IBM Notifies Janssen CarePath Patients About Unauthorized Database Access
IBM has recently announced that the sensitive data of patients of the Johnson & Johnson Health Care Systems subsidiary, Janssen CarePath, has been exposed. IBM is a business associate of Johnson & Johnson and manages the application and database that supports the Janssen CarePath platform. Janssen recently became aware of a method that could be used by unauthorized individuals to gain access to the database and notified IBM, which worked with the database provider and remediated the problem. IBM also conducted an investigation to determine if the database had been accessed by unauthorized individuals and confirmed unauthorized access had occurred on August 2, 2023; however, it was not possible to determine the nature of the access and if patient data had been exfiltrated.
Since patient data may have been accessed, IBM has issued notification letters to the affected Janssen CarePath customers. The data exposed included names in combination with one or more of the following data types: contact information, date of birth, health insurance information, medications, and healthcare conditions. IBM has offered the affected individuals 12 months of complimentary credit monitoring services.
The incident has yet to appear on the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals have been affected. The data breach could be substantial as 1.16 million patients used the CarePath platform in 2022.
Hospital Sisters Health System Dealing with Cyberattack
Hospital Sisters Health System (HSHS) is currently dealing with a cybersecurity incident that forced it to take some of its IT systems offline. The phone system was taken out of action, but hospital and clinic phone lines have now mostly been restored. The hshs.org website was affected and is now redirecting to the domain hshsupdates.org, where regular updates are being posted for patients.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Hospital Sisters Health System is headquartered in Springfield, IL, and operates 15 hospitals in Illinois and Wisconsin, which have been working under downtime procedures until IT systems can be safely brought back online. All hospitals and emergency departments remain open, and patients are being received and treated; however patient billing services are still suspended. At this stage of the investigation, it is too early to tell to what extent, if any, patient data has been compromised.
The University of Massachusetts Chan Medical School Confirms PHI was Stolen in MOVEit Transfer Hack
The University of Massachusetts Chan Medical School has recently confirmed that the protected health information of 134,394 individuals was compromised by the Clop hacking group, which exploited a zero-day vulnerability in the MOVEit Transfer file transfer solution.
The affected individuals had enrolled in a state program through the Worcester, MA-based medical school, such as the State Supplement Program, MassHealth Premium Assistance, MassHealth Community Case Management, or the Executive Office of Elder Affairs and Aging Services Access Points home care programs. The compromised information includes names, dates of birth, addresses, Social Security numbers, financial account numbers, and healthcare information (diagnosis, treatment information, prescription information, provider names, dates of service, claims information, and health insurance information. Complimentary credit monitoring and identity theft protection services have been offered to the affected individuals.
