Novo Nordisk A.I CyberSecurity Scoring
Novo Nordisk
Company Information
Website:https://www.novonordisk.com
Employees number:62,361
Number of followers:2,888,009
NAICS:3254
Industry Type:Pharmaceutical Manufacturing
Homepage:novonordisk.com
Novo Nordisk Risk Score (AI oriented)
Between 650 and 699
Novo NordiskPharmaceutical Manufacturing
Updated:
13/07/2026
13/07/2026
674/1000
Weak
B
Novo Nordisk Global Score (TPRM)
xxxx
Novo NordiskPharmaceutical Manufacturing
Score locked

Novo NordiskWeak
Current Score
674B (WEAK)
01000
5 incidents
-34 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
674
JUNE 2026
741
Ransomware
18 Jun 2026 • Novo Nordisk
Novo Nordisk: Ozempic Maker Novo Nordisk Hit by Massive Cyberattack, Hackers Claim Theft of 1.3TB Clinical Trial and AI Data
Novo Nordisk Hit by Major Ransomware Attack: 1.3TB of Sensitive Data Stolen
671
CRITICAL-70
NOV1781951217
Novo Nordisk Hit by Major Ransomware Attack: 1.3TB of Sensitive Data Stolen
Pharmaceutical giant Novo Nordisk is grappling with a severe cybersecurity breach after the ransomware group FulcrumSec claimed to have stolen 1.3 terabytes of sensitive data, including clinical trial records, employee information, and proprietary AI models used in drug development. The hackers allege they infiltrated the company’s systems months ago, exfiltrating data tied to experimental treatments for diabetes, obesity, chronic kidney disease, and sickle cell disease.
FulcrumSec has demanded a $25 million ransom, and after Novo Nordisk reportedly refused to pay, the group began leaking samples of the stolen data on its dark web site. Among the compromised files, the attackers claim to have obtained AI models, scientific imaging datasets, and internal research documents potentially exposing years of intellectual property.
The breach allegedly occurred through exposed credentials and access tokens left unsecured in development systems, allowing the hackers to move laterally across internal platforms. While Novo Nordisk has acknowledged an IT security incident, it has not confirmed the full extent of the breach. The company stated it is working with authorities and prioritizing the protection of patient data, with its main operations remaining functional.
This attack underscores a rising trend in cybercrime, where threat actors steal data before encrypting systems, leveraging the threat of public exposure to extort payments. For pharmaceutical firms, the stakes are particularly high, as stolen research and clinical trial data could be exploited by competitors or malicious actors.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
JUNE 2026
771
Breach
11 Jun 2026 • Novo Nordisk
Novo Nordisk: Novo Nordisk Probes Data Breach After Cybersecurity Incident
Novo Nordisk Data Breach Investigation
741
CRITICAL-30
NOV1781195765
Novo Nordisk Investigates Data Breach Following Unauthorized IT System Access
Novo Nordisk, the Danish pharmaceutical company, disclosed on June 11 that it had detected a security incident involving unauthorized access to a limited number of its internal IT systems. The breach was identified earlier this week, prompting the company to launch an investigation with the support of external cybersecurity experts and in coordination with relevant authorities.
As part of its response, Novo Nordisk temporarily took certain internal systems offline to contain the incident and is working to restore them securely. While the investigation remains ongoing, the company confirmed that non-public data including personal information was copied externally without authorization. Affected parties are being notified as appropriate.
Despite the breach, Novo Nordisk stated that its core business operations remain unaffected and continue to function normally. The company has not disclosed further details on the scope of the exposed data or the identity of the threat actors involved.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
JUNE 2026
773
Vulnerability
01 Jun 2026 • Novo Nordisk
Oracle: CISA Warns of Two-Year-Old Oracle WebLogic Server Vulnerability Exploited in Attacks
Critical Oracle WebLogic Server Vulnerability (CVE-2024-21182) Actively Exploited
771
CRITICAL-2
ORA1780418023
Critical Oracle WebLogic Server Vulnerability (CVE-2024-21182) Actively Exploited
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-21182, a critical vulnerability in Oracle WebLogic Server, to its Known Exploited Vulnerabilities (KEV) catalog on June 1, 2026, following confirmed in-the-wild exploitation. The flaw affects Oracle WebLogic Server, a widely deployed enterprise Java application server used in both cloud and on-premise environments.
The vulnerability is classified as an unauthenticated remote code execution (RCE) flaw, allowing attackers to exploit it without authentication via WebLogic’s T3 or IIOP protocols, which are commonly used for internal application communication. Successful exploitation could enable threat actors to bypass authentication controls, access sensitive data, or fully compromise affected systems, potentially leading to lateral movement, data exfiltration, or deployment of malicious payloads such as web shells or remote access trojans.
While no specific threat actors or ransomware groups have been publicly attributed to these attacks, security researchers warn that the vulnerability could be rapidly adopted in financially motivated campaigns, given WebLogic’s history as a frequent target in ransomware intrusion chains.
CISA has mandated federal agencies to remediate the vulnerability by June 4, 2026, under Binding Operational Directive 22-01. Organizations are advised to apply Oracle’s official patches immediately or implement mitigation measures, such as isolating affected systems, restricting access to T3/IIOP protocols, and enforcing network segmentation. Continuous monitoring for unusual traffic patterns or unauthorized access attempts is also recommended to detect early signs of compromise.
The incident highlights the ongoing risks posed by unpatched enterprise middleware and the need for proactive vulnerability management to defend critical infrastructure.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
MAY 2026
772
APRIL 2026
771
MARCH 2026
771
FEBRUARY 2026
770
JANUARY 2026
808
DECEMBER 2025
767
NOVEMBER 2025
766
OCTOBER 2025
764
SEPTEMBER 2025
763
AUGUST 2025
762
MARCH 2025
783
Breach
01 Mar 2025 • Novo Nordisk
Novo Nordisk: Pharmalittle: We’re reading about a discontinued cancer drug, a Novo security breach, and more
Novo Nordisk Unauthorized Data Access in Cybersecurity Incident
753
CRITICAL-30
NOV1781273379
Nonprofit Acquires Discontinued Cancer Drug to Ensure Patient Access
In an unusual move, the nonprofit Blood Cancer United (formerly the Leukemia & Lymphoma Society) has purchased the remaining supplies of Luvelta, an investigational cancer drug discontinued by Sutro Biopharma in March 2025. As part of the deal, the organization also acquired the drug’s investigational new drug (IND) designation and will manage a compassionate-use program for children with a rare form of blood cancer. The medication will be distributed free of charge to eligible patients while supplies last.
Sutro Biopharma had previously terminated both development and its compassionate-use program for Luvelta, leaving patients without access. Blood Cancer United’s intervention aims to bridge this gap, though availability remains limited by existing stock.
---
Novo Nordisk Reports Unauthorized Data Access in Cybersecurity Incident
Novo Nordisk, the Danish pharmaceutical company, has disclosed a security breach in which unauthorized parties copied patient data from its internal IT systems. The incident, detected by the company, involved information from clinical trials, including patient IDs, birth years, sex, and health or immunogenicity data. While Novo Nordisk does not believe the breach allows for the identification of individual trial participants, it has launched an investigation with external cybersecurity experts and notified relevant authorities.
No further details on the scope or perpetrators of the breach have been released. The company has not indicated whether the incident will impact ongoing clinical trials or operations.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
JANUARY 2025
833
Ransomware
01 Jan 2025 • Novo Nordisk
Novo Nordisk: Healthcare Must Protect Innovation, Not Just Patient Data
Novo Nordisk Cyberattack
781
CRITICAL-52
NOV1783968592
Novo Nordisk Cyberattack Highlights Shift in Healthcare Cybersecurity Threats
A recent cyberattack on Novo Nordisk has exposed a troubling evolution in healthcare cyber threats, with attackers targeting far more than patient records. The breach, which allegedly involved the theft of clinical trial data, proprietary drug research, AI models, and intellectual property, underscores a growing trend: cybercriminals are increasingly focusing on high-value scientific assets rather than traditional data.
The attackers reportedly demanded a $25 million ransom before leaking portions of the stolen information after the demand was refused. While details remain unverified, the incident reflects a broader shift in healthcare cybersecurity one where research, algorithms, and drug development pipelines are now prime targets.
### Healthcare’s Most Valuable Assets Under Threat
For years, healthcare cybersecurity prioritized protecting electronic health records (EHRs) and maintaining operational continuity. However, today’s attackers are drawn to assets that cannot be easily replaced: clinical trial data, proprietary molecule libraries, AI training datasets, and drug discovery pipelines. These assets represent years of investment and billions in R&D, making them lucrative targets for sophisticated threat actors.
The Novo Nordisk breach suggests that attackers are no longer just seeking personal data they’re after the intellectual property that drives medical innovation. This shift demands a reevaluation of security strategies, as traditional defenses may not be enough to protect these high-stakes assets.
### Identity as the New Attack Surface
A recurring pattern in recent healthcare breaches is the exploitation of legitimate credentials rather than technical vulnerabilities. Attackers increasingly bypass defenses by compromising identities, as stolen logins allow for quieter, more persistent access.
In the Novo Nordisk case, threat actors allegedly maintained access for over two months using compromised credentials, even after partial detection. This mirrors a broader trend seen in other incidents, such as the Xsolis breach, where phishing led to the compromise of an employee account, affecting nearly 1.4 million individuals.
Healthcare’s growing reliance on third-party vendors, AI applications, and cloud services further complicates identity management. Each new credential whether for researchers, contractors, or connected devices expands the attack surface, making robust access controls and continuous monitoring essential.
### AI Expands the Attack Surface
The rapid adoption of AI in healthcare introduces new cybersecurity challenges. While AI enhances clinical efficiency and research, it also creates additional risks. Employees using public generative AI tools for document analysis or report drafting may inadvertently expose sensitive data, while AI platforms themselves introduce new identities, APIs, and data repositories that must be secured.
The collaborative nature of modern healthcare where research data flows between pharmaceutical companies, contract research organizations (CROs), and technology partners further increases exposure. Without strict governance, proprietary research can leak into unmanaged systems, making AI a double-edged sword for innovation and security.
### Governance Over Technology
The Novo Nordisk incident reinforces that cybersecurity in healthcare is no longer just a technical issue it’s a governance challenge. Organizations must now treat intellectual property with the same urgency as patient data, implementing measures such as:
- Strengthened identity security (MFA, privileged access management, credential rotation)
- AI governance frameworks (approved platforms, data classification, usage policies)
- Third-party risk management (vendor security assessments, contractual safeguards)
- Research asset protection (prioritizing labs, clinical trials, and IP in security programs)
As healthcare continues to digitize, the focus must shift from merely preventing breaches to safeguarding the scientific breakthroughs that define the future of medicine. The Novo Nordisk attack serves as a stark reminder that in today’s threat landscape, innovation itself is now a target.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for Novo Nordisk ??
What was Novo Nordisk's A.I Rankiteo Cyber Score in June 2026 ??
What was Novo Nordisk's A.I Rankiteo Cyber Score in May 2026 ??
What was Novo Nordisk's A.I Rankiteo Cyber Score in April 2026 ??
What was Novo Nordisk's A.I Rankiteo Cyber Score in March 2026 ??
What was Novo Nordisk's A.I Rankiteo Cyber Score in February 2026 ??
What was Novo Nordisk's A.I Rankiteo Cyber Score in January 2026 ??
What was Novo Nordisk's A.I Rankiteo Cyber Score in December 2025 ??
What was Novo Nordisk's A.I Rankiteo Cyber Score in November 2025 ??
What was Novo Nordisk's A.I Rankiteo Cyber Score in October 2025 ??
What was Novo Nordisk's A.I Rankiteo Cyber Score in September 2025 ??
What was Novo Nordisk's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on Novo Nordisk's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with Novo Nordisk ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view Novo Nordisk's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?