Novo Nordisk, the world’s largest insulin producer and maker of Ozempic and Wegovy, has disclosed a security breach in which attackers accessed its internal IT systems and copied data without authorization. The stolen information includes data from clinical trials: patient IDs, trial participation records, health biomarkers, immunogenicity data, and lifestyle factors such as BMI, smoking status, and alcohol use. Personal information belonging to healthcare professionals involved in those trials — including names, registration numbers, email addresses, phone numbers, and office locations — was also taken.
Novo Nordisk says the patient data was “pseudonymized,” meaning names were not directly attached to the health records, reducing the risk of individual identification. However, healthcare professionals working on the trials had their full contact details exposed. Novo Nordisk is warning those individuals to stay alert for targeted phishing attempts that may use their real names and affiliations to appear legitimate. The company is working with external cybersecurity experts and has taken compromised systems offline, while core business operations have continued normally.