NewsLocal News


Johns Hopkins sued over May cybersecurity attack

Global cyber attack may not be finished yet
Posted at 4:20 PM, Jul 21, 2023
and last updated 2023-07-24 13:09:22-04

BALTIMORE — Johns Hopkins University and Health System is being sued over a May cybersecurity attack that affected their networks.

The breach exposed private patient medical records and other sensitive personal information such as social security, passport, driver’s license, and financial account numbers.

The specific number of people impacted remains unclear, but it could be in the hundreds of thousands.

A Hopkins client from Middle River was first to file a class action lawsuit in the federal district court of Maryland. She claims to have not been notified about the breach until almost a month after it happened.

RELATED: Johns Hopkins impacted by widespread cyberattack, personal information may be affected

She accuses Hopkins of "intentionally, willfully, recklessly, or negligently failing to take and implement adequate and reasonable measures to ensure [her] [information] was safeguarded."

The woman says she suffers from anxiety and fear, that as result of the breach, she could one day become the victim of identity theft.

In response to the lawsuit, Hopkins said they were one of several large organizations targeted at the time by hackers.

"Johns Hopkins University and Johns Hopkins Health System learned that our systems were among those affected by a broad-based cybersecurity attack that targeted a widely used software platform for transferring data files, called MOVEit," Hopkins said in a statement. "This attack has impacted many large organizations and industries around the world."

Hopkins also defended their handling of the situation.

"At Johns Hopkins, we took immediate steps to secure our systems and are working closely with cybersecurity experts and law enforcement. The privacy and security of Johns Hopkins community members and our patients is our highest priority, and we are actively in the process of communicating with impacted individuals. We also are making available resources and tools to protect against possible identity theft or fraud, and we encourage members of our community to visit our websites for more information."

The lawsuit seeks to force Hopkins to pay plaintiffs an undetermined amount of restitution, and to upgrade their cybersecurity infrastructure.

Hopkins says it's offering two years of complimentary credit monitoring and resolution services. They've also set up a call center to answer patient questions, which can be reached at (888) 703-9247 on weekdays between 9 am and 9 pm.