Baltimore-based Johns Hopkins University and Health System are notifying patients that some of their protected health information may have been compromised due to hackers targeting a software vulnerability called MOVEit, The Baltimore Banner reported June 14.
According to a breach notification letter sent out by Johns Hopkins on June 14, the investigation into the incident is ongoing, and the organizations are working with law enforcement and its cybersecurity teams to determine what kinds of information were compromised.
"Our initial evaluation shows the attack may have impacted the information of Johns Hopkins employees, students, and/or patients," the letter said.
All affected individuals will receive updates as they become available and will be contacted if they were affected by the breach, according to Johns Hopkins.
The news comes after the Cybersecurity and Infrastructure Security Agency released a warning June 7 stating that Russian-backed ransomware gang Clop, which is known for targeting the healthcare industry, had been exploiting MOVEit Transfer to conduct hacks.