University Hospital New Jersey

University Hospital New Jersey, operating under aliases such as University Hospital and UHNJ, is a healthcare institution based in Newark, New Jersey. It functions as a hospital, delivering patient care and managing health services for its community. The facility processes and stores sensitive personal and medical information as part of its operations, making it a custodian of protected health data. While referred to as a university hospital, specific academic affiliations or teaching programs are not detailed in available incident reports. Its primary market serves residents of Newark and the surrounding region in New Jersey. The hospital’s role in the healthcare sector involves routine medical treatments, emergency care, and administrative functions that generate records subject to privacy regulations.

In 2020, University Hospital New Jersey suffered a ransomware attack by the SunCrypt operation, which resulted in the theft and subsequent leak of approximately 48,000 documents. These documents contained highly sensitive information, including patient authorization forms, Social Security Numbers, driver’s licenses, and internal hospital records. The attack followed an earlier compromise involving an employee infected with the TrickBot trojan. TrickBot is a malware that typically facilitates network infiltration and is historically linked to ransomware strains such as Ryuk, Maze, and Conti. The connection between SunCrypt’s infrastructure and prior Maze ransomware activity further exacerbated the incident’s impact on patient and organizational data security. This breach exposed a large volume of personal data, raising concerns about identity theft and privacy. Approximately one year later, on February 23, 2021, the hospital issued a consumer notice regarding another unauthorized individual’s access to its computer systems, indicating persistent security vulnerabilities. These consecutive incidents highlight the targeted nature of healthcare organizations by cybercriminal groups and the severe consequences of such breaches, including data leaks and regulatory scrutiny.