Members of the Johns Hopkins community were alerted to a cybersecurity attack against the Johns Hopkins University and Health System that happened on May 31.
A letter went out Wednesday notifying Johns Hopkins community employees, students and patients that the “widespread cybersecurity attack” may have put their personal information at risk.
The attackers targeted a “previously unknown vulnerability in the widely used software MOVEit,” the letter said.
The Johns Hopkins network was affected alongside “many other large organizations around the world,” according to the letter.
“Johns Hopkins takes the privacy and security of our community members extremely seriously,” the letter said. “Our cybersecurity team is working closely with data security experts and law enforcement to determine what information was involved. This investigation is ongoing, but our initial evaluation shows the attack may have impacted the information of Johns Hopkins employees, students, and/or patients.”
People at risk because of the attack will receive updates as they become available and will be contacted personally if they were affected by it, the letter said.
Two years of free credit monitoring services will be made available to all affected individuals, according to the letter.
Johns Hopkins staff “took immediate action” to secure its systems and has been “working closely with a leading cybersecurity firm to investigate the attack,” the letter said.
The letter urged community members to monitor their bank accounts, consider fraud alerts or credit freezes with major credit bureaus, be wary of phishing attempts and sign up for credit monitoring.