EMA Launches Investigation into Cyberattack

The European Medicines Agency has launched a full investigation into a cyberattack.

The European Medicines Agency (EMA) has announced it has launched a full investigation into a cyberattack. The regulatory agency will be working in close cooperation with law enforcement and other relevant entities, it was reported in a Dec. 9, 2020 press release.

In a press release, BioNTech announced that the breach of data was pertaining to documents relating to the regulatory submission of BNT162b2—Pfizer and BioNTech’s COVID-19 vaccine candidate. “It is important to note that no BioNTech or Pfizer systems have been breached in connection with this incident and we are unaware that any study participants have been identified through the data being accessed … EMA has assured us that the cyberattack will have no impact on the timeline for its review,” it was reported in the release.

Commenting on EMA’s announcement, Mark Hendry, director of Data Protection and Cyber Security at DWF said, “The disclosure of this cyberattack has very little information attached to it which is understandable whilst its investigations and other response measures are ongoing. Despite some ransomware attack groups making public statements regarding a ceasefire against organizations operating in the health sector during the COVID-19 pandemic, these organizations and sectors have continued to experience cyberattacks.”

Candid Wüest, vice president of Cyber Protection Research at Acronis, also commented on EMA’s announcement, stating, “The attack is likely to have been caused by phishing or some other form of social engineering. The company stated that their systems were not breached, which leads me to believe it was due to something like ransomware or a direct attack on their network. This could be a hacked email account of an EMA employee who received this information from the drug makers—perhaps their personal device was compromised.”

EMA has specified that although no additional information is available at this time or while the investigation is ongoing, it will make further information available in due course.

Sources: EMA, BioNTech, DWF, Acronis