Pharmaceutical and other healthcare companies have been prosecuted under these laws for a variety of promotional and marketing activities, such as: providing free trips, free or discounted goods, improper consulting fees and grants and other monetary benefits to prescribers; reporting to pricing services inflated average wholesale prices that were then used by federal programs to set reimbursement rates; engaging in off-label promotion; and submitting inflated best price information to the Medicaid Rebate Program to reduce liability for Medicaid rebates. Ensuring that our internal operations and future business arrangements with third parties comply with applicable healthcare laws and regulations will involve substantial costs. It is possible that governmental authorities will conclude that our business practices do not comply with current or future statutes, regulations, agency guidance or case law involving applicable fraud and abuse or other healthcare laws and regulations. If any actions are instituted against us for violation of these laws or regulations, and we are not successful in defending ourselves, those actions could have a significant impact on our business, including the imposition of significant civil, criminal and administrative sanctions, damages, disgorgement, monetary fines, possible exclusion from participation in Medicare, Medicaid and other federal healthcare programs, imprisonment, integrity oversight and reporting obligations, contractual damages, reputational harm, diminished profits and future earnings, and curtailment or restructuring of our operations, any of which could harm our ability to operate our business and our results of operations.
The global data protection landscape is rapidly evolving, and we may be affected by or subject to new, amended or existing laws and regulations in the future, including as our operations continue to expand or if we operate in non-U.S. jurisdictions. Several non-U.S. jurisdictions, including the European Union, or EU, its member states, the United Kingdom, Japan and Australia, among others, have adopted legislation and regulations that increase or change the requirements governing the collection, use, disclosure and transfer of the personal information of individuals in these jurisdictions. Additionally, certain countries have passed or are considering passing laws that require local data residency and/or restrict the international transfer of data and/or impose data localization requirements with respect to certain personal information. These laws have the potential to increase costs of compliance, risks of noncompliance and penalties for noncompliance.
Efforts to ensure that our business arrangements with third parties will comply with applicable healthcare laws and regulations will involve substantial costs. If our operations are found to be in violation of any of these laws or any other governmental regulations that may apply to us, we may be subject to significant civil, criminal and administrative penalties, damages, disgorgement, fines, imprisonment, exclusion from government funded healthcare programs, such as Medicare and Medicaid, additional oversight and reporting obligations, contractual damages, reputational harm, diminished profits and future earnings, and the curtailment or restructuring of our operations. If any of the physicians or other healthcare providers or entities with whom we expect to do business is found not to be in compliance with applicable laws, that person or entity may be subject to significant criminal, civil or administrative sanctions, including exclusions from government funded healthcare programs.
We depend on our information technology systems and those of our third-party collaborators, service providers, contractors or consultants. Our internal computer systems, or those of our third-party collaborators, service providers, contractors or consultants, may fail or suffer security breaches, disruptions, or incidents, which could result in a material disruption of our development programs or loss of data or compromise the privacy, security, integrity or confidentiality of sensitive information related to our business and could harm our reputation, business, financial condition or results of operations.
In the ordinary course of our business, we collect, store and transmit large amounts of confidential information, including intellectual property, proprietary business information and personal information. Our internal technology systems and infrastructure, and those of our current or future third-party collaborators, service providers, contractors and consultants are vulnerable to damage from computer viruses, unauthorized access or use resulting from malware, natural disasters, terrorism, war and telecommunication and electrical failures, denial-of-service attacks, cyber-attacks or cyber-intrusions over the Internet, hacking, phishing and other social engineering attacks, persons inside our organizations (including employees or contractors), loss or theft, or persons with access to systems inside our organization. Attacks on information technology systems are
42