Documents related to the development of the Pfizer-BioNTech Covid-19 vaccine were “unlawfully accessed” in a cyberattack on Europe’s medicines regulators, the firms have said.
The European Medicines Agency (EMA) confirmed on Wednesday that it had been subjected to a cyberattack but did not provide any details beyond saying a “full investigation” had been launched.
But the German half of the vaccine partnership, BioNTech, said in a statement that they were informed by the EMA that some documents related to “regulatory submission for” the vaccine had been accessed.
“It is important to note that no BioNTech or Pfizer systems have been breached in connection with this incident and we are unaware that any study participants have been identified through the data being accessed,” added the firm.
The EMA, which authorises the use of medicines across the EU, assured BioNTech that the attack “will have no impact on the timeline for its review”. The agency is due to complete its review by 29 December.
It was not immediately clear when or how the attack took place, who was responsible or what other information may have been compromised.
BioNTech said it is awaiting further information about the EMA’s investigation into the hacking and “will respond appropriately and in accordance with EU law”.
The firm added that it sought to provide “clarity” around all aspects of the vaccine development and regulatory processes given the “critical public health considerations and the importance of transparency”.
Cyberattacks on healthcare and medical organisations have increased during the coronavirus pandemic, carried out by attackers ranging from state-backed spies to cyber criminals wanting to obtain the latest information about the outbreak.
In the summer, the UK’s National Cyber Security Centre (NCSC) warned that Russian intelligence had targeted organisations working on successful vaccines in the UK, US and Canada.
More recently, IBM said an international vaccine supply chain had been targeted by cyber-espionage after it tracked a campaign aimed at the delivery “cold chain” used to transport vaccines.
IBM said the identity of the attacker was unclear, but the sophisticated methods indicated it was a nation state.
Responding to the hack on the EMA, a spokesperson for the NCSC said: “The NCSC is supporting vital vaccine research and manufacture to defend against cyber threats.
“We are working with international partners to understand the impact of this incident affecting the EU's medicine regulator, but there is currently no evidence to suggest that the UK's medicine regulator has been affected.”