Lawmakers probe FDA hack

House legislators are concerned about cybersecurity at the Food and Drug Administration (FDA) after a little-noticed October hack revealed users’ names and passwords.

On Oct. 15, an unauthorized user snuck in to one of the agency’s online submission systems and gained access to passwords, phone numbers and email addresses for about 5,000 active accounts.

Five Republicans on the Energy and Commerce Committee wrote to the agency on Monday asking for information about the event and directing it to obtain an outside audit.

“The security breach of FDA’s gateway system not only compromised the security of personal identifiable information, but also compromised the protection of confidential business information and medical privacy information of patients enrolled in clinical trials,” they wrote.

“It is essential to the fulfillment of FDA’s mission that regulated industry and patients have confidence in the security of sensitive information they submit to the FDA.”

The hacked system is managed by the Center for Biologics Evaluation and Research and is used by manufacturers to submit information about biological products and blood and tissue registrations.

Reps. Fred Upton (R-Mich.), Tim Murphy (R-Pa.), Joe Barton (R-Texas), Marsha BlackburnMarsha BlackburnBlackburn pushes back on potential Corker bid: 'I'm going to win' Nervous GOP seeks new 2018 Senate candidates in three states Corker 'listening closely' to calls to reconsider retirement MORE (R-Tenn.) and Michael BurgessMichael Clifton BurgessDems push for hearing on funding gun violence research 30 million people will experience eating disorders — the CDC needs to help Puerto Rico Rep.: Budget deal will fully fund Puerto Rico Medicaid for two years MORE (R-Texas) signed the letter expressing concern about the incident. Upton is the chairman of the Energy and Commerce Committee.

The FDA spends about 12 percent of its budget on information technology and overhead, the lawmakers said, which should be going to prevent those sorts of incidents.

“It is very troubling that such a security breach could have occurred, particularly given the resources invested,” they wrote.

Separately on Monday, the lawmakers asked the Government Accountability Office, which acts as Congress’s investigative arm, to review whether the agencies within the Department of Health and Human Services, like the FDA, have strong enough cybersecurity systems.