Ozempic maker Novo Nordisk breach exposed patients’ clinical trial data

Ozempic maker Novo Nordisk breach exposed patients’ clinical trial data

Novo Nordisk said this security incident affected patient data, including health information and birth year

Last week Danish pharmaceutical company Novo Nordisk , the maker of the popular diabetes and weight-loss drugs Ozempic and Wegovy, revealed it had suffered a data breach involving “unauthorized access” to clinical trial data.

The company said in a statement and letter to patients that the incident doesn’t appear to pose “any immediate risks” to trial participants. The apparent hack exposed information about patients that was collected for clinical trials, and this information included age, sex, health data and lifestyle factors, as well as a randomized patient IDs. “Direct identifiers,” such as patients’ names, were not affected, the company said.

“We therefore do not consider the incident to enable any third party to identify participants in our clinical trials,” the company stated in its announcement. “Upon learning of the incident, we launched an investigation with the assistance of external cybersecurity experts, and we are in contact with the relevant authorities.”

If you're enjoying this article, consider supporting our award-winning journalism by subscribing . By purchasing a subscription you are helping to ensure the future of impactful stories about the discoveries and ideas shaping our world today.

Still, Novo Nordisk urged patients to “remain vigilant” and report any unusual activity that could be related to their personal information. One hacker group, FulcrumSec, told cybersecurity blog DataBreaches that it was behind the attack, but that has not been confirmed.

“A data breach of this nature is absolutely a cause for concern,” says Nathan Wenzler, a field chief information security officer at the cybersecurity company Optiv Security. “In this day and age, after hundreds, if not thousands, of data breaches, big and small, no one should be looking at a single data breach in isolation when determining its impact.”