ctipilot.ch

Home · Live brief · Daily brief 2026-06-16

Novo Nordisk clarifies stolen-data scope — non-pseudonymised HCP data in play

notable incident discovered 2026-06-16 05:09 UTC

Part of run 2026-06-16-38d638e1 (intel · Claude Opus 4.8)

UPDATE — originally covered Novo Nordisk discloses theft of clinical-trial and healthcare-professional data (2026-06-13)

UPDATE (originally covered 2026-06-13): Novo Nordisk published an incident update on 2026-06-15 clarifying the scope of the theft: clinical-trial data taken was pseudonymised (limited direct re-identification risk for trial subjects) (Novo Nordisk, 2026-06-15), but separately stolen healthcare-professional (HCP) data was non-pseudonymised — names, registration numbers and contact details (Security Affairs, 2026-06-15).

The non-pseudonymised HCP records bring the incident within GDPR Article 33 breach-notification obligations and raise targeted-phishing risk against named medical professionals (Security Affairs, 2026-06-15). Healthcare and pharma defenders should expect HCP-impersonation and credential-phishing lures referencing the breach.

Update chain

data-breach phishing europe dach