Did Someone Say Hacker? Congress Probes FDA Over Security Breach

After quietly acknowledging to some 5,000 users that its computer systems were hacked two months ago, the FDA is now under increasing pressure from both drugmakers and members of Congress to conduct an investigation because the pharmaceutical industry was not notified of the breach for nearly another month. The episode is raising questions not only about the ability of the FDA to maintain its systems, but also its handling of the incident. As noted by Regulatory Focus, which first reported the hacking, the breach occurred in mid-October while the agency was partially closed due to the congressional budget impasse, but only 5,000 active users were alerted. Drugmakers were not alerted until late on Friday, November 8. At the time, the FDA issued a statement saying the system was temporarily disabled and security measures were “immediately” implemented, such as resetting passwords. The agency insisted that data was not altered and there was no sign of any unauthorized log-in attempts, but it remains unclear whether passwords or other information had been encrypted. And so, the House Committee on Energy and Commerce earlier this month sent a letter to FDA commish Margaret Hamburg to complain the agency should have moved faster to alert the pharmaceutical industry of the breach, and should not have done so late on a Friday prior to a three-day weekend that included Veteran’s Day. The FDA has had a long-standing habit of releasing news very late in the week. “The security b...
Source: Pharmalot - Category: Pharma Commentators Authors: Source Type: blogs