Attackers gained unauthorized access to Novo Nordisk's internal IT systems, extracting pseudonymized clinical trial patient data and personal information of healthcare professionals. The patient data lacks direct identifiers, making re-identification difficult without additional information. Healthcare professionals' personal contact details were exposed, raising phishing risks. Novo Nordisk has isolated compromised systems and is conducting an ongoing investigation to assess the breach's full scope and impact. The company has not disclosed the breach detection date or the total number of affected individuals. Core business functions continue to operate normally.

The breach exposed pseudonymized patient data from clinical trials, which does not include direct identifiers, limiting the risk of patient re-identification. However, personal data of healthcare professionals, including names and contact information, was exposed, increasing their risk of targeted phishing and social engineering attacks. No impact on Novo Nordisk's core business operations was reported.

Novo Nordisk has taken the compromised internal IT systems offline and is working with external cybersecurity experts to investigate and remediate the breach. Core business operations remain unaffected. Affected healthcare professionals have been warned to be vigilant against phishing attempts via email, phone, WhatsApp, or fraudulent messages. No official patch or fix is applicable as this is a breach incident rather than a software vulnerability. Organizations should monitor communications for phishing attempts targeting exposed individuals.