International Business Machines Corporation
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
IBM disclosed a data breach in September 2023 that affected the Janssen CarePath database, which is a patient support platform managed by IBM for Johnson & Johnson’s Janssen pharmaceuticals. The breach, which was discovered on August 2, 2023, potentially compromised personal information of patients who were enrolled in the Janssen CarePath services prior to July 2, 2023. The exposed data may have included individuals’ names, contact information, dates of birth, health insurance information, and information about medications and associated conditions provided to the Janssen CarePath application. However, Social Security numbers and financial account information were not stored in the database and therefore not affected by the breach[1][2][5].
IBM began notifying affected customers and users, offering them complimentary one-year credit monitoring services. The company worked with the database provider to address the vulnerability that allowed unauthorized access and to enhance security controls to prevent similar incidents in the future[1][2].
The breach has led to at least two proposed federal class action lawsuits against IBM and Johnson & Johnson, alleging negligence and failure to protect sensitive health information. The lawsuits seek financial damages and injunctive orders for the companies to improve their data security practices[10][11][16].
The incident is part of a larger trend of cyberattacks targeting the healthcare industry, emphasizing the need for robust cybersecurity measures to protect sensitive patient information[8][20].
Citations:
- https://www.securityweek.com/ibm-discloses-data-breach-impacting-janssen-healthcare-platform/
- https://newsroom.ibm.com/2023-09-06-IBM-Addresses-Data-Incident-for-Janssen-CarePath-Database
- https://mitibmwatsonailab.mit.edu
- https://www.law.com/radar/card/international-business-machines-corporation-v-chantaruck-47785781-0/
- https://www.bankinfosecurity.com/ibm-says-631k-affected-in-johnson-johnson-database-breach-a-23335
- https://www.fastcompany.com
- https://casetext.com/case/rsi-corp-v-international-business-machines-corp-3
- https://www.scmagazine.com/brief/ibm-data-breach-hits-johnson-johnson-unit
- https://www.washingtonpost.com
- https://news.bloomberglaw.com/privacy-and-data-security/ibm-johnson-johnson-hit-with-second-health-data-breach-suit
- https://www.fiercepharma.com/pharma/johnson-johnson-ibm-face-class-action-lawsuit-over-patient-data-breach
- https://1password.com
- https://www.hipaajournal.com/ibm-johnson-johnson-health-care-systems-breach-lawsuit/
- https://therecord.media/cost-of-data-breach-reaches-all-time-high-ibm-report
- https://finance.yahoo.com/news/13-most-advanced-countries-computer-124816926.html
- https://topclassactions.com/lawsuit-settlements/privacy/data-breach/ibm-johnson-johnson-class-action-claims-companies-failed-to-safeguard-protected-health-information/
- https://cybermagazine.com/technology-and-ai/ibm-security-report-reveals-huge-business-data-breach-costs
- https://finance.yahoo.com/news/applied-digital-joins-ai-alliance-130500119.html
- https://www.classaction.org/news/ibm-johnson-and-johnson-health-care-systems-facing-lawsuit-over-2023-janssen-carepath-data-breach
- https://www.kiplinger.com/personal-finance/health-insurance/healthcare-data-breach-may-have-exposed-patient-information
- https://www.paloaltonetworks.com
- https://law.justia.com/cases/federal/district-courts/FSupp/13/11/2096850/
- https://www.ibm.com/reports/data-breach