Novo Nordisk disclosed that it experienced “unauthorized access” to clinical trial data for its Ozempic and Wegovy programs. The company said direct identifiers such as patients’ names were not affected and characterized the incident as not posing any immediate risks to trial participants, while it launched an investigation with external cybersecurity experts. The disclosure raises operational questions for biotech trials and data governance, particularly around the protection of sensitive demographic and health-related variables that can be used for risk scoring even without names. For sponsors and CROs, the key takeaway is the need for incident response coordination with regulators and investigators, plus clear patient-facing communications to support trial retention and continued informed consent.