Johnson & Johnson, IBM targeted in class action over health care data breach
J&J used a platform known as Janssen CarePath, which provided patient support for managing health care medications and offered savings options
A class action complaint filed in federal court this week alleges that Johnson & Johnson and IBM were negligent for failing to secure patients’ personal health care information from a recent data breach.
Plaintiff Andrew Rose filed the complaint in the U.S. District Court for the Central District of California Sunday alleging that J&J and IBM inadequately maintained its health care database and improperly trained employees to protect patients’ data.
J&J used a platform known as Janssen CarePath, which provided patient support for managing health care medications and offered savings options. IBM is the service provider for the platform and manages it and its third-party database.
J&J notified patients of the data breach on Sept. 29, despite the breach occurring more than a month before on Aug. 2. Rose also claimed the information, which included the name, contact and health insurance information, medications and medical conditions, was unencrypted and uploaded to the dark web.
The complaint argues that both J&J and IBM failed to comply with the Health Insurance Portability and Accountability Act of 1996 by not ensuring the confidentiality and integrity of their electronic health information. Rose and the class claim the companies committed eight violations: breaching the California Confidentiality of Medical Information Act, negligence, invasion of privacy, breach of implied contract, breach of fiduciary duty, breach of confidence, violating the California unfair competition law and the California Customer Records Act.
The plaintiffs are asking for a jury trial and that the court certify the class action. They are also seeking injunctive relief to prevent the defendants from continuing to engage in unlawful behavior and to require encryption for all data collected. They also want an award for damages, as well as equitable relief requiring restitution and disgorgement of revenues retained as a result of the defendants’ wrongful conduct.
Attorneys Matthew Michael Loker, of Loker Law in Arroyo Grande, Ben Travis, of Ben Travis Law in San Diego, and Joshua Swigart, of Swigart Law Group in San Diego, are representing Rose and the class members. Counsel did not return a request for comment.
Counsel for defendants has not yet made an appearance. A request for comment from J&J and IBM went unanswered.
Related:
The MOVEit data breach: A wake-up call for all retirement plan sponsors
HCA Healthcare reports data breach that could impact 11 million patients