Deferred University of Hawaii Cancer Center breach disclosure sparks concern

The University of Hawaii has disclosed an August ransomware intrusion that compromised Cancer Center study participants' personal data, including their Social Security numbers, only last month, which is way past the 20-day breach reporting deadline under state law, reports The Associated Press.

Despite declaring the encryption of cancer study-related files following the infiltration of its Cancer Center's servers, as well as its negotiations with its attackers, UH did not provide specifics on the impacted cancer research project and the number of affected individuals, as well as the measures it took to guarantee the nonexposure of the stolen data.

Additional queries regarding the delayed report to the state legislature have also been ignored by the university. While the FBI has urged against ransomware payments, HITech Hui Chief Experience Officer and Head of Cybersecurity Chuck Lerch said that certain organizations will still do so to protect their customers' data. Lerch emphasized that the implementation of robust cyber defenses is still ideal in mitigating ransomware intrusions.