A cyber security breach temporarily halted cancer radiation treatment services at The Cancer Center of Hawaii on Oahu, the center acknowledged today.
The company, which conducts radiation treatment for cancer patients at two locations — Pali Momi Medical Center and St. Francis’ hospital campus in Liliha — confirmed Tuesday it experienced a computer network hack on Nov. 5. In response, the company shut down its network servers which temporarily kept them from being able to offer radiation services to cancer patients.
“We launched an investigation and determined that there was an outside attempt made to encrypt the data on our computers which temporarily disabled our network and our ability to deliver radiation treatments,” said Carolyn Voulgaridis, executive director of The Cancer Center of Hawaii. “While the forensic investigation is ongoing, at this time, there is no indication that patient or employee data was breached, accessed, or released.”
The Cancer Center of Hawaii operates one of its two radiation treatment clinics at the St. Francis Healthcare System of Hawaii on Liliha Street. The company was recently a victim of a cyber security attack.
Cory Lum/Civil Beat
Voulgaridis said the company has reported the incident to the FBI and is working with a private computer forensics firm to investigate.
The company was able to “retrieve all essential patient treatment information from our radiation machines and restore our network to full operation,” she said, but would not say how long the system was disabled or how long radiation treatment was suspended.
Voulgaridis declined to answer other questions about the security breach and what kind of patient information could have been compromised.
The Cancer Center of Hawaii is a private for-profit company that offers radiotherapy and brachytherapy at the Hawaii Pacific Health Cancer Center at Pali Momi Medical Center and the St. Francis Health Care System of Hawaii. It leases space from both hospital campuses and on its website calls itself “the only free-standing radiation cancer treatment center.”
Hawaii Pacific Health Cancer Center refers patients to The Cancer Center of Hawaii for radiation therapy.
Cory Lum/Civil Beat
Hawaii Pacific Health spokeswoman Kristen Bonilla said the health system’s networks are “isolated” and that none of its patient data was compromised.
“We go through audits and vulnerability scans to make sure our cyber security posture is appropriate,” she said of the Hawaii Pacific Health network system.
St. Francis Health Care System of Hawaii did not immediately respond to a request for an interview.
Cyber security and ransomware attacks have become increasingly common against medical providers.
In 2018, the Fetal Diagnostic Institute of the Pacific in Honolulu notified nearly 41,000 patients about a potential data breach after a ransomware attack. A security firm was able to remove malicious software and restore the company’s data, but found hackers had gained access to patient names, birth dates, home addresses, account numbers, diagnoses and other information.
The Cancer Center of Hawaii leases space at Pali Momi to offer radiation therapy for cancer patients and was temporarily unable to provide therapy after a cyber hacking attempt.
Tony Dow, a cyber security expert and senior manager of security operations for Hawaiian Telcom, said the way the Cancer Center of Hawaii described the attack makes it appear to be ransomware.
“Ransomware is malware that gets in a company’s network, and its goal is to encrypt data, with the company up for paying a ransom to get access back to their data,” he said. “Sometimes this could bring down systems, like the availability of systems, but it could also encrypt critical information or patient data that doctors might want to access as well.”
Ransomware attacks can launch via corrupt email links or remotely through the internet. Ransomware rarely targets specific victims, he said. Hackers usually cast a wide net. But the health care industry is particularly susceptible and vulnerable.
“A health care company may be more liable to pay the ransom because of the criticality of those systems,” he said. “There are lives on the line.”
Sign up for our FREE morning newsletter and face each day more informed.
Before you go . . .
Everyone at Civil Beat feels the weight of heightened responsibility. For the past several months our nonprofit newsroom has worked beyond our normal capacity to provide accurate information, push for accountability, amplify smart ideas and new voices, and double down on facts and context to write deeply reported local stories.
The truth is, our evolution as a public service news organization over the past 10 years has prepared us for this moment in time, when what we do matters the most.
Reader support keeps our small newsroom afloat. If you value the work of our journalists, please consider making a tax-deductible gift.