14 DAY TRIAL // US Energy and Commerce committee Chairman Fred Upton, Vice Chairman Marsha Blackburn, Chairman Emeritus Joe Barton, Oversight and Investigations Subcommittee Chairman Tim Murphy and subcommittee Vice Chairman Michael C. Burgess have sent a letter to the Food and Drug Administration wanting to learn more about the recent data breach.
In October 2013, the FDA revealed that its systems were hacked. The phone numbers, email addresses, passwords and other details for around 14,000 accounts were compromised in an attack that targeted the electronic submissions gateway of the Center of Biologics Research and Evaluation.
At the time, around 5,000 users, whose accounts were active, were advised to change their passwords.
Now, the lawmakers want the FDA to obtain a third-party audit to make sure that the agency has implemented effective security measures following the incident. The audit aims to “restore public confidence in the FDA’s information security.” The FDA is asked to respond by Christmas.
The letter highlights the fact that the FDA failed to notify members of the industry regarding the breach until November 8. The representatives are also concerned that the agency failed to properly encrypt passwords.
In addition to the letter to the FDA, lawmakers have also sent out a letter to the Government Accountability Office (GAO), asking that the information security controls at various Department of Health and Human Services (HHS) agencies be examined.
The agencies are CMS, FDA, CDC, and NIH. The leaders want GAO to “assess their effectiveness in protecting the confidentiality, integrity, and availability of each agency’s information and information systems.”
This second letter was signed by Upton, Murphy, and Health Subcommittee Chairman Joe Pitts.
The letters to the FDA and the GAO are available on the Energy and Commerce committee’s website.