Overview
- Novo Nordisk, which disclosed the incident on Thursday, said attackers copied certain non‑public information from its internal IT systems including data tied to some clinical trial participants.
- The company says the exposed clinical data were pseudonymized and included patient IDs, trial participation, sex, year of birth, biomarkers, immunogenicity results and lifestyle factors.
- Novo Nordisk has taken affected internal systems offline and engaged external cybersecurity experts while notifying authorities and informing impacted parties as the probe continues.
- Reporting indicates names, registration numbers and contact details for an undisclosed number of healthcare professionals were also exposed, creating an immediate phishing and impersonation risk.
- Key details remain unknown — including when the breach was first detected and how many people were affected — and regulators could investigate under data‑protection rules as the company resumes systems in a controlled way.