Johns Hopkins University, Health System Corp. Hit with Class Action Over May 2023 Data Breach
Ebneshahidi v. Johns Hopkins University et al.
Filed: September 18, 2023 ◆§ 1:23-cv-02539
Johns Hopkins University and the Johns Hopkins Health System Corporation face a class action over a May 2023 data breach that reportedly affected at least 300,000 individuals.
Maryland
Johns Hopkins University and the Johns Hopkins Health System Corporation face a proposed class action over a May 2023 data breach that reportedly affected at least 300,000 individuals.
Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.
The 52-page case says the defendants, a private research university and affiliated healthcare system based in Baltimore, were alerted to unusual activity on their network on May 31 of this year. A subsequent investigation revealed that on May 29, unauthorized parties were able to access consumers’ private information stored on Johns Hopkins’ servers, the filing shares.
According to Johns Hopkins University’s June 23 notice letter, data stolen in the breach includes customers’ and patients’ demographic information, Social Security numbers and dates of birth. The defendants’ online notice adds that the cyberattack may have impacted other sensitive personal and financial data, including names, contact information and health billing records.
The complaint argues that the data breach, which has exposed victims to an ongoing risk of identity theft and fraud, stemmed from Johns Hopkins’ failure to implement and follow adequate data security protocols. Per the suit, the data stored on the defendants’ servers was left “accessible, unencrypted, unprotected, and vulnerable” for acquisition by the unauthorized actor.
As the case tells it, the cyberattack targeted MOVEit, a popular transfer platform the defendants use to store and share files containing consumers’ data. It’s been reported that over 200 organizations have fallen victim to the MOVEit security incident, which was perpetrated by Russia-linked ransomware group Cl0p, the suit relays.
The filing claims that Cl0p has stolen personal data belonging to an estimated 17 million individuals and has begun publishing certain information on its dark web leak site if companies refuse to meet its ransom demands. Johns Hopkins University and the Johns Hopkins Health System Corporation have not paid a ransom to Cl0p, the complaint alleges.
The lawsuit looks to represent anyone (if minors, their parents or guardians, and if deceased, their executors or surviving spouses) who Johns Hopkins identified as being impacted by the data breach, including anyone who was sent notice of the incident.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
Hair Relaxer Lawsuits
Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.
Read more here: Hair Relaxer Cancer Lawsuits
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.