Novo Nordisk Confirms Cyber Attack — Hackers Accessed Patient Medical Data and Internal AI Assets
Cybersecurity NewsArchived Jun 16, 2026✓ Full text saved
Danish pharmaceutical giant Novo Nordisk has confirmed a cyberattack in which threat actors gained unauthorized access to internal IT systems, exfiltrating pseudonymized patient data from clinical trials and, according to the alleged attackers, a trove of proprietary AI model assets. Novo Nordisk disclosed the incident on June 11, 2026, stating that attackers copied “certain non-public […] The post Novo Nordisk Confirms Cyber Attack — Hackers Accessed Patient Medical Data and Internal AI Assets
Full text archived locally
✦ AI Summary· Claude Sonnet
HomeCyber Security
Novo Nordisk Confirms Cyber Attack — Hackers Accessed Patient Medical Data and Internal AI Assets
By Guru Baran
June 16, 2026
Danish pharmaceutical giant Novo Nordisk has confirmed a cyberattack in which threat actors gained unauthorized access to internal IT systems, exfiltrating pseudonymized patient data from clinical trials and, according to the alleged attackers, a trove of proprietary AI model assets.
Novo Nordisk disclosed the incident on June 11, 2026, stating that attackers copied “certain non-public data, including personal data” from a limited number of its internal IT systems.
The company, globally recognized as the maker of the weight-loss drugs Ozempic and Wegovy, confirmed that the breach specifically affected patient information associated with some of its ongoing clinical trials.
Affected data categories include patient IDs (random alphanumeric strings), sex, year of birth, biomarkers, health and immunogenicity data, and lifestyle factors such as BMI, smoking, and alcohol use.
Critically, the company stressed that no names or direct personal identifiers were exposed. “Based on the nature of the exposed data as pseudonymized, knowledge of patient identity would require access to further information, which was not part of the incident,” Novo Nordisk said in its official statement.
The company does not consider the breach to pose immediate risks to patients, though it has urged affected individuals to remain vigilant.
Healthcare professionals (HCPs) were also impacted, with names, registration numbers, email addresses, phone numbers, WhatsApp details, and office locations exposed.
A threat group calling itself Dragonfly has come forward claiming responsibility and alleging a far deeper intrusion than what Novo Nordisk has publicly confirmed. According to screenshots shared by the group, the stolen data allegedly includes:
A 16.7 GB trained AI model checkpoint (NovoPert — an internal multimodal model covering text, image, and transcriptomics)
A 407 MB proprietary biological/chemical training dataset
Full source code including modeling_novopert.py, train.py, and the complete training pipeline (~50 MB)
113 training runs with complete logs
Internal infrastructure maps covering HPC, Slurm, and SSH configurations.
53 GB+ container images
Developer identities, internal hostnames, and a private GitHub repository URL.
NOVO NORDISK HAS BEEN COMPROMISED. NOVO NORDISK HAS CONFIRMED THE COMPROMISE.
NOVO NORDISK IS THE COMPANY THAT BECAME FAMOUS AFTER PRODUCING WEIGHT LOSS DRUGS LIKE OZEMPIC AND WEGOVY
THE THREAT ACTOR(S) RESPONSIBLE FOR THE ATTACK HAS BEEN PLAYFULLY EXTORTING NOVO NORDISK… PIC.TWITTER.COM/8EUKIZLMVZ
— vx-underground (@vxunderground) June 15, 2026
Novo Nordisk has not confirmed these claims, and no ransomware strain has been identified.
The company has temporarily taken the compromised IT systems offline and brought in external cybersecurity experts to assess the full scope of the breach. Relevant authorities have been notified, and Novo Nordisk is working to restore affected systems in a “controlled and safe manner”. Core business operations, including drug manufacturing and distribution, remain fully operational.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
Tags
cyber security
cyber security news
Copy URL
Linkedin
Twitter
ReddIt
Telegram
Guru Baranhttps://cybersecuritynews.com
Gurubaran KS is a cybersecurity analyst, and Journalist with a strong focus on emerging threats and digital defense strategies. He is the Co-Founder and Editor-in-Chief of Cyber Security News, where he leads editorial coverage on global cybersecurity developments.
Trending News
How Threat Intelligence Feeds Help Automate SOCs to Reduce MTTR
Authorities Dismantle Cryptocurrency Laundering Services ‘AudiA6’ Used by Ransomware Gangs
Critical Vulnerability Chain in LangGraph Allows Attackers to Gain Full Server Control
Hackers Abuse SniperDz PhaaS Ecosystem for Brand Impersonation and Browser Hijacking
Cybercriminals Abuse Chinese-Language Guarantee Marketplaces to Trade Stolen Credentials
Latest News
Cyber Security News
Microsoft Teams Analyze the Wi-Fi Hotspot Data Connected to an Employee’s Device
Cyber Security News
PRC-Nexus Hackers Exploit REDCap Servers to Spy on US Medical Research Institutions
Cyber Security News
Infinite Campus Data Breach Exposes 137,000 Users Personal Details
Cyber Security News
OptinMonster Plugin Hack Exposes 1.2 Million WordPress Sites to Cyberattack
Cyber Security News
Ransomware Ecosystem Consolidates Around LockBit Alumni, Qilin, Hyflock, and The Gentlemen