The Baltimore Banner: Is Johns Hopkins the Bad Guy in the Patient Data Breach? Or a Victim? (ft. Ido Sivan-Sevilla)

INFO Staff - August 16, 2023

INFO Assistant Professor Ido Sivan-Sevilla provides expert commentary

The Johns Hopkins Hospital in East Baltimore. (Cody Boteler)

The Johns Hopkins Hospital in East Baltimore. (Cody Boteler)

A recent data breach of patient information held by the the Johns Hopkins University and Health System as resulted in at least seven class action lawsuits.

However, experts say that Hopkins was just one of many institutions victimized that used the third party software, MOVEit. Russian hackers infiltrated MOVEit – collecting data from more than 670 organizations worldwide and accessing the records of more than 46 million customers, employees, and students.

MOVEit is a popular and formerly trusted third-party software that allows organizations to transfer electronic files. Much of the trust came from the perception that the software operated within an organization’s secure cyber perimeter.

“That seemingly robust security may be why government agencies were comfortable using MOVEit”, said Ido Sivan-Sevilla, assistant professor at the College of Information Studies at University of Maryland, who was involved in designing cybersecurity regulations for the Israeli government. “But the same third-party programs that function as “critical infrastructure” for institutions can be paydirt for hackers, allowing them to “put a foot in the door across hundreds of organizations” and capture the data of millions, Sivan-Sevilla said.

Click here to read the full article.


The orginal article, authored by Sarah True, was published August 16, 2023 by The Baltimore Banner.