Data Attack
Johns Hopkins University and Johns Hopkins Health System are investigating a recent cybersecurity attack targeting the widely used software MOVEit that impacted our systems, as well as many other large organizations around the world.
Johns Hopkins take the privacy and security of our community members extremely seriously. Our cybersecurity team is working closely with data security experts and law enforcement to determine what information was involved. This investigation is ongoing, but our initial evaluation shows the attack may have affected the information of Johns Hopkins employees, students, and patients. We will update this website regularly as more information becomes available.
Until we know more, we strongly urge our community to take immediate steps to protect your information as a precautionary measure.
- Monitor Your Accounts: Regularly review your bank statements, credit reports, and insurance statements for any unusual activity. If you notice anything suspicious, promptly report it to your financial institutions.
- Fraud Alerts and Credit Freezes: Consider placing fraud alerts or credit freezes with major credit bureaus. This will add an extra layer of security and make it harder for anyone to open new accounts using your information.
- Be Wary of Suspicious Emails or Communications: Stay vigilant against phishing attempts and suspicious emails or messages. Do not click on any links or provide information unless you are certain of the source's authenticity.
- Sign Up For Credit Monitoring Services: Johns Hopkins is working with IDX to provide all potentially impacted individuals with two years complimentary credit monitoring. Instructions for activating the complimentary services will be included in direct communications to those individuals.
For more information on identity theft, we recommend that you visit the Federal Trade Commission’s Identity Theft Guide at www.identitytheft.gov.
If there is anything else that we can do to assist you, please call IDX at 888-703-9247 weekdays between the hours of 9 am and 9 pm ET.
Helpful Resources:
- Johns Hopkins Financial Wellness Guide: What Can I Do To Prevent Identity Theft?
- The Federal Trade Commission’s guidance on identity theft: www.IdentityTheft.gov
- Checklist to determine if you have been the victim of identity theft: Warning Signs of Identity Theft
- Federally-authorized clearinghouse for credit reports: AnnualCreditReport.com
Frequently Asked Questions
-
Johns Hopkins University and Johns Hopkins Health System, along with many other large organizations around the world, were impacted by a cybersecurity attack targeting the widely used software MOVEit.
-
The breach occurred on May 31. Johns Hopkins took immediate steps to secure our systems and our cybersecurity team is working closely with data security experts and law enforcement to determine what information was compromised. This investigation is ongoing.
-
The attack occurred as a result of a widespread cybersecurity attack targeting a vulnerability in the widely-used software MOVEit. The attack impacted many large organizations around the world.
-
We took immediate action to secure our systems and are working closely with cybersecurity experts and law enforcement to determine what information was involved. The attack has had no negative impact on the operations of either Johns Hopkins University or the Johns Hopkins Health System.
-
This investigation is ongoing, but our initial evaluation shows the attack may have affected the information of Johns Hopkins employees, students, and patients. We are working now to assess the full scope of the attack and will be reaching out to all impacted individuals in the coming weeks.
-
Our initial investigation suggests that the attack did not include electronic personal health records, but may have impacted other information of Johns Hopkins employees, students, and patients. We are working now to assess the full scope of the attack and will be reaching out to all impacted individuals in the coming weeks.
-
If your information is involved in this attack, we will reach out to you directly as soon as possible to provide additional information and resources to help you protect your information. In the meantime, we strongly urge our community to take immediate steps to protect your information as a precautionary measure.
-
We will notify affected individuals as soon as we know the full scope and breadth of the attack and those whose information was included. If your information was involved, you will receive additional information and resources to help you protect your information.
-
Yes. We will notify affected individuals directly and individually and will provide additional resources, including two years of free credit monitoring services to help protect their information. Instructions for activating the complimentary services will be included in direct communications to impacted individuals.