Hackers Raid European Agency for Pfizer Vaccine Docs

The European Medicines Agency (EMA) has suffered a cyber-attack which led to the compromise of documents related to the Pfizer/BioNTech vaccine, currently being deployed in the UK.

The agency itself only issued a very brief statement, saying it could not provide more details while an investigation was still underway.

“EMA has been the subject of a cyber-attack,” it noted. “The agency has swiftly launched a full investigation, in close cooperation with law enforcement and other relevant entities.”

However, BioNTech disclosed more about the incident.

“Today, we were informed by the EMA that the agency has been subject to a cyber-attack and that some documents relating to the regulatory submission for Pfizer and BioNTech’s COVID-19 vaccine candidate, BNT162b2, which has been stored on an EMA server, had been unlawfully accessed,” it revealed.

The news comes just days after IBM revealed a sophisticated nation state phishing campaign against various organizations that provide the cold chain storage needed to distribute the Pfizer vaccine globally.

Sensitive information on vaccines developed in the West has been sought-after by nation state actors from China, Russia and North Korea for months. In October, an Indian pharma giant making Russia’s Sputnik-V vaccine was forced to shut several facilities after an unspecified incident.

Warnings from the likes of the National Cyber Security Centre (NCSC), Microsoft and US authorities have come thick and fast throughout the year.

Mark Hendry, director of data protection and cybersecurity at law firm DWF, said it’s unclear whether the EMA attack was nation state or cybercrime-oriented.

“Being aware of the cyber-attackers’ mind set is important in anticipating, preparing for and defending against such attacks,” he added. 

“Businesses should consider identifying and planning for recurring or one-off events in their organizational lifecycle when they might become a likely target of attack and ensure that robust people, process and technology-based defense and response systems are in place to deal with threats.”

What’s Hot on Infosecurity Magazine?