By Jim Finkle
BOSTON, Dec 17 (Reuters) - The U.S. Food and DrugAdministration is under pressure from the pharmaceuticalindustry and lawmakers to undergo an independent security audit,after hackers broke into a computer system used by healthcarecompanies to submit information to the agency.
Drug companies fear the cyber thieves may have accessedcorporate secrets that are on file with the agency, such as dataabout drug manufacturing, clinical trials, marketing plans andother proprietary information.
While some lawmakers charge that the hackers breached theFDA's gateway, compromising confidential business data, theagency argues that the access was limited.
The breach came to light last month when the FDA sentletters to users of an online system at the Center for BiologicsEvaluation and Research. The letters said the breach wasdetected by the FDA on Oct. 15 and that it resulted in the theftof usernames, phone numbers, email addresses and passwords.
The U.S. House of Representatives Energy and CommerceCommittee launched an investigation, and last week four seniorRepublican members of that committee sent a letter to FDACommissioner Margaret Hamburg asking her to immediately launch athird-party audit that would "assess and ensure the adequacy ofFDA's corrective actions" following the breach.
Washington-based pharmaceutical industry trade group PhRMAsaid on Tuesday that it supported the committee's request for anindependent audit.
"It is the legal obligation of the Food and DrugAdministration to protect companies' trade secrets andconfidential commercial information," PhRMA Vice PresidentSascha Haverfield said in a statement. The group's membersinclude Amgen Inc, Daiichi Sankyo,GlaxoSmithKline, Johnson & Johnson, Merck & Co and Novartis AG.
The FDA's breach notification letter, which was published inpharmaceutical trade publications, referred to the compromisedsystem as an "online submission system" at the Center forBiologics Evaluation and Research.
That alarmed drugmakers, which provide the FDA with highlysensitive data - which would be priceless to a competitor - whenthey submit applications seeking approval for new drugs,biologics and medical devices.
In their letter to the FDA, the Energy and CommerceCommittee members charged that the attackers had breached the"FDA's gateway system," compromising confidential businessinformation along with sensitive data about patients enrolled inclinical trials.
FDA spokeswoman Jennifer Rodriguez said that was wrong.
"The system that was attacked maintains account informationfor the Biologic Product Deviation Reporting System, theElectronic Blood Establishment Registration System and the HumanCell and Tissue Establishment Registration System," she said.
"This system is not used to submit any applications. It isnot the electronic gateway that was breached," she added.
She also said that the agency was not aware of any attemptsto use stolen information for "criminal or other inappropriatepurposes."
Rodriguez declined to comment on the requests for an outsideaudit or say whether the breach had affected more than the14,000 accounts disclosed to date.
Tracy Cooley, a spokeswoman for the Biotechnology IndustryOrganization, another healthcare industry trade group, said herorganization also had concerns about the breach.
"We support Congress investigating this situation," shesaid.