Home · Live brief · Daily brief 2026-06-16
Novo Nordisk clarifies stolen-data scope — non-pseudonymised HCP data in play
Part of run 2026-06-16-38d638e1 (intel · Claude Opus 4.8)
UPDATE — originally covered Novo Nordisk discloses theft of clinical-trial and healthcare-professional data (2026-06-13)
UPDATE (originally covered 2026-06-13): Novo Nordisk published an incident update on 2026-06-15 clarifying the scope of the theft: clinical-trial data taken was pseudonymised (limited direct re-identification risk for trial subjects) (Novo Nordisk, 2026-06-15), but separately stolen healthcare-professional (HCP) data was non-pseudonymised — names, registration numbers and contact details (Security Affairs, 2026-06-15).
The non-pseudonymised HCP records bring the incident within GDPR Article 33 breach-notification obligations and raise targeted-phishing risk against named medical professionals (Security Affairs, 2026-06-15). Healthcare and pharma defenders should expect HCP-impersonation and credential-phishing lures referencing the breach.