Menu
Browse

Cyber Incident Victim: Johns Hopkins Health System

Date:

May 2023

Location:

United States of America

Summary

Johns Hopkins University and Johns Hopkins Health System were affected by a cyberattack exploiting a vulnerability in a widely used software tool, potentially exposing sensitive personal and financial information such as names, contact details and health billing records. The incident did not disrupt university or health system operations, and an ongoing investigation with cybersecurity experts and law enforcement aims to determine the full scope of compromised data. Affected individuals will be notified once the scope is confirmed and will be offered credit monitoring services, while the organization has secured its systems and continues to work with authorities to address the security issue.

CIA Posture Motives Tactics, Techniques & Procedures
Available to members 2 motives 1 technique
Threat Actor Type Location
1 actor Available to members Available to members

Description

On May 29, 2023, an external system breach occurred at Johns Hopkins University and Johns Hopkins Health System Corporation as part of a larger cyberattack exploiting a vulnerability in the MOVEit Transfer file transfer tool. The breach was discovered on May 31, 2023, by the organization’s cybersecurity team. The attack has been attributed to the Clop ransomware gang, which was exploiting the MOVEit vulnerability as part of a mass‑hack affecting thousands of organizations worldwide. Upon discovery, Johns Hopkins took immediate steps to secure its systems and began working with data security experts and law enforcement to investigate the incident.

Cyber Incident Image

The breach potentially exposed sensitive personal and financial information, including names, contact information, health billing records, and Social Security numbers. According to the Maine Attorney General’s data breach notification, a total of 363,885 individuals were affected, of whom 43 were Maine residents. Johns Hopkins issued written notices to affected individuals on June 23, 2023, and later sent follow‑up emails on October 10 and October 11, 2023 from the address The Johns Hopkins University SIS‑[email protected] with the subject line “Important Notice Regarding Your Student Information.” The organization offered identity theft protection services for two years through IDX, which included credit monitoring and identity theft protection, and stated that it would provide credit monitoring resources to all impacted individuals.

Johns Hopkins reported that the incident had no negative impact on the operations of either the university or the health system. The investigation remains ongoing, with the organization continuing to assess the full scope of the data exposure and to determine what specific information was compromised. Updates are being provided through the university’s dedicated website and call center, and affected individuals are being urged to monitor their accounts, consider fraud alerts or credit freezes, use strong passwords and multi‑factor authentication, and be wary of suspicious emails as a precautionary measure. The organization will continue to communicate with those affected as more information becomes available.

Sources
Sources available to members
3 sources