Johns Hopkins University and the Johns Hopkins Health System Corporation face a proposed class action over a May 2023 data breach that reportedly affected at least 300,000 individuals.
Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.
The 52-page case says the defendants, a private research university and affiliated healthcare system based in Baltimore, were alerted to unusual activity on their network on May 31 of this year. A subsequent investigation revealed that on May 29, unauthorized parties were able to access consumers’ private information stored on Johns Hopkins’ servers, the filing shares.
According to Johns Hopkins University’s June 23 notice letter, data stolen in the breach includes customers’ and patients’ demographic information, Social Security numbers and dates of birth. The defendants’ online notice adds that the cyberattack may have impacted other sensitive personal and financial data, including names, contact information and health billing records.
The complaint argues that the data breach, which has exposed victims to an ongoing risk of identity theft and fraud, stemmed from Johns Hopkins’ failure to implement and follow adequate data security protocols. Per the suit, the data stored on the defendants’ servers was left “accessible, unencrypted, unprotected, and vulnerable” for acquisition by the unauthorized actor.
As the case tells it, the cyberattack targeted MOVEit, a popular transfer platform the defendants use to store and share files containing consumers’ data. It’s been reported that over 200 organizations have fallen victim to the MOVEit security incident, which was perpetrated by Russia-linked ransomware group Cl0p, the suit relays.
The filing claims that Cl0p has stolen personal data belonging to an estimated 17 million individuals and has begun publishing certain information on its dark web leak site if companies refuse to meet its ransom demands. Johns Hopkins University and the Johns Hopkins Health System Corporation have not paid a ransom to Cl0p, the complaint alleges.
The lawsuit looks to represent anyone (if minors, their parents or guardians, and if deceased, their executors or surviving spouses) who Johns Hopkins identified as being impacted by the data breach, including anyone who was sent notice of the incident.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
Hair Relaxer Lawsuits
Women who developed cancer, endometriosis or reproductive problems after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.