Health Data at Risk due to Cybersecurity Flaws at FDAOct 12, 2016
Computer systems at the U.S. Food and Drug Administration (FDA) are full of weaknesses that make confidential, personal health information vulnerable to potential hackers, according to the Government Accountability Office (GAO), an independent nonpartisan agency that works for congress. It is often called the "congressional watchdog."
The report says there are 87 weaknesses in the FDA's systems including lack of firewalls. The report also recommends a complete risk assessment, reports Bloomberg News.
A congressional initiative to strengthen and fortify data security at government agencies that stockpile volumes of public data were initiated by the GAO audit. The GAO made 15 recommendations for improving and strengthening FDA's systems, including a total risk assessment, employee training, and consolidation of systems.
According to ZDNet, "GAO also found the FDA too liberal with system permissions for access to drug submissions." An example given was, "49 administrators and users unnecessarily had access to 392 servers and access to file shares containing industry submissions on adverse events. Additionally, over 4,500 users had access to file shares used to handle regulatory drug and biologic product submissions."
The GAO said in their report, "Significant harm to FDA's reputation and economic damage to regulated industries could result if this information is not adequately protected against cyber threats."
The FDA said it has begun adopting the recommendations and advisories in response to the report, according to Bloomberg News.