On September 6, 2023, IBM issued a press release discussing a recent data breach involving a Janssen CarePath. In this notice, IBM explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, contact information, dates of birth, health insurance information, and information about medications and associated conditions. Upon completing its investigation, IBM began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

If you received a data breach notification from IBM discussing information you provided to Janssen, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Janssen / IBM data breach. For more information, please see our recent piece on the topic here.

What Caused the Data Breach Affecting Janssen CarePath Customers?

The data breach affecting Janssen CarePath customers was only recently announced, and more information is expected in the near future. However, IBM’s September 6, 2023 press release provides some important information on what led up to the breach. According to this source, IBM provides certain services to Johnson & Johnson Health Care Systems, Inc., Janssen’s parent company. Evidently, IBM manages both the application and the third-party database that supports Janssen CarePath, which is a patient resource portal that connects patients to important information about benefits, coverage, and billing.

Recently, Janssen determined that there was a way for unauthorized actors to access the CarePath database. Janssen notified IBM, and then, with the database provider’s assistance, IBM remediated the issue. IBM then launched an investigation to determine what, if any, patient data was compromised.

On August 2, 2023, the IBM investigation into the Janssen CarePath breach confirmed that an unauthorized party was able to gain access to the CarePath database.

After learning that sensitive consumer data was accessible to an unauthorized party, IBM reviewed the compromised files to determine what information was leaked and which consumers were impacted. However, IBM could not determine the extent of the access hackers obtained, so while the breached information varies depending on the individual, it may include your name, contact information, date of birth, health insurance information, and information about medications and associated conditions. IBM indicates that the breach did not involve Social Security numbers or financial account information because this data was not stored in the affected database.

On September 6, 2023, IBM issued a press release describing the incident. It remains unknown if IBM or Janssen will send out data breach letters to affected Janssen CarePath customers.

More Information About Janssen

Founded in 1953, Janssen is a pharmaceutical company based in Beerse, Belgium. Janssen is a wholly-owned subsidiary of Johnson & Johnson Pharmaceutical Research and Development, which has since been renamed Janssen Research and Development. Janssen employs more than 45,000 people and generates approximately $13.5 billion in annual revenue.