Home / Early Warning / Cybersecurity Highlights / Cyberattack on the European Medicines Agency

Cyberattack on the European Medicines Agency

12/09/2020

The European Medicines Agency (EMA), which is responsible for the evaluation, monitoring and supervision of new medicines introduced into the EU for human and veterinary use, has been reported as target of a cyberattack.

It is reported, as explained in its press release, that there was illegitimate access to some documents related to the COVID-19 vaccine, BNT162b2, submitted by Pfizer and BioNTech laboratories, which were hosted on an EMA server.

So far, research is ongoing in collaboration with law enforcement and other entities, and it has been reported that neither BioNTech or Pfizer systems nor other study participants’ data have been compromised.

[Update 14/12/2020]:

Moderna, a U.S. biotechnology company, has also reported unauthorized access to certain documents related to its COVID-19 vaccine, called mRNA-1273, after being informed by the EMA. The incident has not affected data identifying study participants or Moderna's own systems. An investigation is currently underway.

[Update 15/01/2021]:

The ongoing investigation has revealed that the cyberattack was limited to an IT application and that certain confidential data related to COVID-19 medicines and vaccines, as well as other third party documents, were compromised and leaked on the Internet.

Among them, there are internal emails, dating from November, relating to the vaccine evaluation processes, which information, as the EMA confirms, was modified before their publication, which could undermine trust in the vaccines.