Danish pharmaceutical leader Novo Nordisk has disclosed a cybersecurity breach involving unauthorized access to its internal IT systems, resulting in the exfiltration of pseudonymized patient data from certain clinical trials. The company, renowned for its weight-loss medications Ozempic and Wegovy, identified the incident on June 11, 2026, and has since initiated a comprehensive investigation with external cybersecurity experts.
The compromised data encompasses patient identifiers (random alphanumeric strings), sex, year of birth, biomarkers, health and immunogenicity data, and lifestyle factors such as body mass index (BMI), smoking habits, and alcohol consumption. Importantly, Novo Nordisk emphasized that no direct personal identifiers, such as names, were exposed, mitigating the immediate risk of patient identification.
In response to the breach, Novo Nordisk has temporarily taken certain internal IT systems offline to safeguard its digital environment. The company is diligently working to restore these systems in a controlled and secure manner. Despite these measures, core business operations, including the manufacturing and distribution of medications, remain unaffected and fully operational.
While Novo Nordisk has not publicly attributed the attack to any specific group, a threat actor known as Dragonfly has claimed responsibility. The group alleges that, in addition to patient data, they have accessed proprietary artificial intelligence (AI) assets, including a 16.7 GB trained AI model checkpoint named NovoPert, a 407 MB proprietary biological and chemical training dataset, full source code for the AI model, internal infrastructure maps, and over 53 GB of container images. These claims have not been confirmed by Novo Nordisk.
The pharmaceutical industry has increasingly become a target for cyberattacks, given the sensitive nature of the data it handles and the critical role it plays in public health. This incident underscores the necessity for robust cybersecurity measures and proactive threat detection to protect patient information and proprietary research. As the investigation continues, it will be crucial for Novo Nordisk to transparently communicate findings and reinforce its security protocols to prevent future breaches.
