HQ/EMEAFind out how we can help your business
The Community Clinic of Maui announced that the cyberattack that occurred last May has resulted in a data heist that impacted over 123,000 people.
The clinic, also known as Mālama, revealed that the threat actors acquired access to its stored personal data between May 4 and May 7. Based on reports, the attackers stole various information, such as Social Security numbers, passport numbers, financial account numbers with CVV numbers and expiration dates, and troves of data on medical treatments.
In addition, the hackers obtained routing numbers, bank names, financial account numbers, and some biometric information during the malicious operation. This campaign has impacted approximately 123,882 people and forced the clinic to take its systems offline.
The Community Clinic of Maui has stopped operating for over weeks due to the ransomware attack.
A local news site reported that the residents were disappointed with the service of the affected healthcare institution, as the Community Clinic of Maui has closed for over two weeks due to the ransomware incident.
Additionally, the healthcare provider has given limited services even when reopened at the end of May. The nurses also reported using paper charts after losing access to the facility’s computers.
Mālama notified law enforcement and collaborated with a third-party cybersecurity provider to investigate the incident. The entity also stated on its website that the individuals whose Social Security numbers were potentially impacted have been eligible for their complimentary credit monitoring service. However, a filing with Maine regulators indicates that identity theft protection services are not provided.
Nevertheless, the company did not answer questions seeking clarity. A legal firm is investigating any lawsuits that Mālama could face due to the data leak. On the other hand, the attack on Mālama a few months ago has been attributed to the now-defunct ransomware group LockBit.
Throughout 2024, various cyberattacks have targeted hospitals and healthcare systems, reducing services and jeopardising communities across the United States. Therefore, the industry should consider improving its security defences to avoid different cybercriminal activities that may result in unwanted life-threatening events.
