Novo Nordisk discloses breach of clinical-trial patient data after IT security incident
Danish pharmaceutical giant Novo Nordisk disclosed that attackers copied pseudonymised patient information from some of its clinical trials out of its internal IT systems, prompting it to take certain systems offline while it investigates.
- Victim
- Novo Nordisk
On 11 June 2026, Novo Nordisk β the Danish pharmaceutical giant best known as the world's largest maker of insulin and the producer of the GLP-1 drugs Ozempic and Wegovy β posted a notice disclosing a security incident in which information, including patient data from some of its clinical trials, was copied externally from its internal IT systems without authorisation.
What happened
According to the company's notice and subsequent reporting, an unauthorised party accessed and exfiltrated a limited amount of data tied to participants in some of Novo Nordisk's clinical trials. The exposed categories included random alphanumeric patient identifiers, details of trial participation, sex, year of birth, biomarkers, health and immunogenicity data, and lifestyle factors such as smoking status, alcohol use and body mass index. Novo Nordisk stressed that the affected data was pseudonymised and that no directly identifiable information β such as patient names β was taken.
The company said it identified the incident, engaged external cybersecurity experts to investigate, and is in contact with the relevant authorities. To contain the breach it temporarily took certain internal systems offline and is working to restore services in a controlled manner. Novo Nordisk has not yet disclosed when the breach was detected or how many individuals were affected, and it urged clinical-trial participants to remain vigilant.
Why it matters
Clinical-trial datasets are unusually sensitive: even when stripped of names, the combination of biomarkers, immunogenicity results and lifestyle attributes can be re-identifying and is valuable for fraud, espionage and competitive intelligence in the pharmaceutical sector. The incident lands as healthcare and life-sciences organisations remain among the most heavily targeted industries, and it underscores that pseudonymisation limits β but does not eliminate β the harm when research data leaves an internal network.
Sources
- bleepingcomputer.comhttps://www.bleepingcomputer.com/news/security/pharmaceutical-giant-novo-nordisk-discloses-security-breach/
- insurancejournal.comhttps://www.insurancejournal.com/news/international/2026/06/12/873528.htm
- fiercepharma.comhttps://www.fiercepharma.com/pharma/novo-reports-cybersecurity-breach-tells-clinical-trial-patients-remain-vigilant
- computing.co.ukhttps://www.computing.co.uk/news/2026/security/pharma-giant-novo-nordisk-reports-breach-of-clinical-trial-data
- thenews.com.pkhttps://www.thenews.com.pk/latest/1405603-novo-nordisk-reports-patient-data-breach-in-clinical-trial-cyberattack