Cyberattack Exposes Patient Data From Novo Nordisk Clinical Trials

Novo Nordisk has disclosed a cybersecurity incident involving unauthorized access to a limited number of internal IT systems, with some patient data from clinical trials copied externally without authorization.

According to the company, the incident affected a limited amount of information related to patients participating in some Novo Nordisk clinical trials. The exposed data was not directly linked to patients by name or other direct identifiers, but may have included patient ID, trial participation information, sex, year of birth, biomarkers, health and immunogenicity data, and lifestyle factors such as smoking, alcohol use, or BMI.

Novo Nordisk has stated that it does not currently consider the incident to pose an immediate risk to trial participants, as identifying individuals would require access to additional underlying information that was not exposed. The company has also said that impacted parties are being informed as appropriate, and that patients do not need to take specific action at this stage.

Following the breach, Novo Nordisk launched an investigation with external cybersecurity experts and contacted relevant authorities. As part of its response, the company temporarily took certain internal IT systems offline and is working to restore affected systems in a controlled and safe manner. Novo Nordisk has said that its core business operations remain unaffected.

The incident highlights a growing concern for pharmaceutical companies and clinical research organizations: the protection of patient data within clinical trials. Trial participants often provide highly sensitive information, including biological, behavioral, and health-related data, in the expectation that it will be handled under strict confidentiality and security controls.

Even when data is pseudonymized, breaches involving clinical trial records can still raise important questions around privacy, trust, and research governance. Clinical studies rely on patient willingness to participate, and confidence in data protection is an essential part of maintaining that trust.

For healthcare professionals involved in clinical research, the incident reinforces the importance of clear communication with trial participants, robust data governance, and strong cybersecurity oversight across all systems that store or process patient-related information.

As clinical trials become increasingly digital, with more remote monitoring, connected devices, digital biomarkers, and centralized trial platforms, cybersecurity is becoming a core part of clinical research integrity.

The Novo Nordisk incident is another reminder that protecting patient data is not only a technical responsibility. It is central to patient trust, trial participation, and the future of clinical research.

G-Med excels in HCP marketing by blending digital innovation with data-driven insights, creating an effective platform for reaching healthcare professionals, offering various advertising solutions. By using G-Med to engage HCPs, share data reports, and explore innovative channels, marketers can deliver targeted, impactful messages that foster strong connections. G-Med’s approach ensures that each campaign is tailored, scientifically rigorous, and effective, aligning perfectly with the best practices for successful HCP marketing.   

Contact us today to learn more: Contact@g-med.com