A proposed class action lawsuit has been filed by Jarvis Bryant Jenkins against IBM Corp. and Johnson & Johnson Health Care Systems Inc. in the US District Court for the Southern District of New York. Jenkins alleges negligence on behalf of the companies regarding the safeguarding of sensitive health records, exposing his data and that of over a million J&J customers due to a data breach at IBM.
The breach affected J&J’s Janssen CarePath system, managed by IBM as a service provider, compromising patient support data related to prescription medications and personal health information. Jenkins’ medication data, alongside the personal health and identifiable information of at least a million J&J customers, was reportedly exposed.
Criticism in the complaint is directed at the delayed notification of victims, highlighting the lasting vulnerability of the compromised data to potential identity fraud and cybercrime. Jenkins claims that the breach has left both him and the class members perpetually susceptible.
The lawsuit also points out IBM’s purported awareness of health-care data theft risks, referencing its incident response team’s activities and FBI warnings concerning cyberattacks on the health-care industry. Notably, IBM faces another class action related to a separate breach involving Progress Software’s MOVEit file-transfer application.
As of now, IBM has not provided an immediate response to requests for comment regarding the allegations.
