Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

2 min read

IBM, Johnson & Johnson face class action lawsuit over data breach

Picture of Abby Grifno Abby Grifno September 27, 2023

HIPAA breaches & fines
IBM, Johnson & Johnson face class action lawsuit over data breach

IBM and Johnson & Johnson are being sued over a data breach that occurred in August. 

 

What happened

IBM manages the Janssen CarePath patient assistance program from Johnson & Johnson. The program, which has helped over 1.16 million Americans access medications in 2022, had a data breach in August. 

The tech giant reached out to all of the Janssen CarePath customers “out of an abundance of caution.” IBM addressed the incident on September 6th. Their investigation revealed unauthorized access to Janssen’s database occurred on August 2nd.

Data breached by an unauthorized party included names, contact information, health information, and more. Bank account and Social Security numbers were not included in the breach. 

Related: HIPAA Compliant Email: The Definitive Guide

 

What’s new

According to a recent news release, IBM is facing a lawsuit from a Florida resident who claims that the company failed to protect her personal identity and health information. The complaint was filed with the federal court in the Southern District of New York. 

The plaintiff’s lawsuit is seeking a class-action designation, jury trial, an award for damages, and for IBM and J&J to improve their security. 

The plaintiff said the data breach has “made [her] uncomfortable because her personal information and all of her health information is out there.” Outside of having her data breached, the plaintiff also felt that the letters, sent out on September 15th, were released too long after the breach was detected on August 2nd. 

Janssen CarePath has a large customer base, leading the plaintiff to believe there may be thousands of affected patients.

It’s not the only lawsuit IBM is facing right now. Currently, IBM’s Weather Company is facing a complaint filed at a New York City district court in June. The plaintiff, a Maryland resident, claimed that while visiting weather.com, her personal information, including her name and email address, was shared with third parties. 

 

Why it matters

As IBM responds to the lawsuits, it may set a precedent for the obligations of companies like IBM following a data breach. The issue coincides with new recommendations released by the Department of Homeland Security, hoping to make reporting data breaches more straightforward. 

IBM’s case shows how companies may be held responsible for failing to keep up with the latest cybersecurity threats and trends. As the case unfolds, IBM may be forced to change its data security protocol and reporting procedures.

Read more: DHS publishes recommendations on reporting cyber incidents

 

The big picture

IBM is far from the only organization to face lawsuits after a data breach. Recently, Salud Family Health moved to settle a class action case brought about by similar issues.

As these lawsuits continue, Paubox will closely monitor the ramifications they may have on cybersecurity norms, regulations, and best practices.  

Read more: Judge grants preliminary approval on settlement in Salud Family Health case

Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.