Notice of the hacking was sent to members of industry on 8 November 2013 at around 5:30 p.m. FDA said the intrusion was detected on 15 October 2013, a date when much of the agency’s staff were not at work due to a shutdown of all non-essential government operations.
“The agency temporarily disabled the system, immediately implemented corrective security measures, and administered password resets, as was communicated by email on October 18 to active account holders,” FDA wrote in an e-mail to industry obtained by Focus and confirmed by FDA. “The agency has confirmed that no system data has been altered, and we are continuing our analysis to confirm that there have been no unauthorized logins to the system.”
At present, regulators said they were most concerned that the obtained passwords could be used by the hackers to access other accounts owned by biologic manufacturers, such as other FDA systems maintained by CDER or private accounts where other sensitive information could be held. The e-mail made no mention of whether the passwords and other information were encrypted, but its emphasis on changing passwords in the email seems to imply that they might not have been.
“We recommend you immediately change that password or username and monitor those accounts for unauthorized activity,” FDA wrote. Focus has reached out to FDA for comment, but FDA is closed on 11 November 2013 for the Veterans Day holiday. We will update this piece if more information is made available.
REFERENCE: Regulatory Focus; 11 November 2013; Alexander Gaffney, RF News Editor