Novo Nordisk disclosed a significant security incident today involving unauthorized access to patient information stored in their internal IT infrastructure. The company, known for manufacturing Wegovy and other GLP-1 medications, says attackers accessed a limited volume of clinical trial participant data during an ongoing investigation with external cybersecurity experts.
What Data Attackers Accessed
The incident exposed personal information including patient identification numbers, birth years, biological sex, and health related data such as immunogenicity information. Novo Nordisk emphasized that attackers did not obtain direct patient identifiers like names or contact information, meaning they would struggle to link exposed information to specific individuals without accessing additional data that was not part of the intrusion.
“The incident affected a limited amount of information related to patients in some of our clinical trials,” the company stated in an official disclosure, though it declined to specify which trial programs attackers targeted.
Immediate Actions Taken
Novo Nordisk took several internal IT systems offline as a precautionary measure while working systematically to restore them in a controlled manner. The company reported that core business operations remain unaffected and continue running normally.
External cybersecurity consultants now conduct a full forensic investigation, and the company actively cooperates with relevant regulatory authorities in all affected jurisdictions.
Patient Risk Assessment
The pharmaceutical manufacturer stated it does not believe the incident poses any immediate physical risk to clinical trial participants. However, the company advised all affected patients to monitor their accounts and report any suspicious activity that might connect to the breach.