EU healthcare body assures pharma giants that attack ‘will have no impact’ on vaccine authorization timeline

European Medicines Agency cyber-attack: coronavirus vaccine documents unlawfully accessed, claim Covid-19 developers Pfizer and BioNTech

Pfizer and BioNTech have claimed that regulatory documents related to their jointly developed Covid-19 vaccine were “unlawfully accessed” during a cyber-attack on the European Medicines Agency (EMA).

In a statement (PDF) issued yesterday (December 9), the pharmaceutical giants said “some documents relating to the regulatory submission” of vaccine candidate BNT162b2 had “been stored on an EMA server”.

It added: “EMA has assured us that the cyber-attack will have no impact on the timeline for its review.”

The statement also said that no BioNTech or Pfizer systems had been breached in connection with the incident.

It added: “We are unaware that any study participants have been identified through the data being accessed.”

‘Not surprising’

Mikko Hyppönen, chief research officer at Finnish cybersecurity firm F-Secure, said: “Intelligence agencies have a job of defending their nations from outside threats. Attackers will find the easiest way to gain access to the data they are after.

“In that sense it’s not surprising to see intelligence agencies try to steal vaccine research data, if they see Covid-19 as one of those outside threats and if they believe that stealing research data makes it easier to defend their nations.”

Hyppönen said that while Pfizer and BioNTech could bolster their own cyber defenses, “there’s nothing they could do to protect their research data when it was going through regulatory processing on governmental systems.”

In a brief statement, the EMA, which reviews vaccine trial data before deciding whether to authorize their use across 27 EU member states, confirmed that it had “been the subject of a cyber-attack”.

RELATED Fake websites and false cures: Interpol warns of Covid-19 vaccine scams

“The Agency has swiftly launched a full investigation, in close cooperation with law enforcement and other relevant entities,” it continued.

“EMA cannot provide additional details whilst the investigation is ongoing. Further information will be made available in due course.”

In response to questions from The Daily Swig, The EMA declined to comment on the BioNTech-Pfizer statement or the cyber-attack’s impact.

The Amsterdam-based regulator is expected to issue a decision on whether to grant conditional approval for Pfizer-BioNTech’s vaccine by the end of the month. The vaccine has already received emergency approval in the UK and Canada.

An EMA decision is also imminent on Moderna’s vaccine, with reviews of trials conducted by Oxford University-AstraZeneca and Johnson & Johnson still ongoing.

Other vaccine cyber-attacks

The latest cyber-assault on organizations involved in the development and distribution of Covid-19 vaccines comes only a week after the Wall Street Journal reported that cybercriminals had targeted Johnson & Johnson, Novavax, AstraZeneca, and South Korean laboratories.

Read more of the latest healthcare security news

El Pais, meanwhile, revealed in September that Chinese hackers exfiltrated information from Spanish research centers involved in vaccine development.

And last week, IBM said it had tracked a cyber-espionage campaign launched by suspected state-sponsored actors that targeted the delivery “cold chain” used to keep vaccines at the optimum temperature during transportation.

READ MORE ‘Nation-state hack’ on cybersecurity firm FireEye rumored to be Russian cybercrime group