If you’ve been following the news today, you’ve probably seen headlines announcing a breach at the European Medicines Agency (EMA).
The EMA, based in Amsterdam in The Netherlands, is responsible for the evaluation and approval of medicines in the European Union – a role reflected in its former name, the European Agency for the Evaluation of Medicinal Products.
That was a bit of a mouthful, so EMA is what it became.
The range of different headlines is somewhat confusing: we’ve seen everything from “vaccine documents hack“, through “hackers steal […] COVID-19 vaccine data“, all the way to “vaccine documents unlawfully accessed“.
We’ve love to tell you more about this incident, notably whether any data relating to individuals or organisations such as EMA’s creditors, debtors, employees, contractors, researchers or volunteers lost any personal data in the attack.
Unfortunately, the EMA hasn’t been very helpful in this regard, issuing a statement of just 45 words, dated 2020-12-09, to say:
EMA has been the subject of a cyberattack. The Agency has swiftly launched a full investigation, in close cooperation with law enforcement and other relevant entities.
EMA cannot provide additional details whilst the investigation is ongoing. Further information will be made available in due course.
There’s no suggestion of when the attack was discovered, how it was found, when it probably started, how extensive it seems to have been, how much disruption it has caused, whether anyone outside the EMA was potentially affected, how long it’s likely to take to restore the network to normal, or what the EMA is doing right now to stop it happening again.