"Death Registry System in Hawaii Had Data Breach, Health Department Says"

After a cyberattack in January allowed hackers limited access to Hawaii's death registry, the Hawaii Department of Health is sending out breach notification letters. Officials cautioned that although the hackers did not access death certificates, newly bereaved family members should stay watchful regarding any unresolved matters, such as accounts, estates, life insurance claims, and Social Security survivor benefits. On January 23, the cybersecurity company Mandiant alerted various state departments that the credentials for an external medical death certifier account connected to the state Electronic Death Registry System (EDRS) had been sold on the dark web. Even though the department quickly disabled the external account, a February investigation revealed that a hacker obtained around 3,400 death records. According to the department, the dates of death on these documents ranged from 1998 to 2023, with 90 percent occurring in 2014 or before. Death certificates, which are necessary for settling financial and legal matters, are generated separately from death records. The death records include the decedent's name, Social Security number, address, gender, date of birth, date of death, place of death, and reason for death. This article continues to discuss the breach of Hawaii's EDRS. 

The Record reports "Death Registry System in Hawaii Had Data Breach, Health Department Says"