After disclosing a security breach last week concerning “a limited number of internal IT systems,” details on the cyber threat against Novo Nordisk are unfolding in reports alleging that two hacker groups attempted to extort the Danish drugmaker out of millions of dollars.
The company’s systems were hacked separately by cyberextortion group FulcrumSec and a lesser known hacking ring known as TheUSERS007, cybersecurity blog DataBreaches reported, after both groups reached out attempting to claim responsibility for the attacks.
According to DataBreaches, FulcrumSec attempted to negotiate a ransom payment of $25 million from Novo, while TheUSERS007 demanded $50 million. Novo did not comply with payment to either group.
FulcrumSec stepped up to name itself as the hacker shortly after Novo disclosed a security incident on June 11.
Novo is “aware of claims that data allegedly copied externally without authorisation from our systems has been published online,” a spokesperson told Fierce in an emailed statement. “We take this matter seriously and maintain continued operations of our main platforms. We are in contact with the relevant authorities.”
The spokesperson added that “Protecting the security and integrity of our systems and delivering reliable products and support to patients remain our highest priorities."
In a message on its website last week, Novo urged patients whose data may have been compromised to “remain vigilant” and alert the company of any unusual encounters that could be linked to the breach.
However, Novo noted that it's not concerned about any “immediate risks” for patients, as the personal data obtained was clinical trial participant information that does not directly tie any identifying information to specific names. Moreover, the information the hackers captured was “not exposed,” Novo said.
FulcrumSec has since told Reuters, however, that is now “exploring private sales” for some of the data after Novo refused to pay its $25 million request. In addition to clinical trial data, the hacking group also acquired a hoard of intellectual property, including details on key obesity pipeline drugs such as amycretin and CagriSema, as well as five undisclosed drug programs, among other data, according to DataBreach.
FulcrumSec has posted updates on its dark web leak site explaining further details of the attack, which it says it spent more than two months carrying out. After engaging with the hackers for several weeks, Novo “went dark” on further negotiations after posting its public disclosure, FulcrumSec alleged to DataBreach.
TheUSERS007 claims that it gained access to Novo’s systems earlier this month using a self-learning, adaptive AI engine called venomware, acquiring different sensitive data that that acquired by FulcrumSec.
Pharma companies are a common target for cyberattackers, with West Pharmaceutical Services, for one, reporting a ransomware attack last month.
In 2024, a massive data breach at drug distributor Cencora impacted over 1 million patients and at least 27 pharma companies, leading to several class action lawsuits and a $40 million settlement.
And back in March, medical device company Stryker suffered a significant global cyberattack, which was claimed by a pro-Iran hacking group and wiped some 200,000 systems, stealing 50 terabytes of data and causing some surgeries to be postponed due to delivery delays. The incident was thought to be a front for Iran’s Ministry of Intelligence and Security that ostensibly occurred in retaliation against U.S. and Israeli strikes on the country.