A data breach at IBM has exposed the personal information of some patients who use the Janssen CarePath program. This free service helps them access medications from Johnson & Johnson’s pharmaceutical division.

The breach occurred on August 2, 2023, when a technical flaw in the Janssen CarePath website allowed unauthorized access to some patient accounts, according to a letter sent by IBM to affected customers. 

IBM, which manages the Janssen CarePath program on behalf of J&J, said it could not determine the exact number and type of accounts affected but that some sensitive data may have been compromised. The data included names, contact information, health insurance information, and medication and condition information. Social security numbers and bank accounts were not included in the database, IBM said.

IBM said it has taken steps to secure the website and prevent further unauthorized access. It also said that it is contacting all Janssen CarePath customers and offering them a one-year credit monitoring service as a precaution. IBM advised customers to review their account statements and credit reports for suspicious activity.

J&J and IBM have not commented further on the incident or its potential impact. Janssen CarePath is a program that helps more than 1.16 million U.S. patients access medications by providing information, insurance navigation, and cost management options.