Novo Nordisk, one of the world’s largest pharmaceutical companies, has disclosed a cybersecurity incident that resulted in unauthorized access to data related to some of its clinical trial participants. The company confirmed that certain information was copied from a limited number of internal IT systems without permission. Following the discovery, Novo Nordisk launched an investigation with the help of external cybersecurity experts and informed the relevant authorities about the incident.
According to the company, the breach affected a limited amount of information connected to patients participating in some clinical trials. While Novo Nordisk did not specify which trials were impacted, it stated that the incident involved data stored within its internal systems. The company emphasized that it is actively investigating how the unauthorized access occurred and whether any additional information may have been affected.
The potentially exposed information may include patient identification numbers, year of birth, sex, and certain health or immunogenicity-related data. These details are commonly collected during clinical studies to help researchers evaluate the safety and effectiveness of treatments. Novo Nordisk noted that the affected data does not contain direct identifiers such as patient names, reducing the possibility of participants being personally identified.
Company officials stated that the compromised information cannot be directly linked to individual participants without access to additional data that was not involved in the incident. Because of this separation, Novo Nordisk believes that third parties would face significant difficulty in identifying specific individuals. The company stressed that patient privacy remains a top priority as the investigation continues.
After detecting the breach, Novo Nordisk immediately began working with external cybersecurity specialists to understand the scope of the incident and strengthen its security measures. The company also contacted relevant authorities and started reviewing its systems to prevent similar incidents in the future. Efforts are currently underway to safely restore affected systems while maintaining strict security controls.
As a precaution, certain internal IT systems were temporarily taken offline. Novo Nordisk explained that this step was necessary to contain the incident and support the ongoing investigation. Despite these temporary disruptions, the company confirmed that its core business operations remain fully functional and that manufacturing, research, and other critical activities have not been affected.
The company stated that it does not currently believe the incident poses an immediate risk to patients participating in its clinical trials. However, Novo Nordisk has advised participants to remain alert and report any unusual activity they believe may be connected to the breach. The company continues to monitor the situation closely while providing updates to affected stakeholders.
This incident highlights the growing cybersecurity challenges facing the healthcare and pharmaceutical industries, where sensitive research and patient information are valuable targets for attackers. As investigations continue, Novo Nordisk is focusing on understanding the full impact of the breach, improving its defenses, and ensuring that patient data remains protected. The case serves as another reminder of the importance of strong cybersecurity practices across organizations handling critical health information.
