Data on the Pfizer-BioNTech COVID-19 vaccine that was stolen in December has been published online by those behind the hack.

The leaked data was discovered earlier this week by the European Medicines Agency, where the data was originally stolen from Dec. 9. The EMA did not disclose how the hack took place or exactly what data was stolen. It said only that the data related to “COVID-19 medicines and vaccines belonging to third parties” and that “necessary action is being taken by the law enforcement authorities.”

Pfizer Inc. and BioNTech SE confirmed that data stolen belonged to them in a statement in December, saying that it related to the COVID-19 vaccine candidate BNT162b2, which had been stored on an EMA server.

According to Bleeping Computer, the data stolen from the EMA first appeared on several hacking forums Dec. 31. The data dump said to include screenshots of emails, peer review information and other documents, including PDFs and PowerPoint presentations.

The BNT162b2 vaccine, marketed under the name Tozinameran, had already gained approval for use prior to the data being stolen and is currently being used to vaccinate people in countries including the U.K.

The theft of the COVID-19 vaccine data in this case isn’t the first time COVID-19 research has been targeted. Hackers leaked data stolen from a medical research company studying COVID-19 in March while it was disclosed in November that North Korean hackers were targeting staff at COVID-19 vaccine maker AstraZeneca plc. The U.S. Department of Treasury Financial Crimes Enforcement Network warned Dec. 29 that hackers were targeting vaccines and distribution with fraud, ransomware and other types of criminal activity.

“The healthcare industry is already one of the most targeted sectors by cybercriminals and we have seen that worsen with the emergence of the COVID-19 vaccine,” Ali Haughton, global healthcare strategist at identity and access management solutions provider SailPoint Technologies Inc., told SiliconANGLE. “With healthcare workforces comprised of contracted and remote employees, the integrity of vaccine distribution will be at a higher risk of security breaches.”

Haughton added that expanded remote and team collaborations during the pandemic have brought upon a different type of threat – a digital one involving security gaps and massive data breaches. “Healthcare organizations need to prioritize processes that not only meet agility and performance demands, but also those that will prevent coordinated security attacks,” he said.

Photo: U.S. Secretary of Defense/Wikimedia Commons