Novo Nordisk Says Hack Exposed Clinical-Trial Data, 1 Group Later Claims $25 Million Ransom
Updated
Updated · SecurityWeek · Jun 16
Novo Nordisk Says Hack Exposed Clinical-Trial Data, 1 Group Later Claims $25 Million Ransom
3 articles · Updated · SecurityWeek · Jun 16
Summary
Novo Nordisk said unauthorized access hit a limited number of internal IT systems and exposed personal data tied to some clinical-trial participants, though not names or other direct identifiers.
The compromised trial data included random patient IDs, participation details, sex, birth year, biomarkers, health or immunogenicity data, and lifestyle factors; affected healthcare providers may also have had contact and office details exposed.
The company said the exposed records could not by themselves identify trial participants because the underlying identity information was not accessed.
No cybercrime group had publicly claimed the attack when Novo Nordisk posted its notice, though a later report said FulcrumSec alleged it stole more than 1 terabyte of data and sought a $25 million ransom.
When hackers claim to spare patient data, is it a new code of ethics or a clever extortion tactic?
With AI models now a prime target, is corporate espionage entering a dangerous new phase?
1.3TB Data Breach at Novo Nordisk: FulcrumSec Attack Exposes Clinical Trials, AI Models, and Industry Vulnerabilities
Overview
In June 2026, FulcrumSec launched a cyberattack on Novo Nordisk, gaining unauthorized access to internal IT systems and stealing 1.3 terabytes of sensitive data, including personal details of employees, physicians, and around 11,500 pseudonymised clinical trial patients, as well as operational technology and AI model information. After initial access in March, FulcrumSec contacted Novo Nordisk in June and later posted evidence of their breach. Instead of demanding ransom through encryption, FulcrumSec adopted a 'harm-reduction strategy,' publicly stating they would not share certain categories of stolen data, highlighting a shift toward selective data withholding and negotiation rather than traditional ransomware tactics.