> attackers gained access to its internal IT systems and data related to patients participating in some clinical trials, including their patient IDs (random alphanumeric strings) and information on trial participation, sex, year of birth, biomarkers, health/immunogenicity data, and lifestyle factors (e.g., smoking, alcohol use, BMI).
Under no circumstances do you “gotta hand it to the huge pharma company”, and maybe this is the bare minimum we should expect from trial data, but given you are a target for an attack like this… not holding onto PII data beyond what’s needed for the trial itself is good.