Johns Hopkins Medicine operates a network of hospitals, outpatient centers, and physician practices providing healthcare services. The organization includes six academic and community hospitals along with research and medical education programs affiliated with Johns Hopkins University. UpGuard continuously monitors the security posture of Johns Hopkins Medicine using open-source, commercial, and proprietary threat intelligence feeds. Our analysis is centered on objective, externally verifiable information.
Johns Hopkins Medicine's security rating is based on the analysis of their external attack surface. The higher the rating, the better their security posture. Start a free trial to get a more in-depth risk assessment for Johns Hopkins Medicine.
Last updated July 10, 2026
This vendor risk report is based on UpGuard's continuous monitoring of Johns Hopkins Medicine's security posture using open-source, commercial, and proprietary threat intelligence feeds. The results are summarized into a security rating based on the analysis of hundreds of individual checks across five risk categories: website security, email security, phishing & malware, brand & reputation risk, and network security.
The Content Security Policy on this site allows insecure active content.
The Content Security Policy is implemented with unsafe-eval, reducing protection against XSS attacks.
A Content Security Policy is implemented to help protect against XSS and clickjacking attacks.
The Content Security Policy does not allow any insecure passive (img/media) sources.
Sender Policy Framework (SPF) record contains the ptr mechanism. This mechanism is intended to be used temporarily to check that a domain resolves to itself via a known IP address. This should not be used permanently as it puts unnecessary burden on DNS servers and some mail checkers may drop the SPF record if this mechanism is found.
Sender Policy Framework (SPF) record passes basic syntax checks.
Sender Policy Framework (SPF) record strictly enforces specific domains allowed to send email on its behalf.
The 'HTTP' service is running and exposed to the internet. The configuration of the server should be reviewed and unnecessary ports closed.
The domain does not contain a valid Certification Authority Authorization (CAA) record. A CAA record indicates which Certificate Authorities (CAs) are authorized to issue certificates for a domain.
Domain has not expired.
Domain does not expire within 30 days.
DNSSEC records prevent third parties from forging the records that guarantee a domain's identity.
Domain is not flagged as inactive.
Domain is not pending deletion with the registrar.
Domain is not pending restoration with the registrar.
Domain is protected from unsolicited deletion requests with the registrar or registry.
Domain is protected from unsolicited transfer requests.
Domain is protected from unsolicited update requests with the registrar or registry.
Domain is not under a DNS resolution hold with the registrar.
Domain is not under a DNS resolution hold with the registry itself.
Domain is not prohibited from renewal at the registry itself.
Without HSTS enforced, people browsing this site are more susceptible to man-in-the-middle attacks. The server should be configured to support HSTS.
The site's certificate chain was checked against our list of revoked certificates.
SSL is supported for this site.
All HTTP requests are redirected to HTTPS.
The site's hostname matches the SSL certificate.
SSL certificate has not expired.
The certificate presented by this domain was issued by a trusted certificate authority.
No insecure SSL/TLS versions are available for this site.
A complete SSL certificate chain was presented by the server for this domain.
SSL intermediate and root certificates do not expire within 20 days.
The SSL certificate presented by the server has an expiration period shorter than 398 days.
SSL certificate does not expire in less than 20% of its total valid period.
Industry standard SHA-256 encryption in use.
The site's public certificate provides at least 112 bits of security strength.
TLS connections to the site do not support any weak cipher suites.
Infostealer malware has been detected on systems associated with this organization, indicating a potential data breach.
This IP/domain has not been reported as a source of botnet activity in the last 30 days.
This IP/domain did not appear on any list of IPs and domains known to perform brute force login attempts in the last 30 days.
This IP/domain has been reported for distributing malware in the last 30 days.
This IP/domain has not been reported for performing unsolicited scanning in the last 30 days.
This IP/domain has not been reported as a phishing site in the last 30 days.
This IP/domain has not been reported as a source of botnet activity in the last 90 days.
This IP/domain did not appear on any list of IPs and domains known to perform brute force login attempts in the last 90 days.
This IP/domain has been reported for distributing malware in the last 90 days.
This IP/domain has not been reported for performing unsolicited scanning in the last 90 days.
This IP/domain has not been reported as a phishing site in the last 90 days.
A bug in OpenSSL's implementation of the TLS heartbeat extension allows access to portions of memory on the targeted host e.g. cryptographic keys and passwords.
The server does not support SSLv3, and is not vulnerable to the POODLE attack.
The server does not offer RSA_EXPORT cipher suites, so clients are not vulnerable to the FREAK attack.
The server is using strong Diffie-Hellman parameters and is not vulnerable to the Logjam attack.
Compare Johns Hopkins Medicine's security performance with other companies in their industry.
Adobe develops and publishes software products for creative professionals, marketers, and enterprises. The company offers applications for graphic design, video editing, web development, photography, and document management. Its products are primarily delivered through cloud-based subscription services.
Amazon.com operates an online retail platform offering a wide range of consumer products, including electronics, books, clothing, and household goods. The company also provides cloud computing services through Amazon Web Services and operates digital streaming and subscription services.
PayPal operates a digital payments platform that enables individuals and businesses to send and receive money online. The company provides payment processing services for e-commerce transactions, peer-to-peer money transfers, and installment payment options for purchases.
Nike designs, manufactures, and sells athletic footwear, apparel, equipment, and accessories for sports and lifestyle use. The company operates across multiple sports categories including running, basketball, football, golf, and tennis.
IBM provides enterprise technology solutions including artificial intelligence platforms, cloud computing services, IT infrastructure, consulting, and business software. The company develops products such as watsonx AI systems, data analytics tools, automation software, cybersecurity solutions, and computing hardware for organizations across various industries.
DocuSign provides electronic signature software and intelligent agreement management solutions that enable organizations to create, sign, track, and manage digital contracts and documents. The company's platform includes AI-powered tools for agreement analysis, automated workflows, contract lifecycle management, and integrations with business applications like Salesforce.
The ultimate guide to attack surface and third-party risk management – actionable advice for security teams, managers, and executives.
Security research and global news about data breaches.
Explore resourcesArticles, news, and research on third-party risk management.
Explore resourcesArticles, news, and research on attack surface management.
Explore resourcesArticles, news, and research on cybersecurity.
Explore resources