Community Clinic of Maui says 123,000 affected by May cyberattack

Avatar

The Community Clinic of Maui warned more than 123,000 people that their information was accessed by hackers during a cyberattack in May. 

The clinic, also known as Mālama, said the hackers had access to personal data between May 4 and May 7, stealing  information including Social Security numbers, passport numbers, financial account numbers with CVV numbers and expiration dates as well as troves of data on medical treatments. 

The hackers also stole routing numbers, bank names, financial account numbers and some biometric data. A total of 123,882 were impacted by the attack, which forced the clinic to take servers offline.

The incident, which local news outlets reported was a ransomware attack, caused outrage among residents because Mālama was forced to close for nearly two weeks. Even when it reopened at the end of May, it offered limited services and nurses said they were forced to use paper charts, losing access to all of the facility’s computers.

Mālama said it contacted law enforcement and hired cybersecurity experts to investigate the incident before its findings were confirmed on August 7. 

The organization said in a notice on its website that people “whose Social Security numbers were potentially impacted have been offered complimentary credit monitoring” but a filing with regulators in Maine said identity theft protection services are not being offered.

The organization did not respond to requests for clarification. A law firm said it is investigating potential lawsuits against Mālama over the data breach.  

The attack on Mālama was claimed in June by LockBit, a notorious ransomware gang that was shut down by law enforcement agencies earlier this year. 

On Tuesday, Europol and several law enforcement agencies announced a range of actions targeting the group, including four arrests and seizures of servers critical for LockBit’s infrastructure in France, the U.K. and Spain.

Throughout 2024, crucial hospitals and healthcare systems have been the victim of cyberattacks, limiting services offered and endangering communities across the U.S. 

Two major health systems running multiple hospitals — McLaren Health Care and Ascension — have dealt with devastating ransomware attacks and last week, one of the only level 1 trauma centers in the southwest was forced to turn away ambulances after an attack.

CybercrimeNewsNews BriefsPrivacy
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Previous Post

CISA: Thousands of bugs remediated in second year of vulnerability disclosure program

Next Post

Cambodia arrests journalist known for exposing cyber scams and human trafficking

Related Posts

Live Ransomware Demo: See How Hackers Breach Networks and Demand a Ransom

Cyber threats evolve daily. In this live webinar, learn exactly how ransomware attacks unfold—from the initial breach to the moment hackers demand payment. Join Joseph Carson, Delinea’s Chief Security Scientist and Advisory CISO, who brings 25 years of enterprise security expertise. Through a live demonstration, he will break down every technical step of a ransomware attack, showing you how
Avatar
Read More

Palo Alto Networks Warns of Brute-Force Attempts Targeting PAN-OS GlobalProtect Gateways

Palo Alto Networks has revealed that it's observing brute-force login attempts against PAN-OS GlobalProtect gateways, days after threat actors warned of a surge in suspicious login scanning activity targeting its appliances. "Our teams are observing evidence of activity consistent with password-related attacks, such as brute-force login attempts, which does not indicate exploitation of a
Avatar
Read More