Novo Nordisk makes Ozempic, the drug that turned it into one of the most valuable pharma companies on the planet.
Now a hacking group says it walked off with internal data and wants $25 million to keep it offline.
The Danish drugmaker, valued at roughly $615 billion at its peak, has been in the eye of every storm hitting the weight-loss drug market this year.
The group went public this week, claiming it pulled more than a terabyte of data from Novo's systems and demanding $25 million to keep it from leaking.
Novo hasn't confirmed the full scope of what was taken, though it has acknowledged attackers accessed internal IT systems and copied data tied to clinical trials.
That's pretty standard right after a breach goes public, with companies rarely commenting on an active investigation.
The attackers reportedly shared samples - including stolen credentials - as proof of access, a common tactic extortion groups use to pressure companies into paying.
If Novo refuses to pay, the group has threatened to publish everything it took.
The group behind the attack calls itself FulcrumSec, a cyber extortion crew that emerged in late 2025, and the public ransom demand follows a familiar playbook.
We cover the moves shaking up pharma every morning in Market Briefs - in five minutes a day, plus a free investing masterclass when you join.
Novo's stock has taken a beating this year, with Wegovy and Ozempic - the weight-loss and diabetes drugs that turned Novo into a roughly $615 billion company at its peak - losing ground to Eli Lilly's Mounjaro and Zepbound.
Lilly's Zepbound has been pulling ahead in new U.S. prescriptions since early 2025, and now leads Wegovy in quarterly sales.
The breach lands on a company already trying to convince Wall Street it still has the lead, and any leaked patient data or trial results would only deepen that pressure.
European regulators don't take this lightly either, with GDPR fines that can run into the billions depending on what was exposed.
Drugmakers sit on a goldmine for hackers - patient records, trial data, and drug formulas that are worth real money on the wrong side of the internet.
Healthcare data often sells for more on dark web markets than credit card numbers, since medical records can be used for insurance fraud and identity theft for years.
That's why ransomware groups keep showing up at their door.
UnitedHealth's Change Healthcare unit paid out roughly $22 million in 2024 after a similar attack, fitting a pattern where bigger companies face bigger ransom demands.
Pfizer, Merck, and other major drugmakers have all faced cyber incidents in recent years, and the FBI has flagged healthcare and pharma as among the most-targeted sectors.
The cost of these attacks goes well beyond the ransom itself, including legal bills, regulatory fines, and lost research time.
The next move is Novo's, and if the company confirms the full scope of the breach, the question becomes how much got out.
If the data starts hitting leak sites, regulators in Europe and the US will be next to come knocking.
Novo's next earnings report is coming, and the breach will be a key topic for analysts pressing management for details on what was taken.
Join 350,000+ investors reading Market Briefs every weekday morning - you'll also get a 45-minute investing masterclass thrown in as a bonus.
