Johns Hopkins Medicine

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

In late May 2023, Johns Hopkins Medicine experienced a significant data breach as part of a global cybersecurity attack targeting the MOVEit software, a widely used platform for transferring data files. This incident, which occurred on May 31, affected over 300,000 individuals, including Johns Hopkins employees, students, and patients. The breach was part of a larger attack that impacted many large organizations worldwide[1][3].

The attackers exploited a previously unknown vulnerability in the MOVEit software[2]. While Johns Hopkins officials have stated that patient medical records were not impacted, the breach may have exposed sensitive personal and financial information, including names, contact information, and health billing records[1][6]. Electronic health records were reportedly not included in the compromised data[3].

In response to the breach, Johns Hopkins took immediate steps to secure its systems and has been working closely with cybersecurity experts and law enforcement to investigate the scope of the incident and to determine what information was compromised[1][2]. The institution has prioritized the privacy and security of its community members and patients, actively communicating with impacted individuals and offering resources and tools to protect against potential identity theft or fraud[3].

Affected individuals have been offered two years of complimentary credit monitoring services[1][2]. Johns Hopkins has also urged its community to take precautionary measures to protect their information, such as monitoring accounts, placing fraud alerts or credit freezes with major credit bureaus, and being vigilant against phishing attempts[1][2].

The breach has led to a federal investigation by the U.S. Office for Civil Rights due to the involvement of “unsecured protected health information”[3]. Additionally, a class-action lawsuit has been filed against Johns Hopkins Health System, alleging negligence for failing to implement adequate safeguards to secure the personal health information and identifiable data of those affected by the breach[8].

This incident underscores the growing threat of cyberattacks in the healthcare sector and the importance of robust cybersecurity measures to protect sensitive information.

Citations:

  1. https://www.hopkinsmedicine.org/data-attack
  2. https://www.cbsnews.com/baltimore/news/expert-says-johns-hopkins-university-and-health-system-cyberattack-sign-of-the-times/
  3. https://www.wbaltv.com/article/johns-hopkins-data-breach-people-affected/44787414
  4. https://wtop.com/baltimore/2023/06/personal-data-left-vulnerable-after-johns-hopkins-university-and-health-system-hit-by-ransomware-hack/
  5. https://www.wbaltv.com/article/johns-hopkins-data-breach-civil-rights-officials-investigation/44734824
  6. https://www.baltimoresun.com/2023/06/27/johns-hopkins-university-and-health-system-to-reach-out-to-those-hit-by-moveit-data-breach/
  7. https://www.jhu.edu/data-attack/
  8. https://www.healthcaredive.com/news/johns-hopkins-hit-with-class-action-suit-data-breach/686650/
  9. https://www.wbal.com/more-than-300k-people-affected-by-johns-hopkins-data-breach/
  10. https://www.wypr.org/wypr-news/2023-07-19/johns-hopkins-hit-with-class-action-suit-over-cyber-breach
  11. https://www.modernhealthcare.com/digital-health/moveit-data-breach-2023-john-hopkins
Breach Submission Date Jul 25, 2023
Converted Entity Name Johns Hopkins Medicine
Converted Entity Type Healthcare Provider
State MD
Individuals Affected 310,405
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes