As cybersecurity threats have proliferated across industries in recent years, biopharma companies have emerged as prominent targets, with intellectual property, patient data and other sensitive information at stake. Now, Novo Nordisk is the latest drug giant to report a data breach.
In a Thursday incident notice, Novo said it recently identified a security breach affecting certain internal IT systems, adding that "a limited amount of information related to patients participating in some of our clinical trials" had been exposed.
As part of its investigation, the company found that certain data were "copied externally without authorisation," according to the notice.
Importantly, the patient data were de-identified, Novo said. The data contained info such as patients' year of birth, biomarkers and lifestyle factors, but not names or "other direct identifiers."
While patients in Novo trials don't need to take any action, the company recommends patients "remain vigilant and report to us if anything unusual is encountered that is believed could be linked to the incident," Novo said in the notice.
The company has taken certain internal IT systems offline as part of its response to the incident. It's now working to bring those back online. Novo's core business remains unaffected, the drugmaker stressed.
As much as life sciences companies work to defend against cyber threats, breaches have become somewhat commonplace. Last month, West Pharmaceutical Services reported a cybersecurity incident. And in the medtech space, Stryker recently fell victim to a hack.