The drug authority of the European Union said Friday that COVID-19 vaccine records stolen by hackers from its servers were not only leaked to the internet but “manipulated.”
The European Medicines Agency announced that an ongoing investigation found that, as of November, hackers had stolen emails and records pertaining to the assessment of new coronavirus vaccines. As part of its vaccine approval process, the organisation, which oversees drugs and medicines across the 27-member EU, had troves of sensitive COVID-19 info.
“Prior to publication, some of the correspondence was manipulated by the perpetrators in a manner that could undermine confidence in vaccines,” the Netherlands-based organisation said.
“We have seen that some of the correspondence has not been published in its original integrity and form and, or with, the perpetrators’ comments or additions.”
The department did not clarify precisely what information was changed, but experts in cybersecurity believe such activities are indicative of government-launched misinformation operations.
“The Italian cybersecurity company Yarix said that the 33-megabyte leak was discovered on a well-known underground forum with the title “Amazing scam! Wicked Pfffizer! Falsified vaccinations! Apparently, it was first released on Dec. 30 and later appeared on other pages, including the dark web, the firm said on its website.
Yarix said “the intention of cybercriminals behind the leak is certain: to cause significant damage to EMA and Pfizer’s reputation and credibility.”
Lukasz Olejnik, a cybersecurity expert, said he thought the aim was much broader.
I am afraid that this release has a major potential to sow scepticism in the EMA mechanism, vaccines and vaccinations in general in Europe,” he said.” “While it is unclear who is behind this operation, it is obvious that someone has allocated resources to it.”
“This is an unprecedented operation aimed at the validation of pharmaceutical materials, with a potentially wide-ranging negative impact on the health of Europeans if confidence in the vaccine is undermined,” said Olejnik.
In reaction to the hack, the EMA said law enforcement officials are taking “necessary action” and a criminal investigation is pending.
It noted that, following the catastrophic toll of the pandemic, there was a “urgent need for public health to make vaccines available as soon as possible to EU citizens.” Amid this urgency, the EMA maintained that its decisions to prescribe green lighting for vaccines were focused “on the strength of scientific evidence on the safety, quality and efficacy of a vaccine, and nothing else.”
The Amsterdam-based EMA was strongly criticised in December by Germany and other EU member countries for not authorising vaccines against the virus more rapidly. The agency released its first advisory in Britain, the United States, Canada and elsewhere for the Pfizer and BioNTech vaccines weeks after the shot was accepted.
A second vaccine, made by Moderna, was approved by the EMA for use earlier this month. The agency is now considering a third shot made by AstraZeneca and Oxford.