Novo Nordisk reveals cyberattack: Ozempic and Wegovy maker says clinical trials data breached

News
By published

Fortunately the stolen data is pseudonymous

An exclamation mark inside a red warning triangle, surrounded by email symbols, superimposed on someone typing on a laptop
(Image credit: Getty Images)
  • Novo Nordisk cyberattack exposed pseudonymized clinical trial patient data (IDs, biomarkers, lifestyle factors)
  • Company insists no direct PII was leaked, reducing immediate risk of phishing or identity misuse
  • Systems shut down for containment; third‑party experts investigating, core operations remain unaffected

Novo Nordisk, one of the biggest pharmaceutical companies in the world, has confirmed it recently suffered a cyberattack in which it lost sensitive data belonging to clinical trials patients.

The company claims the data is pseudonymized and as such cannot be used in phishing scams or other follow-up attacks.

It then said the incident affected a “limited amount” of information related to patients that participated in some of its clinical trials. Since personally identifiable information, such as names or addresses, was not exposed, Novo Nordisk said it doesn’t think the participants could be identified in any way.

Latest Videos From

Shutting the network down

In a public announcement published on its website on June 11, Novo Nordisk said that it recently observed unauthorized access to a “limited number” of internal IT systems: “The incident included unauthorized access to certain personal data stored on the internal IT systems,” it said.

Instead, the crooks stole patient IDs (random alphanumeric strings) and information on trial participation, sex, year of birth, biomarkers, health and immunogenicity data, and lifestyle factors (smoking, alcohol use, etc.).

“Based on the nature of the exposed data as pseudonymized, knowledge of patient identity would require access to further information, which was not part of the incident. We therefore do not consider the incident to bear any immediate risks for our patients,” the company confirmed. It still urged its patients to remain vigilant and report any unusual things they may encounter in the coming weeks.

Novo Nordisk did not say who the threat actors were, or how many records were exposed in total, but it did stress that it brought in third-party cybersecurity experts to assess the damage. It also shut down certain IT systems to prevent further incursions, and was now working on bringing them back online, securely.

The company’s core business operations were not impacted by this incident, it was confirmed, and all are currently up and running.

Via BleepingComputer

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Google logo on a black background next to text reading 'Click to follow TechRadar'

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.