The European Medicines Agency did not say what was targeted in the cyberattack or when it happened — although German firm BioNTech said the hackers “unlawfully accessed” vaccine approval documents.
“EMA has been the subject of a cyberattack. The agency has swiftly launched a full investigation, in close cooperation with law enforcement and other relevant entities,” the agency said.
The EMA added that it “cannot provide additional details whilst the investigation is ongoing,” but said further information would be released “in due course.”
The agency, which is the EU’s regulator of medications, did not provide details about what was targeted or when the attack took place.
Just after the announcement, however, German pharmaceutical firm BioNTech and US pharma giant Pfizer said some documents on their jointly-developed vaccine were accessed during the cyberattack.
BioNTech, which makes one of the vaccines in partnership with Pfizer, said its regulatory submission was accessed during the attack.
The EMA is working on approval of two Covid-19 vaccines, which it expects to conclude within weeks.
The cyber-attack was not expected to impact that timeline, BioNTech said.
The EMA did not provide any details on the nature of the cyber-attack in a brief statement on its website, beyond saying a full investigation had been launched.
A spokesperson for the agency said it was still “functional”.
But BioNTech, in a statement published on its website, said it had been told its documents had been accessed.
“Today, we were informed… that the agency has been subject to a cyber-attack and that some documents relating to the regulatory submission for Pfizer and BioNTech’s Covid-19 vaccine candidate, BNT162b2, which has been stored on an EMA server, had been unlawfully accessed,” it said.
“EMA has assured us that the cyber-attack will have no impact on the timeline for its review,” it added.
It said it had made the details of the hack public “given the critical public health considerations and the importance of transparency”.
And it also said it was “unaware” of any personal data of participants in its medical studies being compromised.
The EMA authorises the use of medicines across the European Union.
It is trying to decide if the Pfizer/BioNTech jab – which has just begun being rolled out in the UK – and another made by Moderna are safe for use in EU countries.
It is not clear if the Moderna documents have also been accessed.
The cyber-attack is the latest in a string of attacks and warnings about hacking threats against vaccine-makers and public health bodies.
The cyberattack comes amid concerns about hackers targeting coronavirus research and other cybercrimes related to the pandemic.
The United Kingdom accused Russia-based hackers of targeting laboratories carrying out vaccine research in July. Other cybercriminals have attempted attacks on companies working to develop vaccines including AstraZeneca, Johnson & Johnson, Novavax and others.
Agency working to approve COVID vaccines
Currently, the Amsterdam-based regulator is rushing to analyze several coronavirus vaccine candidates.
A decision on the BioNTech-Pfizer vaccine is set to be announced by December 29 at the latest. A ruling on Moderna’s vaccine is due to follow by January 12.
The EMA is also reviewing the AstraZeneca-Oxford University vaccine, although it’s not yet known when that one could be approved.
The UK already issued emergency approval for the BioNTech-Pfizer vaccine on December 2 and has started its vaccination program. Regulators in the European Union and the United States have not yet approved a vaccine.