Pfizer/BioNTech vaccine documents hacked in cyber attack on European Medicines Agency

Attack will not impact timeline for vaccine review, according to regulators

Kate Ng
Thursday 10 December 2020 03:04
'If I can do it, so can you', says first person in UK to receive Covid vaccine
Leer en Español

Documents related to the development of the Pfizer-BioNTech Covid-19 vaccine were “unlawfully accessed” in a cyberattack on Europe’s medicines regulators, the firms have said.

The European Medicines Agency (EMA) confirmed on Wednesday that it had been subjected to a cyberattack but did not provide any details beyond saying a “full investigation” had been launched.

But the German half of the vaccine partnership, BioNTech, said in a statement that they were informed by the EMA that some documents related to “regulatory submission for” the vaccine had been accessed.

“It is important to note that no BioNTech or Pfizer systems have been breached in connection with this incident and we are unaware that any study participants have been identified through the data being accessed,” added the firm.

The EMA, which authorises the use of medicines across the EU, assured BioNTech that the attack “will have no impact on the timeline for its review”. The agency is due to complete its review by 29 December.

It was not immediately clear when or how the attack took place, who was responsible or what other information may have been compromised.

BioNTech said it is awaiting further information about the EMA’s investigation into the hacking and “will respond appropriately and in accordance with EU law”.

The firm added that it sought to provide “clarity” around all aspects of the vaccine development and regulatory processes given the “critical public health considerations and the importance of transparency”.

Cyberattacks on healthcare and medical organisations have increased during the coronavirus pandemic, carried out by attackers ranging from state-backed spies to cyber criminals wanting to obtain the latest information about the outbreak.

In the summer, the UK’s National Cyber Security Centre (NCSC) warned that Russian intelligence had targeted organisations working on successful vaccines in the UK, US and Canada.

More recently, IBM said an international vaccine supply chain had been targeted by cyber-espionage after it tracked a campaign aimed at the delivery “cold chain” used to transport vaccines.

IBM said the identity of the attacker was unclear, but the sophisticated methods indicated it was a nation state.

Responding to the hack on the EMA, a spokesperson for the NCSC said: “The NCSC is supporting vital vaccine research and manufacture to defend against cyber threats.

“We are working with international partners to understand the impact of this incident affecting the EU's medicine regulator, but there is currently no evidence to suggest that the UK's medicine regulator has been affected.”

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in