IBM Addresses Data Incident for Janssen CarePath Database
IBM (NYSE: IBM) is notifying Janssen CarePath customers and users of an incident involving unauthorized access to personal information contained within a database used on the Janssen CarePath platform, a patient support platform that offers savings options and other patient support resources.
IBM is a service provider to Johnson & Johnson Health Care Systems, Inc. (“Janssen”). IBM manages the application and the third-party database that supports Janssen CarePath. Janssen recently became aware of a technical method by which unauthorized access to the database could be obtained. Janssen then immediately notified IBM, and, working with the database provider, IBM promptly remediated the issue. IBM also undertook an investigation to assess whether there had been unauthorized access to the database. While IBM’s investigation identified, on August 2, 2023, that there was unauthorized access to personal information in the database, the investigation was unable to determine the extent of that access. As a result, IBM has begun notifying Janssen CarePath customers and users whose information was contained in the Janssen CarePath database out of an abundance of caution.
The information involved in this incident may have included individuals’ names and one or more of the following: contact information, date of birth, health insurance information, and information about medications and associated conditions that were provided to the Janssen CarePath application. Social Security numbers and financial account information were not contained in the database or affected.
After being informed of the issue by Janssen, IBM and the database provider promptly identified and implemented steps that disabled the technical method at issue. IBM also worked with the database provider to augment security controls to reduce the chance of a similar event occurring in the future.
While there is no indication that any of the involved information has been misused, complimentary one-year credit monitoring service is being offered to individuals whose information may have been involved. Individuals can arrange for credit monitoring by following the instructions on the notification letters that they receive or by calling the dedicated call center.
Janssen CarePath users are encouraged to remain vigilant by regularly reviewing their account statements and explanations of benefits from their health insurer or care providers with respect to any unauthorized activity, and to promptly report any suspicious activity.
A toll-free center for questions about this incident has been established. Questions and requests to enroll in the credit monitoring service should be directed to the dedicated call center, Monday to Friday, 9am to 9pm EST (excluding major U.S. holidays):