Novo Nordisk Confirms Cyberattack Exposed Clinical Trial Patient Data
6 min. read 
Published on
Novo Nordisk has confirmed a cybersecurity incident involving unauthorized access to a limited number of internal IT systems. The company said certain non-public data, including personal data, was copied externally without authorization, according to its official incident update.
The breach affected a limited amount of information linked to patients participating in some Novo Nordisk clinical trials. Reuters reported that the company has launched an investigation with external cybersecurity experts and contacted relevant authorities.
Access content across the globe at the highest speed rate.
70% of our readers choose Private Internet Access
70% of our readers choose ExpressVPN
Browse the web from multiple devices with industry-standard security protocols.
Faster dedicated servers for specific actions (currently at summer discounts)
Novo Nordisk said the exposed patient data was pseudonymized and not directly linked to names or other direct identifiers. The company does not consider the incident to pose immediate risk to patients, but it has urged affected individuals to remain vigilant.
What Data Was Exposed
The affected patient data may include randomized patient IDs, trial participation details, sex, year of birth, biomarkers, health and immunogenicity data, and lifestyle factors such as smoking, alcohol use, and BMI. Novo Nordisk listed these categories in its patient notification letter.
The company said patient identity would require access to additional information that was not part of the incident. It also told patients that the notice is informational and that they do not need to take specific action at this stage.
Healthcare professionals were also notified. Novo Nordisk said a limited amount of non-sensitive HCP data was copied, including names, registration numbers, email addresses, phone numbers, WhatsApp details, and office locations.
| Affected group | Data categories | Company assessment |
|---|---|---|
| Clinical trial patients | Patient ID, trial participation, sex, year of birth, biomarkers, health and immunogenicity data, lifestyle factors | Novo Nordisk says the data was pseudonymized and not directly linked to names or other direct identifiers |
| Healthcare professionals | Name, registration number, email, phone number, WhatsApp details, office location | Novo Nordisk says the potential risk includes targeted phishing or fraudulent communications |
| Company systems | Certain non-public data from a limited number of internal IT systems | The investigation is ongoing and impacted parties are being informed as appropriate |
Attackers Claim a Larger Theft
A cyber extortion group called FulcrumSec has claimed responsibility for the incident and says it stole more than 1.3TB of Novo Nordisk data. In a separate Reuters report, the group claimed the stolen material included source code, proprietary drug information, clinical trial data, employee data, doctor and patient data, and internal AI model information.
Novo Nordisk has not publicly confirmed those broader claims. The company said it is aware of claims that data allegedly copied from its systems has been published online and that it remains in contact with relevant authorities.
The alleged attackers also claimed they demanded $25 million and were exploring private sales of some stolen data after the company did not pay. Reuters said it could not independently verify the authenticity of the data posted by the hacking group.
AI and Research Asset Claims Remain Unconfirmed
The most sensitive unconfirmed claims involve internal AI and research assets. FulcrumSec alleges that the stolen data includes AI model information, company source code, proprietary drug information, and details related to production facilities.
Those claims matter because pharmaceutical companies increasingly use AI in drug discovery, clinical research, and manufacturing workflows. If genuine, stolen AI model files, training materials, or research code could create intellectual property and competitive risks beyond a normal personal-data breach.
At this stage, however, Novo Nordisk has only confirmed the unauthorized copying of certain non-public data, including personal data. The public confirmation does not validate the full scale of the attackers’ alleged haul.
Patients and Doctors Face Different Risks
For patients, Novo Nordisk says the exposed information was pseudonymized and not directly tied to names or other direct identifiers. That reduces the chance that an outside party could identify a clinical trial participant from the exposed data alone.
For healthcare professionals, the risk is more direct. The HCP notification letter warns that the exposed contact details could be used for targeted phishing through email, phone, or WhatsApp, or for fraudulent messages impersonating colleagues.
Anyone contacted about the incident should verify the sender before responding, opening attachments, or sharing information. Attackers often reuse breach news to send convincing follow-up phishing messages.
Novo Nordisk Says Core Operations Continue
Novo Nordisk said it temporarily took certain internal IT systems offline to protect its environment. The company is working to restore affected systems in a controlled and safe manner.
The drugmaker said its core business operations remain up and running. The company update also says its investigation remains ongoing and that impacted parties will be informed as appropriate.
Reuters noted that Novo Nordisk did not disclose which clinical trials were affected. The company also has not disclosed the total number of affected individuals in its public notice.
What Affected People Should Do
- Watch for unexpected emails, phone calls, WhatsApp messages, or documents claiming to come from Novo Nordisk.
- Do not share personal, medical, payment, or login information through unverified messages.
- Confirm suspicious communications through an official Novo Nordisk contact channel.
- Report unusual activity that may be linked to the incident.
- Healthcare professionals should treat unusual requests involving trial data, patient records, or internal documents as high risk.
The incident highlights why healthcare and pharmaceutical breaches can carry more than one type of risk. Patient data, professional contact details, research systems, internal code, and AI assets can all carry value for attackers.
For now, the confirmed breach involves unauthorized access to limited internal systems and the external copying of certain non-public data. The broader claims from FulcrumSec remain allegations, but they will keep pressure on Novo Nordisk as its investigation continues.
The extortion claims also show how cybercriminal groups are expanding their focus from traditional personal data to high-value research and AI-related assets.
FAQ
Novo Nordisk confirmed unauthorized access to a limited number of internal IT systems. The company said certain non-public data, including personal data, was copied externally without authorization.
Novo Nordisk said affected patient data may include randomized patient IDs, trial participation details, sex, year of birth, biomarkers, health and immunogenicity data, and lifestyle factors such as smoking, alcohol use, and BMI.
Novo Nordisk said the affected patient data was not directly linked to names or other direct identifiers. The company said patient identity would require access to additional information that was not part of the incident.
A cyber extortion group called FulcrumSec claims it stole internal AI model information, source code, drug information, and other data from Novo Nordisk. Novo Nordisk has not publicly confirmed those broader claims.
Novo Nordisk said some internal IT systems were temporarily taken offline as part of its response, but its core business operations remain up and running.
Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more
Improve this guide
User forum
0 messages