Back to overview
Confidence HighJun 17, 2026novonordisk.com

Novo Nordisk Faces Extortion After FulcrumSec Claims 1TB Data Theft

PatternExternal actor · Hacking · Confidentiality impact

Pharmaceutical company Novo Nordisk is investigating claims by the FulcrumSec cyber extortion group, which asserted it stole over a terabyte of data, including source code, drug information, trial data, and patient/employee details, after spending two months in Novo Nordisk's networks. FulcrumSec claimed to have unsuccessfully demanded $25 million from the company. Novo Nordisk had previously disclosed on June 11, 2026, unauthorized access to a limited number of internal IT systems, including personal data related to clinical trial patients.

Signal date
Jun 17, 2026
Updated
Jul 1, 2026
Confidence
High
Sources
6 sources
novonordisk.com logo

Novonordisk

Sector
Health Care and Social Assistance
Signals
1 linked

Signal context

First seen: Jun 17, 2026

Last updated: Jul 1, 2026

Status: Public signal

Key points

  • FulcrumSec cyber extortion group claimed to have stolen over 1TB of data.
  • Stolen data allegedly includes source code, drug information, trial data, employee, doctor, and patient data.
  • FulcrumSec attempted to extort $25 million from Novo Nordisk.

Signal analysis

Beta

This analysis groups the signal by industry, likely incident action and impacted security area. It helps compare this signal with other published signals without treating the labels as final determinations.

Affected organization
Novonordisk logo
Novonordisk

Sector: Health Care and Social Assistance

Likely country: Location not provided

Estimated
Threat source
Hacking activity

The feed marks multiple actor roles. Treat this as a review signal rather than a final attribution.

  • Source type: outside the affected organization
  • Source type: possible insider or internal misuse
Business impact
Potential data exposure

Impact area: Confidentiality

Likely asset: User or customer data

Trend context
66 signals with similar action pattern
  • 7 signals in the same sector
  • 88 signals with the same likely impact area
  • 1 signal linked to this organization/domain
Mentioned entities
NovonordiskData DisclosureNovo Nordisk Faces Extortion AfterFulcrumSec ClaimsNovo NordiskFulcrumSecStolen

External sources

Related signals

Grouped by why the signal is relevant.

huntsvillehospital.org logoHuntsvillehospitalJun 26, 2026
Same sectorSame action patternSame impact area

Huntsville Hospital Health System Notifies Patients of Data Exposure from Cerner Breach

Huntsville Hospital Health System informed patients on June 26, 2026, about a data exposure stemming from a 2025 breach on Cerner's (now Oracle Health) legacy systems. The breach, which occurred on January 22, 2025, exposed personal and medical information. Cerner had notified its healthcare clients, including Huntsville Hospital, on August 12, 2025, but patient notification was delayed at the request of law enforcement.

aclapc.com logoAclapcJun 23, 2026
Same sectorSame action patternSame impact area

ACLA Data Breach Exposes Social Security Numbers and Medical Information

Anatomic and Clinical Laboratory Associates P.C. (ACLA) disclosed a data breach involving unauthorized access to its computer network. The breach, discovered in December 2025, exposed personally identifiable information (names, dates of birth, Social Security numbers, taxpayer identification numbers) and protected health information (medical dates of service, diagnoses, medical history) for 69 Massachusetts residents.

onemedical.com logoOnemedicalJun 22, 2026
Same sectorSame action patternSame impact area

ShinyHunters Threatens to Leak 8.8 TB of One Medical Seniors Patient Data by June 22 Deadline

Amazon-owned primary care provider One Medical faced a data extortion threat from the ShinyHunters group, which claimed to have stolen 8.8 terabytes of data from One Medical Seniors (formerly Iora Health) and threatened to leak it by June 22, 2026, if a ransom was not paid. One Medical had previously disclosed a cybersecurity incident on June 17, 2026, involving unauthorized access to a third-party file storage system containing archived patient information for One Medical Seniors. The unauthorized access occurred between June 8 and June 11, 2026. The potentially compromised information includes demographic and clinical records for some patients.

kmha.org logoKmhaJun 19, 2026
Same sectorSame action patternSame impact area

Kentucky Mountain Health Alliance Discloses Data Breach Affecting SSNs and Medical Records

Kentucky Mountain Health Alliance Inc., a nonprofit health center, disclosed a data breach to the Massachusetts Office of Consumer Affairs and Business Regulation on June 19, 2026. The incident involved unauthorized access to patient data, some of which was copied. The exposed information included driver's licenses, medical records, and Social Security numbers. The specific method of attack, dates of the incident, or discovery date remain unknown. The organization is offering affected individuals a free, two-year membership to identity monitoring services.

hfmgt.com logoHfmgtJun 18, 2026
Same sectorSame action patternSame impact area

Horizon Family Medical Group Data Breach

Reports emerged on June 18, 2026, of a possible data breach at Horizon Family Medical Group, a medical provider in New York's Hudson Valley region. Threat actor Incransom claimed to have stolen 7 TB of data, including medical information such as diagnoses, prescriptions, treatments, and lab results.

aflac.com logoAflacJun 30, 2026
Same action patternSame impact area

Aflac Life Insurance Japan Suffers Cybersecurity Breach Exposing Policyholder Data

Aflac Life Insurance Japan disclosed unauthorized access to its systems between June 15 and June 25, 2026. The breach affected files containing policy details, personal information, and bank account information of approximately 4.38 million customers. The company has suspended affected systems and is investigating the incident with third-party cybersecurity experts.