The Community Clinic of Maui in Hawaii, a nonprofit healthcare organization doing business as Malama I Ke Ola Health Center, informed authorities in the US last week that a cyberattack suffered earlier this year has resulted in a data breach impacting over 120,000 individuals.
Local media reported in May that it took the Maui healthcare organization more than two weeks to reopen after experiencing “major computer problems”.
In June, the notorious LockBit ransomware group took credit for the attack on the Community Clinic of Maui.
The organization last week finally published a data breach notice on its website, informing customers that it detected a cybersecurity incident on May 7 and later determined that the attackers may have stolen personal data between May 4 and May 7.
Compromised information includes name, Social Security number, date of birth, driver’s license number, passport number, bank and payment card information, login information, and a wide range of sensitive medical information.
The Community Clinic of Maui says it has no evidence that any of the exposed information “has been or will be misused for identity theft as a direct result of this incident,” but it’s offering impacted individuals complimentary credit monitoring services.
The organization has told the Maine Attorney General’s Office that the incident impacts 123,882 individuals.
It’s unclear if the LockBit ransomware group has made the stolen information available on its leak website, but even if it has not done so, it’s safe to assume that cybercriminals will try to abuse or monetize the sensitive information, despite the health center’s claims that it has no evidence of misuse.
Operations of the LockBit group were disrupted by law enforcement earlier this year and the gang’s alleged leader has been unmasked.
Related: Accounting Firm WMDDH Discloses Data Breach Impacting 127,000
Related: Deloitte Says No Threat to Sensitive Data After Hacker Claims Server Breach
Related: 88,000 Impacted by Access Sports Data Breach Resulting From Ransomware Attack
