Hacking group FulcrumSec has claimed responsibility for a breach of the systems of Danish pharmaceutical giant Novo Nordisk, saying it was exploring selling stolen data after a failed ransom demand.
Novo Nordisk, known for weight-loss drugs such as Ozempic and Wegovy, disclosed the hack late last week, saying attackers had stolen data associated with clinical trials.
It said the data was pseudonymised and could not be linked to patients by name or identifiers.
Anonymised data
“Knowledge of patient identity would require access to further information, which was not part of the incident,” the firm said.
FulcrumSec contacted website DataBreaches to claim credit for the hack, saying it accessed Novo Nordisk’s systems in March through a GitHub access token that allowed it to gain access to additional credentials.
The group said it stole about 1.3 terabytes of data over a period of more than two months, providing 700,000 files along with correspondence with the pharmaceutical firm that it said proved its claims.
The hackers said they stole data related to undisclosed drug programmes, proprietary compound structures, private AI models and other information.
After Novo Nordisk refused to pay a $25 million (£18.6m) ransom, the group said it was “exploring private sales” of data related to drugs and other internal data.
‘Private sales’
It claimed it wouldn’t share certain types of data, including information on company employees, physicians, and roughly 11,500 pseudonymised clinical trial patients as a “harm-reduction” measure.
“Although Novo Nordisk said the data stolen is not directly linked to any patients by name or other direct identifiers, there will still be a degree of nervousness among those affected by the breach,” said James Neilson of computer security firm Opswat.
“Any stolen health data contains highly sensitive information, and the risk goes beyond identity theft to include privacy harm, misuse of medical data, and loss of trust in clinical research.”
Click Here For The Original Source.
