The Community Clinic of Maui, also known as Malama I Ke Ola Health Center, was the victim of a cyberattack earlier this year, which impacted over 120,000 individuals. The breach was detected on May 7, 2024, after the healthcare organization experienced major computer issues in early May. According to reports, it took the clinic over two weeks to restore operations following the attack. The incident was later attributed to the LockBit ransomware group, which publicly took credit for the attack in June.
The cyberattack led to the exposure of sensitive personal and medical information. The compromised data includes names, Social Security numbers, dates of birth, driver’s license and passport numbers, bank and payment card information, login credentials, and a wide array of medical records. The clinic’s investigation indicated that the attackers may have accessed and stolen this information between May 4 and May 7, 2024. The breach was reported to the Maine Attorney General’s Office, affecting 123,882 individuals.
Despite the severity of the breach, the Community Clinic of Maui has stated that there is no evidence suggesting the stolen information has been misused for identity theft. However, the clinic is offering complimentary credit monitoring services to those impacted as a precautionary measure. The attack has raised concerns about the potential misuse of the sensitive data, even if it has not yet been leaked or sold by the attackers.
The LockBit ransomware group, which has been involved in numerous cyberattacks globally, has yet to be confirmed as having made the stolen data public on its leak site. Authorities have disrupted the group’s operations earlier in the year, and the alleged leader of LockBit was also identified. Despite these disruptions, cybersecurity experts remain wary of the potential for further exploitation of the stolen data by cybercriminals.
Reference:
