Johns Hopkins University and its related medical system are grappling with a recent cybersecurity attack that may have exposed sensitive information belonging to students, staff, faculty, and patients. The breach, which occurred on May 31 and involved the file transfer software MOVEit, impacted both the university and Johns Hopkins Medicine.
Furthermore, the ransomware attack, attributed to a Russian extortion gang known as ‘Cl0p,’ targeted various organizations, including the BBC, British Airways, and Nova Scotia’s government. While Hopkins is still investigating the full extent of the breach, it believes that personal and financial information, such as names, contact details, and health billing records, may have been compromised, although patient medical records remained unaffected.
Additionally, those affected by the breach will be notified, and Hopkins is offering resources such as credit monitoring services to individuals whose information was compromised. Impacted individuals can enroll in credit monitoring by contacting the provided phone number during specified weekdays.
As the investigation continues to identify those affected, individuals associated with Hopkins are advised to closely monitor their bank accounts and credit reports for any suspicious activity, consider placing fraud alerts with major credit bureaus, stay vigilant against suspicious emails or messages, and consider signing up for credit monitoring services.
At the same time, the incident at Johns Hopkins University highlights the growing threat of cyberattacks on educational institutions, as evidenced by a 2022 report by cybersecurity company Sophos. The report revealed a significant 53% increase in cyberattacks targeting higher education institutions compared to the previous year.
Additionally, a 2017 study conducted by a Hopkins researcher indicated that larger institutions and those with a strong emphasis on teaching, such as Hopkins, face a higher risk of hospital data breaches. This breach serves as a reminder of the need for robust cybersecurity measures to safeguard sensitive information within the education and healthcare sectors.
