BOSTON Dec 17 The U.S. Food and Drug
Administration is under pressure from the pharmaceutical
industry and lawmakers to undergo an independent security audit,
after hackers broke into a computer system used by healthcare
companies to submit information to the agency.
Drug companies fear the cyber thieves may have accessed
corporate secrets that are on file with the agency, such as data
about drug manufacturing, clinical trials, marketing plans and
other proprietary information.
While some lawmakers charge that the hackers breached the
FDA's gateway, compromising confidential business data, the
agency argues that the access was limited.
The breach came to light last month when the FDA sent
letters to users of an online system at the Center for Biologics
Evaluation and Research. The letters said the breach was
detected by the FDA on Oct. 15 and that it resulted in the theft
of usernames, phone numbers, email addresses and passwords.
The U.S. House of Representatives Energy and Commerce
Committee launched an investigation, and last week four senior
Republican members of that committee sent a letter to FDA
Commissioner Margaret Hamburg asking her to immediately launch a
third-party audit that would "assess and ensure the adequacy of
FDA's corrective actions" following the breach.
Washington-based pharmaceutical industry trade group PhRMA
said on Tuesday that it supported the committee's request for an
"It is the legal obligation of the Food and Drug
Administration to protect companies' trade secrets and
confidential commercial information," PhRMA Vice President
Sascha Haverfield said in a statement. The group's members
include Amgen Inc, Daiichi Sankyo,
GlaxoSmithKline, Johnson & Johnson, Merck & Co
and Novartis AG.
The FDA's breach notification letter, which was published in
pharmaceutical trade publications, referred to the compromised
system as an "online submission system" at the Center for
Biologics Evaluation and Research.
That alarmed drugmakers, which provide the FDA with highly
sensitive data - which would be priceless to a competitor - when
they submit applications seeking approval for new drugs,
biologics and medical devices.
In their letter to the FDA, the Energy and Commerce
Committee members charged that the attackers had breached the
"FDA's gateway system," compromising confidential business
information along with sensitive data about patients enrolled in
FDA spokeswoman Jennifer Rodriguez said that was wrong.
"The system that was attacked maintains account information
for the Biologic Product Deviation Reporting System, the
Electronic Blood Establishment Registration System and the Human
Cell and Tissue Establishment Registration System," she said.
"This system is not used to submit any applications. It is
not the electronic gateway that was breached," she added.
She also said that the agency was not aware of any attempts
to use stolen information for "criminal or other inappropriate
Rodriguez declined to comment on the requests for an outside
audit or say whether the breach had affected more than the
14,000 accounts disclosed to date.
Tracy Cooley, a spokeswoman for the Biotechnology Industry
Organization, another healthcare industry trade group, said her
organization also had concerns about the breach.
"We support Congress investigating this situation," she