Hackers Steal Covid-19 Vaccine Documents From EU Agency

Image credit: European Commission

European Union’s medicine regulator has been hacked, and documents concerning the Pfizer Coronavirus vaccine have been stolen

The European Medicines Agency (EMA) has been hacked, and valuable documentation concerning the Pfizer/BioNTech Covid-19 vaccine have been stolen.

The Pfizer vaccine was approved by the UK medical regulator last week and is currently being deployed around the country to help combat the Coronavirus pandemic.

But hackers have been seeking data on the three leading Covid-19 vaccines for some time now, and intelligence services have been warning the attacks likely stem from nation state hackers.

coronavirus Image credit: Centres for Disease Control and Prevention
Image credit: Centres for Disease Control and Prevention

EMA cyberattack

The latest attempt against the European Medicines Agency (EMA) appears to have been successful.

For those that don’t know, the European Medicines Agency is an agency of the European Union in charge of the evaluation and supervision of medicinal products.

It is currently working on approving of two Covid-19 vaccines, which it expects to conclude within weeks.

But BioNTech, which makes one of the vaccines in partnership with Pfizer, said its regulatory submission was accessed during the attack on the EMA.

BioNTech revealed the breach in a statement published on its website, in which it confirmed that it had been told its documents had been accessed.

“Today, we were informed by the European Medicines Agency (EMA) that the agency has been subject to a cyber attack and that some documents relating to the regulatory submission for Pfizer and BioNTech’s Covid-19 vaccine candidate, BNT162b2, which has been stored on an EMA server, had been unlawfully accessed,” said the firm.

“It is important to note that no BioNTech or Pfizer systems have been breached in connection with this incident and we are unaware that any study participants have been identified through the data being accessed,” it added, placing the blame firmly on the shoulders of the EU’s EMA.

“At this time, we await further information about EMA’s investigation and will respond appropriately and in accordance with EU law,” it said. “EMA has assured us that the cyber attack will have no impact on the timeline for its review.”

“Given the critical public health considerations and the importance of transparency, we continue to provide clarity around all aspects of the vaccine development and regulatory processes,” BioNTech added. “Our focus remains steadfast on working in close partnership with governments and regulators to bring our Covid-19 vaccine to people around the globe as safely and as efficiently as possible to help bring an end to this devastating pandemic.”

The EMA itself published a remarkably brief statement about the cyberattack on its own website.

“EMA has been the subject of a cyberattack,” it said. “The Agency has swiftly launched a full investigation, in close cooperation with law enforcement and other relevant entities.”

“EMA cannot provide additional details whilst the investigation is ongoing,” it added. “Further information will be made available in due course.”

Vaccine attacks

Cyberattacks against vaccine specialists, healthcare, and drugmakers have risen during the Covid-19 pandemic, as state-backed and criminal hacking groups sought to obtain vital data from rival nations.

Reuters recently reported that suspected North Korean hackers tried in recent weeks to break into the systems of British drugmaker AstraZeneca.

It comes after UK and US intelligence officials have previously warned that hackers were attempting to breach the cyber defences of vaccine makers.

In July the US Department of Justice (DoJ) issued formal charges against two Chinese nationals, accused of stealing hundreds of millions of dollars’ worth of trade secrets and intellectual property.

The two Chinese nationals were also accused of targeting researchers developing a vaccine for the coronavirus.

Earlier in July, both UK and US intelligence agencies warned that Russian hacking group APT29 (also known as Cozy Bear) was actively targeting researchers developing a Covid-19 vaccine.

Stolen vaccine data can be sold for a healthy profit, western officials have warned, or used to extort vaccine makers, or provide valuable intelligence for foreign governments.

And IBM recently warned that the cold storage supply chain used to transport viable vaccines had come under cyber-attack – probably by a nation state.