The US pharmaceutical firm Pfizer and its German partner BioNTech have reported that records relating to the development of their COVID-19 vaccine have been “unlawfully accessed” in a cyberattack against the European drug regulator.
Hours earlier, the European Medicines Agency (EMA), which reviews medicines and vaccines for the European Union (EU), said it had been targeted in a cyber attack. It gave no additional details.
No personal data compromised
Pfizer and BioNTech said they did not believe that any personal data of the participants in the trial had been compromised and EMA “has assured us that the cyber attack will not affect the timeline for its review.” When or how the attack took place, who was responsible or what other details might have been compromised is not clear currently.
The two companies said they had been informed by the EMA “that the agency has been subject to a cyber attack and that some documents relating to the regulatory submission for Pfizer and BioNTech’s COVID-19 vaccine candidate” had been viewed.
Such documents could be extremely valuable to other countries and companies rushing to develop vaccines, experts said.
“When it comes to the data submitted to these kinds of regulatory bodies, we are talking confidential information about the vaccine and its mechanism of action, its efficiency, its risks & known possible side effects and any unique aspects such as handling guidelines,” said experts.
“It also provides detailed information on other parties involved in the supply and distribution of the vaccine and potentially significantly increases the attack surface for the vaccine,” they added.
The EMA said it would complete its review by 29 December, although it could alter its schedule. The EMA statement offered little information about the attack, only saying it was investigating with the help of law enforcement.
The Pfizer-BioNTech vaccine is a top contender in the global race to beat back COVID-19. It is being administered in Britain already.
COVID-19 related cyberattacks
Hackers affiliated with governments such as Russia and China have been accused of targeting businesses and research institutions working on COVID-19 research since the pandemic started. International Business Machines (IBM) cybersecurity researchers, for example recently disclosed that unknown hackers, potentially connected to a nation-state, were targeting companies and government agencies involved in the delivery of vaccines.
In addition, in November, US-based tech company Microsoft said hackers in Russia and North Korea had targeted seven “prominent” companies working on vaccines and treatment research. Microsoft, which didn’t identify the companies, said the majority of the attacks were blocked.
The respiratory virus, which reportedly emerged in China in late 2019, has infected more than 68 million people worldwide even as the world races to find a vaccine to prevent it from causing further harm to the global health and economy.