Novartis hit by cyberattack but says no sensitive data were compromised: report

No one is immune from cyberattacks—not even pharmaceutical giants like Novartis.

Industrial Spy, a hacking group that runs an extortion marketplace selling stolen data, posted data allegedly stolen from Novartis, specialized IT website Bleeping Computer reported late last week. Luckily for the pharma company, it says no sensitive data was compromised in the attack.

The hackers claimed the data were stolen directly “from the laboratory environment of the manufacturing plant,” according to the description of the stolen data.

The data were likely stolen on Feb. 25, Bleeping Computer reports. The drugmaker told the publication it was aware of the matter and has thoroughly investigated it.

“We can confirm that no sensitive data has been comprised," the company told the website. "We take data privacy and security very seriously and have implemented industry standard measures in response to these kinds of threats to ensure the safety of our data."

Industrial Spy is also known to use ransomware in attacks, Bleeping Computer reports. In this case, there wasn't evidence that company devices were encrypted.

Switzerland ranks third among most targeted European countries for cyberattacks, behind Germany and the U.K., according to Switzerland insurance company Swiss Risk and Care. It’s the seventh most targeted country in the world.

A February report from digital risk protection company Constella Intelligence recorded more than 200,000 total data exposures and data breaches from 20 pharma companies. Of the total, 59% of total breaches and 79% of exposed records happened after 2020.

Pharma companies have been working to bolster their cyber defenses in recent years. Back in 2017, a cyberattack at Merck ended up costing the drugmaker more than $1 billion.