Baltimore-based Johns Hopkins University and Health System are facing a patient-led lawsuit that alleges the health system failed to protect patients' health information when it was compromised due to a ransomware attack on a software vulnerability called MOVEit.
The class action complaint, filed by Pamela Hunter July 7 in the U.S. District Court for the District of Maryland, alleges that the health system did not take proper steps to prevent patient data from being taken from its systems by an unauthorized party.
The hack occurred on or before May 31, with the plaintiff alleging that names, medical record numbers, addresses, dates of birth, Social Security numbers, and locations and dates of service related to upcoming appointments that require anesthesia were compromised during the breach.
Johns Hopkins began notifying individuals of the incident on June 14.
It is unknown how many people were affected by the breach, according to the lawsuit obtained by Becker's.
The Cybersecurity and Infrastructure Security Agency released a warning June 7 stating that Russian-backed ransomware gang Clop, which is known for targeting the healthcare industry, had been exploiting MOVEit Transfer to conduct hacks globally.