Baltimore-based Johns Hopkins University and Health System are facing up to seven lawsuits that allege that the organizations failed to protect patient information from Russian cyber group Clop, The Baltimore Banner reported Aug. 16.
The hack, which occurred on or before May 31, exposed around 300,000 Johns Hopkins patients' data.
The attack is being attributed to Russian-backed ransomware gang Clop.
HHS has warned that Clop has been infiltrating a popular file transfer program called MOVEit to conduct global hacks. The Clop attack on MOVEit has compromised more than 670 organizations worldwide, including multiple U.S.-based hospital and health systems.
Cybersecurity experts told the publication that even if Johns Hopkins did everything right, it still could have fallen victim to the attack since it is only a "minor player"' in a massive breach. Organizations have less control over vulnerabilities in third-party software programs than they do in their own systems.
According to the publication, MOVEit was a trusted program used by large and well-known organizations.
Finance, tech and healthcare have reportedly been the industries hit hardest by the MOVEit breach.