Novo Nordisk, a prominent Danish pharmaceutical company, recently reported a cybersecurity breach that impacted its internal IT systems. The breach involved unauthorized access to certain personal data, specifically affecting some clinical trial participants.
Details of the Cybersecurity Incident
The company, known for its diabetes and weight management medications like Ozempic, Wegovy, and Rybelsus, acknowledged limited unauthorized access to data stored in its systems. Novo Nordisk emphasized that the breach did not compromise identifiable information linked to patients.
Nature of the Exposed Data
- Randomly assigned patient IDs
- Trial participation status
- Sex and birth year
- Health data, including biomarkers and immunogenicity
- Lifestyle factors
The company clarified that while some information was exposed, it was not directly linked to any patient’s personal identity. Therefore, identifying participants solely from the compromised data is not feasible.
Impact on Healthcare Providers
Healthcare professionals associated with the clinical trials also faced potential data exposure. The breach may have compromised:
- Names of healthcare providers
- Registration numbers
- Email addresses
- Phone numbers
- WhatsApp information
- Office locations
Ongoing Investigation
At this stage, no known cybercrime groups have claimed responsibility for the cyber incident. Novo Nordisk has taken steps to investigate the breach thoroughly and improve its cybersecurity measures to prevent future incidents.
