Howard County General Hospital

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

The breach at Howard County General Hospital, part of the Johns Hopkins Health System, occurred due to a cybersecurity attack targeting a widely used software platform for transferring data files, known as MOVEit. This incident was part of a broader attack that affected multiple organizations and industries around the world. The U.S. Office for Civil Rights is investigating the breach, which affected 2,975 people at Howard County General Hospital. The breach was attributed to hackers exploiting a software vulnerability in MOVEit, with the Russian-backed ransomware gang Clop claiming responsibility for the attack[6].

More than 300,000 people were affected by the data breach across the Johns Hopkins Medicine entities, significantly higher than initially reported. The breach involved “unsecured protected health information,” which could include sensitive personal and private information such as Social Security numbers, medication information, and more. Johns Hopkins Medicine took immediate steps to secure their systems and has been working closely with cybersecurity experts and law enforcement to address the breach. Affected individuals were notified and offered two free years of credit monitoring to protect against possible identity theft or fraud[4][8].

This incident highlights the growing sophistication of cyber threats and the vulnerability of health systems to such attacks. It underscores the importance of robust cybersecurity measures and the need for ongoing vigilance to protect sensitive health information.

Citations:

  1. https://www.wbaltv.com/article/johns-hopkins-data-breach-civil-rights-officials-investigation/44734824
  2. https://www.baltimoresun.com/2022/01/12/maryland-department-of-health-confirms-ransomware-attack-crippled-its-systems-last-month/
  3. https://www.baltimoresun.com/2023/06/27/johns-hopkins-university-and-health-system-to-reach-out-to-those-hit-by-moveit-data-breach/
  4. https://www.wbaltv.com/article/johns-hopkins-data-breach-people-affected/44787414
  5. https://www.bizjournals.com/baltimore/blog/cyberbizblog/2016/08/data-breach-could-impact-some-johns-hopkins.html
  6. https://www.beckershospitalreview.com/cybersecurity/feds-investigate-data-breach-at-johns-hopkins.html
  7. https://wtop.com/maryland/2023/07/class-action-lawsuit-targets-johns-hopkins-univ-after-health-system-data-breach/
  8. https://www.wbal.com/more-than-300k-people-affected-by-johns-hopkins-data-breach/
  9. https://wtop.com/baltimore/2023/06/personal-data-left-vulnerable-after-johns-hopkins-university-and-health-system-hit-by-ransomware-hack/
  10. https://www.turkestrauss.com/2023/06/14/johns-hopkins-data-breach-investigation/
  11. https://thedailyrecord.com/2022/08/11/marcellous-frye-jr-kathleen-hetherington-leonardo-mcclarty-and-charley-sung-howard-county-general-hospital/
  12. https://cybernews.com/news/john-hopkins-confirms-moveit-breach/
  13. https://casetext.com/case/wilder-v-johns-hopkins-health-sys-corp
Breach Submission Date Jul 31, 2023
Converted Entity Name Howard County General Hospital
Converted Entity Type Healthcare Provider
State MD
Individuals Affected 2,975
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes