Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Johnson&Johnson. IBM Data Breach. sensitive information. Show all posts

Johnson & Johnson Reveals: IBM Data Breach Compromised Customer Data


Johnson & Johnson Health Care Systems (Janssen) recently informed their CarePath customers of a third-party data breach involving IBM, that has resulted in the compromise of their sensitive information.

IBM is a technology service provider for Janssen. In particular, it oversees the administration of the CarePath application and database.

CarePath is a software program created to assist patients in obtaining Janssen medications, provide discounts and cost-saving tips on prescriptions, explain insurance eligibility, and provide drug refiling and administration reminders.

The pharmaceutical company learned about an undocumented technique that could provide unauthorized individuals access to the CarePath database, according to the notification on Janssen's website.

Later, the company informed the issue to IBM that swiftly took action in patching the security gap and conducted an internal investigation to see whether the bug had been exploited by anyone.

The investigation wrapped up in August 2nd, 2023, and revealed that unauthorized persons had access to the following CarePath user details, that are as follows: 

  • Full name 
  • Contact information 
  • Date of birth 
  • Health insurance information 
  • Medication information 
  • Medical condition information 

Users of CarePath who signed up for Janssen's online services before July 2nd, 2023, are affected by the exposure, which may be a sign that the breach happened on that date or that the compromised database was a backup.

Since social security numbers and financial account data was not involved in the database that was breached, critical details have not been revealed.

The company further revealed that the breach did not affect Janssen's Pulmonary Hypertension patients.

Given the significance of medical data, there is a strong likelihood that the leaked data will be sold for a premium on darknet markets. The compromised data could support very effective phishing, scamming, and social engineering attacks.

Also, IBM published an announcement in regards to the incident claiming that there are no signs that indicate that the stolen data has been exploited. However, it advises Janssen CarePath users to keep a sharp eye out for any unusual activity on their account statements./ The tech giant is now providing affected people with a free one-year credit monitoring to help shield them against fraud.

Both announcements include toll-free phone numbers that customers and providers can use to ask inquiries about the incident or get assistance signing up for credit monitoring services.

IBM is one of the hundreds of companies that were compromised by Clop ransomware earlier this year, when the notorious threat actors employed a zero-day vulnerability on the MOVEit Transfer software used by various organizations globally.

However, an IBM spokesperson on being asked if the recent attacks are related to the MOVEit attack confirmed that the two are in fact separate incidents caused by different threat actors.