NOVO Nordisk, a major producer of insulin and semaglutide, reported a cybersecurity incident affecting patient data from clinical trials. The breach involved pseudoanonymized records from approximately 11,500 research participants. The hacker group FulcrumSec claimed responsibility, stating they had been in control of the network since March due to poor security practices.
The exfiltrated data included trial participation details, health data, and some intellectual property related to drug development, including future products. Despite a $25 million ransom demand, Novo Nordisk opted not to pay, citing ongoing investigations and a commitment to patient safety. FulcrumSec criticized Novo Nordisk's slow response and highlighted vulnerabilities in their security infrastructure.