The European Medicines Agency (EMA) has issued a warning regarding compromised information pertaining to COVID-19 medications and vaccines. This data, obtained through a cyberattack last December and recently made public, contains altered correspondence that could potentially erode confidence in vaccination programs.

The precise nature of the modifications to the information – which encompasses drug structure diagrams and communications related to the evaluation of COVID-19 vaccines – remains unclear.

We have contacted the agency to request further details.

Lukasz Olejnik, a security researcher who highlighted concerns about the leak on Twitter, believes the manipulated data could be effectively used to create doubt, as the complex scientific terminology within the leaked materials may not be widely understood.

Conversely, the specialized knowledge needed to accurately analyze the data might also restrict the impact of the altered versions, potentially limiting their spread.

However, the EMA has emphasized the potential risk to public trust in coronavirus vaccines.

“Following independent scientific reviews, two EU marketing authorizations for COVID-19 vaccines were granted in late December and early January,” the EMA stated in its latest update concerning the cyberattack.

“Given the current high rate of infection within the EU, there is an immediate public health imperative to make vaccines available to EU citizens as quickly as possible. Despite this urgency, the EU has consistently prioritized maintaining rigorous quality standards and basing all recommendations on robust scientific evidence regarding a vaccine’s safety, quality, and effectiveness, and nothing else.

“The EMA maintains ongoing communication with the EC and other regulatory bodies both within the network and internationally. Authorizations are only granted when evidence convincingly demonstrates that the benefits of vaccination outweigh any potential risks. Comprehensive details of the scientific assessments are publicly accessible in the European Public Assessment Reports on the EMA’s website,” the agency added.

As of this writing, a criminal investigation into the cyberattack is still in progress.

The attack has not been linked to any particular hacking group or nation-state, and the identity of those attempting to disseminate disinformation related to the coronavirus by releasing doctored medical documents remains unconfirmed.

Nevertheless, Microsoft previously cautioned in November that hackers associated with Russia and North Korea had targeted companies involved in COVID-19 vaccine development.

Earlier in June, the European Commission also expressed concerns about the potential for coronavirus vaccine disinformation to proliferate in the coming months, specifically identifying China and Russia as foreign entities confirmed to be conducting state-sponsored disinformation campaigns in the region.

Therefore, it is likely that suspicion will center on commonly identified “hostile actors.”

We have previously observed similar tactics involving “doctored leaks” attributed to Russia, often in connection with attempts to interfere with elections by discrediting political candidates.

Researchers have indicated that the individuals responsible for the 2015-16 breaches of the Democratic National Committee’s network included altered data within the released emails – an attack later attributed to Russia.

More recently, the incident involving the “Hunter Biden” laptop arose, which supporters of a former presidential candidate attempted to use against their opponent during the last presidential election.

In that instance, the potential for disinformation was diminished by a series of questionable claims surrounding the discovery and timing of the alleged data, as well as increased public awareness regarding the risk of digital smear campaigns in political contexts following revelations about the extent of Russia’s social media interference in the 2016 U.S. presidential election.

In a prior case, from 2017, emails associated with the French president Emmanuel Macron’s campaign were leaked online shortly before the election, accompanied by a claim that the presidential frontrunner possessed a secret bank account in the Cayman Islands – a claim Macron’s political movement refuted.

In 2019, Reddit was also linked to activity from a suspected Russian political influence operation involving the leak and dissemination of sensitive U.K.-U.S. trade negotiations during the U.K. election campaign.

It is uncertain whether the leaked trade dossier had been altered (it was significantly redacted). While it did not result in a decisive victory for Jeremy Corbyn’s Labour Party – which utilized the leaked data in its campaign – a similar, earlier operation attributed to Russia involved the release of fabricated documents on multiple online platforms. (This disinformation operation was identified and removed by Facebook in May 2019.)

The emergence of leaks containing manipulated medical data related to COVID-19 vaccines and treatments represents a concerning development in hostile cyber operations, which aim to weaponize false information to achieve detrimental outcomes, as it poses a direct threat to public health by potentially undermining trust in vaccination initiatives.

State-level attacks targeting medical data have occurred previously, although not within the context of a global public health emergency.

For example, in 2016, the World Anti-Doping Agency confirmed that confidential medical data related to Olympic athletes’ drug tests had been leaked by ‘Fancy Bear’, a cyber hacking group linked to Russia. In that instance, there were no reports of the data being manipulated.