On the heels of a previously-reported cyberattack on the European Medicines Agency (EMA), cybercriminals have spilled compromised data related to COVID-19 vaccinations onto the internet.
The EMA is an agency of the European Union in charge of the evaluation and supervision of medicinal products in the E.U, similar to the FDA in the U.S. In December, the agency disclosed that threat actors broke into its server and accessed documentation about the vaccine from Pfizer and BioNTech. Specifically accessed were some documents relating to the regulatory submission for the companies’ COVID-19 vaccine candidate, BNT162b2, which was stored on the EMA server, a Pfizer spokesperson confirmed to Threatpost.
Fast forward to this week, when “the ongoing investigation of the cyberattack on EMA revealed that some of the unlawfully accessed documents related to COVID-19 medicines and vaccines belonging to third parties have been leaked on the internet.” According to a Tuesday update from the EMA on its website, “necessary action is being taken by the law-enforcement authorities.”
The EMA has not disclosed detailed specifics of the cyberattack, including the timeframe, the initial point of compromise and what specific data on these regulatory submission documents was accessed. In its Tuesday update, it said it continues to notify “additional entities and individuals whose documents and personal data may have been subject to unauthorized access.”
However, the networks of the EMA remain fully functional and the timelines related to the evaluation and approval of COVID-19 vaccines are not affected, the agency stressed. The BNT162b2 vaccine has been rolled out across the U.K. and is in the process of being approved and rolled out in other countries. Of note, Pfizer and BioNTech submitted vaccine approval requests to European drug regulatory bodies on Dec. 1.
Threatpost has reached out to the EMA, Pfizer and BioNTech for further comment.
“It is important to note that no BioNTech or Pfizer systems have been breached in connection with this incident, and we are unaware of any personal data being accessed,” a Pfizer spokesperson said. “At this time, we await further information about EMA’s investigation and will respond appropriately and in accordance with E.U. law…. Our focus remains steadfast on working in close partnership with governments and regulators around the world to bring our COVID-19 vaccine to people around the globe as safely and as efficiently as possible to help bring an end to this devastating pandemic.”
The cyberattack comes during the mass rollout of various COVID-19 vaccines worldwide. Documents about these vaccines – and the development process behind them – can be used for malicious intent of various stripes, such as espionage or financial cyberattacks.
One other reason for cybercriminals to publish such data on the internet could be to create noise or misinformation, Dirk Schrader, global vice president at New Net Technologies told Threatpost. Or, it could be about gaining glory in the underground.
“EMA, as a European institution, is certainly considered a hard target,” said Schrader. “This might be the simplest reason for the documents being published, as a kind of proof among hacking groups.”
Cybercriminals have been tapping into the vaccine rollout with everything from simple phishing scams all the way up to sophisticated Zebrocy malware campaigns. Earlier in December, it was revealed that the Lazarus Group APT and other sophisticated nation-state actors were actively trying to steal COVID-19 research to speed up their countries’ vaccine-development efforts. That added onto previously reported espionage attacks on vaccine-makers AstraZeneca and Moderna.
Joseph Carson, chief security scientist and advisory CISO at Thycotic, told Threatpost that the incident is a hard reminder that cybercriminals will try to gain unauthorized access and steal sensitive information linked to COVID-19 – especially any details related to vaccines.
“Any company or government working on COVID-19 vaccines or testing must increase the priority of cybersecurity especially privileged access as they will continue to be directly targeted by cyberattacks, while right now vaccines are being distributed there is no time for complacency,” Carson told Threatpost. “The latest updated statement released by the EMA, who is the victim of this recent data breach, indicates that the regulatory submission had been accessed unlawfully and now leaked which is a reminder that privileged access security is and will continue to be a challenge for companies to get in control and it must be a top priority for security.”
Supply-Chain Security: A 10-Point Audit Webinar: Is your company’s software supply-chain prepared for an attack? On Wed., Jan. 20 at 2p.m. ET, start identifying weaknesses in your supply-chain with actionable advice from experts – part of a limited-engagement and LIVE Threatpost webinar. CISOs, AppDev and SysAdmin are invited to ask a panel of A-list cybersecurity experts how they can avoid being caught exposed in a post-SolarWinds-hack world. Attendance is limited: Register Now and reserve a spot for this exclusive Threatpost Supply-Chain Security webinar – Jan. 20, 2 p.m. ET.