IBM has disclosed a data breach involving the personal information of 631,000 individuals due to a “technical method” that enabled unauthorized access to a third-party database used by a Johnson & Johnson patient medication support platform.
While the breach was publicly revealed last month, it has already led to two proposed federal class action lawsuits against both companies, alleging negligence in protecting sensitive health and personal information. These lawsuits are seeking financial damages for affected individuals and class members, as well as injunctions to enhance data security practices at IBM and Johnson & Johnson. IBM has taken measures to improve security controls and is providing affected individuals with one year of complimentary credit and identity monitoring. This incident underscores the need for robust cybersecurity measures and safeguards in handling sensitive personal data.
The breach was detected by Janssen CarePath, a service offering support resources to patients prescribed Janssen medications by their healthcare providers. Janssen CarePath identified a “technical method” that allowed unauthorized access to a third-party database managed by IBM.
IBM conducted an investigation and found unauthorized access to personal information in the database, although the scope of the access was undetermined. The exposed information includes names, contact details, birthdates, health insurance information, and data about medications and associated conditions, but not Social Security numbers or financial account details. Johnson & Johnson and IBM are facing allegations of negligence in protecting individuals’ protected health information and personal identifiable information.
IBM is collaborating with authorities to resolve the situation and has urged users to update their Google Chrome browsers. The incident underscores the importance of employee cybersecurity training, regular software updates, and strong security practices to safeguard sensitive data.
Cryptocurrency usage is associated with inherent risks, making it crucial for organizations to maintain robust security measures. The breach also highlights that healthcare providers and their partners must remain vigilant against evolving threats to protect patient data effectively.
References:
