EMA hit by cyberattack, Pfizer-BioNTech documents accessed

In a scant notice posted to its website on Wednesday, the European Medicines Agency (EMA) divulged that it has been hit by a cyberattack. While the agency did not reveal any details about the extent of the attack, German vaccine developer BioNTech issued a statement saying that documents related its COVID-19 vaccine developed in partnership with Pfizer were “unlawfully accessed.”

“It is important to note that no BioNTech or Pfizer systems have been breached in connection with this incident and we are unaware that any study participants have been identified through the data being accessed. At this time, we await further information about EMA’s investigation and will respond appropriately and in accordance with EU law. EMA has assured us that the cyber attack will have no impact on the timeline for its review,” BioNTech stated in its press release announcing the attack.
 
In its notice, EMA said it “swiftly launched a full investigation, in close cooperation with law enforcement and other relevant entities,” upon learning of the attack but is unable to provide further details while the investigation is ongoing.
 
While there is currently no indication as to who is responsible for the attack, cybersecurity authorities around the world have warned of increased attacks amid the COVID-19 pandemic targeting researchers, pharmaceutical companies, health agencies and the vaccine supply chain.
 
EMA has not disclosed when the attack occurred and it is unclear whether documents related to any other COVID-19 vaccines were accessed. The agency is currently reviewing COVID-19 vaccines being developed by Pfizer/BioNTech, Moderna, AstraZeneca/Oxford University and Janssen and is expected to make its first conditional marketing authorization decisions around the end of the year. (RELATED: Pfizer, Moderna apply for EMA authorization; Janssen's candidate begins rolling review, Regulatory Focus 1 December 2020).

A spokesperson for Moderna told Focus it has not been notified by EMA about any data breaches related to its submission.
 
“We have not received notification of Moderna experiencing this specific data violation from the European Medicines Agency, but we are engaged with them and monitoring the situation. Moderna remains highly vigilant to potential cybersecurity threats, maintaining an internal team, external support services and good working relationships with outside authorities to continuously assess threats and protect our valuable information and that of our trial participants,” the spokesperson said.

EMA said it will provide further information “in due course.” A spokesperson for the agency told Focus that “the agency is functional and work continues.”
 
EMA

Editor's note: this article has been updated with comment from Moderna.