Johns Hopkins University is facing a class action lawsuit from patients who claim the institution’s health system failed to adequately safeguard their personal information ahead of the May cyberattack against MOVEit, a popular file-transfer application.
The lawsuit, filed on July 7 by a university hospital patient, alleges that the institution was aware of the “substandard” condition of its information systems but failed to maintain adequate security protocols, Higher Ed Dive reported Friday.
The lawsuit also reportedly claims that the institution failed to expeditiously notify patients of the breach, which might have violated HIPAA laws requiring notifications be sent “without reasonable delay.”
Johns Hopkins is one of many institutions to be swept up in the MOVEit breach. Victims include major companies, government agencies and the National Student Clearinghouse, which handles student data for thousands of higher education institutions.