motortion - stock.adobe.com
Data relating to the Pfizer/BioNTech Covid-19 vaccine, which was stolen in December 2020 following a cyber attack of an unspecified nature against the European Medicines Agency (EMA), has been leaked on the internet.
According to BleepingComputer, the data dump is understood to include screenshots of emails, peer review information, and other documents including PDFs and PowerPoint presentations. The identity of the cyber criminals involved, and whether or not they are backed by any nation state-linked interests, is unknown at the time of writing.
In a statement, the Netherlands-based EMA said: “The ongoing investigation of the cyber attack on EMA revealed that some of the unlawfully accessed documents related to Covid-19 medicines and vaccines belonging to third parties have been leaked on the internet. Necessary action is being taken by the law enforcement authorities.
“The Agency continues to fully support the criminal investigation into the data breach and to notify any additional entities and individuals whose documents and personal data may have been subject to unauthorised access.
“The Agency and the European medicines regulatory network remain fully functional and timelines related to the evaluation and approval of Covid-19 medicines and vaccines are not affected.”
The EMA said it would continue to provide necessary information in due course, as far as is possible.
The organisation – which is working with a specialised security forensics service in its investigation – maintains that only a limited number of documents were stolen in the cyber attack, and every third party involved has now been contacted and informed. The breach relates to only one specific IT application, and only third-party data was targeted.
“Since the start of the pandemic in 2020, the actions of many nation-state actors and other rogue hacking groups to steal vaccine research and disrupt the supply chain delivering the vaccines have been diabolical,” said Cybereason chief security officer Sam Curry. “You would hope that these brazen criminals would be brought to justice, but that is more fantasy than reality in today’s world.
Read more about technology and Covid-19 vaccines
- Check Point and KnowBe4 share details of a growing number of phishing campaigns using the prospect of a Covid-19 vaccine as a lure.
- HR departments may want electronic proof of an employee’s Covid-19 vaccination, but it is unclear when digital vaccine certificates will be ready.
- AstraZeneca’s global infrastructure services director Scott Hunter lifts the lid on the cloud and datacentre setup underpinning its efforts to bring its co-developed Covid-19 vaccine to the masses.
“With news of the recent leak of sensitive Covid-19 information from the EMA, and specific vaccine data from Pfizer and BioNTech, the question that begs an answer is why? Because hackers today still see Covid-19 as a strategically valuable asset and it’s likely they will for the foreseeable future.”
Curry praised both the EMA and pharmaceutical and research organisations for being upfront about working with law enforcement to face such threats head-on with more advanced security tools and improved basic hygiene.
“These companies face a new reality each and every day that motivated hackers will be successful every time they attempt to hack a company because they are well funded and are looking to reap both financial and political fame,” he said.
“As the protection surface expands to mobile, the cloud and other potential attack vectors, those companies that can detect a breach quickly and understand as much as possible about the hacking operation itself, will be able to stop the threat and minimise or eliminate the risk all together.”