Cyber Attackers Leaked Covid-19 Vaccine Data After EU Hack

The European Medicines Agency (EMA) has reported that some of the data on the Pfizer/BioNTech COVID-19 vaccine that was stolen during a cyber-attack in early December 2020 was released online illegally shortly after the attack. 

The leak was discovered during an investigation that was launched into the attack by the EMA and law enforcement. It is claimed that evidence of the stolen data was found on various hacking forums as early as 31 December. The EMA stated yesterday (13 January) that action is being taken by authorities.

The EMA is a decentralized agency responsible for evaluating, monitoring and supervising new medicines introduced to the EU. As such, it is accountable for approving any COVID-19 vaccines. On 9 December 2020, the EMA released a statement alerting that it had been subject to the cyber-attack. 

Pfizer and BioNTech then released a joint statement outlining the nature of the breach: “Today, we were informed by the European Medicines Agency (EMA) that the agency has been subject to a cyber-attack and that some documents relating to the regulatory submission for Pfizer and BioNTech’s COVID-19 vaccine candidate, BNT162b2, which has been stored on an EMA server, had been unlawfully accessed.”

At the time, it was concluded that only a small number of documents had been accessed, limited to a single IT application as the hackers targeted data relating specifically to the Pfizer/BioNTech COVID-19 vaccine. Nevertheless, according to sources on technology and cybersecurity website BleepingComputer, the threat actors accessed Word documents, PDFs, email screenshots, PowerPoint presentations and EMA peer review comments.

The EMA assured that, despite the breach, its regulatory network is fully operational and that the evaluation and approval of COVID-19 medicines have not been affected by the incident.

THE LARGER PICTURE

The breach of the EMA server is not the only cyber-attack related to COVID-19 vaccines. There has been increasing concern about the safe deployment of the vaccine as cybercriminals attack the vaccine “cold chain”, launching what has been called a “global phishing campaign” against organizations responsible for the transport and sub-zero storage of the vaccine, supposedly in an attempt to gain unauthorized access to private credentials and sensitive information regarding the vaccine’s distribution.

Experian also released a report at the end of 2020 warning of the potential security risks that accompany the technological diversification in healthcare affected by COVID-19. It highlighted the potential risks of overlooking cybersecurity and the increased possibility of misinformation, particularly regarding the COVID-19 vaccine, while Dr Saif Abed also outlined the challenges of cybersecurity during the global mass rollout of the vaccine in a blog for Healthcare IT News.

ON THE RECORD

Responding to the announcement, chief security officer at Cybereason, Sam Curry, called security breaches surrounding the COVID-19 vaccine “diabolical”.

He continued: “Hackers today still see COVID-19 as a strategically valuable asset and it’s likely they will for the foreseeable future. Kudos to the pharma and research companies for working with law enforcement agencies to face these threats head on with advanced cyber tools and improved security hygiene. These companies face a new reality each and every day that motivated hackers will be successful every time they attempt to hack a company because they are well funded and are looking to reap both financial and political fame.

As the protection surface expands to mobile, the cloud and other potential attack vectors, those companies that can detect a breach quickly and understand as much as possible about the hacking operation itself, will be able to stop the threat and minimize or eliminate the risk all together.”

By Sophie Porter

.

More Contents:

.

Bloomberg Quicktake: Now

Hackers posted confidential documents regarding Covid-19 medicines and vaccines on the internet after a data breach late last year at the European Medicines Agency. Timelines related to evaluating and approving Covid medicines and vaccines haven’t been affected, the EMA said in a statement on Tuesday. The agency said it remains fully functional and that law enforcement authorities are taking action on the breach. Caught up in the hack were some documents submitted by Pfizer Inc. and BioNTech SE during regulatory review of their vaccine, approved last month.

The EMA said it would notify any additional entities and individuals whose documents and personal data may have been subject to unauthorized access. Pfizer shares fell 2.2% in New York, with BioNTech’s American depositary receipts down 5.1%. Subscribe to our YouTube channel: https://bit.ly/2TwO8Gm Bloomberg Quicktake brings you live global news and original shows spanning business, technology, politics and culture. Make sense of the stories changing your business and your world. To watch complete coverage on Bloomberg Quicktake 24/7, visit http://www.bloomberg.com/qt/live, or watch on Apple TV, Roku, Samsung Smart TV, Fire TV and Android TV on the Bloomberg app. Have a story to tell? Fill out this survey for a chance to have it featured on Bloomberg Quicktake: https://cor.us/surveys/27AF30 Connect with us on… YouTube: https://www.youtube.com/user/Bloomberg Breaking News on YouTube: https://www.youtube.com/c/BloombergQu… Twitter: https://twitter.com/quicktake Facebook: https://www.facebook.com/quicktake Instagram: https://www.instagram.com/quicktake

.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.