A cyber extortion group called FulcrumSec claims to have breached Novo Nordisk, stealing about 1.3 terabytes of data, including source code, drug research, clinical-trial records, employee and physician information, production-system details, and internal AI model data.

Novo Nordisk disclosed the incident on June 11, noting a prolonged unauthorized access window before it became public.

The company says it did not pay the ransom; FulcrumSec claims data is or will be on the market, and Novo Nordisk remains in a cautious defensive posture.

The breach underscores ongoing privacy, IP, AI asset, and research integrity risks for healthcare and pharma, urging stronger identity security and continuous monitoring.

The incident highlights the risk to patient data and the potential leakage of valuable AI-driven drug discovery assets.

Regulators and law enforcement are being notified as part of the response.

The data’s high value on criminal markets, tied to healthcare and research relevance for fraud and phishing, fits a pattern of recent healthcare breaches.

Clinical-trial data exposed include non-identifying patient IDs, sex, birth year, biomarkers, immunogenicity, and lifestyle factors; direct participant identification would require additional data.

The breach reinforces ongoing cybersecurity risks for major pharma firms and follows other breaches affecting diverse sectors, with attackers threatening data sales if ransoms aren’t paid.

FulcrumSec describes leakage of proprietary drug info, trial data, source code, processing facility details, and 30 trained AI models across 70 datasets, with initial access via exposed credentials in March, though verification is pending.

Security implications include the value and vulnerability of clinical trial data, proprietary research, and AI models, and the risk of long dwell times indicating gaps in detection and credential management.

Novo Nordisk has launched a cybersecurity investigation with external experts, temporarily taking some internal systems offline while operations continue, and has informed regulators and law enforcement.