BALTIMORE — Members of the Johns Hopkins community were alerted to a cybersecurity attack against Johns Hopkins University and Health System that happened on May 31.
A letter went out Wednesday notifying Johns Hopkins community employees, students and patients that the “widespread cybersecurity attack” may have put their personal information at risk.
The attackers targeted a “previously unknown vulnerability in the widely used software MOVEit,” the letter said.
The Johns Hopkins network was impacted alongside “many other large organizations around the world,” according to the letter.
“Johns Hopkins takes the privacy and security of our community members extremely seriously,” the letter said. “Our cybersecurity team is working closely with data security experts and law enforcement to determine what information was involved. This investigation is ongoing, but our initial evaluation shows the attack may have impacted the information of Johns Hopkins employees, students, and/or patients.”
Johns Hopkins community members put at risk because of the attack will receive updates as they become available and will be contacted personally if they were impacted by it, the letter said.
Two years of free credit monitoring services will be made available to all impacted individuals, according to the letter.
Johns Hopkins staff “took immediate action” to secure its systems and has been “working closely with a leading cybersecurity firm to investigate the attack,” the letter said.
The letter urged community members to take immediate steps to protect their information as a precautionary measure. It included a short list of proactive actions:
- Monitor Your Accounts: Regularly review your bank statements, credit reports, and insurance statements for any unusual activity. If you notice anything suspicious, promptly report it to your financial institutions.
- Fraud Alerts and Credit Freezes: Consider placing fraud alerts or credit freezes with major credit bureaus. This will add an extra layer of security and make it harder for anyone to open new accounts using your information.
- Be Wary of Suspicious Emails or Communications: Stay vigilant against phishing attempts and suspicious emails or messages. Do not click on any links or provide information unless you are certain of the source’s authenticity.
- Sign Up For Credit Monitoring Services: Johns Hopkins will be providing all impacted individuals with two years of complimentary credit monitoring. Instructions for activating the free services will be included in direct communications to impacted individuals.