Danish pharmaceutical giant Novo Nordisk has refused to pay a $25 million ransom after a cybercriminal group claimed to have stolen more than 1.3TB of sensitive company data.
The hackers allege they spent over two months inside the company’s systems before extracting confidential information, including clinical research, source code, employee records, and potentially patient-related data.
Novo Nordisk has acknowledged the breach, saying unauthorized access affected a limited number of internal systems. The company says it is working with cybersecurity experts and authorities while maintaining that its core operations remain unaffected.
What happened in the Novo Nordisk cyberattack?
According to the hackers, the breach was carried out by a group calling itself FulcrumSec, which claims it maintained access to Novo Nordisk’s internal systems for more than two months before stealing company data.
The group is demanding $25 million in exchange for not releasing or selling the allegedly stolen information.
After Novo Nordisk declined to pay, the hackers reportedly mocked the company’s cybersecurity defenses and threatened to monetize portions of the data through private sales.
What data do the hackers claim to have stolen?
FulcrumSec claims the stolen dataset includes:
- More than 1.3TB of company data.
- Source code.
- Clinical trial information.
- Details about current and future drug development.
- Employee records.
- Doctor and patient information.
However, these claims have not been independently verified, and the full scope of the alleged data theft remains unclear.
How has Novo Nordisk responded?
Novo Nordisk confirmed that unauthorized access affected a limited number of internal systems and that some personal information was copied without authorization.
The company said it has:
- Launched an internal investigation.
- Engaged external cybersecurity specialists.
- Notified relevant authorities.
- Continued normal business operations while assessing the incident.
The pharmaceutical company has not indicated that it plans to negotiate with the attackers or pay the ransom.
Why are healthcare companies frequent cyberattack targets?
Healthcare and pharmaceutical organizations have become attractive targets because they hold large volumes of valuable information, including:
- Medical records.
- Patient data.
- Drug research.
- Clinical trial results.
- Intellectual property.
- Financial information.
Unlike many other industries, pharmaceutical companies also possess years of proprietary research that can be valuable for espionage, extortion, or sale on underground marketplaces.
Why is refusing to pay a ransom becoming more common
Many organizations now avoid paying ransomware demands because there is no guarantee that attackers will delete stolen data or refrain from publishing it afterward.
Law enforcement agencies in several countries also discourage ransom payments, arguing they can encourage future attacks and fund criminal operations.
Instead, companies increasingly focus on:
- Incident response.
- System recovery.
- Customer notification.
- Security upgrades.
- Cooperation with investigators.
What happens next?
Novo Nordisk says its investigation is ongoing and that it is strengthening its cybersecurity defenses while working with authorities to determine the full extent of the breach.
Meanwhile, cybersecurity researchers continue to assess the hackers’ claims. Until independent verification is available, the reported size and contents of the alleged 1.3TB data haul should be treated with caution.
The bigger picture
The Novo Nordisk incident highlights the growing cybersecurity risks facing the global healthcare industry. As pharmaceutical companies generate vast amounts of sensitive research and patient data, they have become increasingly attractive targets for ransomware groups seeking multimillion-dollar payouts.
While Novo Nordisk has rejected the attackers’ $25 million demand, the breach serves as another reminder that cybersecurity has become as critical to modern healthcare as scientific research itself.
TL;DR
- Novo Nordisk says it was targeted in a major cyberattack.
- Hacker group FulcrumSec claims it stole more than 1.3TB of sensitive data.
- The attackers demanded a $25 million ransom, which Novo Nordisk refused to pay.
- The company confirmed unauthorized copying of some personal information but said business operations continue normally.
- Independent experts have not verified the hackers’ full claims about the volume or contents of the stolen data.