Johnson & Johnson discloses IBM data breach impacting patients
-
Johnson & Johnson disclosed that sensitive patient information in its CarePath database, managed by IBM, was compromised in a data breach. Exposed data included full names, contact info, birthdates, insurance details, medication info, and medical conditions.
-
The breach impacted CarePath users enrolled before July 2, 2023, indicating it may have occurred around that date. Social security numbers and financial data were not exposed.
-
IBM fixed the vulnerability used to access the data and investigated the incident. IBM and J&J are offering affected patients credit monitoring services.
-
This incident is separate from the Clop ransomware attack on IBM earlier this year. The number of impacted patients is unclear, but IBM is notifying all CarePath users.
-
The compromised medical data could facilitate phishing, fraud and identity theft. IBM sees no signs yet of data misuse but urges vigilance in monitoring accounts.