IBM, a service provider to Johnson & Johnson Health Care Systems, Inc. (“Janssen”), has notified Janssen CarePath customers and users about an incident involving unauthorized access to personal information within a database used on the Janssen CarePath platform. Janssen CarePath is a patient support platform that offers savings options and other patient support resources.
After discovering a technical method that allowed unauthorized access to the database, Janssen immediately informed IBM, which manages the application and the third-party database supporting Janssen CarePath. IBM worked promptly with the database provider to address the issue. Additionally, IBM conducted an investigation to determine the extent of the unauthorized access. While the investigation revealed unauthorized access to personal information on August 2, 2023, it was unable to ascertain the full extent of this access. Consequently, IBM is taking a proactive approach and notifying individuals whose information was contained in the Janssen CarePath database as a precautionary measure.
The information involved in this incident may have included individuals’ names, contact information, date of birth, health insurance information, and information about medications and associated conditions provided to the Janssen CarePath application. However, Social Security numbers and financial account information were not compromised.
Upon being informed of the issue by Janssen, IBM and the database provider promptly took steps to disable the technical method used for unauthorized access. They also collaborated to enhance security controls and minimize the possibility of similar events occurring in the future.
While there is no evidence of misuse of the accessed information, IBM is offering affected individuals complimentary one-year credit monitoring services. Instructions on how to arrange for credit monitoring are provided in the notification letters received by individuals or by calling the dedicated call center.
Janssen CarePath users are advised to remain vigilant by regularly reviewing their account statements and explanations of benefits from their health insurer or care providers for any signs of unauthorized activity. Any suspicious activity should be promptly reported.
To assist individuals affected by this incident, a toll-free call center has been established. For healthcare providers, questions and requests to enroll in the credit monitoring service can be directed to 877-792-3593. Individual users can contact 888-604-6584 for the same purpose. The Janssen CarePath webpage at www.janssencarepath.com will also provide this information.
IBM emphasizes its commitment to information security and its dedication to protecting against evolving cyber threats.