Lawmakers probe FDA hack

House legislators are concerned about cybersecurity at the Food and Drug Administration (FDA) after a little-noticed October hack revealed users’ names and passwords.

On Oct. 15, an unauthorized user snuck in to one of the agency’s online submission systems and gained access to passwords, phone numbers and email addresses for about 5,000 active accounts.

Five Republicans on the Energy and Commerce Committee wrote to the agency on Monday asking for information about the event and directing it to obtain an outside audit.

“The security breach of FDA’s gateway system not only compromised the security of personal identifiable information, but also compromised the protection of confidential business information and medical privacy information of patients enrolled in clinical trials,” they wrote.

“It is essential to the fulfillment of FDA’s mission that regulated industry and patients have confidence in the security of sensitive information they submit to the FDA.”

The hacked system is managed by the Center for Biologics Evaluation and Research and is used by manufacturers to submit information about biological products and blood and tissue registrations.

Reps. Fred Upton (R-Mich.), Tim Murphy (R-Pa.), Joe Barton (R-Texas), Marsha BlackburnMarsha BlackburnNew GOP bill may revive internet privacy fight Overnight Cybersecurity: Bad Russian intel may have swayed Comey's handling of Clinton probe | Apple sees spike in data requests | More subpoenas for Flynn | DOJ's plan for data warrants Overnight Tech: Internet lobby criticizes GOP privacy bill | Apple sees security requests for user data skyrocket | Airbnb beefs up lobbying MORE (R-Tenn.) and Michael BurgessMichael BurgessIn the politics of healthcare reform, past is prologue New hope for ObamaCare repeal? Key GOP lawmaker working on amendment ObamaCare repeal: GOP seeks new game plan MORE (R-Texas) signed the letter expressing concern about the incident. Upton is the chairman of the Energy and Commerce Committee.

The FDA spends about 12 percent of its budget on information technology and overhead, the lawmakers said, which should be going to prevent those sorts of incidents.

“It is very troubling that such a security breach could have occurred, particularly given the resources invested,” they wrote.

Separately on Monday, the lawmakers asked the Government Accountability Office, which acts as Congress’s investigative arm, to review whether the agencies within the Department of Health and Human Services, like the FDA, have strong enough cybersecurity systems.