IBM data breach hits Johnson & Johnson unit

BleepingComputer reports that Johnson & Johnson Health Care Systems, or Janssen, had data from users of its CarePath patient support platform compromised in a data breach impacting IBM, the pharmaceutical firm's technology service provider. Individuals who enrolled in Janssen CarePath before July 2 had their full names, birthdates, contact details, health insurance information, medical condition data, and medication details accessed by unauthorized actors who exploited an IBM vulnerability, which has since been resolved. No Social Security numbers and financial account information have been exposed in the breach, according to Janssen, which also emphasized that the incident did not impact its Pulmonary Hypertension patients. Despite no evidence suggesting the misuse of compromised data, Janssen CarePath users should track suspicious activity in their account statements, said IBM, which has already promised one-year free credit monitoring services to people affected by the breach. Such an incident comes after IBM had been compromised in the widespread Cl0p ransomware attack involving the MOVEit Transfer zero-day flaw.