Johns Hopkins University and Johns Hopkins Health System are facing a class action lawsuit in the wake of a data breach that exposed the personal information of patients and students. The lawsuit was filed on July 7, 2023 by Pamela Hunter, a hospital client who was affected by the breach.
Allegations of Negligence
The lawsuit alleges that Johns Hopkins was aware of the “substandard” condition of its information systems and failed to implement safeguards to secure the personal health information and identifiable data of those affected by the breach. The breach, discovered in May 2023, exposed the personal information of thousands of patients and students, including names, addresses, social security numbers, and medical records.
The lawsuit accuses Johns Hopkins of negligence, breach of contract, and breach of fiduciary duty. It seeks damages for those affected by the breach and injunctive relief to prevent similar breaches from occurring in the future.
Johns Hopkins has not yet commented on the lawsuit but has previously acknowledged the data breach and apologized for its impact on patients and students. The hospital has offered free credit monitoring and identity theft protection to those affected by the breach.
The lawsuit is just one of several legal challenges that Johns Hopkins is facing in the aftermath of the data breach. The hospital is also under investigation by state and federal regulators and could face significant fines and penalties if found to violate data protection laws. The incident serves as a reminder of the importance of data security and the need for organizations to take proactive measures to protect sensitive information.