Johnson & Johnson reports data breach of Patient Assistance Foundation

On May 29, 2024, Johnson & Johnson (JNJ) reported a data breach revealing that confidential information from the Johnson & Johnson Patient Assistance Foundation, Inc. had been accessed by unauthorized parties. This incident affected the personal data of 175,000 Texans, with the total number of victims nationwide likely much higher.

The exposed data includes:

• Names
• Addresses
• Birth dates
• Medical information

The breach appears to be linked to a larger data security incident involving the Lash Group, which provides patient assistance programs for various pharmaceutical companies. The Lash Group, a division of Cencora, discovered their data breach on February 21, 2024. This larger breach has impacted numerous major pharmaceutical companies, including Regeneron, GlaxoSmithKline, Genentech, and AbbVie.

Data breach notification letters have been sent to affected individuals, potentially on Cencora letterhead, advising them of the risks and steps they can take to protect themselves from fraud or identity theft.