Cyberattack targets EMA, hacks COVID-19 vaccine data


The European Medicines Agency (EMA) says it suffered a cyberattack, with documents relating to a Pfizer and BioNTech’s COVID-19 vaccine accessed.

In a terse statement, the EU regulator confirmed its security had been breached and said it had launched an investigation with law enforcement, but would not be providing any additional information while that probe was underway.

Shortly after however BioNTech confirmed that documents submitted as part of its marketing application for coronavirus vaccine BNT-162b had been accessed by the hackers.

Responding to fears that the review could be delayed, the company said it had been assured by the EMA that the timeline should not be affected. The agency has indicated it should complete its review by 29 December.

BNT-162b is already approved in the UK and Canada, and the first UK patients started to receive the shot on Tuesday this week. The EMA is also reviewing another vaccine from Moderna, but at the moment it’s not clear if data from that programme has also been compromised.

“It is important to note that no BioNTech or Pfizer systems have been breached in connection with this incident and we are unaware that any study participants have been identified through the data being accessed,” said BioNTech in a statement on its website.

It added that it had publicised the breach “given the critical public health considerations and the importance of transparency".

The cyberattack came just days after international enforcement agency Interpol warned that organised criminals may try to target COVID-19 vaccine supply chains, for example by falsification, theft and illegal advertising of unlicensed shots.

Europol meanwhile warned earlier this year that criminal networks are exploiting the COVID-19 pandemic with a surge in cybercrime, targeted thefts and counterfeiting, including attempts to target organisations through business email compromise (BEC), which can be used to harvest sensitive data, siphon off funds or damage its reputation.

There’s no indication yet who was behind the EMA hack, but a volunteer group set up to tackle cybercrime related to COVID-19 – CTI League – has suggested that one motivation could be to uncover details about the supply and distribution of vaccines.

The group’s found Marc Rogers told Reuters that information “potentially significantly increases the attack surface for the vaccine".

IBM recently said an email phishing campaign had targeted organisations linked to the Cold Chain Equipment Optimisation Platform (CCEOP) of Gavi, the international vaccine alliance, suggesting that the sophistication of the assault pointed to a nation state being the culprit.

“Without a clear path to a cash-out, cyber-criminals are unlikely to devote the time and resources required to execute such a calculated operation,” according to the tech giant’s Security X-Force.

There has also been reports that hackers linked to North Korea, South Korea, Iran, Vietnam, China and Russia have tried to steal information about vaccines, targeting pharma companies and other organisations involved in COVID-19 medicine R&D, according to the news agency.

In October, Indian pharma company Dr Reddy’s Laboratories, which is helping to conduct late-stage testing of Russia’s Sputnik V COVID-19 vaccine, said it had been hit by a cyberattack that disrupted its production facilities.

Sam Curry, chief security officer at Cybereason, is convinced that a nation state is behind the EMA attack, saying: “Cyberattacks on the global COVID-19 vaccine distribution network from nation-states China, Russia and North Korea are diabolical in nature and acts of war.”

While acknowledging the average person “might be asking themselves why nation-state actors…are deliberately sowing doubt and confusion around the world at the worst possible time,” Curry says there is tremendous value in interfering with the distribution of COVID-19 vaccines.

“A COVID-19 vaccine is a strategically valuable asset to nation-states; whoever gets a vaccine distributed first has an economic advantage. It is the ultimate IP with immediate value. It is like having an oil rush, a data advantage or territorial gain in older real political terms.”