Novo Nordisk Cyberattack: Clinical Trial Data Stolen

Novo Nordisk confirms hackers stole pseudonymised clinical trial participant data. Here's what cloud security teams should consider in response.

12 June 2025 · ZX Cloud Security

🟠 High | Source: The Register — Security

Novo Nordisk, the pharmaceutical company behind the weight-loss drug Wegovy, has confirmed that hackers stole data relating to clinical trial participants. The company states the exposed records were pseudonymised, meaning direct identification of individuals is limited, though re-identification risks remain a concern. The breach comes as the UK’s medicines regulator approved a pill form of Wegovy, placing the company under heightened public scrutiny.

Security Architect’s Take: Review data classification and access controls for any systems handling pseudonymised research or clinical trial data — pseudonymisation alone is insufficient if attackers can correlate datasets. Ensure clinical and research data environments are segmented from corporate networks, with egress monitoring and DLP controls applied to bulk data exports.

Original advisory: Novo Nordisk reports cyberattack as UK gives Wegovy pill the nod

+++ title = "Subscribe to ZX Cloud Security" description = "Get daily cloud security advisories, CVEs, and threat intelligence for AWS, GCP and Azure architects — delivered to your inbox every morning." slug = "subscribe" draft = false +++ <div style="max-width: 560px; margin: 2rem auto; text-align: center;"> <p style="font-size: 16px; line-height: 1.7; margin-bottom: 1.5rem;"> Join cloud security architects and engineers who start every morning with the ZX Cloud Security daily digest — Critical and High severity advisories across AWS, Azure and GCP, each with a practical <strong>Security Architect's Take</strong> on what to do about it. </p> <ul style="text-align: left; display: inline-block; margin-bottom: 2rem; line-height: 2;"> <li>🔴 Critical and High advisories prioritised first</li> <li>🤖 AI-enriched with architect-level context</li> <li>☁️ Covers AWS, Azure, GCP and general security</li> <li>📬 Delivered daily at 06:00 UTC</li> <li>✅ Free. No spam. Unsubscribe anytime.</li> </ul> <form action="https://buttondown.com/api/emails/embed-subscribe/zxcloudsecurity" method="post" style="display: flex; flex-direction: column; align-items: center; gap: 0.75rem;" > <input type="email" name="email" id="bd-email" placeholder="your@email.com" required style="width: 100%; max-width: 360px; padding: 0.75rem 1rem; border-radius: 6px; border: 1px solid var(--border); background: var(--entry); color: var(--primary); font-size: 15px;" /> <input type="submit" value="Subscribe — it's free" style="width: 100%; max-width: 360px; padding: 0.75rem 1rem; border-radius: 6px; background: var(--primary); color: var(--theme); border: none; cursor: pointer; font-size: 15px; font-weight: 500;" /> </form> <p style="font-size: 12px; color: var(--secondary); margin-top: 1rem;"> Powered by <a href="https://buttondown.com" target="_blank" style="color: var(--secondary);">Buttondown</a>. Your email is used solely for sending the ZX Cloud Security digest. </p> </div>