Hacked off: Congress members, PhRMA urge an outside audit of the FDA data breach

Clinical trial data, launch plans and manufacturing processes are among a drugmaker's most prized secrets, sometimes protected by patents and key to the success of a blockbuster. So it is no wonder that pharma companies are fretting after hackers got into the FDA computer system.

After a breach in October, the agency is being urged by some lawmakers and trade associations to let outside professionals analyze the attack and determine for sure what was taken, Reuters reports. In a letter to FDA Commissioner Margaret Hamburg, 5 members of Congress asked her to have an audit performed to "assess and ensure the adequacy of FDA's corrective actions."

The letter says the FDA notification to drugmakers suggests data were not encrypted. It also claims hackers had wormed their way into the "FDA's gateway system," allowing them access to confidential business information and sensitive data on trial participants. The FDA says that just isn't so. FDA spokeswoman Jennifer Rodriguez told Reuters the system that was attacked maintains account information for the Biological Product Deviation Reporting System, the Electronic Blood Establishment Registration System and the Human Cell and Tissue Establishment Registration System. "This system is not used to submit any applications. It is not the electronic gateway that was breached."

The FDA is unaware of any attempts by anyone to use the data and information for any "criminal or other inappropriate purposes." But members of PhRMA, which supports the outside evaluation, are not satisfied with the FDA's response. "It is the legal obligation of the Food and Drug Administration to protect companies' trade secrets and confidential commercial information," PhRMA Vice President Sascha Haverfield said in a statement.

The agency has certainly looked for tighter security from the industry. In June, concerned about the hackability of medical devices, the FDA proposed tighter regulations for manufacturers, suggesting that companies include cybersecurity information along with clinical data when seeking approval. And pharma companies have reportedly had information stolen from their own systems. Last year, the head of cybersecurity company GCHQ claimed the company was aware of one international drugmaker that had research on a potential blockbuster stolen, allowing a cheaper version to beat it to market.

- here's the letter (PDF)
- more from Reuters