A Jersey Hospital Pays $670k to Criminals in Order to Protect Patient Data

To prevent a major data leak, the University Hospital New Jersey in Newark, New Jersey, paid $670,000 to dissolve a ransomware attack (source). Paying the ransom prevented 240 GB of stolen data (which included a large amount of patient data) from being publicly published. 

The quality of data is one thing–the content is another. With patient data, the hospital was subject to a significant HIPAA violation if they could not control the ransomware attack. Left with little choice, the $670,000 likely felt like a reliable solution to a huge potential problem. 

How did the attackers carry out their attack?

The ransomware attack was completed by an operation known as SunCrypt. SunCrypt infiltrates networks to steal unencrypted data and then completes their attack by encrypting all of the data they get a hold of. SunCrypt was able to publicly post 48,000 documents that were the property of University Hospital New Jersey before a UHNJ hospital representative was able to step in to attempt to stop them. They initiated the ransomware payment process by contacting the hackers via their dark web payment portal to start negotiations to stop the leak of private patient information. After a quick negotiation process, UHNJ agreed to the payment of $670,000. In turn, the hackers agree to provide a decryptor, a security report, return all stolen data, and finally, sign an agreement not to attack UHNJ a second time.

How did the attackers initiate their attack?

From the security report UHNJ received from the ransomware attackers, a UHNJ employee was victim to a phishing scam in which the employee unknowingly provided their network credentials to the attackers. Once the attackers had the credentials, they were into the network, taking advantage of all unencrypted files.

Why are ransomware attacks on hospitals significant? 

While all data breaches cause damage, ransomware attacks on hospitals are especially significant. Hospitals are subject to HIPAA rules–essentially increased privacy standards due to harboring sensitive patient data and medical records. When a medical organization or hospital is hacked, they are losing sensitive data for the organization and sensitive data of potentially thousands of individuals. The data of these individuals is the data subject to HIPAA rules.

How can PK Tech help?

At PK Tech, we specialize in helping medical organizations safeguard themselves in line with HIPAA regulations. In simpler terms, if you are a hospital or medical clinic of any kind, the stakes and standards are higher. PK Tech can help guide you through the process so that you are adequately protected against ransomware attacks and prepared correctly if an attack occurs within your organization. Get in touch with us here