The ongoing investigation of the cyberattack on EMA, carried out by the Agency in close collaboration with law enforcement and other relevant entities, has revealed that the data breach was limited to one IT application. The perpetrators primarily targeted data related to COVID-19 medicines and vaccines and unlawfully accessed documents belonging to third parties. The companies concerned at this stage have been contacted and duly informed.

As the investigation proceeds, and all potentially suspicious activity is analysed, the Agency will ensure that any additional third party whose documents may have been subject to unauthorised access is notified.

The Agency and the European medicines regulatory network remain fully functional and timelines related to the evaluation and approval of COVID-19 medicines and vaccines are not affected.

EMA will continue to provide information in due course, to the extent possible, given its duty towards the ongoing investigation.

Share this page