A data breach of a third-party database may have exposed the personal patient information stored with Johnson & Johnson’s (J&J) Janssen CarePath unit, a patient support platform.
The data breach, which occurred on Aug. 2, was announced on Sept. 6 by Janssen and IBM, a Janssen service provider and manager of the database. Janssen said the incident applies to patients who were enrolled in its services prior to July 2 and does not apply to its pulmonary hypertension patients.
Personal information that may have been exposed includes individuals’ names and one or more of the following: contact information, date of birth, health insurance information, and information about medications and associated conditions that were provided to the Janssen CarePath application, the companies said. Social Security numbers and financial account information were not contained in the database or affected, they said.
The incident comes amid a slew of recent cyber attacks targeting the healthcare industry, including a file sharing service data breach announced in July that exposed personal information of Medicare recipients and millions of other healthcare consumers.
IBM is offering free one-year credit monitoring to those who may be affected by the incident. These individuals will be sent notification letters and instructions on how to sign up for credit monitoring, it added.
The tech giant has also established a toll-free call center for questions about the incident. The number for individual users is (888) 604-6584, and for healthcare providers is (877) 792-3593.
Few details given about the breach
Neither company provided specifics on the breach but said that Janssen notified IBM when it became aware of a technical method that could lead to unauthorized access to the database, and that IBM worked with the database provider to remediate the issue.
IBM said it was able to pinpoint the date of the unauthorized access but not the extent of the access. The company said it is notifying all customers and users whose information was contained in CarePath’s database “out of an abundance of caution.” It added that there is no indication that any of the information involved in the breach has been misused
The number of potentially affected patients was not provided.
On its website, Janssen says it helped more than 1.16 million U.S. patients last year through the CarePath program. According to the website, “once a healthcare professional has decided a Janssen medication is right for their patient, Janssen CarePath can help that patient find the tools they may need to get started on a medication and stay on track, including sharing options to help manage out-of-pocket costs.”
Steps you can take
Janssen and IBM encouraged CarePath “to remain vigilant by regularly reviewing their account statements and explanations of benefits from their health insurer or care providers with respect to any unauthorized activity, and to promptly report any suspicious activity.”
While no security system is foolproof, you can take steps to better protect your personal information online. After the Medicare breach was announced, the Centers for Medicare & Medicaid Services advised people to take action. This included enrolling in a credit monitoring service, and obtaining a free credit report by calling 1-877-322-8228 or requesting it online at www.annualcreditreport.com.
Joey Solitro is a freelance financial journalist at Kiplinger with more than a decade of experience. A longtime equity analyst, Joey has covered a range of industries for media outlets including The Motley Fool, Seeking Alpha, Market Realist, and TipRanks. Joey holds a bachelor's degree in business administration.
How To Get the Best Savings Account Bonuses
By opening the right savings account today, you could be maximizing your earnings through both compound interest and cash bonuses.
By Erin Bendig Published
Find The Best 30-Year Mortgage Rates
30-year mortgage rates — check out the best here.
By Erin Bendig Published