Hacker reaching out with hand on laptop showing leak of stolen COVID-19 vaccine data

Pfizer-BioNTech COVID-19 Vaccine Data Stolen From European Medicines Agency’s Server Leaked Online

US drug maker Pfizer and its German counterpart BioNTech confirmed that hackers who unlawfully accessed their COVID-19 vaccine data have published it online. The data was exfiltrated from a server belonging to the European drug regulator, the European Medicines Agency (EMA), which approves medicines and vaccines for the European Union. It remains unclear who was behind the attack and when it happened.

Pfizer and BioNTech documents related to COVID-19 vaccine data anonymously leaked online

In its fourth update regarding the COVID-19 vaccine data leak, EMA revealed that the “documents related to COVID-19 medicines and vaccines belonging to third parties have been leaked on the internet.”

However, the agency assured the public that the “timelines related to the evaluation and approval of COVID-19 medicines and vaccines” were not affected.

Without divulging further details, EMA said that “necessary action is being taken by the law enforcement authorities.” The European agency also promised to inform other third parties whose documents were possibly illegally accessed.

However, the European regulatory body withheld information on when the incident occurred or who was behind the attack. It also didn’t clarify what specific aspects of the COVID-19 vaccine data were stolen.

EMA notified the companies after Yarix, an Italian cybersecurity firm, claimed it had discovered Pfizer-BioNTech COVID-19 vaccine authorization documents on the dark web.

Yarix Chief Executive Officer Mirko Gatto said the leaked documents included confidential emails between the drugmaker and the European agency. Documents accessed included Word documents, PDFs, email screenshots, PowerPoint presentations and EMA peer review comments.

Earlier reports indicated that hackers had stolen documents related to the regulatory submissions of Pfizer’s and BioNTech’s COVID-19 vaccine candidate, BNT162b2, stored on the EMA server. EMA’s previous update had disclosed that the attack was limited to a single application.

Pfizer and BioNTech said the EMA had informed them “that the agency has been subject to a cyber-attack and that some documents relating to the regulatory submission for Pfizer and BioNTech’s COVID-19 vaccine candidate” were accessed.

EMA said that the personal data of the study participants was not compromised in the incident.  On its part, Pfizer clarified that its systems were not compromised in the leak.

COVID-19 vaccine data highly sought by cybercriminals and nation-state actors

UK’s National Cyber Security Centre (NCSC), the World Health Organization (WHO), IBM and Microsoft issued independent alerts over hackers targeting major COVID-19 vaccine producers and healthcare systems.

Accessing the COVID-19 vaccine data allows competitors to fast-track their COVID-19 research, giving them an unfair advantage and bridging the gap with other producers. And several countries launched cyber espionage campaigns to access COVID-19 vaccine data from market leaders.

Consequently, many COVID-19 vaccine development companies have been targeted in the cutthroat race to release COVID-19 vaccines and gain a strategic advantage in the coronavirus vaccine supply chain.

Suspected state-sponsored hackers targeted AstraZeneca, Gilead, Johnson & Johnson, Moderna, and Novavax to steal coronavirus vaccine data. The usual suspects of such attacks were state-sponsored hacking groups from Russia, China, North Korea, and Iran.

Lazarus Group, a North Korean advanced persistence threat actor, conducted cyber-attacks on a drugmaker and a ministry of health attempting to steal COVID-19 vaccine data to hasten the hermit nation’s COVID-19 research.

Commenting on EMA’s update 4, Chris Clements, VP of Solutions Architecture, Cerberus Sentinel, said:

“It is a relief that the cyber-attack hasn’t delayed the rollout of the vaccine, but unfortunately, the information released points to Pfizer and EMA being among the majority of hacking victims that only find out they have been breached when their confidential info is released on the dark web.”

Clements said that organizations must adopt a “culture of security” to protect themselves and their users from potential cyber-attacks.

“Preventative measures can only go so far, however. In addition, organizations must perform regular testing or ‘ethical hacking’ to ensure that no mistakes or gaps exist, as well as have continuous monitoring of systems and applications to quickly identify and respond to any suspicious activities before widespread damage can be done,” Clements concluded.