Little Falls Orthopedics Unauthorized Access to Patient Protected Health Information

Home » Little Falls Orthopedics Unauthorized Access to Patient Protected Health Information

Little Falls Orthopedics is working with its business associate IBM to notify impacted patients about an incident involving unauthorized access to their protected health information contained within one of IBM’s databases used on the Janssen CarePath platform.  The Janssen CarePath platform is a patient support platform that offers cost savings options and other patient support resources to some Little Falls Orthopedics patients.

IBM manages the application and the third-party database that supports Janssen CarePath. Janssen recently became aware of a technical method by which unauthorized access to the database could be obtained. Janssen then immediately notified IBM, and, working with the database provider, IBM promptly remediated the issue. IBM also undertook an investigation to assess whether there had been unauthorized access to the database. While IBM’s investigation identified, on August 2, 2023, that there was unauthorized access to personal information in the database, the investigation was unable to determine the extent of that access. As a result, IBM began notifying Janssen CarePath customers and users whose information was contained in the Janssen CarePath database out of an abundance of caution. On September 5, 2023, Little Falls Orthopedics was notified that some of its patients were affected.

The information involved in this incident may have included individuals’ names and one or more of the following: contact information, date of birth, health insurance information, and information about medications and associated health conditions that were provided to the Janssen CarePath application. Social Security numbers and financial account information were not contained in the database or affected.

After being informed of the issue by Janssen, IBM and the database provider promptly identified and implemented steps that disabled the technical method at issue. IBM also worked with the database provider to augment security controls to reduce the chance of a similar event occurring in the future.

While there is no indication that any of the involved information has been misused, complimentary one-year credit monitoring service is being offered to individuals whose information may have been involved. Individuals can arrange for credit monitoring by following the instructions on the notification letters that they receive or by calling the dedicated call center.

Janssen CarePath users are encouraged to remain vigilant by regularly reviewing their account statements and explanations of benefits from their health insurer or care providers with respect to any unauthorized activity, and to promptly report any suspicious activity.

A toll-free center for questions about this incident has been established. Questions and requests to enroll in the credit monitoring service should be directed to the dedicated call center, Monday to Friday, 9am to 9pm EST (excluding major U.S. holidays):

For healthcare providers: 877-792-3593
For individual users: 888-604-6584

This information will also be made available at the Janssen CarePath webpage at www.janssencarepath.com.

IBM takes information security seriously and is committed to protecting against evolving cyber threats.

Share This