cheers attacks The Johns Hopkins Hospital

Incident Date:

May 29, 2022

World map



cheers attacks The Johns Hopkins Hospital


The Johns Hopkins Hospital




Baltimore, USA

Maryland, USA

First Reported

May 29, 2022

The Johns Hopkins Hospital Ransomware Attack: A Cybersecurity Threat in the Healthcare Sector

The Johns Hopkins Hospital, a top-ranked healthcare provider in the United States, has recently become the target of a ransomware attack. The attack was claimed by the ransomware group Cheers, which posted a message on their dark web leak site, indicating that the hospital's website was affected. The hospital operates in the Healthcare Services sector, which is a significant target for cybercriminals due to the sensitive nature of the data they handle.

Company Overview

The Johns Hopkins Hospital is a renowned medical institution, known for its high-quality patient care and innovative research. It is part of the Johns Hopkins Health System, which includes several hospitals and healthcare facilities across Maryland. The hospital is located in Baltimore, Maryland, and has been ranked among the top hospitals in the nation by U.S. News & World Report.

Vulnerabilities and Impact

The ransomware attack on the Johns Hopkins Hospital is a significant concern, as it could potentially compromise sensitive patient information. The attack was discovered on May 31, 2023, and affected at least 5,500 individuals, according to the U.S. Office for Civil Rights. The attack targeted a software called MOVEit, which is widely used and has been exploited by the ransomware group Cl0p.

The hospital has taken immediate steps to secure their systems and is working closely with cybersecurity experts and law enforcement to assess the full scope of the attack. The initial evaluation suggests that electronic health records were not included in the breach, but other sensitive personal and financial information may have been affected.

Mitigation and Response

The Johns Hopkins Hospital has notified affected individuals and is providing them with resources to help protect their personal information, including two years of free credit monitoring services. The hospital has also urged its community to take immediate steps to protect their information, such as monitoring accounts, placing fraud alerts or credit freezes, and using strong passwords.

The attack on the Johns Hopkins Hospital underscores the importance of robust cybersecurity measures in the healthcare sector. As the industry continues to digitize and rely on technology for patient care and data management, the risk of cyberattacks will only increase. Healthcare providers must invest in advanced security solutions and stay vigilant against emerging threats to protect their patients' sensitive information.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.