Lawmakers probe FDA hack

House legislators are concerned about cybersecurity at the Food and Drug Administration (FDA) after a little-noticed October hack revealed users’ names and passwords.

On Oct. 15, an unauthorized user snuck in to one of the agency’s online submission systems and gained access to passwords, phone numbers and email addresses for about 5,000 active accounts.

Five Republicans on the Energy and Commerce Committee wrote to the agency on Monday asking for information about the event and directing it to obtain an outside audit.

ADVERTISEMENT
“The security breach of FDA’s gateway system not only compromised the security of personal identifiable information, but also compromised the protection of confidential business information and medical privacy information of patients enrolled in clinical trials,” they wrote.

“It is essential to the fulfillment of FDA’s mission that regulated industry and patients have confidence in the security of sensitive information they submit to the FDA.”

The hacked system is managed by the Center for Biologics Evaluation and Research and is used by manufacturers to submit information about biological products and blood and tissue registrations.

Reps. Fred Upton (R-Mich.), Tim Murphy (R-Pa.), Joe Barton (R-Texas), Marsha Blackburn (R-Tenn.) and Michael Burgess (R-Texas) signed the letter expressing concern about the incident. Upton is the chairman of the Energy and Commerce Committee.

The FDA spends about 12 percent of its budget on information technology and overhead, the lawmakers said, which should be going to prevent those sorts of incidents.

“It is very troubling that such a security breach could have occurred, particularly given the resources invested,” they wrote.

Separately on Monday, the lawmakers asked the Government Accountability Office, which acts as Congress’s investigative arm, to review whether the agencies within the Department of Health and Human Services, like the FDA, have strong enough cybersecurity systems.