U.S. drug company Pfizer
PFE,
and its German partner BioNTech
BNTX,
said late on Wednesday that documents relating to their COVID-19 vaccine were “unlawfully accessed” after a cyberattack on Europe’s medicines regulator.
The European Medicines Agency, or EMA, which authorizes the use of medicines across the European Union, had earlier disclosed that it had been targeted in a cyberattack.
“The Agency has swiftly launched a full investigation, in close cooperation with law enforcement and other relevant entities,” the EMA said in a brief statement. It added that it couldn’t provide additional details whilst the investigation is ongoing.
Following the disclosure, BioNTech
0A3M,
said that documents included in its regulatory submission, which had been stored on an EMA server, had been accessed.
“It is important to note that no BioNTech or Pfizer systems have been breached in connection with this incident and we are unaware that any study participants have been identified through the data being accessed,” BioNTech said in a statement on its website.
“At this time, we await further information about EMA’s investigation and will respond appropriately and in accordance with EU law. EMA has assured us that the cyberattack will have no impact on the timeline for its review,” the company added.
The EMA, which authorizes the use of medicines across the EU, is working on approval of the Pfizer–BioNTech vaccine candidate, as well as the experimental shot being developed by U.S. biotech Moderna
MRNA,
,
and expects to conclude its review by Dec. 29.
The regulator has been carrying out rolling reviews of vaccine candidates, including those made by drug company AstraZeneca
AZN,
and the University of Oxford, for months. So-called rolling reviews allow drugmakers to submit data as they become available, rather than once development work is concluded.
Read: AstraZeneca-Oxford COVID shot is ‘safe and effective,’ full trial data show
BioNTech
22UA,
said it had made the details of the hack public, “given the critical public health considerations and the importance of transparency”.
Its comments came in the same week that a 90- year-old woman in the U.K. became the first person in the world to be given the Pfizer–BioNTech COVID-19 shot outside of trials, as part of a mass vaccination program in the country.
Read: World watches as first person receives Pfizer-BioNTech COVID shot
A spokesperson for the U.K.’s National Cyber Security Centre, or NCSC, a branch of the intelligence agency GCHQ, said: “The NCSC is supporting vital vaccine research and manufacture to defend against cyber threats.
“We are working with international partners to understand the impact of this incident affecting the EU’s medicine regulator, but there is currently no evidence to suggest that the U.K.’s medicine regulator has been affected,” the spokesperson added.
Regulators have intensified their warnings in recent weeks about hacking threats against vaccine makers and public health bodies during the COVID-19 pandemic.
Read: How spies are helping to combat surge in COVID-19 cybercrime attacks
Last month, the NCSC said that more than a quarter of all cyber threats it handled involved criminals and hostile states exploiting the COVID-19 pandemic, according to its latest report. U.K. spies detected 723 incidents in the 12 months to end of Aug. 31, a 10% rise from 658 in the same period in 2019, the NCSC said in its annual review published on Nov. 4.
Just days earlier, U.S. federal agencies warned that the U.S. health-care system is facing an “increased and imminent” threat of cybercrime. In September, a ransomware attack hit hospital chain Universal Health Services, which operates more than 250 hospitals, forcing doctors and nurses to rely on paper backup systems.