In a recent cybersecurity incident, Janssen Pharmaceutical’s CarePath application experienced a data breach, potentially exposing sensitive personal and medical information of its customers. The breach was linked to the application’s third-party technology service provider, IBM.
CarePath, an application owned by Johnson and Johnson’s subsidiary, Janssen Pharmaceutical, is designed to assist patients in accessing Janssen medications, prescription discounts, insurance guidance, and other useful tools. IBM is responsible for managing the CarePath application and the database that supports its functions.
The breach came to light when Janssen Pharmaceutical identified a vulnerability that could have allowed unauthorized individuals to access the CarePath database. Following this discovery, Janssen promptly informed IBM, which swiftly addressed the security gap. Subsequently, IBM initiated an investigation into the incident.
The investigation revealed that unauthorized users had gained access to the personal and medical information of CarePath users who had enrolled in Janssen’s online services prior to July 2, 2023. The compromised data included:
– Name and contact information
– Date of birth
– Health insurance details
– Medication information
– Medical condition information
Notably, this breach does not impact patients who enrolled on or after July 2, 2023, nor does it affect Janssen’s Pulmonary Hypertension patients.
In an unrelated incident from the previous month, the Colorado Department of Health Care Policy & Financing disclosed a breach involving IBM, affecting four million individuals, leading to the exposure of their personal and medical data.
While there is currently no evidence of the compromised information being misused, IBM is taking precautionary measures. They are offering complimentary one-year credit monitoring services to individuals whose information may have been affected.
Janssen CarePath users are advised to remain vigilant by regularly reviewing their account statements and explanations of benefits from health insurers or healthcare providers. Any suspicious activity should be reported promptly.
IBM has established a toll-free center for inquiries related to this incident, open Monday through Friday from 9:00 a.m. to 9:00 p.m. ET (excluding major U.S. holidays). For more information, individuals can contact:
– For individual users: (888) 604-6584
– For healthcare providers: (877) 792-3593
Both Janssen and IBM are committed to enhancing information security measures to protect against evolving cyber threats. This incident underscores the importance of ongoing vigilance in safeguarding personal and medical data in an increasingly digital world.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.