- Novo Nordisk cyberattack revealed pseudonymized clinical trial patient data (IDs, biomarkers, lifestyle factors)
- The company insists that no direct personal information has been disclosed, reducing the immediate risk of phishing or identity theft.
- Systems shut down for containment; third-party experts investigate, core operations are not affected
Novo Nordisk, one of the world’s largest pharmaceutical companies, has confirmed that it recently suffered a cyberattack in which it lost sensitive data belonging to clinical trial patients.
The company claims that the data is pseudonymized and therefore cannot be used in phishing scams or other subsequent attacks.
It later said the incident had affected a “limited amount” of information relating to patients who participated in some of its clinical trials. Because personally identifiable information, such as names or addresses, was not disclosed, Novo Nordisk said it did not believe participants could be identified in any way.
Shut down the network
In a public announcement posted on its website on June 11, Novo Nordisk said it had recently observed unauthorized access to a “limited number” of internal IT systems: “The incident included unauthorized access to certain personal data stored on internal IT systems,” it said.
Instead, the scammers stole patient identifiers (random alphanumeric strings) and information about trial participation, gender, year of birth, biomarkers, health and immunogenicity data, and lifestyle factors (smoking, alcohol consumption, etc.).
“Due to the nature of the exposed, pseudonymized data, knowing the patient’s identity would require access to additional information, which was not part of the incident. We therefore do not consider the incident to pose an immediate risk to our patients,” the company confirmed. She nevertheless calls on her patients to remain vigilant and to report any unusual situation they may encounter in the coming weeks.
Novo Nordisk did not say who the perpetrators of the threat were, or how many records were exposed in total, but stressed that it had brought in third-party cybersecurity experts to assess the damage. The company also shut down some IT systems to prevent further incursions and is now working to bring them back online securely.
The company’s core operations have not been affected by this incident, it has been confirmed, and all are currently operational.
Via BeepComputer
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
