The European Union’s top drug regulator, whose approval is necessary for countries of the bloc to begin rolling out the coronavirus vaccine, has begun an investigation after it was hit by a cyberattack, the head of the agency said on Thursday.
The attack will not affect the delivery of the vaccine, the agency’s leader, Emer Cooke, said.
“I can assure you that this will not affect the timeline for the delivery of vaccines, and that we are fully functional,” she said at a hearing at the European Parliament.
The organization, the European Medicines Agency, which is reviewing four vaccine candidates, including one made by Pfizer and BioNTech and one made by Moderna, hasn’t provided details about the target or the source of the attack. But the news has stoked fears that efforts to get the vaccine to nearly 450 million people could be hampered at a time of heightened threats faced by pharmaceutical companies, health care institutions and agencies involved in the vaccine’s production, approval and distribution.
Shortly after the agency announced on Wednesday that it had been attacked in recent weeks, Pfizer and BioNTech said in their own statement that some documents related to the regulatory submission of their vaccine, which were hosted on a server of the agency, had been “unlawfully accessed.”
Pfizer and BioNTech said their systems had not been breached, and that no study participants appeared to have been identified as a result of the attack.
Ms. Cooke said the European Medicines Agency, which is based in Amsterdam, was investigating the attack revealed on Wednesday with various authorities across the European Union, and with the Dutch police.
The agency, commonly referred as E.M.A., is set to announce a decision on the Pfizer-BioNTech vaccine no later than Dec. 29, and on the Moderna vaccine by Jan. 12. Although each country will be in charge of its own rollout, the agency’s approval will pave the way for the largest vaccination campaign in the West, dwarfing the effort that started this week in Britain.
On Thursday, Ms. Cooke said that while a quick approval of the vaccine was essential for the European Union, safety was the agency’s first priority. “The experts are working around the clock,” she said, adding that “nobody turns their phones off,” and that various teams succeed each other in working all night long.
Ms. Cooke spoke a day after Britain said that two health workers with histories of serious allergies had reactions after being given the vaccine. She said the agency had not seen adverse effects. “The efficacy and safety look very promising,” Ms. Cooke added.
Canada approved the Pfizer-BioNTech vaccine on Wednesday, becoming the second Western country to do so, and Russia began the rollout of its own Sputnik 5 vaccine on Saturday. In the United States, a panel of experts are meeting on Thursday to consider whether the Federal Drug Administration should approve the vaccine.
From medical clinics in Texas to hospitals in Thailand, the Czech Republic, France and Spain, cyberattacks have targeted health care institutions since the early days of the pandemic.
Cybersecurity experts have said that only state-sponsored actors could mount such operations. “The intentions behind those attacks are to parasite Western efforts on the vaccine,” said Julien Nocetti, a researcher at the French Institute of International Relations, who studies cybersecurity with a focus on Russian activities.
The European Union sees a successful rollout of the vaccine as critical for its unity, and officials have urged countries to prepare their supply chains. Yet the pandemic has already challenged the union’s core principles: Countries closed their borders in March, restricting freedom of movement within the bloc; and they have lately struggled to hammer out a virus rescue plan aimed at saving their battered economies.
The coronavirus pandemic has killed more people in Europe than in any other region of the world except South America. And the second wave, which forced many European countries to reimpose nationwide virus restrictions this fall, has been even deadlier than the first.
While experts speculated on the logistical challenges of Britain’s largest vaccination campaign that began on Tuesday, the rollout across the European Union may pose even greater cybersecurity risks.
Claire Zaboeva, a senior cyberthreat analyst at IBM’s Security X-Force, said state-backed actors have myriad goals in targeting companies or institutions involved in the production and delivery of the vaccine.
“It can mean collecting key timetables, which nations will get the vaccine, how it will get there, what companies will be associated with the delivery, or how it will be handled,” Ms. Zaboeva said.