University Hospital New Jersey (UHNJ) is apparently the most recent victim of the SunCrypt ransomware. The operators behind SunCrypt claim to have obtained 240GB of data, 1.79GB of which have been uploaded to their darknet leaks site. Of the uploaded data which has already been analyzed by Bleeping Computer, an alarming amount of sensitive information was seen. Patient information release forms were included in the dump which included patient names, date of birth, social security numbers, residential addresses, telephone numbers, and signatures. The stolen data dates as far back as August 2012, and as recent as November 6th, 2019. In a number of instances scans of patient driver’s licenses were also attached to the documents. Detailed information from the hospital’s board of directors was also included in the breach along with information about the board’s meetings and a schedule of upcoming board meetings.
Hospitals are a valuable target for criminals as they have access to a significant amount of sensitive information. Not only does the desire to keep data from becoming public have great value but hospitals have a high need to keep all systems operational at all times in order to protect lives. This means that the chances of a hospital which has been targeted paying the ransom are very high. All ransomware attacks should also be treated as a data breach until proved otherwise. Early detection is an organization’s best hope at minimizing the damage done by ransomware operators. Endpoint detection and response (EDR) allows for the fastest response to intrusions, including those that will eventually result in ransomware, as it can allow for the detection of malicious activity before it is able to spread farther throughout a network. More information on this topic can be found at https://www.bleepingcomputer.com/news/security/suncrypt-ransomware-hits-university-hospital-new-jersey-leaks-data/