Cyberattackers Hack Pfizer’s and BioNTech’s COVID-19 Vaccine Data

Yesterday, Pfizer and BioNTech disclosed that information pertaining to their regulatory submission for emergency-use approval of COVID-19 vaccine BNT162b2 was hacked on a European Medicines Agency (EMA) server containing the data.

While the EMA divulged it had been the victim of a cyberattack, it did not publicly reveal what the hackers accessed. The EMA’s statement says it “has swiftly launched a full investigation, in close cooperation with law enforcement and other relevant entities,” but can’t provide more details while the investigation is ongoing.

BioNTech released a statement, saying it was informed by the EMA that the regulator was targeted by cyberattackers and that “some documents” related to BNT162b2 had been “unlawfully accessed.”

The German drugmaker stressed that “no BioNTech or Pfizer systems have been breached in connection with this incident and we are unaware that any study participants have been identified through the data being accessed.”

BioNTech said it is waiting to receive more information from the European regulator’s investigation and “will respond appropriately and in accordance with EU law.” According to the company, the EMA said the attack won’t affect the timeline of its review of the Pfizer/BioNTech vaccine. The EMA has scheduled a public meeting on COVID-19 vaccines on Dec. 11.

Last week, Interpol issued a high-threat-level Orange Notice, which warns of an “imminent threat to public safety,” in an effort to raise caution about international cybercriminals targeting COVID-19 vaccine candidates (DID, Dec. 7). At the same time, IBM warned of cyberhackers targeting the COVID-19 vaccine supply chain.

In November, Microsoft warned of hacker groups linked to Russia and North Korea waging cyberattacks against companies developing COVID-19 treatments. ― Jason Scott