Hackers posted stolen COVID-19 vaccine info online, says EU regulator

BioNTech_COVID-19_Vaccine_10 (1)

Hackers posted stolen confidential information about Pfizer/BioNTech's COVID-19 vaccine online, the European Medicines Agency has said in an update.

The EMA last month revealed that documents relating to the Pfizer/BioNTech vaccine were stolen in a cyber-attack on its records.

Since then the agency has been investigating the incident involving the theft of documents that formed part of BioNTech’s filing for the BNT-162b vaccine.

In its latest statement, the EMA said that the investigation “revealed that some of the unlawfully accessed documents related to COVID-19 medicines and vaccines belonging to third parties have been leaked on the internet.”

The EMA added that “necessary action is being taken by the law enforcement authorities.”

It gave no further details about where the documents were posted, adding that further information will be provided “in due course” as the investigation continues.

The EMA said its regulatory framework remains fully functional and timelines relating to review and approval of COVID-19 medicines and vaccines are not affected.

Just days before the EMA hack emerged in mid-December, analysts from IBM warned that a phishing campaign had targeted organisations involved with the cold chain needed to keep vaccine supplies moving.

The operation began in September and spanned six countries and looked like the work of an unnamed “nation-state”, the analysts said in a blog post.

While individual cyber criminals would be unlikely to profit from the information they argued that “advanced insight into the purchase and movement of a vaccine that can impact life and the global economy is likely a high-value and high-priority nation-state target.”

Sam Curry, chief security officer at Cybereason, said that the actions were “diabolical” but added that bringing the perpetrators to justice would be “more fantasy than reality.”

Curry added that hackers see COVID-19 data as a “valuable asset” and will continue to do so for the “foreseeable future.”

He added: “Kudos to the pharma and research companies for working with law enforcement agencies to face these threats head on with advanced cyber tools and improved security hygiene.

The hackers "are well funded and are looking to reap both financial and political fame," Curry added.

“As the protection surface expands to mobile, the cloud and other potential attack vectors, those companies that can detect a breach quickly and understand as much as possible about the hacking operation itself, will be able to stop the threat and minimise or eliminate the risk all together."

Feature image copyright BioNTech SE 2020, all rights reserved