- Novo Nordisk cyberattack exposed pseudonymized clinical trial patient data (IDs, biomarkers, lifestyle factors)
- The company insists that no direct PII was leaked, reducing the immediate risk of phishing or identity misuse.
- Systems closed by containment; External experts investigate, core operations are not affected.
Novo Nordisk, one of the world’s largest pharmaceutical companies, confirmed that it recently suffered a cyberattack in which it lost confidential data belonging to clinical trial patients.
The company claims that the data is pseudonymized and, as such, cannot be used in phishing scams or other tracking attacks.
It later said the incident affected a “limited amount” of information related to patients participating in some of its clinical trials. Since personally identifiable information, such as names or addresses, was not exposed, Novo Nordisk said it does not believe the participants can be identified in any way.
Turn off the network
In a public announcement posted on its website on June 11, Novo Nordisk said it recently observed unauthorized access to a “limited number” of internal IT systems: “The incident included unauthorized access to certain personal data stored on internal IT systems,” it said.
Instead, the criminals stole patient IDs (random alphanumeric strings) and information on trial participation, sex, year of birth, biomarkers, health and immunogenicity data, and lifestyle factors (smoking, alcohol consumption, etc.).
“Based on the nature of the data exposed as pseudonymized, knowledge of the patient’s identity would require access to further information, which was not part of the incident. Therefore, we do not consider the incident to pose any immediate risk to our patients,” the company confirmed. He still urged his patients to remain vigilant and report anything unusual they may encounter in the coming weeks.
Novo Nordisk did not say who the threat actors were or how many records were exposed in total, but it did emphasize that it hired outside cybersecurity experts to assess the damage. It also shut down certain IT systems to prevent further incursions and was now working to safely bring them back online.
It was confirmed that the company’s core business operations were not affected by this incident and are all currently operational.
Through beepcomputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
