On 12 June 2026, Novo Nordisk A/S announced that attackers had accessed and exfiltrated a limited set of its internal data. The breach involved patient‑related attributes from clinical trials—including unique identifiers, sex, birth year, biomarkers, health indicators, body mass index (BMI) and smoking status—as well as contact details for certain healthcare professionals. No direct identifiers such as names, addresses or national identification numbers were compromised, a fact the company highlighted to temper fears of immediate identity theft.

Novo Nordisk stressed that its core operations—drug production, supply‑chain logistics and ongoing clinical trial processes—remain intact. External cybersecurity specialists have been engaged to investigate the incident, and the company has notified the relevant regulatory authorities. While the organization assesses the risk to affected individuals as low, it is monitoring the situation closely.

Threat‑intelligence feeds from the underground forum vx‑underground suggest that the attackers are attempting to extort victims by threatening to release samples of the stolen data. The samples reportedly include a 16.7 GB trained model checkpoint, a 407 MB proprietary training dataset, and source code for internal AI development projects, such as a file named "modeling_novopert.py" and associated training pipelines.

Additional claims indicate that the attackers accessed logs from 113 AI training runs, internal infrastructure maps covering high‑performance computing clusters, Slurm workload managers and SSH configurations, and over 53 GB of container images. The threat actors also allege that they have obtained developer identities, internal hostnames and private GitHub repository URLs, implying a possible compromise of development environments and software supply chains.

Novo Nordisk has not officially confirmed the authenticity of the AI‑related data leaks. If the claims are accurate, the exposure could represent a significant intellectual‑property risk, given the competitive value of proprietary AI models and biomedical datasets in pharmaceutical research.

Security researchers have speculated that AI tools may have assisted elements of the attack, although this remains unverified. Such a scenario would align with a broader trend of adversaries using AI to automate reconnaissance, enhance phishing campaigns or optimise lateral movement within compromised networks.

The incident highlights the growing convergence of healthcare data security and AI infrastructure protection. Breaches that affect both patient privacy and critical research assets can have wide‑ranging implications for regulatory compliance, especially under frameworks such as the EU General Data Protection Regulation and the U.S. Health Insurance Portability and Accountability Act.

As investigations continue, Novo Nordisk’s response will likely involve tightening access controls, conducting a comprehensive audit of its AI development pipelines, and reviewing its incident‑response procedures. The company’s disclosure underscores the need for robust security controls across both clinical data repositories and AI development environments within the pharmaceutical sector.

The breach remains under investigation, and further details about the extent of the AI asset exposure and any potential regulatory actions are expected in the coming weeks.