Sensitive patient data is at risk following a breach of the Janssen CarePath platform, a subsidiary of Johnson & Johnson, as reported by IBM. The breach, which involved unauthorized access to a third-party database supporting Janssen, potentially exposed patient names, contact information, dates of birth, and sensitive medical data, including health insurance and medication details.
While social security numbers and financial account information remained unaffected, this incident could impact more than a million individuals, prompting IBM to advise affected parties to regularly review their account statements and explanations of benefits. IBM has also offered a one-year credit monitoring service to those potentially affected.
IBM, a service provider to Johnson & Johnson Health Care Systems, discovered the breach and described it as a “technical issue” that allowed unauthorized access to the database. The breach occurred on August 2, 2023, but the extent of data access remains unconfirmed. Security experts noted that the breach could have exploited an unpatched vulnerability or a lack of proper external database security measures, highlighting the need for regular and effective security testing.
Given the lucrative value of healthcare data on the dark web, experts emphasize the urgency of IBM’s communication with affected parties to protect them from potential further attacks.
IBM has worked with the database provider to address the technical issue but cautioned Janssen customers about the risk of their personal information being misused by malicious actors. This incident follows a previous breach at Janssen CarePath, underscoring the importance of robust cybersecurity measures in safeguarding sensitive medical information.