Insurance firm Johnson & Johnson recently reported a data breach impacting thousands.
Johnson & Johnson, an independent insurance broker that works with other insurance organizations and professionals, recently faced a data breach. The organization is not affiliated with the pharmaceutical giant with the same name.
The insurance brokerage reported the data breach to the Attorney General of Maine on or around October 18th, 2024. According to the notice, the breach occurred between August 16th and August 17th and impacted 3,225 individuals. The breach was reportedly caused by external hacking.
The company did not disclose specific details regarding what information was impacted. Since the breach impacted over 500 individuals, they will be required to also report the incident to the Department of Health and Human Services (HHS), but will have 60 days to do so.
In their notice, Johnson & Johnson said they “detected a compromise to its network environment that could have compromised your personal information.” The company said they currently have no indication that the data has or will be misused.
“The protection, privacy, and proper use of your information is paramount, and we are working to prevent this type of incident from occurring again,” the statement read.
After identifying the compromise, the company quickly “secured and remediated the compromise, engaged additional third-party experts, hardened and enhanced our data security, and commenced an investigation.”
The notice also read, “Unfortunately, these types of incidents have become commonplace and impact organizations of all sizes.”
It’s unique of Johnson & Johnson to mention that these breaches have become the norm. The company may be trying to preemptively respond to potential class action lawsuits, which have become increasingly common following data breaches.
In most cases, plaintiffs argue that data breaches could have been prevented. These lawsuits can be costly and time-consuming for healthcare organizations to fight against, and they frequently result in a settlement.
Outside of potential litigation, Johnson & Johnson will likely take more steps to secure their network environment. With increasing breaches, many current cybersecurity strategies are insufficient to defend against the new tactics from cybercriminals.
Related: HIPAA Compliant Email: The Definitive Guide