On June 14, 2023, Johns Hopkins University posted a notice of “Data Attack” on its website after the organization was notified of a software vulnerability resulting in patient data being made accessible to an unauthorized party. The incident involved the MOVEit Transfer managed file transfer software provided by Progress Software Corp. After confirming what consumer data was leaked, Johns Hopkins will begin sending out data breach notification letters to all individuals who were impacted by the recent data security incident.

If you received a data breach notification from Johns Hopkins University, Johns Hopkins Health System or Progress Software, it is essential you understand what is at risk and what you can do about it. As we’ve discussed in previous posts, third-party data breaches targeting software vendors have become far too prevalent. Hackers have learned that by gaining access to certain types of software through discovered vulnerabilities, they can access vast amounts of patient data. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Johns Hopkins University data breach, consult with a data breach lawyer as soon as possible.

What We Know So Far About the Johns Hopkins University Breach

News of the Johns Hopkins University data breach is still fresh; however, what we know at this point comes from a post on the organization’s website entitled “Data Attack.” According to this source, on May 31, 2023, Johns Hopkins learned of a sophisticated cybersecurity attack targeting a vulnerability in the MOVEit software. In response, Johns Hopkins took the necessary steps to secure its computer system, notified law enforcement, and then launched an investigation with the assistance of third-party data security specialists.

The Johns Hopkins investigation is ongoing, and the organization has not yet determined what information was leaked and who was affected. However, the initial investigation suggests that the data breach impacted sensitive personal and financial information, such as patients’ names, contact information, and health billing records.

On June 14, 2023, Johns Hopkins posted notice of the third-party data breach on its website. While Johns Hopkins is still in the process of determining who was impacted by the breach and what data types were leaked, it will send out data breach letters to all individuals whose information was compromised at the conclusion of its investigation.

More Information About Johns Hopkins University

Founded in 1876, Johns Hopkins University is a private research university located in Baltimore, Maryland. With multiple locations in Baltimore, as well as in Washington, D.C., Italy and China, Johns Hopkins offers its more than 30,000 students a choice of over 260 fields of study. Together, Johns Hopkins University and Johns Hopkins Health System are one of Maryland’s largest employers. Johns Hopkins University employs more than 26,502 people and generates approximately $3.9 billion in annual revenue.