to counter cloudflare's js gatekeeping:<p>University Hospital New Jersey hit by SunCrypt ransomware, data leaked
By Ax Sharma
September 16, 2020 01:39 PM 0
uhnj<p>University Hospital New Jersey (UHNJ) has suffered a massive 48,000 document data breach after a ransomware operation leaked their stolen data.<p>Established in 1994, the University Hospital is a New Jersey state-owned teaching hospital that provides medical care to residents.<p>The hospital runs on a $626 million budget and has over 3,500 employees, 519 licensed beds, and over 172,000 annual outpatient visits.<p>Sensitive info leaked after a ransomware attack
The SunCrypt ransomware operation has leaked data allegedly stolen from UHNJ in a September ransomware attack.<p>SunCrypt is a ransomware operation that began its activities in October 2019 but was not very active. Over the past few months, they have become much more active since releasing a dedicated leak site.<p>While BleepingComputer has not corroborated all of the attacker's claims, the data seen by BleepingComputer does appear to belong to UHNJ.<p>Of the 240 GB of data allegedly stolen from University Hospital New Jersey, the attackers have leaked a 1.7 GB archive containing over 48,000 documents.<p>Alleged data leak for University Hospital New Jersey
Alleged data leak for University Hospital New Jersey
This data leak includes patient information release authorization forms, copies of driving licenses, Social Security Numbers (SSNs), date of birth (DOB), and records about the Board of Directors.<p>UHNJ Data leak
UHNJ Data leak
Shown below is a partial image of one such record leaked in the dump, with PII redacted:<p>An example patient information release form
An example patient information release form
If you have first-hand information about this or other unreported cyberattacks, you can confidentially contact us on Signal at +16469613731.<p>Employee infected with TrickBot prior to the attack
A source in the cybersecurity industry has told BleepingComputer that an employee of UHNJ was infected with the TrickBot trojan at the end of August.<p>When a computer is infected with TrickBot, it usually leads to a full compromise of the network with ransomware eventually being deployed.<p>TrickBot has historically been known to lead to Ryuk ransomware attacks and an occasional Maze ransomware attack. Now TrickBot is predominately pushing the Conti ransomware.<p>While Maze denies any affiliation with SunCrypt, the SunCrypt ransomware operators have told BleepingComputer that they are part of the Maze Cartel.<p>Furthermore, when infecting a victim, SunCrypt will connect to an IP address previously associated with Maze infections.<p>The SunCrypt operators may have also partnered with TrickBot to provide access to compromised networks, such as the network of UHNJ.<p>BleepingComputer has reached out to UHNJ multiple times but did not receive a response to our emails and calls.