IBM said on Wednesday it is notifying customers of Janssen CarePath, a Johnson & Johnson unit, of a "data incident" involving unauthorized access of personal information.
The personal information was part of a database used on the Janssen CarePath platform, according to IBM.
IBM, which manages the database, said it was unable to determine the extent of the unauthorized access.
Social Security numbers and financial account information were not contained in the database or affected, IBM said, without providing details about the number of affected customers and users.
Janssen CarePath offers resources to patients who have been prescribed J&J's medication by helping them understand insurance coverage and out-of-pocket costs.
The "data incident" may have included individuals' names and information such as contact details and information related to health insurance and medications that were provided to the Janssen CarePath application, IBM said.
(Reporting by Jaspreet Singh in Bengaluru)