International Business Machines Corporation

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

IBM disclosed a data breach in September 2023 that affected the Janssen CarePath database, which is a patient support platform managed by IBM for Johnson & Johnson’s Janssen pharmaceuticals. The breach, which was discovered on August 2, 2023, potentially compromised personal information of patients who were enrolled in the Janssen CarePath services prior to July 2, 2023. The exposed data may have included individuals’ names, contact information, dates of birth, health insurance information, and information about medications and associated conditions provided to the Janssen CarePath application. However, Social Security numbers and financial account information were not stored in the database and therefore not affected by the breach[1][2][5].

IBM began notifying affected customers and users, offering them complimentary one-year credit monitoring services. The company worked with the database provider to address the vulnerability that allowed unauthorized access and to enhance security controls to prevent similar incidents in the future[1][2].

The breach has led to at least two proposed federal class action lawsuits against IBM and Johnson & Johnson, alleging negligence and failure to protect sensitive health information. The lawsuits seek financial damages and injunctive orders for the companies to improve their data security practices[10][11][16].

The incident is part of a larger trend of cyberattacks targeting the healthcare industry, emphasizing the need for robust cybersecurity measures to protect sensitive patient information[8][20].

Citations:

  1. https://www.securityweek.com/ibm-discloses-data-breach-impacting-janssen-healthcare-platform/
  2. https://newsroom.ibm.com/2023-09-06-IBM-Addresses-Data-Incident-for-Janssen-CarePath-Database
  3. https://mitibmwatsonailab.mit.edu
  4. https://www.law.com/radar/card/international-business-machines-corporation-v-chantaruck-47785781-0/
  5. https://www.bankinfosecurity.com/ibm-says-631k-affected-in-johnson-johnson-database-breach-a-23335
  6. https://www.fastcompany.com
  7. https://casetext.com/case/rsi-corp-v-international-business-machines-corp-3
  8. https://www.scmagazine.com/brief/ibm-data-breach-hits-johnson-johnson-unit
  9. https://www.washingtonpost.com
  10. https://news.bloomberglaw.com/privacy-and-data-security/ibm-johnson-johnson-hit-with-second-health-data-breach-suit
  11. https://www.fiercepharma.com/pharma/johnson-johnson-ibm-face-class-action-lawsuit-over-patient-data-breach
  12. https://1password.com
  13. https://www.hipaajournal.com/ibm-johnson-johnson-health-care-systems-breach-lawsuit/
  14. https://therecord.media/cost-of-data-breach-reaches-all-time-high-ibm-report
  15. https://finance.yahoo.com/news/13-most-advanced-countries-computer-124816926.html
  16. https://topclassactions.com/lawsuit-settlements/privacy/data-breach/ibm-johnson-johnson-class-action-claims-companies-failed-to-safeguard-protected-health-information/
  17. https://cybermagazine.com/technology-and-ai/ibm-security-report-reveals-huge-business-data-breach-costs
  18. https://finance.yahoo.com/news/applied-digital-joins-ai-alliance-130500119.html
  19. https://www.classaction.org/news/ibm-johnson-and-johnson-health-care-systems-facing-lawsuit-over-2023-janssen-carepath-data-breach
  20. https://www.kiplinger.com/personal-finance/health-insurance/healthcare-data-breach-may-have-exposed-patient-information
  21. https://www.paloaltonetworks.com
  22. https://law.justia.com/cases/federal/district-courts/FSupp/13/11/2096850/
  23. https://www.ibm.com/reports/data-breach
Breach Submission Date Sep 29, 2023
Converted Entity Name International Business Machines Corporation
Converted Entity Type Business Associate
State NY
Individuals Affected 630,755
Breach Type Unauthorized Access/Disclosure

Breach Information Location Other

Business Associate Present Yes