A data breach of a third-party database may have exposed the personal patient information stored with Johnson & Johnson’s (J&J) Janssen CarePath unit, a patient support platform.
The data breach, which occurred on Aug. 2, was announced on Sept. 6 by Janssen and IBM, a Janssen service provider and manager of the database. Janssen said the incident applies to patients who were enrolled in its services prior to July 2 and does not apply to its pulmonary hypertension patients.
Personal information that may have been exposed includes individuals’ names and one or more of the following: contact information, date of birth, health insurance information, and information about medications and associated conditions that were provided to the Janssen CarePath application, the companies said. Social Security numbers and financial account information were not contained in the database or affected, they said.
Sign up for Kiplinger’s Free E-Newsletters
Profit and prosper with the best of expert advice on investing, taxes, retirement, personal finance and more - straight to your e-mail.
Profit and prosper with the best of expert advice - straight to your e-mail.
The incident comes amid a slew of recent cyber attacks targeting the healthcare industry, including a file sharing service data breach announced in July that exposed personal information of Medicare recipients and millions of other healthcare consumers.
IBM is offering free one-year credit monitoring to those who may be affected by the incident. These individuals will be sent notification letters and instructions on how to sign up for credit monitoring, it added.
The tech giant has also established a toll-free call center for questions about the incident. The number for individual users is (888) 604-6584, and for healthcare providers is (877) 792-3593.
Few details given about the breach
Neither company provided specifics on the breach but said that Janssen notified IBM when it became aware of a technical method that could lead to unauthorized access to the database, and that IBM worked with the database provider to remediate the issue.
IBM said it was able to pinpoint the date of the unauthorized access but not the extent of the access. The company said it is notifying all customers and users whose information was contained in CarePath’s database “out of an abundance of caution.” It added that there is no indication that any of the information involved in the breach has been misused
The number of potentially affected patients was not provided.
On its website, Janssen says it helped more than 1.16 million U.S. patients last year through the CarePath program. According to the website, “once a healthcare professional has decided a Janssen medication is right for their patient, Janssen CarePath can help that patient find the tools they may need to get started on a medication and stay on track, including sharing options to help manage out-of-pocket costs.”
Steps you can take
Janssen and IBM encouraged CarePath “to remain vigilant by regularly reviewing their account statements and explanations of benefits from their health insurer or care providers with respect to any unauthorized activity, and to promptly report any suspicious activity.”
While no security system is foolproof, you can take steps to better protect your personal information online. After the Medicare breach was announced, the Centers for Medicare & Medicaid Services advised people to take action. This included enrolling in a credit monitoring service, and obtaining a free credit report by calling 1-877-322-8228 or requesting it online at www.annualcreditreport.com.
RELATED CONTENT
-
Visa Is the Worst Dow Stock Wednesday. Here's WhyVisa stock is down sharply Wednesday after the credit card company came up short of revenue expectations for its fiscal Q3.
-
Another Analyst Moves to the Sidelines on Tesla Stock After EarningsTesla stock is spiraling Wednesday after the EV maker's big earnings miss and Wall Street has been quick to weigh in. Here's what you need to know.
