Johns Hopkins Hospital warns patients about data theft Baltimore’s Johns Hopkins Hospital is warning more than 10,000 patients about a data theft after linking a woman working in the hospital’s patient registration area to fraud.“Beginning around January 20, 2009, Johns Hopkins received reports, some from individuals themselves, and some through various local law enforcement agencies, that some individuals had determined that they were victims of identity theft and that the theft activities focused in the Baltimore area,” the hospital said in an April 3, 2009, letter sent to patients whose data was accessed. The letter was published Monday on the Maryland attorney general’s Web site.After the U.S. Secret Service and U.S. Postal Service got involved, investigators began suspecting that the Johns Hopkins employee was linked to a fraud that involved fake Virginia drivers’ licenses, although officials declined to provide more information regarding that alleged scheme. Law enforcement has identified 46 victims of the scam, 31 of whom were linked to Johns Hopkins. The hospital is offering them credit protection services, and it is also offering similar services to another 526 Virginia patients who may have been targeted by the fraud. However, most of the 10,200 patients and former patients being notified are thought to be at “extremely low risk” of fraud, according to hospital spokesman Gary Stephenson. “We just contacted them to do due diligence,” he said. The employee had access to the Social Security numbers, names, addresses, dates of birth, telephone numbers, parents’ names and medical insurance information of current and former patients. She was not able to learn about the patients’ medical conditions, however. News of the incident was first reported Monday on Databreaches.net, which noted that former Johns Hopkins employee Michelle Johnson had been indicted in January on fraud charges for allegedly using patient data to open fraudulent credit card accounts.Stephenson said that the Johnson case was separate from this latest incident, but he declined to comment further on the matter, citing an ongoing investigation.In its notification letter, Johns Hopkins said it has fired the employee it suspects of this latest fraud and expects that she will be indicted. However, the letter warns, “There is no absolute certainty, at this time, that she was the source of the information.” Related content news analysis DHS unveils one common platform for reporting cyber incidents Ahead of CISA cyber incident reporting regulations, DHS issued a report on harmonizing 52 cyber incident reporting requirements, presenting a model common reporting platform that could encompass them all. By Cynthia Brumfield Sep 25, 2023 10 mins Regulation Regulation Regulation news Chinese state actors behind espionage attacks on Southeast Asian government The distinct groups of activities formed three different clusters, each attributed to a specific APT group. By Shweta Sharma Sep 25, 2023 4 mins Advanced Persistent Threats Cyberattacks feature How to pick the best endpoint detection and response solution EDR software has emerged as one of the preeminent tools in the CISO’s arsenal. Here’s what to look for and what to avoid when choosing EDR software. By Linda Rosencrance Sep 25, 2023 10 mins Intrusion Detection Software Security Monitoring Software Data and Information Security feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Data and Information Security IT Leadership Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe