Summary: The Community Clinic of Maui, also known as Mālama, experienced a significant cyberattack in May, affecting over 123,000 individuals and resulting in the theft of sensitive personal and medical data. The incident, attributed to the LockBit ransomware gang, forced the clinic to shut down operations for nearly two weeks and raised concerns about data security in healthcare systems across the U.S.
Threat Actor: LockBit | LockBit
Victim: Community Clinic of Maui | Community Clinic of Maui
Key Point :
- Over 123,000 individuals had their personal data compromised, including Social Security numbers and financial information.
- The clinic was forced to close for nearly two weeks, limiting healthcare services and relying on paper records.
- Law enforcement and cybersecurity experts were engaged to investigate the breach, with potential lawsuits being considered against the clinic.
- The attack was linked to the LockBit ransomware gang, which has faced recent law enforcement actions leading to arrests and infrastructure seizures.
- Cyberattacks on healthcare systems have been increasingly common in 2024, posing risks to patient care and safety.
The Community Clinic of Maui warned more than 123,000 people that their information was accessed by hackers during a cyberattack in May.
The clinic, also known as Mālama, said the hackers had access to personal data between May 4 and May 7, stealing information including Social Security numbers, passport numbers, financial account numbers with CVV numbers and expiration dates as well as troves of data on medical treatments.
The hackers also stole routing numbers, bank names, financial account numbers and some biometric data. A total of 123,882 were impacted by the attack, which forced the clinic to take servers offline.
The incident, which local news outlets reported was a ransomware attack, caused outrage among residents because Mālama was forced to close for nearly two weeks. Even when it reopened at the end of May, it offered limited services and nurses said they were forced to use paper charts, losing access to all of the facility’s computers.
Mālama said it contacted law enforcement and hired cybersecurity experts to investigate the incident before its findings were confirmed on August 7.
The organization said in a notice on its website that people “whose Social Security numbers were potentially impacted have been offered complimentary credit monitoring” but a filing with regulators in Maine said identity theft protection services are not being offered.
The organization did not respond to requests for clarification. A law firm said it is investigating potential lawsuits against Mālama over the data breach.
The attack on Mālama was claimed in June by LockBit, a notorious ransomware gang that was shut down by law enforcement agencies earlier this year.
On Tuesday, Europol and several law enforcement agencies announced a range of actions targeting the group, including four arrests and seizures of servers critical for LockBit’s infrastructure in France, the U.K. and Spain.
Throughout 2024, crucial hospitals and healthcare systems have been the victim of cyberattacks, limiting services offered and endangering communities across the U.S.
Two major health systems running multiple hospitals — McLaren Health Care and Ascension — have dealt with devastating ransomware attacks and last week, one of the only level 1 trauma centers in the southwest was forced to turn away ambulances after an attack.
Recorded Future
Intelligence Cloud.
Source: https://therecord.media/community-clinic-maui-data-breach