Novo Nordisk has identified that certain patient information from some of its clinical trials was accessed and copied externally in an unauthorised manner following a recent cyberattack on its internal IT systems.
The company reported the incident in a statement and has begun an investigation with assistance from external cybersecurity specialists. It added that authorities have been notified and details of the specific trials affected have not been made public.
Discover B2B Marketing That Performs
Combine business intelligence and editorial excellence to reach engaged professionals across 36 leading media platforms.
Novo Nordisk said a “limited amount” of trial participant data was involved.
Categories of patient information potentially compromised include patient ID (using a random alphanumeric string), year of birth, sex, and health or immunogenicity data.
The company noted that other details such as lifestyle factors, including smoking, alcohol use, body mass index, and biomarkers related to trial participation, may also be among the affected data, though not all categories apply to each patient.
In its statement, Novo Nordisk noted that the exposed data is not directly connected to patients by name or other identifying details, and it does not consider the incident to allow participants to be identified.
Determining the identity of any patient would require additional underlying information, which Novo Nordisk said was not accessed in this event.
The company has told patients there is no immediate risk to them as a result of the breach, but advised that unusual occurrences believed to be connected to the incident should be reported.
Novo Nordisk also confirmed that it had temporarily taken certain IT systems offline as a precaution and was working to restore affected systems in a controlled and secure way.
Company officials said: “Our core business operations are not impacted and remain up and running.”
