Johns Hopkins Suffers a Breach Losing Patient, Student, and Faculty Data
Table of Contents
- By Steven
- Published: Jun 19, 2023
- Last Updated: Nov 23, 2023
Johns Hopkins is one of the leading teaching hospitals that serve approximately 500 medical students annually while caring for tens of thousands of patients. The facility has a total of 1091 beds and serves patients in primary care and trauma care, along with several specialties. The facility is located in Baltimore, Maryland, and because it serves so many students and patients, it stores a huge amount of personal and medical data. Some of that data was just released because of a breach.
How Did the Attack Occur?
The data breach occurred in May when the MOVEit secure file transfer service was breached by the C10p ransomware gang. During the attack, many major companies lost data, including Putnam Investments, the Shell Corporation, the University of Georgia, and Johns Hopkins Hospital. The attack impacted hundreds of companies, and Johns Hopkins lost personal data related to students, faculty, and patients.
What Information Was Viewed or Stolen?
Only personally identifying information was lost in the Johns Hopkins data breach, including things like email addresses, phone numbers, home addresses, Social Security Numbers, and full names. This data doesn't include medical details but is enough to begin several types of identity theft attacks on anyone involved.
How Did Johns Hopkins Admit to the Breach?
Investigations are still ongoing, but on June 15, the university released a letter to the community explaining how the breach occurred and what sort of risks are possible for the individuals involved. Once the impact of this data breach is fully understood, individual notices will go out to every individual known to have been exposed by the breach.
What Will Become of the Stolen Information?
The original purpose of the stolen information from Johns Hopkins was to force the school and hospital to pay a ransom to protect any data from ever being released or used in a harmful way. If a ransom isn't collected for the stolen data, it's likely it will be passed off to hackers or others that want to misuse it, and it could be used for identity theft attacks. The hackers themselves may use the data for attacks as well, and even if they don't, they will probably sell the information to others that will.
What Should Affected Parties Do in the Aftermath of the Breach?
If your data may have been taken from the hospital, you should take immediate steps to protect yourself. You can put a freeze on your credit at each of the bureaus to protect against attacks, or you could invest in credit monitoring services to keep watch over your credit for any strange changes. Take action now, and you can protect yourself from most attacks before they have a chance to do serious harm to your credit. You should also avoid giving out any information over text message or through email, even if it seems like an official company asking for the data. Phishing attacks are commonly used to steal information, and hackers will go to great lengths to make their emails and phone numbers look official when attempting to steal your data.
