Johns Hopkins Aramco Healthcare (JHAH) is a joint venture formed in 2013 between Johns Hopkins Medicine and Saudi Aramco, operating as a healthcare provider across Saudi Arabia. Its clinical network spans five named facilities in Dhahran, Abqaiq, Al-Hasa, Ras Tanura, and 'Udhailiyah, delivering primary care, specialty care, oncology, cardiology, and surgical services to a patient population tied to one of the world's largest energy companies.
From a security standpoint, JHAH's infrastructure spans two distinct risk surfaces that cybersecurity practitioners should understand going in. The first is clinical: the organization runs an Epic MyChart-based telehealth and patient portal stack, a da Vinci robotic surgery program it describes as the busiest in Saudi Arabia, and an Oncology Center of Excellence - all of which involve networked medical devices, EHR systems, and regulated patient data under Saudi healthcare compliance frameworks. The second is operational: JHAH holds ISO 55001:2024 certification for its asset management system, signaling formalized infrastructure governance across physical and digital assets at scale.
JHAH has earned external accreditations that point to institutional compliance maturity - Planetree International Gold Certification for person-centered care, and a first-in-Saudi-Arabia Heart Failure Accreditation from the American College of Cardiology. The organization positions itself as aligned with Saudi Arabia's Vision 2030 health transformation agenda, which adds a layer of regulatory and national-infrastructure sensitivity to its operating environment. That context matters for anyone evaluating the threat model: critical healthcare infrastructure, cross-institutional data flows between a US academic medical system and a Gulf state energy conglomerate, and a multi-site footprint across the Eastern Province.