Johnson and Johnson's Healthcare Service Gets Breached Exposing Many
Table of Contents
- By Steven
- Published: Sep 12, 2023
- Last Updated: Sep 13, 2023
Johnson and Johnson is a large-scale manufacturing company that provides pharmaceuticals and medical products to companies throughout the world. The organization also makes a variety of consumer products. The massive company has over 130,000 employees and generates over $94 Billion in annual revenue. The huge company suffered a recent data breach that exposed some of its employees via its healthcare services.
How Did the Attack Occur?
Janssen CarePath, a patient support platform for Johnson and Johnson, was exposed in the data breach on August 2, 2023. In that breach, a significant amount of data was taken for patients utilizing the provider. The breach occurred because one or more individuals were able to break into the company files and access confidential data. Once inside the database, the attackers gathered and stored data for use later. IBM was managing the database and has taken actions to protect the information and to inform everyone involved in the breach.
What Information Was Viewed or Stolen?
According to the reports, no Social Security numbers or financial information was available to the attacker in this breach. Instead, birth dates, first and last names, health insurance information, contact information, and other basic personal and medical details were exposed. These details alone aren't likely enough for identity theft attacks. Still, they could be used to gather more information from users who make the mistake of answering questions and providing data to attackers.
How Did Johnson and Johnson Admit to the Breach?
Johnson and Johnson didn't directly announce the data breach, but both Janssen CarePath and IBM released statements explaining the breach and the risks involved. IBM is also sending out individual notices to people involved and offering 1-year of credit monitoring services for anyone impacted.
What Will Become of the Stolen Information?
The stolen information is likely being used for phishing attacks in an attempt to gather more useful data. The data may also be sold to other attackers for their own use. The information taken isn't likely to result in immediate identity theft attacks but could facilitate hackers with getting the data they need to attack effectively.
What Should Affected Parties Do in the Aftermath of the Breach?
If your data was stolen in this breach, you should utilize the credit monitoring services offered by IBM as soon as possible. Set the services up so you can rely on them to monitor and protect your information. It's your duty to avoid giving any extra information to the attackers as well. Don't provide information through email or other means to the attacker or you risk being exposed to identity theft attacks and losing access to valuable accounts. Hackers can take even small bits of information and turn them into the data they need for attacks through careful phishing attacks and coordinated efforts. Don't let the hackers get more of your information. You should also check your credit and monitor your financial accounts just to be safe.
