Drugmakers and legislators want an outside audit of the FDA's hacking incident

Hackers got into FDA computer systems recently, prompting the agency to warn drugmakers to be on the lookout for misuse of their credit and to change their passwords. But some drugmakers fear the breach will also put their trade secrets--clinical trial data and manufacturing processes--at risk.

Trade associations and some legislators are now urging the FDA to let outside professionals analyze the attack and determine for sure what was taken, Reuters reports. In a letter to FDA Commissioner Margaret Hamburg, 5 members of Congress asked her to have an audit performed to "assess and ensure the adequacy of FDA's corrective actions."

The letter says the FDA notification to drugmakers suggests data were not encrypted. It also claims hackers had wormed their way into the "FDA's gateway system," allowing them access to confidential business information and sensitive data on trial participants. The FDA says that just isn't so. FDA spokeswoman Jennifer Rodriguez told Reuters the system that was attacked maintains account information for the Biological Product Deviation Reporting System, the Electronic Blood Establishment Registration System and the Human Cell and Tissue Establishment Registration System. "This system is not used to submit any applications. It is not the electronic gateway that was breached."

The attack occurred in October, but drugmakers didn't learn about it until last month. The FDA is unaware of any attempts by anyone to use the data and information for any "criminal or other inappropriate purposes." But members of PhRMA, which supports the outside evaluation, are not satisfied with the FDA's response. "It is the legal obligation of the Food and Drug Administration to protect companies' trade secrets and confidential commercial information," PhRMA Vice President Sascha Haverfield said in a statement.

The agency has certainly looked for tighter security from the industry. In June, concerned about the hackability of medical devices, the FDA proposed tighter regulations for manufacturers, suggesting that companies include cybersecurity information along with clinical data when seeking approval. And pharma companies have reportedly had information stolen from their own systems. Last year, the head of cybersecurity company GCHQ claimed the company was aware of one international drugmaker that had research on a potential blockbuster stolen, allowing a cheaper version to beat it to market.

- here's the letter (PDF)
more from Reuters