Novo Nordisk, the pharmaceutical company behind the weight-loss drug Wegovy, has confirmed that hackers stole data relating to clinical trial participants. The company states the exposed records were pseudonymised, meaning direct identification of individuals is limited, though re-identification risks remain a concern. The breach comes as the UK’s medicines regulator approved a pill form of Wegovy, placing the company under heightened public scrutiny.

Security Architect’s Take: Review data classification and access controls for any systems handling pseudonymised research or clinical trial data — pseudonymisation alone is insufficient if attackers can correlate datasets. Ensure clinical and research data environments are segmented from corporate networks, with egress monitoring and DLP controls applied to bulk data exports.

Original advisory: Novo Nordisk reports cyberattack as UK gives Wegovy pill the nod