Hale Makua Health Services Hit by Qilin Ransomware Attack in September 2025
Hale Makua Health Services, a nonprofit healthcare provider based in Maui, Hawaii, suffered a ransomware attack in September 2025, exposing sensitive patient and organizational data. The breach was first disclosed on the dark web on September 25, 2025, by the Qilin ransomware group, which claimed to have stolen confidential information and shared screenshots of the data on its portal.
Hale Makua, founded in 1946, operates two senior care campuses in Kahului and Wailuku and is the largest provider of senior living units on Maui. The organization reported the incident to the U.S. Department of Health and Human Services on October 29, 2025, though specific details about the compromised data—such as whether it included personal, financial, or health records—have not been publicly confirmed.
Ransomware attacks typically involve unauthorized access and exfiltration of sensitive information, raising concerns about potential identity theft and financial fraud for affected individuals. Legal firms, including Shamis & Gentile P.A., are investigating the breach to determine eligibility for compensation through class action lawsuits, citing risks such as emotional distress, out-of-pocket expenses, and long-term privacy vulnerabilities.
Source: https://www.claimdepot.com/investigations/hale-makua-data-breach-2026
Hale Makua Health Services cybersecurity rating report: https://www.rankiteo.com/company/hale-makua-health-services
"id": "HAL1768001751",
"linkid": "hale-makua-health-services",
"type": "Ransomware",
"date": "9/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Patients, residents, or clients '
'of Hale Makua Health Services',
'industry': 'Healthcare',
'location': 'Maui, Hawaii, USA',
'name': 'Hale Makua Health Services',
'size': 'Largest provider of senior care living units '
'and beds on Maui',
'type': 'Healthcare Organization'}],
'customer_advisories': 'Affected individuals may be eligible to join a class '
'action lawsuit seeking compensation for damages such '
'as lost time, emotional distress, out-of-pocket '
'expenses, and increased risk of identity theft.',
'data_breach': {'data_encryption': True,
'data_exfiltration': True,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personally identifiable '
'information, health-related '
'information'},
'date_detected': '2025-09',
'date_publicly_disclosed': '2025-09-25',
'description': 'Hale Makua Health Services experienced a ransomware attack in '
'September 2025, resulting in the exposure of sensitive '
'personally identifiable information. The breach was posted on '
'the dark web by the Qilin ransomware group, who claimed to '
'have obtained sensitive organizational data.',
'impact': {'data_compromised': 'Sensitive personally identifiable information',
'identity_theft_risk': 'High'},
'investigation_status': 'Ongoing',
'ransomware': {'data_encryption': True,
'data_exfiltration': True,
'ransomware_strain': 'Qilin'},
'recommendations': ['Review official notifications from Hale Makua Health '
'Services regarding the breach',
'Monitor financial accounts, credit reports, and health '
'insurance statements for suspicious activity',
'Consider placing a fraud alert or security freeze on '
'credit files',
'Save all correspondence and documentation related to the '
'breach',
'Learn about legal rights to compensation and remedies '
'under state and federal laws'],
'references': [{'source': 'Shamis & Gentile P.A.'}],
'regulatory_compliance': {'regulations_violated': ['HIPAA'],
'regulatory_notifications': ['Reported to the U.S. '
'Department of Health '
'and Human Services on '
'2025-10-29']},
'threat_actor': 'Qilin ransomware group',
'title': 'Hale Makua Health Services Ransomware Attack and Data Breach',
'type': 'Ransomware'}