Janssen CarePath

2023: Hacking by Hackers

On September 6, 2023, IBM announced that unknown attackers had gained unauthorized access to the Janssen CarePath database, a specialized patient support platform.

IBM is a service provider for Johnson & Johnson Health Care Systems (Janssen), the official notice said. In particular, IBM manages the application and third-party database that are used as part of Janssen CarePath. It turned out that there is a technical method by which hackers can hack into the named IT system.

Unknown attackers gained unauthorized access to the Janssen CarePath database

During the investigation, it was not possible to establish how much personal information cybercriminals could have stolen. But it is said that the attackers had at their disposal the names of patients, contact information, dates of birth, data on medical insurance, as well as information about diseases and prescribed drugs. It is emphasized that social security numbers and information about bank accounts were not contained in the database, and therefore was not stolen. However, stolen data can be used to organize targeted attacks and various fraudulent schemes, for example, personalized phishing emails.

After receiving information about the hack from the company Janssen, IBM and the database provider promptly took measures to fix the problem. In addition, additional security tools have been implemented and a free support center has been opened to resolve issues related to the incident. Users of the Janssen CarePath platform are advised to remain vigilant and regularly review statements from their health care provider. Any suspicious activity, as noted in the notification, should be reported to IBM specialists.^[1]

Notes