CIO Influence
CIO Influence News Security

IBM Addresses Data Incident for Janssen CarePath Database

IBM Addresses Data Incident for Janssen CarePath Database

IBM is notifying Janssen CarePath customers and users of an incident involving unauthorized access to personal information contained within a database used on the Janssen CarePath platform, a patient support platform that offers savings options and other patient support resources.

Recommended CIO Influence News: Liquidware Launches Liquidware Ready Program

IBM is a service provider to Johnson & Johnson Health Care Systems, Inc. (“Janssen”). IBM manages the application and the third-party database that supports Janssen CarePath. Janssen recently became aware of a technical method by which unauthorized access to the database could be obtained. Janssen then immediately notified IBM, and, working with the database provider, IBM promptly remediated the issue. IBM also undertook an investigation to assess whether there had been unauthorized access to the database. While IBM’s investigation identified that there was unauthorized access to personal information in the database, the investigation was unable to determine the extent of that access. As a result, IBM has begun notifying Janssen CarePath customers and users whose information was contained in the Janssen CarePath database out of an abundance of caution.

The information involved in this incident may have included individuals’ names and one or more of the following: contact information, date of birth, health insurance information, and information about medications and associated conditions that were provided to the Janssen CarePath application. Social Security numbers and financial account information were not contained in the database or affected.

Recommended CIO Influence News: Liquidware Launches Liquidware Ready Program

After being informed of the issue by Janssen, IBM and the database provider promptly identified and implemented steps that disabled the technical method at issue. IBM also worked with the database provider to augment security controls to reduce the chance of a similar event occurring in the future.

While there is no indication that any of the involved information has been misused, complimentary one-year credit monitoring service is being offered to individuals whose information may have been involved. Individuals can arrange for credit monitoring by following the instructions on the notification letters that they receive or by calling the dedicated call center.

Janssen CarePath users are encouraged to remain vigilant by regularly reviewing their account statements and explanations of benefits from their health insurer or care providers with respect to any unauthorized activity, and to promptly report any suspicious activity.

Top Insights for CIOs: How to Choose a Third-Party Vendor?

[To share your insights with us, please write to sghosh@martechseries.com]

Related posts

L&T Technology Services (LTTS) Secures Landmark ∼$100 Million Program in Cybersecurity

Business Wire

42Crunch Expands Collaboration with Microsoft by Joining Microsoft Intelligent Security Association

CIO Influence News Desk

Query.AI Launches Partner Program to Meet Market Demand for Enterprise Solution that Drives Efficiencies in Cybersecurity Investigations

CIO Influence News Desk