Johnson & Johnson discloses IBM data breach impacting patients

Johnson & Johnson disclosed that sensitive patient information in its CarePath database, managed by IBM, was compromised in a data breach. Exposed data included full names, contact info, birthdates, insurance details, medication info, and medical conditions.
The breach impacted CarePath users enrolled before July 2, 2023, indicating it may have occurred around that date. Social security numbers and financial data were not exposed.
IBM fixed the vulnerability used to access the data and investigated the incident. IBM and J&J are offering affected patients credit monitoring services.
This incident is separate from the Clop ransomware attack on IBM earlier this year. The number of impacted patients is unclear, but IBM is notifying all CarePath users.
The compromised medical data could facilitate phishing, fraud and identity theft. IBM sees no signs yet of data misuse but urges vigilance in monitoring accounts.

Johnson & Johnson disclosed that sensitive patient information in its CarePath database, managed by IBM, was compromised in a data breach. Exposed data included full names, contact info, birthdates, insurance details, medication info, and medical conditions.
The breach impacted CarePath users enrolled before July 2, 2023, indicating it may have occurred around that date. Social security numbers and financial data were not exposed.
IBM fixed the vulnerability used to access the data and investigated the incident. IBM and J&J are offering affected patients credit monitoring services.
This incident is separate from the Clop ransomware attack on IBM earlier this year. The number of impacted patients is unclear, but IBM is notifying all CarePath users.
The compromised medical data could facilitate phishing, fraud and identity theft. IBM sees no signs yet of data misuse but urges vigilance in monitoring accounts.