IBM has issued a notification to customers of Janssen CarePath, a subsidiary of Johnson & Johnson, regarding a “data incident” involving unauthorized access to personal information. The incident pertains to a database used on the Janssen CarePath platform.
IBM, the manager of the database in question, has reported that they were unable to determine the full extent of the unauthorized access. However, they have assured the public that Social Security numbers and financial account information were not stored within the affected database and were therefore not compromised. Specific details about the number of affected customers and users have not been disclosed at this time.
Janssen CarePath is a platform designed to provide resources and support to patients who have been prescribed medication by Johnson & Johnson. It assists patients in understanding their insurance coverage and out-of-pocket costs related to their prescribed medications.
The data that may have been exposed in this incident includes individuals’ names and information such as contact details, as well as data related to health insurance and medications provided to the Janssen CarePath application. IBM has yet to release further information on the nature and scope of the Cyber Security incident.
Both IBM and Janssen CarePath are actively working to investigate and address the incident, as well as to enhance security measures to prevent future breaches. Affected customers are advised to remain vigilant for any suspicious activity related to their personal information and to take appropriate precautions, such as monitoring their accounts and updating passwords.
IBM is a service provider to Johnson & Johnson Health Care Systems, Inc. (Janssen). IBM manages the application and the third-party database that supports Janssen CarePath. Janssen recently became aware of a technical method by which unauthorized access to the database could be obtained. Janssen then immediately notified IBM, and, working with the database provider, IBM promptly remediated the issue.
As the investigation unfolds, further updates and information regarding the data incident will be provided to affected parties and the public.
