Hackers have managed to “unlawfully access” COVID vaccine data after a cyber attack on the European Medicines Agency (EMA) with both Pfizer and BioNTech saying their documents were accessed by outside threat actors.
The news comes after German company BioNTech confirmed that its documents for a vaccine approval were compromised in a cyber attack by hackers targeting the EMA. Hackers were able to “unlawfully access” the documents that BioNTech had submitted to the EMA, and launched a cyber attack to access the vaccine data.
The medical company said in a statement that “today, we were informed that the agency has been subject to a cyber-attack and that some documents relating to the regulatory submission for Pfizer and BioNTech’s COVID-19 vaccine candidate, BNT162b2, which has been stored on an EMA server, had been unlawfully accessed.”
The company continued to explain that “EMA has assured us that the cyber attack will have no impact on the timeline for its review,” and added that the company made the news of the hack due to “the critical public health considerations and importance of transparency.”
The company concluded by stating that “no BioNTech or Pfizer systems have been breached in connection with this incident and we are unaware of any personal data of study participants being accessed.”
It is unlikely that the hacker’s move to unlawfully access COVID vaccine data with a cyber attack will impact the timeline of a vaccine rollout in Europe, according to BioNTech.
The collaboration of BioNTech and Pfizer on a COVID-19 vaccine is one of a small handful of vaccines being tested by authorities. Pharmaceutical giant Moderna has also submitted its COVID-19 vaccine for approval, but it remains unknown whether or not they have had their documents accessed by hackers as the result of these cyber attacks on the EMA.
The European Medicines Agency is responsible for the verification of both safety and efficacy for vaccines and medicines throughout Europe. The agency has released a statement saying that “[the] EMA cannot provide additional details whilst the investigation is ongoing.
A spokesperson for the UK’s National Cyber Security Centre – NCSC – has said that it is investigating the matter of hackers unlawfully accessing COVID vaccine data with a cyber attack on the EMA.
“We are working with international partners to understand the impact of this incident affecting the EU’s medicine regulator, but there is currently no evidence to suggest that the UK’s medicine regulator has been affected,” they said.
Moving across the Atlantic, the U.S. Food and Drug Administration (FDA) has told Bloomberg that “information security and the protection of industry and public health information are among the FDA’s highest priorities.”
“The agency is always enhancing its cybersecurity strategies to ensure FDA information security systems provide adequate protection of industry data and public health information on a continual, long-term basis.”
Hackers have in recent years made their intentions clear when it comes to accessing data from organisations involved in the medical sector, launching a number of new and sophisticated campaigns targeting the medical industry. We’ve reported recently that data breaches on the healthcare sector are expected to triple in the near future, due to the intimate nature of the data they collect and store; a gold mine for hackers looking to launch future phishing and identity fraud campaigns.
One of the best ways to mitigate the threat of these information security risks is with the implementation of a system like ISO 27001, which is one of the leading international standards to target cyber threats in your industry and beyond.