A recent third-party data breach has led to unauthorized access to an unknown number of Janssen CarePath customers’ private data, shedding light once more on the increasing threat that cyberattacks pose for corporations worldwide, especially those handling sensitive consumer information.
According to a press release issued by IBM on September 6, 2023, the data breach involved a Janssen CarePath, a patient support program by Janssen Pharmaceuticals, a subsidiary of Johnson & Johnson. The notice explains that the breach resulted in an unidentified party gaining access to consumers’ sensitive information.
The compromised data includes names, contact information, dates of birth, health insurance details, and specific information about the medications and associated conditions of the Janssen CarePath customers.
This incident underscores the continual risk that third-party handlers of data present to corporations. For legal professionals working in large corporations and law firms, implementing robust cybersecurity measures and managing third-party risk are more critical than ever.
While corporations have suffered losses due to direct hacking attempts, this latest data breach emphasizes the fact that a security lapse at a third-party provider can be just as damaging. The need has never been greater for businesses to ensure their third-party providers are up to date on best practices for data protection.
For those affected, it’s important that corporations have protocols in place to manage the fallout of a data breach and mitigate potential damages. This can include appropriate crisis communication strategies, consumer assistance programs, corrective measures, and understanding the legal implications of a data breach.
Continual vigilance, security updates, provider audits, and worker training should form the pillars of a proactive defense strategy against such cyber threats. As the situation continues to evolve, legal professionals must remain at the forefront of developing strategies to manage third-party risks and protect consumers’ right to data privacy.