Investigations into the attack on the European Medicines Agency (EMA) that occurred in December are still ongoing. It has now been revealed that the information accessed about the Pfizer and BioNTech vaccine has been leaked by the threat actors responsible for the breach. Although there are many details still unknown, including the attack timeframe, initial point of compromise and what data was accessed, the EMA is notifying those that may have had their information accessed. Fortunately, Pfizer and BioNTech have not been breached as a secondary attack and the EMA’s servers and vaccine approval processes are not affected. It’s unclear why the attackers decided to leak the information they have if it’s not detrimental to the vaccine’s rollout. It is very possible it was leaked simply as a means of verification with others in their community, unless they have more information than they’re letting on.
It is well known at this point that threat actors have increasingly targeted entities who deal with COVID-19 and the vaccine. Companies who are in this sector should make security a top priority for as long as the buzz around the virus is still relevant. Having the proper defenses in place can greatly reduce the risk of an attack or the severity of an attack if it occurs. Having anti-virus solutions in place that are paired with a continuously monitored Endpoint Detection and Response (EDR) service such as the managed service that is offered at Binary Defense can give an organization what they need to protect themselves and others.