OIG audit finds FDA cybersecurity vulnerabilities

An Office of the Inspector General (OIG) audit found cybersecurity vulnerabilities in the FDA's network that could put its data at risk.

The audit focused on the FDA network and websites active between Oct. 21, 2013, and Nov. 10, 2013. The OIG attempted to exploit vulnerabilities via external penetration tests and gathered information on FDA's applications running on exposed hosts; application and supporting server structure; domain name server records; host names; hosts exposed to the internet; network address ranges; and operating system and application version information.

The external penetration test found several vulnerabilities that could have made mission-critical systems unavailable or allowed for unauthorized disclosure or modification of data. These vulnerabilities include inadequate web page input validation that hackers could use to install malicious programs, redirect users to malicious web pages or hijack a user's web browser; and error messages that revealed sensitive information, such as application code, which could be used to exploit programs' vulnerabilities.

OIG's audit report offered several recommendations to protect against data breaches such as FDA fixing vulnerabilities and performing periodic security assessments of its internet-facing systems. 
 

 

Beth Walsh,

Editor

Editor Beth earned a bachelor’s degree in journalism and master’s in health communication. She has worked in hospital, academic and publishing settings over the past 20 years. Beth joined TriMed in 2005, as editor of CMIO and Clinical Innovation + Technology. When not covering all things related to health IT, she spends time with her husband and three children.

Around the web

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks. 

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.