- Novo Nordisk cyberattack exposed pseudonymized clinical trial patient data (IDs, biomarkers, lifestyle factors)
- Company insists no direct PII was leaked, reducing immediate risk of phishing or identity misuse
- Systems shut down for containment; third‑party experts investigating, core operations remain unaffected
Novo Nordisk, one of the biggest pharmaceutical companies in the world, has confirmed it recently suffered a cyberattack in which it lost sensitive data belonging to clinical trials patients.
The company claims the data is pseudonymized and as such cannot be used in phishing scams or other follow-up attacks.
It then said the incident affected a “limited amount” of information related to patients that participated in some of its clinical trials. Since personally identifiable information, such as names or addresses, was not exposed, Novo Nordisk said it doesn’t think the participants could be identified in any way.
Shutting the network down
In a public announcement published on its website on June 11, Novo Nordisk said that it recently observed unauthorized access to a “limited number” of internal IT systems: “The incident included unauthorized access to certain personal data stored on the internal IT systems,” it said.
Instead, the crooks stole patient IDs (random alphanumeric strings) and information on trial participation, sex, year of birth, biomarkers, health and immunogenicity data, and lifestyle factors (smoking, alcohol use, etc.).
“Based on the nature of the exposed data as pseudonymized, knowledge of patient identity would require access to further information, which was not part of the incident. We therefore do not consider the incident to bear any immediate risks for our patients,” the company confirmed. It still urged its patients to remain vigilant and report any unusual things they may encounter in the coming weeks.
Novo Nordisk did not say who the threat actors were, or how many records were exposed in total, but it did stress that it brought in third-party cybersecurity experts to assess the damage. It also shut down certain IT systems to prevent further incursions, and was now working on bringing them back online, securely.
The company’s core business operations were not impacted by this incident, it was confirmed, and all are currently up and running.
Via BleepingComputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
https://cdn.mos.cms.futurecdn.net/wV66hEbpJdAc4iPB7RwtkK-2560-80.jpg
Source link
