Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

University Hospital New Jersey Hit by SunCrypt Ransomware, Data Leaked

University Hospital New Jersey Hit by SunCrypt Ransomware, Data leaked

University Hospital New Jersey (UHNJ) has suffered a massive 48,000 document data breach after a ransomware operation leaked their stolen data.

Established in 1994, the University Hospital is a New Jersey state-owned teaching hospital that provides medical care to residents.

The hospital runs on a $626 million budget and has over 3,500 employees, 519 licensed beds, and over 172,000 annual outpatient visits.

Sensitive info leaked after a ransomware attack

The SunCrypt ransomware operation has leaked data allegedly stolen from UHNJ in a September ransomware attack.

SunCrypt is a ransomware operation that began its activities in October 2019 but was not very active. Over the past few months, they have become much more active since releasing a dedicated leak site.

While BleepingComputer has not corroborated all of the attacker’s claims, the data seen by BleepingComputer does appear to belong to UHNJ.

Of the 240 GB of data allegedly stolen from University Hospital New Jersey, the attackers have leaked a 1.7 GB archive containing over 48,000 documents.

Also Read: 7 Client Data Protection Tips to Keep Customers Safe

Alleged data leak for University Hospital New Jersey

This data leak includes patient information release authorization forms, copies of driving licenses, Social Security Numbers (SSNs), date of birth (DOB), and records about the Board of Directors.

UHNJ Data leak

Shown below is a partial image of one such record leaked in the dump, with PII redacted:

An example patient information release form

Employee infected with TrickBot prior to the attack

When a computer is infected with TrickBot, it usually leads to a full compromise of the network with ransomware eventually being deployed.

TrickBot has historically been known to lead to Ryuk ransomware attacks and an occasional Maze ransomware attack. Now TrickBot is predominately pushing the Conti ransomware

While Maze denies any affiliation with SunCrypt, the SunCrypt ransomware operators have told BleepingComputer that they are part of the Maze Cartel.

Furthermore, when infecting a victim, SunCrypt will connect to an IP address previously associated with Maze infections.

The SunCrypt operators may have also partnered with TrickBot to provide access to compromised networks, such as the network of UHNJ.

Also Read: 12 Damaging Consequences of Data Breach



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us