Cyber Incident Victim: Johns Hopkins Health System
Date:
May 2023
Location:
United States of America
Summary
Johns Hopkins University and Johns Hopkins Health System were affected by a cyberattack exploiting a vulnerability in a widely used software tool, potentially exposing sensitive personal and financial information such as names, contact details and health billing records. The incident did not disrupt university or health system operations, and an ongoing investigation with cybersecurity experts and law enforcement aims to determine the full scope of compromised data. Affected individuals will be notified once the scope is confirmed and will be offered credit monitoring services, while the organization has secured its systems and continues to work with authorities to address the security issue.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On May 29, 2023, an external system breach occurred at Johns Hopkins University and Johns Hopkins Health System Corporation as part of a larger cyberattack exploiting a vulnerability in the MOVEit Transfer file transfer tool. The breach was discovered on May 31, 2023, by the organization’s cybersecurity team. The attack has been attributed to the Clop ransomware gang, which was exploiting the MOVEit vulnerability as part of a mass‑hack affecting thousands of organizations worldwide. Upon discovery, Johns Hopkins took immediate steps to secure its systems and began working with data security experts and law enforcement to investigate the incident.

The breach potentially exposed sensitive personal and financial information, including names, contact information, health billing records, and Social Security numbers. According to the Maine Attorney General’s data breach notification, a total of 363,885 individuals were affected, of whom 43 were Maine residents. Johns Hopkins issued written notices to affected individuals on June 23, 2023, and later sent follow‑up emails on October 10 and October 11, 2023 from the address The Johns Hopkins University SIS‑[email protected] with the subject line “Important Notice Regarding Your Student Information.” The organization offered identity theft protection services for two years through IDX, which included credit monitoring and identity theft protection, and stated that it would provide credit monitoring resources to all impacted individuals.
Johns Hopkins reported that the incident had no negative impact on the operations of either the university or the health system. The investigation remains ongoing, with the organization continuing to assess the full scope of the data exposure and to determine what specific information was compromised. Updates are being provided through the university’s dedicated website and call center, and affected individuals are being urged to monitor their accounts, consider fraud alerts or credit freezes, use strong passwords and multi‑factor authentication, and be wary of suspicious emails as a precautionary measure. The organization will continue to communicate with those affected as more information becomes available.
