EMA Server Breached, Hackers Steal Pfizer/BioNTech Vaccine Data
Yalcin Sonet / Shutterstock
Germany-based BioNTech, which developed the vaccine under consideration by the U.S. Food and Drug Administration (FDA) and recently authorized for use in the United Kingdom, said it was informed by the EMA of the cyberattack. Hackers gained access to some documents relating to the regulatory submission for Pfizer and BioNTech’s COVID-19 vaccine candidate, BNT162b2. The documents had been stored on a server maintained by the European Medicines Agency. The EMA was in the process of reviewing the vaccine for emergency authorization and is expected to make a ruling later this month. Pfizer and BioNTech’s mRNA vaccine, BNT162b2 demonstrated a 95% efficacy in clinical trials. The U.S. Food and Drug Administration will review the clinical data on Thursday and could grant Emergency Use Authorization within a matter of hours following the review.
BioNTech said none of its systems, nor systems operated by Pfizer, were breached in connection with the hacking. The company said it is unaware if any information related to the trial participants were accessed.
“At this time, we await further information about EMA’s investigation and will respond appropriately and in accordance with EU law. EMA has assured us that the cyberattack will have no impact on the timeline for its review,” BioNTech said in a statement.
As the global health crisis continues, BioNTech said it will continue to provide clarity around all aspects of the vaccine development and regulatory processes.
“Our focus remains steadfast on working in close partnership with governments and regulators to bring our COVID-19 vaccine to people around the globe as safely and as efficiently as possible to help bring an end to this devastating pandemic,” the company added.
At this time, it is unclear if documents for other vaccines, such as the mRNA vaccine developed by Moderna, were affected in the attack. It is also unclear when the attack occurred, if there were more than one attack on the data and what groups may be responsible. The EMA said it was conducting an investigation into the cyberattack and was cooperating with law enforcement.
“EMA cannot provide additional details whilst the investigation is ongoing. Further information will be made available in due course,” the agency said in a brief statement.
Cyberattacks are becoming an increasingly serious problem for the pharmaceutical industry, particularly for those companies developing vaccines and therapies for COVID-19. Just last week, AstraZeneca was attacked by hackers who attempted to gain COVID-19 research. A North Korean hacking collective known as Kimsuky was thought to be behind the attack. In addition to COVID-19 research, Kimsuky has also attempted to steal national security data.
As BioSpace previously reported, AstraZeneca was not the sole target of that attack. Life sciences giant Johnson & Johnson and Maryland-based Novavax, both of which are developing vaccines against COVID-19, were also targeted. Three South Korean pharma companies, Genexine, Inc., Shin Poong Pharmaceutical Co. and Celltrion Healthcare, were also targets of the scheme.
In July, the U.S. Department of Justice indicted two Chinese hackers for attempting to steal trade secrets, including COVID-19 research from pharma companies. Li Xiaoyu and Dong Jiazhi were charged with probing networks for vulnerabilities in an attempt to steal vaccine research.
Last year, the federal National Counterintelligence and Security Center (NCSC) pegged biotechnology as a rich target for foreign hackers. According to the report, “biomaterials, biopharmaceuticals and new vaccines and drugs as of particular interest” to foreign hackers. Additionally, the government report said hackers are interested in garnering information on advanced medical devices, infectious disease treatment and genetically modified organisms.