Community Clinic of Maui reports ransomware attack, data breach

The Community Clinic of Maui, also known as Mālama I Ke Ola Health Center, is reporting a significant data breach resulting from a cyberattack earlier this year. This nonprofit healthcare organization, based in Wailuku, Hawaii, was hit by a ransomware attack attributed to the LockBit ransomware group.

The clinic was unable to operate for more than two weeks due to the severity of the attack, which began on May 7, 2024.

After investigating the breach with the help of external cybersecurity experts, the clinic confirmed on August 7, 2024, that personal data may have been accessed and stolen by unauthorized parties between May 4 and May 7, 2024. The compromised information includes:

• Full names
• Social Security numbers
• Dates of birth
• Driver’s license or state ID numbers
• Passport numbers
• Financial account details, including routing numbers, credit/debit card numbers, CVVs, expiration dates, and PIN/security codes
• Login information
• Medical diagnosis and clinical information
• Medical treatment and procedure details
• Treatment location and cost information
• Doctor's name and medical record numbers
• Prescription information
• Biometric data

The breach impacts 123,882 individuals.

The Community Clinic of Maui has informed law enforcement and has begun notifying affected individuals as of September 26, 2024. While the clinic claims it has no evidence of the data being misused, it is offering complimentary credit monitoring services to affected individuals.