The American pharmaceutical manufacturer Pfizer and its German partner BioNTech said on Wednesday that documents related to the development of their COVID-19 vaccine had been “illegally displayed” in a cyber attack against the European Medicines Agency.
The European Medicines Agency (EMA), which evaluates medicines and vaccines for the European Union, said hours earlier that it had focused on a cyber attack. It gave no further details.
Pfizer and BioNTech said they did not believe any personal data from the trial participants had been compromised and EMA “has assured us that the cyberattack will have no impact on the timeline for its review.”
It was not immediately clear when or how the attack took place, who was responsible or what other information may have been compromised.
The two companies said they had been informed by the EMA “that the agency has been the target of a cyberattack and that certain legislative documents for Pfizer and BioNTech’s COVID-19 vaccine candidate” have been reviewed.
Such documents can be extremely valuable to other countries and companies rushing to develop vaccines, experts say.
“Regarding the information provided to this type of regulatory body, we are talking about confidential information about the vaccine and its mechanism of action, its effectiveness, its risks and known possible side effects and all the unique aspects such as management guidelines,” said Marc Rogers, founder of a volunteer group Covid-related violations, CTI-League.
“It also provides detailed information on other parties involved in the delivery and distribution of the vaccine and potentially significantly increases the attack surface of the vaccine,” adding more ways that the formulas or production can be hacked or stolen.
The companies said that “no BioNTech or Pfizer systems have been broken in connection with this incident and we are not aware that participants in the study have been identified by the data obtained.”
A spokeswoman for BioNTech declined further comment. Pfizer did not respond to a request for comment.
The Pfizer BioNTech Vaccine is a top challenger in the global race to repel COVID-19. It is already administered in the UK.
The EMA has said it would complete its review on December 29, although its schedule may change.
The EMA statement gave few details about the attack and said that it was only investigated with the help of law enforcement.
“The EMA cannot provide additional information while the investigation is ongoing,” a statement said.
U.S. law enforcement and cyber security authorities did not respond to a request for comment.
Hacking attempts against health care organizations have intensified during the COVID-19 pandemic as attackers range from state-sponsored spies to cybercriminals.
Reuters has previously reported allegations that hackers linked to North Korea, South Korea, Iran, Vietnam, China and Russia on various occasions have tried to steal information about the virus and potential treatments.
Reuters has documented that espionage campaigns target a number of drug and vaccine development companies including Gilead, Johnson & Johnson, Novavax and Moderna. Regulators and international organizations such as the World Health Organization have also been subjected to repeated attacks.
“Vaccine candidates represent liquid gold for many parties, both in terms of opportunity and pure market value,” said Rogers, who is also vice president of security firm Okta Inc. “Information about the vaccine and access to all links in the distribution chain has significantly increased value. ”
The respiratory virus, which emerged in China in late 2019, has infected more than 68 million people worldwide, according to a Reuters report. More than 1.5 million people have died.