Stefanie Schappert reports:
IBM announced Wednesday that an unauthorized party breached the patient healthcare database it manages for the Johnson & Johnson-owned Janssen CarePath platform. Many of the patients are or have been treated for serious diseases, such as cancer.
[…]
IBM says the breach exposed the sensitive information of an undisclosed number of patients, including contact information, date of birth, health insurance information, and information about medications and associated conditions that were provided to the Janssen CarePath application.
In this case, IBM does not seem to be attributing the breach to any vendor or the MOVEit incident. Janssen reportedly discovered a “technical method” allowing unauthorized access to the database that they reported to IBM.
Read more at Cybernews. This incident has not appeared on HHS’s public breach tool, so we do not know the number affected.