Hawai’i State Department of Health resolves website defacement

The department of health for Hawaiʻi has fixed a website defacement caused by a cybercrime group and denied that the hackers had access to any other government systems.

The incident affected healthybydefault.hawaii.gov — a website created by the Hawaiʻi State Department of Health (DOH) in compliance with a 2020 state law that mandates healthy beverages be the default option in children’s meals.

The website’s typical look was replaced August 31 with a note from the Ransomed group claiming data had been stolen and urging the government of Hawaiʻi to contact them at a provided email address.

A spokesperson for the Hawaiʻi DOH confirmed the defacement in a statement to Recorded Future News.

“The externally hosted website was in pre-launch status and been populated with only test data. Currently, all evidence indicates that the incident was contained to the healthybydefault.hawaii.gov website and that there was no identified impact or vulnerability of DOH websites currently in production,” the spokesperson said.

“No protected health information will be collected through the healthybydefault.hawaii.gov website.”

All restaurants in the state that serve a children’s meal with a beverage for a single price have to complete a certification form on the website.

The spokesperson said that a static version of the website had been restored with limited functionality while the incident was being investigated and “additional corrective actions are identified.” As of Tuesday morning, some of the links were returning 404 errors.

Ransomed recently made waves after threatening victims with the prospect of European data breach fines if ransoms for stolen data are not paid. But the group’s legitimacy has been questioned, considering none of the victims added to the group’s leak site since it emerged on August 15 have reported incidents. It is still unclear if the group actually uses ransomware.

State-backed hackers and cybercriminals have focused their attention on Hawaiʻi in recent months. Recorded Future — the parent company of The Record — published a report highlighting prolific Russian and Chinese disinformation groups using the devastating wildfires in Maui as a way to spread misinformation.

Ransomware gangs and other criminal groups have attacked the state’s community college — prompting it to pay a ransom this summer — as well as a U.S. national center for astronomy in Maunakea.

In March, the State Department of Health began sending out breach notification letters after a cyberattack in January gave hackers limited access to the state’s death registry.