Counterfeit versions of our products could harm our patients and reputation.
Our industry has been increasingly challenged by the vulnerability of distribution channels to illegal counterfeiting and the presence of counterfeit products in a growing number of markets and over the Internet. Counterfeit products are frequently unsafe or ineffective, and can be potentially life-threatening. To distributors and patients, counterfeit products may be visually indistinguishable from the authentic version. Reports of adverse reactions to counterfeit drugs or increased levels of counterfeiting could materially affect patient confidence in the authentic product, and harm the business of companies such as ours. Additionally, it is possible that adverse events caused by unsafe counterfeit products would mistakenly be attributed to the authentic product. If a product of ours was the subject of counterfeits, we could incur substantial reputational and financial harm in the longer term.
Our business and operations have been impacted in the past, and may be impacted in the future, in the event of system breach or failure.
We, our collaborators, third-party providers, distributors, customers and other contractors utilize information technology systems and networks to transmit, store and otherwise process electronic data, including personal information, clinical data and business proprietary information, in connection with our business activities, including our supply chain processes, operations and communications. The collection, use, transmission, transfer, storage and processing of personal information, including about our personnel, business partners, and others, may be subject to applicable data protection, security and privacy laws, and regulations that require adoption of minimum information security standards. The cost of compliance with applicable data protection, security and privacy laws and regulations have increased and may increase in the future.
Despite our implementation of security measures to protect the confidentiality, integrity, and availability of the systems, networks and data within our control from various threats (e.g., cyber-attacks, system breaches, malware, viruses, hacking, fraudulent use, social engineering attacks, phishing attacks, ransomware attacks, credential-stuffing attacks, denial-of-service attacks, unauthorized access, insider threats, accidental disclosures, intellectual property theft and economic espionage, exploitable vulnerabilities, defects and bugs, natural disasters, war, terrorism, acts of vandalism, telecommunications and electrical outages, breakdowns, damage, interruptions), risks remain, and our systems and networks and the systems and networks of third parties that support us and our services may be breached or disrupted due to these threats. The size and complexity of our systems and networks may make them potentially vulnerable to breakdown or interruption, whether due to computer viruses or other causes, which may result in the loss of data or the impairment of production and other supply chain processes, adversely affecting our business.
Techniques used to sabotage or obtain unauthorized access to systems and networks are constantly evolving and may not be identified until or after they are launched against us or our third-party providers. We and our third-party providers may be unable to anticipate these techniques, discover threats and react in a timely manner, or implement adequate preventative or mitigating measures. Further, these types of security incidents have become more prevalent. For example, companies have experienced an increase in phishing and social engineering attacks from third parties in connection with working remotely as a result of the ongoing COVID-19 pandemic. We and our third-party providers who may be operating in remote work environments may have increased security risks, due to increased use of home Wi-Fi networks and virtual private networks, as well as increased disbursement of physical machines. While we implement security measures designed to reduce these risks, there is no guarantee that these measures will be adequate to safeguard all systems and networks, especially with an increased number of employees working remotely. Any failure to maintain performance, reliability, security and availability of our systems and networks may result in accidental or unlawful destruction, damage, loss, unavailability, alteration, impairment, misuse, unauthorized disclosure of, or unauthorized access to our data, including personal information.
Potential legal, regulatory, contractual, financial, operational, or reputational harm may arise from any such security incident that results in the accidental or unlawful destruction, damage, loss, unavailability, alteration, impairment, misuse, unauthorized disclosure of, or unauthorized access to our systems, network, or data, including data which is transmitted, stored or otherwise processed by us or by collaborators, third-party providers, distributors and other contractors on our behalf. For example:
| ● | The accidental or unlawful loss, unavailability or alteration of clinical trial data from completed or ongoing clinical trials for any of our product candidates could affect our ability to operate, result in delays in our development and regulatory approval efforts, and significantly increase our costs to recover or reproduce the data. |