内容总结”或“这篇文章”这样的开头,直接写描述即可。 首先,我得通读整篇文章,抓住主要信息。文章讲的是夏威夷大学癌症中心遭遇了勒索软件攻击,影响了120万人。攻击发生于2025年8月31日,涉及 Epidemiology Division 的特定系统。攻击者加密了大量数据,并声称外泄了一部分数据。虽然没有影响到临床护理或患者服务,但泄露的数据包括姓名、社会安全号码、驾驶执照信息、选民登记记录和健康相关信息。学校为受影响的人提供了12个月的免费信用监控和身份盗窃保护服务。 接下来,我需要把这些信息浓缩到100字以内。要突出事件的时间、地点、影响人数、泄露的数据类型以及应对措施。同时,要确保语言简洁明了。 可能的结构是:时间地点事件,影响人数,泄露的数据类型,以及应对措施。比如:“2025年8月31日,夏威夷大学癌症中心遭遇勒索软件攻击,导致约120万人的个人信息泄露。受影响数据包括姓名、社会安全号码等敏感信息。” 检查一下字数是否在限制内,并确保没有遗漏关键点。 </think> 2025年8月31日,夏威夷大学癌症中心遭遇勒索软件攻击,导致约120万人的个人信息泄露。受影响数据包括姓名、社会安全号码等敏感信息。 2026-3-4 08:15:4 Author: securityaffairs.com(查看原文) 阅读量:11 收藏
Data breach at University of Hawaiʻi Cancer Center impacts 1.2 Million individuals
A ransomware attack on the University of Hawaiʻi Cancer Center exposed personal data of 1.2 million people.
A 2025 ransomware attack targeting the University of Hawaiʻi Cancer Center compromised the personal information of about 1.2 million individuals.
The attack hit the University of Hawaiʻi Cancer Center on August 31, 2025, impacting servers that support research operations but not clinical care or patient services. Officials engaged with the threat actors to obtain a decryption tool and secure assurances that exfiltrated data was destroyed, but did not disclose whether a ransom was paid.
“On or about August 31, 2025, UHCC learned that it was the victim of a cyberattack isolated to specific systems that support its Epidemiology Division.” reads General Incident Overview. “The unauthorized third party encrypted large amounts of data, and provided proof that it had potentially exfiltrated a portion of that data. There was no impact to information held by the UHCC’s Clinical Trials operations, patient care or any other divisions, and there was no impact to student records.”
After detecting unauthorized access to research files, UHCC disconnected affected systems, removed the threat actor.
At the time of the incident, the organization notified law enforcement and investigated the security breach with the help of external cybersecurity experts.
Stolen data includes names, Social Security numbers, driver’s license details, voter registration records, and health-related information, raising serious concerns about identity theft and long-term privacy risks for those affected.
The breach involved three main groups. First, two legacy files from 1998–2000 containing names and SSNs, drawn from Hawaii driver’s license and voter registration records, which at the time often used SSNs as identifiers. Second, files tied to the Multiethnic Cohort Study and other cancer research projects, including names, addresses, SSNs, limited health data, and registry information. Third, additional research registry files with names and SSNs collected from public health sources for epidemiological studies.
Most of the exposed data relates to a long-running study launched in 1993 that recruited over 215,000 participants. Records of 87,493 participants were compromised, including names, Social Security numbers, and in some cases research and health information.
“There was no impact to information held by the UH Cancer Center’s Clinical Trials operations, patient care, or any other divisions of the UH Cancer Center. There was no impact on UH student records,” the institution says.
The University of Hawaiʻi is offering affected individuals 12 months of free credit monitoring and identity theft protection services.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, University of Hawaiʻi Cancer Center)
如有侵权请联系:admin#unsafe.sh