Novo Nordisk discloses data breach affecting patient and healthcare professional information

Per Bleeping Computer, Danish pharmaceutical company Novo Nordisk has revealed a data breach that compromised patient information from clinical trials and data belonging to healthcare professionals.

Attackers gained access to Novo Nordisk's internal IT systems, copying non-public data without authorization. The exposed patient data includes pseudonymized trial IDs, participation details, sex, year of birth, biomarkers, health and immunogenicity data, and lifestyle factors. While the data is pseudonymized and not directly linked to patient names, it could potentially be combined with other information for identification. Additionally, the breach exposed personal details of an undisclosed number of healthcare professionals, including names, registration numbers, email addresses, phone numbers, WhatsApp details, and office locations. Novo Nordisk has warned these professionals to be vigilant against potential phishing attacks.

The company has taken affected IT systems offline but stated that core business operations remain unaffected. An investigation with external cybersecurity experts is underway to determine the full scope of the incident.

Source: Bleeping Computer