People affected by the May cyber attack on Johns Hopkins Health System and Johns Hopkins University are filing a class action lawsuit against the organization.

The lawsuit states that tens or even hundreds of thousands of people had their personal identifiable information exposed through a vulnerability in the MoveIt file transfer software that was exploited by a Russian-linked ransomware organization called Clop.

The plaintiffs allege that Johns Hopkins willfully, intentionally or recklessly failed to implement reasonable security measures to prevent the unauthorized disclosure of personal data.

The lawsuit claims negligence on the part of Johns Hopkins and a breach of implied contract for failing to protect privacy.

Pamela Hunter, who is named as the main plaintiff in the case, noted that she was informed of the breach on June 24, that she was previously unaware of the breach or that Johns Hopkins was holding her information.

“Plaintiff and the class members remain, even today, in the dark regarding what data was stolen, the particular malware used, and what steps are being taken to secure their PHI/PII and financial information going forward,” the lawsuit states.

Johns Hopkins is not alone being a target of cyber attacks. A recent study from Trustwave, a cloud security organization, found that in 2022 “the U.S. Department of Health and Human Services reported more than 28.5 million breached healthcare records, a significant increase from 21.1 million in 2019.”

The study found that about one in four cyber attacks target the healthcare industry. Notable intrusions include an attack on MediBank, which exposed 9.7 million customers and one of PharMerica, which exposed 5.8 million customers.

Both of those organizations are facing class action suits for allegedly failing to protect personal information.

Johns Hopkins stated that it took immediate action after the attack and will provide credit monitoring to all who were impacted.

Johns Hopkins did not respond to multiple requests for an interview for this story.