Danish pharmaceutical large Novo Nordisk, the world’s largest insulin producer, has disclosed an information breach affecting affected person info from some medical trials.
Based in 1923, Novo Nordisk presently has roughly 67,900 workers in 80 places of work worldwide and is the producer of the viral GLP-1 receptor agonists Wegovy and Ozempic.
The corporate mentioned Thursday that attackers had accessed its inner IT techniques and information associated to sufferers taking part in some medical trials. This consists of the affected person ID (a random alphanumeric string) and details about examine participation, gender, 12 months of delivery, biomarkers, well being/immunogenicity information, and life-style elements (smoking, alcohol consumption, BMI, and so forth.).
Nonetheless, Novo Nordisk mentioned this information is pseudonymized and can’t be utilized by attackers to determine affected sufferers by title.
“Throughout an ongoing investigation and response, now we have found that sure private information, together with private information, was copied externally with out authorization. We’re notifying affected events as acceptable,” the corporate mentioned in a press release.
“This info will not be instantly linked to the affected person by title or different direct identifier. Due to this fact, id info requires entry to underlying info that identifies the affected person, reminiscent of by title. This info will not be publicly obtainable. Due to this fact, we don’t consider that this incident will allow third events to determine members in our medical trials.”
The information breach additionally affected plenty of non-public well being professionals (HCPs), with their names, registration numbers, e-mail addresses, cellphone numbers, WhatsApp particulars and workplace places uncovered.
Novo Nordisk has warned affected healthcare staff to be cautious of surprising messages and cellphone calls as they could turn into targets of phishing assaults through e-mail, cellphone, WhatsApp or fraudulent messages impersonating colleagues.
The corporate took its compromised inner IT techniques offline, however mentioned its core enterprise operations weren’t affected. Novo Nordisk is presently investigating this incident with the help of exterior cybersecurity specialists to evaluate the complete impression and scope of the breach.
“Whereas we’re working to carry the affected techniques again on-line in a managed and protected method, we acknowledge that this course of will take time. Our core enterprise operations are unaffected and proceed to function,” Novo Nordisk added.
Novo Nordisk has not but disclosed when the breach was detected or how many individuals’s private and affected person information was compromised.
When BleepingComputer contacted us for extra particulars in regards to the assault, a Novo Nordisk spokesperson referred us to the corporate’s press launch.
Up to date June 12, 06:28 EDT: Added response from Novo Nordisk.
Safety groups doc 54% of profitable assaults and difficulty a warning on solely 14%. The remainder strikes invisibly by way of the setting.
Picus’ whitepaper exhibits the best way to take a look at your SIEM and EDR guidelines in breach and assault simulations to make sure threats go undetected.
Get the white paper
