Lindsay Clarke, Alliance for Aging Research
The Alliance for Aging Research is continuing to produce educational “pocket films” on a variety of topics, including safe use of OTC pain medications, vaccination in older adults, and volunteering for a clinical trial. The films can be found online at www.youtube.com/allianceforaging, and the Alliance encourages partners, academics, HCPs, and more to use the films in their outreach and education for patients.

The Alliance has also been continuing to focus on geriatric cardiovascular disease and the unique needs of older adults. On February 22, the Alliance hosted the first-ever National Heart Valve Disease Awareness Day, focused on raising awareness about this deadly disease. A national public opinion survey found that three out of four people know little to nothing about heart valve disease, underscoring the need for a nationwide awareness campaign. More information is available at www.ValveDiseaseDay.org.

Last September—during AFib Awareness Month—the Alliance launched a campaign to help patients and healthcare providers better understand AFib-related stroke risk, and celebrate every year lived with a non-event. We are aware that older AFib patients at heightened stroke risk often don’t receive the treatment they need due to fears of frailty and falls. This campaign at www.YearWithoutaStroke.org seeks to change the conversation about stroke risk reduction in AFib.

In October, the Alliance will host a geriatric mental health roundtable, in partnership with the UC San Diego Center for Healthy Aging. The discussion will focus on mental health issues accompanying dementia, depression and suicide, and serious mental illness and alcohol abuse. The results of the discussion will be released in a white paper.

Finally, the Alliance is continuing its work on healthcare-associated infections, and will be releasing a white paper on HAIs in long-term care facilities. 

For additional information on any of these projects, please contact Lindsay Clarke at lclarke@agingresearch.org.

Lisa Coen, AMAG Pharmaceuticals
AMAG Pharmaceuticals is working to expand beyond its focus on maternal health to the broad spectrum of women’s health. 

Naomi Michaelis, American Society of Health-System Pharmacists (ASHP)
ASHP reported that legislation addressing access to care in medically underserved areas is gaining support in Congress. Efforts to advance H.R. 592 and S. 109 (The Pharmacy and Medically Underserved Areas Enhancement Act) continue as the Patient Access to Pharmacists’ Care (PAPCC) Coalition makes a push to include the bill in a future Medicare legislative package. While the long term agenda for Congress remains somewhat unclear, PAPCC believes there may be an opportunity to insert the bill language into a must pass health care bill such as the Children’s Health Insurance (CHIP) reauthorization. Further, the bills have widespread bipartisan support with more than 180 cosponsors in the House and more than 40 in the Senate. The PAPCC (http://pharmacistscare.org/) is a multi-stakeholder and interdisciplinary initiative. Membership is comprised of organizations representing patients, pharmacists, and pharmacies, as well as other interested stakeholders, including NCL.

In addition, ASHP joins many health care and consumer stakeholders in expressing concern over skyrocketing prescription drug prices. As a lead member of the Campaign for Sustainable Rx Pricing, ASHP has been urging Congress to explore public policies to address this growing problem. CSRxP (http://www.csrxp.org/) is a non-partisan coalition comprised of hospitals, physicians, nurses, consumers, health plans, pharmacists, and employers.

Sara Skubikowski, Association for Accessible Medicines (AAM)
To better reflect its mission, the Generic Pharmaceutical Association rebranded itself as the Association for Accessible Medicines in February. On June 7, the Biosimilars Council, a division of AAM, partnered with The Atlantic for the third in a series of biosimilar breakfast briefings as part of The Atlantic’s Politics & Policy series. On June 12, AAM released its ninth annual Generic Drug Access & Savings in the U.S. report, which found that generic drugs generated $253 billion in savings for patients and taxpayers in 2016, and $1.67 trillion over the last decade. On the policy front, AAM is supporting the CREATES Act (S. 974/H.R. 2212) and the FAST Generics Act (H.R. 2051), which would address abuses by certain brand companies of the Risk Evaluation and Mitigation Strategies (REMS) and other non-FDA mandated restricted access drug programs to prevent generic competition, which CBO estimates will cost taxpayers between $2.8-$3.3 billion over the next decade.

Christeen Moburg, Astellas
Entering its second year, the Astellas Oncology C³ Prize® is once again calling for applicants from all over the world and from all backgrounds to submit their ideas for innovations to change cancer care. The C³ Prize, which aims to inspire and foster innovative, non-medical, non-treatment ideas, is offering $100,000 in unrestricted grants and access to mentorship to bring the brightest ideas to life. The Grand Prize Winner will receive a personal business consultation with Robert Herjavec, star of ABC’s Emmy Award-winning television show Shark Tank, technology entrepreneur, and cancer caregiver. Each runner-up will receive a $12,500 grant from Astellas, and all the finalists will receive a one-year nights and weekends membership to MATTER, a healthcare innovation community. Applications are being accepted at www.C3Prize.com through August 21, 2017.

Mark Gibbons, Caregiver Action Network (CAN)
Caregiver Action Network (CAN) recently released a video series on Chronic Obstructive Pulmonary Disease (COPD), and will be releasing another series on Multiple Sclerosis (MS). With a grant from the Patient-Centered Outcomes Research Institute (PCORI), CAN just completed its first training in its Equipping You for Success: Training for Family Caregivers in Team-Based Medical Decisions program. The training program is designed to help caregivers and patients be better informed and thus better prepared to make treatment decisions based on comparative effectiveness research.

Mary Leonard, Consumer Healthcare Products Association (CHPA)
Know Your Dose Campaign: The Know Your Dose (KYD) campaign’s latest cold and flu rally was a resounding success. Since launching in November 2016, the rally has generated nearly 77 million impressions—more than triple the previous year’s rally. Dr. John Whyte of U.S. FDA’s Center for Drug Evaluation and Research has been highly engaged, recently authoring OTC Medicines: What Parents Need to Know, which highlights the importance of safe use, storage, and disposal of over-the-counter medicines. In March, the foundation released the findings of its nationwide survey showing a positive trend in consumer knowledge of acetaminophen safe use. Over the past six years: more people than ever are aware of how to use products containing acetaminophen safely and effectively, while avoiding the risks of accidental overdose and liver damage.

Up and Away Campaign: Poison Prevention Week: The CHPA Foundation partnered with CDC’s Medication Safety Program to reinforce awareness of safe medicine storage during Poison Prevention Week (March 19-25). The campaign featured a digital toolkit and educational materials that were disseminated and shared through the PROTECT Initiative, an innovative collaboration bringing together public health agencies, private sector companies, professional organizations, consumer/patient advocates, and academic experts to develop strategies to keep children safe from unintentional medication overdoses. The efforts garnered more than 2 million impressions and featured pickup from media outlets throughout the nation.

Sloane Salzburg, Council for Affordable Health Coverage (CAHC)
The Council for Affordable Health Coverage (CAHC) has issued recommendations to ensure insurance market stabilization and longer-term health care reform. CAHC has recently launched a new initiative called Prescriptions for Affordability, which is advocating for bipartisan policy solutions to lower drug costs. Prescriptions for a Healthy America (P4HA) is advocating for a medication adherence-specific regulatory safe harbor to the anti-kickback statute. In addition, P4HA recently celebrated a win when the Senate Finance Committee included an amendment to S. 870, the Creating High-Quality Results and Outcomes Necessary to Improve Chronic (CHRONIC) Care Act, which would provide Medicare Parts A and B claims data to Part D Plans in order to enhance the effectiveness of current and future medication management programs.

Marsha Henderson, FDA Office of Women’s Health (FDA/OWH)
FDA/OWH’s Diverse Women in Clinical Trials Initiative continues to raise awareness about women of different ages, races, ethnic backgrounds, and health conditions participating in clinical trials. In May, OWH released new foreign language clinical trials factsheets. A research paper on women and cardiovascular disease trials is forthcoming. OWH’s Resources for You and Your Baby initiative is also working to provide consumers with information on safe medication use. The Medicines and Pregnancy webpage was updated with new consumer tips and graphics in English and Spanish. OWH also released new web buttons that partners can use to connect pregnant women who use medicines to FDA’s Pregnancy Exposure Registry web portal.

Lastly, OWH is supporting new activities mandated by the 21^st Century Cures Act, including the HHS taskforce on the inclusion of pregnant and lactating women in clinical trials and the response to the opioid epidemic—with a focus on women and pain management.

Tom Wallace, Eli Lilly and Company
Eli Lilly remains committed to developing an Alzheimer’s treatment and is also involved in raising awareness of the disproportionate impact Alzheimer’s has on women, both as patients and as caregivers. People might not know it, but Eli Lilly is the second largest animal health company. As such, Lilly is working on antibiotic resistance and food security issues.

Kelly Cox, Johnson & Johnson
J&J has a diverse portfolio of products, ranging from Ebola and HIV vaccines to OTC sunscreen and acetaminophen. As a result, J&J is working on a broad spectrum of issues, including improving standards for cosmetic safety and supporting the reauthorization of the Prescription Drug User Fee Act (PDUFA) and the Medical Device User Fee Amendments (MDUFA). Ebola highlighted the risk of pandemics that currently exists, and J&J cosponsored a June 20 discussion of Unseen Enemy—a documentary that recently aired on CNN about the increased threat of epidemics and the important policy challenges facing our country and our global allies. In addition, in February 2017, Janssen Pharmaceuticals released its 2016 U.S. Transparency Report that includes information on pricing and other business practices, covering everything from discovery to the commercialization of pharmaceuticals.  

Lee Lynch, Lynch Advocacy Solutions/Reservoir Communications Group
Lee is currently working with the Modern Medicaid Alliance to raise awareness of the value provided by Medicaid. She is also working on the safe distribution of drugs and behavioral health screenings.    

Brian Isetts, University of Minnesota College of Pharmacy
Since his Health Policy Fellowship at CMS, Dr. Isetts has maintained a focus on national initiatives to help patients and families become confident medication users. Here are a couple of links that provide helpful information in support of our national Patient-driven Medication Management agenda: CMS Campaign for Meds Management and the American Society of Health-System Pharmacists’ Medication Use Recommendations to the Choosing Wisely Campaign.

Bruce A. Leicher, Momenta Pharmaceuticals
Momenta is focused on the development of generic versions of complex drugs, biosimilar and potentially interchangeable biologics, and on the discovery and development of novel therapeutics for autoimmune indications. The company currently has seven biosimilars in development. On the policy front, Momenta seeks to use innovation to develop affordable medicine for patients. A current policy initiative is to support proposed legislation (Fast Generics Act or the CREATES Act) to end the anticompetitive practices of some companies that deny access to their products for use in generic or biosimilar development programs.

Anne Wilson, Mylan
Mylan has one of the broadest and most diverse generic medicine portfolios, with more than 7,500 marketed products in areas including oncology, cardiovascular disease, diabetes, HIV, and autoimmune diseases. Mylan is committed to making high-quality medicines available to everyone who needs them, and manufactures 80 billion doses of medicine annually. On the policy front, Mylan supports a robust biosimilar pathway and reimbursement, as well as pathways for complex generics.

Michael Wittke, National Alliance for Caregiving
In February, the National Alliance for Caregiving released a research report titled Dementia Caregiving in the U.S. Dementia caregivers shoulder more caregiving responsibilities than do other caregivers. They help with a wider variety of activities and spend more hours per week providing care. On average, dementia caregivers provide care for 28 hours per week. Dementia Caregiving in the U.S. analyzes the experiences of providing unpaid care in the United States to a relative or friend diagnosed with Alzheimer’s disease, dementia, or other mental confusion, with the goals of both understanding the experiences of people caring for someone with dementia and identifying approaches to enhance and support this unique caregiving experience. The National Alliance for Caregiving draws its analyses from the nationally representative study Caregiving in the U.S. For more information on the National Alliance for Caregiving, please visit www.caregiving.org.   

Gay Johnson, National Association of Nurse Practitioners in Women’s Health (NPWH)
NPWH’s fourth annual Women’s Sexual Health Course for NPs took place June 8-11, 2017, in Baltimore, MD. Registration is now open for the 20^th annual Premier Women’s Healthcare Conference, being held October 11-14 in Seattle, WA. NPWH is one of four partners in the ACOG-led Women’s Preventive Services Initiative, dedicated to improving the well-being of women across the country by providing updated recommendations, and developing new ones, for the Women’s Preventive Services Guidelines. NPWH is also working to address the shortage of women’s health providers, and is committed to bringing WHNPs voice to the table. Finally, Healthy at Any Age: A Summit on Women’s Health After 50 will reconvene in the fall.

Susan Pilch, National Community Pharmacists Association (NCPA)
NCPA is currently working on Medicare Part D and fees charged to pharmacists by Pharmacy Benefit Managers (PBMs) after the point of sale. This practice raises out-of-pocket costs to beneficiaries and is disruptive to pharmacists.

Deborah Davidson, National Council on Patient Information and Education (NCPIE)
Celebrating its 35^th anniversary, NCPIE recently launched its new website, www.bemedwise.org. With a grant from Pfizer Consumer Health, NCPIE will release a report on self-care in the coming weeks.

Erin Mackay, National Partnership for Women & Families (NPWF)
As Theresa Chalhoub mentioned during the Panel discussion at NCL’s Health Advisory Council meeting, the National Partnership for Women & Families is on the Steering Committee of the Protect Our Care coalition, which is focused on protecting the Affordable Care Act. In addition, the National Partnership is working on delivery system reform and improving access to medical records for patients. Unfortunately, patient portals, as they currently exist, often cause confusion and frustration for patients. The Partnership is also participating in efforts to reconcile and exchange digital medication lists, which will help improve medication adherence and care coordination.

Ernie Boyd, Ohio Pharmacists Association (OPA)
As the Script Your Future – Ohio Coordinator, the Ohio Pharmacists Association (OPA) is well aware that only about one-half of Americans take their medications as prescribed. This contributes to the overall burden and toll of chronic disease on the population and to a vast portion of unnecessary health care and costs. These issues motivated Ohio-based CareSource, one of the country’s largest Medicaid managed care plans, to offer a medication therapy management (MTM) benefit to all of its beneficiaries. Total savings from the program, including avoided hospitalizations, emergency department visits, and other unnecessary health care consumption, yielded an ROI of $4.40 for every $1 spent. Building on these results, Ohio has been working to have pharmacists recognized and reimbursed as healthcare providers. In Ohio, pharmacists can now administer all CDC-recommended vaccinations as well as long-acting mental health medications. Another new law allows collaborative agreements with physicians, allowing pharmacists to manage and modify a patient’s drug therapy, including prescribing and ordering lab tests for medication management. OPA is also actively engaged in trying to address the opioid abuse epidemic, which claimed the lives of 4,000 Ohioans last year.

Myisha Gatson, Pharmaceutical Research and Manufacturers of America (PhRMA)
PhRMA recently launched its Go Boldly campaign on biopharmaceutical innovation, which highlights innovative research and technological breakthroughs of America’s biopharmaceutical industry and the people behind the fight to prevent, treat, and cure disease. PhRMA is working to secure policies that will support the modernization of the drug and discovery process, as well as value-driven healthcare purchasing. PhRMA is working to ensure additional oversight and reforms to the 340 B program. Finally, PhRMA is working to educate the public and policy makers on the dangers of drug importation.

Amy Sonderman, U.S. Pharmacopeial Convention (USP)
Responding to the concern and need for consistent quality in dietary and nutritional supplements, USP founded the Dietary Supplements Quality Collaborative (DSQC). This multi-stakeholder partnership is pursuing consensus-based initiatives focused on public and private efforts to improve the quality of products marketed as dietary supplements. In addition to DSQC, USP is working on updating its sterile compounding standards. USP also launched the Quality Institute, a major new initiative that will generate research and evidence to better inform conversations relating to the value of quality. 

Issue 47 | June 7, 2017

#DataInsecurity Digest: Credit unions pushing for retailer standard; Kmart and OneLogin breaches

By John Breyault (@jammingecono, johnb@nclnet.org)
NCL Vice President of Public Policy, Telecommunications and Fraud

Subscribe here. Tell us what you think.

Editor’s Note: Credit unions, which incurred an average of $226,000 each in costs responding to data breaches in 2014, are ramping up pressure on Congress to pass a data security standard for retailers, as new breaches were announced at Kmart and OneLogin. Consumers themselves got a bit of a break recently, as Target agreed pay out a record-breaking $28.5 million settlement with numerous state attorney generals, stemming from its massive 2013 breach. Meanwhile, the FDIC was once again put on notice by the Government Accountability Office for not using strong enough encryption methods. Finally, a group of Democratic senators is calling on the FBI to investigate a DDoS attack on the FCC’s electronic filing system, which may have prevented consumers from filing comments in the agency’s ongoing net neutrality proceeding.

And now, on to the clips!

—————–

Credit unions: Time for a retailer data security standard. The fact that banks must abide by the Gramm-Leach-Bliley Act’s strict data security standard while retailers (whose point of sale systems are a key target for criminal hacking) are exempt has long rankled the banking industry. That’s one reason why the National Association of Federally-insured Credit Unions (NAFCU) is ramping up the pressure on Congress to pass a retailer data security standard law. NAFCU head @BDanBerger writes that “[e]very time there is a retailer data-security breach, credit unions step forward to make their members whole. A NAFCU survey found that its member credit unions paid an average of $226,000 each in costs associated with retailer data breaches in 2014.” (Source: Credit Union Journal)

Data breaches will cost business $8 trillion in the next five years. @JuniperNetworks’s new report also forecasted that “the number of personal data records stolen by cybercriminals will reach 2.8 billion in 2017, almost doubling to 5 billion in 2020, despite new and innovative cybersecurity solutions emerging.” (Source: Juniper)

Breach du jour: Kmart. @briankrebs is reporting that Kmart suffered from its second point-of-sale data breach in three years. Kmart’s parent company, Sears, would not comment “on how many of Kmart’s 735 locations nationwide may have been impacted or how long the breach is believed to have persisted, saying the investigation is ongoing.” (Source: Krebs on Security)

Target pays out $18.5 million to settle 2013 data breach investigations. Target’s 2013 breach “affected more than 41 million customer payment-card accounts and exposed contact information of more than 60 million customers.” The settlement represents the largest multi-state accord ever reached over a data breach. The $18.5 million settlement is in addition to the $10 million Target has already paid out to harmed consumers in 2015. (Source: Bloomberg)

GAO puts FDIC on notice regarding cybersecurity. The agency charged with insuring our bank deposits was found to have “significantly deficient” cybersecurity by the Government Accountability Office. Among other things, the GAO faulted the Federal Deposit Insurance corporation for “not using strong encryption when users connect to certain sensitive systems.” (Source: Next Gov)

Democratic senators request FBI investigation into FCC DDoS attack. On May 8, the FCC claimed that the crash of its electronic filing system, which prevented consumers from filing comments on net neutrality, was the result of a distributed denial of service (DDoS) attack. Last week, Democratic Senators Brian Schatz (D-HI), Al Franken (D-MN), Patrick Leahy (D-VT), Ed Markey (D-MA), and Ron Wyden (D-OR) sent a letter to acting FBI Director Andrew McCabe requesting an investigation, stating that “[a]ny cyberattack on a federal network is very serious.” (Source: The Hill)

Quick hit: Ransomware insurance claims more than double. A year ago, ransomware insurance claims were “just over a tenth of cyber insurance claims, but that figure is now almost a quarter, according to data from insurer CFC Underwriting.” (Source: Financial Times)

Breach du Jour part deux: OneLogin. The identity management firm that “secures connections across all users, all devices, and every application” announced that a “threat actor” had accessed database tables including “information about users, apps, and various types of keys,” which may have allowed them to decrypt customers’ encrypted information. This marks the second breach OneLogin has suffered in the last year. (Source: Ars Technica)

National Consumers League
Published June 7, 2017

Issue 45 | May 10, 2017

#DataInsecurity Digest: Macron hacked; Google Docs attack hits 1 million users

By John Breyault (@jammingecono, johnb@nclnet.org)
NCL Vice President of Public Policy, Telecommunications and Fraud

Subscribe here. Tell us what you think.

Editor’s Note: The hacking of French President-elect Emmanuel Macron’s campaign last week has all the hallmarks of another Russia-based attempt to affect a Western election. Although, security experts are cautioning that we shouldn’t rush to judgment just yet. On the government data security front, the Trump Administration’s long-rumored cyber order has leaked. The new strategy document unsurprisingly gives a big role to the National Institute of Standards and Technology’s cybersecurity framework. Not to be outdone, the Department of Homeland security (DHS) has a new report warning federal workers to beware of the security vulnerabilities in their government Blackberrys and iPhones.

And now to the clips!

—————–

Macron campaign hack: Signs point to Russians, but not conclusive yet. The massive hack of French President-elect Emmanuel Macron’s En Marche party was front-page news in the waning hours of its campaign. While similarities to the hacks of the Hillary Clinton campaign last year immediately raised suspicion of Russian involvement, many data security experts are cautioning against a rush to judgment. @a_greenberg reports, “‘I do think this is more likely than not a Russian operation, but I’d put this at more like 60 percent at this stage,’ says [Kings College London Professor Thomas] Rid, who recently testified at a Senate hearing about Russian interference in the US presidential election. In that case, by contrast, Rid says he has zero doubt that the Kremlin—and specifically a hacking group known as Fancy Bear, or APT 28—was the culprit. But in the Macron case, Rid says, ‘none of the pieces of evidence that has come out so far is particularly strong in forensic terms. We only have circumstantial evidence. We can’t exclude the possibility that someone is trying to frame someone else.’” (Source: WIRED)

Google Docs phishing attack affects 1 million Gmail users. Think twice before clicking on that automated email from Google Docs . Last week’s attack was quickly shut down by Google, but not before approximately 1 millions users received the spammed messages. @mike_mimoso writes, “The messages were a convincing mix of social engineering and abuse of users’ trust in the convenience of mechanisms that share account access with third parties. Many of the phishing messages came from contacts known to victims since part of the attack includes gaining access to contact lists.” (Source: Threatpost)

New Trump cybersecurity order draft similar to February draft. An updated draft of the long-delayed Trump Administration’s cybersecurity order is making the rounds and the outlines show some broad changes from the previous version. @Joseph_Marks_ reports, “…some of the language has been changed significantly, especially on a plan to foster international cooperation in cyberspace. … Those similar elements include mandating federal agencies adopt cybersecurity best practices outlined in the National Institute of Standards and Technology’s cybersecurity framework and a requirement that government leaders be held accountable for cyber lapses at their agencies.” (Source: NextGov)

Insecure government mobile devices raise alarm bells at DHS. A new report from the Department of Homeland Security (DHS) is calling attention to the security vulnerabilities of mobile devices used by many federal government employees. “The federal government also comprises only a small fraction of mobile carriers’ customer base so it cannot exert significant market pressure on carriers to boost security,” writes @Joseph_Marks_. “The government should mitigate those weaknesses by focusing efforts where it does wield power, such as promoting cross-government mobile security standards and working cooperatively with industry,” the DHS report stated (Source: NextGov)

Anatomy of a breach: Hackers exploited known vulnerability for months. It seems simple. Hackers develop an attack based on a new bug. The software vendor fixes the problem and ships a security update. The hackers move on to the next exploit. But as Microsoft security flaw CVE-2017-0199 demonstrated, it’s not always that easy. @josephmenn reports, “The bug was unusually dangerous but of a common genre: it was in Microsoft software, could allow a hacker to seize control of a personal computer with little trace, and was fixed April 11 in Microsoft’s regular monthly security update. But it had traveled a rocky, nine-month journey from discovery to resolution, which cybersecurity experts say is an unusually long time. … The saga shows that Microsoft’s progress on security issues, as well as that of the software industry as a whole, remains uneven in an era when the stakes are growing dramatically.” (Source: Reuters)

Breach du jour: Chipotle. Mexican-American restaurant chain Chipotle is investigating a data breach “on a system used to help process payments for purchases made inside its restaurants, though offered no details on specific locations that may have been affected.” Chipotle does not know which locations have been affected yet, but the suspicious activity occurred between March 24 and April 18. (Source: The Hill)

Are more breaches to come? @Bing_Chris reported that the same group behind the Chipotle breach (FIN7) is also targeting other national restaurant franchises, such as Baja Fresh and Ruby Tuesday. The article also found that, “More than 20 U.S.-based hospitality companies — the sector that includes hotels and restaurants — have been successfully hacked by FIN7 since the summer of 2016.” (Source: Cyberscoop)

Democrats urge OPM to streamline cybersecurity hiring. In a letter to OPM’s acting director, the New Democrat Coalition’s Cybersecurity Task Force stated that while “our country faces unprecedented cybersecurity challenges… the federal government struggles to recruit and retain qualified cyber professionals.” The letter further urged OPM to fill the empty cybersecurity jobs by exploring “ways to adjust job requirements and streamline the hiring process for federal cybersecurity jobs, including looking to the private sector for ideas.” (Source: The Hill)

180,000 patient records breached. TheDarkOverlord (the same hacker that dumped free bootleg copies of Netflix’s Orange is the New Black and is threatening to do the same for other Netflix shows) dumped 180,000 records from three separate hacks last week. Patients of Aesthetic Dentistry in New York City, OC Gastrocare in California, and Tampa Bay Surgery Center all had their personal medical information compromised. (Source: databreaches.net)

—————–

Upcoming events

May 24, 2017 – Planning for the Future: A Conference About Identity Theft – Washington, DC
The FTC will host an all-day conference to take a comprehensive look at how identity theft has evolved over the last decade and what can be done to address this challenge in the future. The conference will be used to gather input from academics, business and industry representatives, government experts, and consumer advocates. Participants will look at the current state of identity theft, examine potential future challenges, and discuss how to address these issues.

May 25, 2017 – Workshop on Technology and Consumer Protection (ConPro ’17) – San Jose, CA
At this year’s 38th IEEE Symposium on Security and Privacy, a Workshop on Technology and Consumer Protection (ConPro’17) will explore computer technology’s impact on consumers, with a special focus on privacy and ways in ”which computer science can prevent, detect, or address the potential for technology to deceive or unfairly harm consumers.” ConPro’17 aims to bring together academic and industry researchers along with government officials.

National Consumers League
Published May 10, 2017

Issue 43 | April 12, 2017

#DataInsecurity Digest: Q&A with Koskinen, Trump rolls back broadband privacy protections, more woes for Arby’s

By John Breyault (@jammingecono, johnb@nclnet.org)
NCL Vice President of Public Policy, Telecommunications and Fraud

Subscribe here. Tell us what you think.

Editor’s Note: With Tax Day right around the corner, we are excited to bring you a timely interview with IRS Commissioner John Koskinen as part of our #DataInsecurity Thought Leaders series. Cmmr. Koskinen answered a range of questions about the agency’s success at reducing tax identity fraud rates and dealing with fraudsters using stolen data. Excerpts from our chat are below and the full interview is available here.

Bucking sweeping public opinion, President Trump signed a repeal of the FCC’s broadband privacy rule last week. As a result, ISPs will be able to collect and sell user’s browsing history and precise location without first obtaining consent. The repeal also exempts ISPs from the Rule’s proposed data security and breach notification requirements. While the ISPs say this will allow for a level playing field and less confusion for consumers, advocates were outraged at the move and are vowing to continue the fight. Don’t look for help from Congress any time soon, however, as the Administration says not to expect movement on comprehensive privacy legislation for the foreseeable future. Meanwhile, eight different banks and credit unions are suing Arby’s as a result of its February data breach. In addition, Scottrade customers became the latest data breach victims, when their Social Security numbers were left in the cloud unsecured. Finally, data security was the cover story this month in The Economist, which said that greater government involvement to prod companies to better protect data security could be beneficial.

—————–

Preview of #DataInsecurity Thought Leaders interview with IRS Commissioner John Koskinen

We are pleased that IRS Commissioner John Koskinen was kind enough to take a break at the height of tax season to answer a series of questions about tax identity fraud and the link between data breaches of tax information and scams. Here’s an excerpt; read the full interview here.

NCL: Tax identity fraud remains a top concern for many consumers. For example, employment or tax-related identity fraud remains the top type of ID theft complaint filed with the FTC. For its part, the IRS has shown significant progress in reducing rates of tax identity fraud in recent years. To what do you credit this success and what remains to be done?

Commr. Koskinen: We made tremendous progress in stopping fraudulent returns. Because we did a better job keeping bad returns from ever entering our systems, we saw a 30 percent drop in the number of confirmed identity theft returns caught by our filters. We saw a 50 percent decrease in the number of questionable refunds being issued and stopped by banks. And, most importantly, we saw a 46 percent decline in the number of taxpayers reporting to us that they were victims of tax-related identity theft.

The amount of progress we made is tremendous, but we are not declaring victory. There is still much work to be done. We enacted even more “trusted customer” features for the 2017 tax season and, though we have limited data, we believe we are on the right path and are continuing our progress. Congress also gave us a tremendous tool. They passed legislation requiring Form W-2s to be filed with the IRS in January instead of March. This helps us match the income information, which is very helpful to stopping identity theft and fraud.

Read our full interview with IRS Commissioner John Koskinen.

—————–

This edition’s clips

Economist cover: ‘How to manage the computer-security threat.’ The Economist magazine devoted its lead this week to the need for governments to take a stronger role in prodding industry to take data security seriously. “Firms should recognise that, if the courts do not force the liability issue, public opinion will. Many computer-security experts draw comparisons to the American car industry in the 1960s, which had ignored safety for decades. … [I]magine the clamour for legislation after the first child fatality involving self-driving cars.” (Source: The Economist)

Trump signs repeal of FCC’s broadband privacy rules. After partisan votes in both the House and Senate advanced a Congressional Review Act resolution to repeal the FCC’s broadband privacy rules, President Trump signed the repeal into law last week. @davidshepardson reports that the rules “would have required internet providers to obtain consumer consent before using precise geolocation, financial information, health information, children’s information and web browsing history for advertising and marketing.” The CRA prevents the FCC from ever reintroducing similar rules without direct Congressional approval. (Source: Reuters)

Quick Hit: Nearly 75 percent of Republicans and Democrats wanted Trump to veto the repeal of the broadband privacy rule. A Huffington Post/YouGov poll found that just 8 percent of Republicans, Democrats, and Independents wanted Internet providers to share their personal information; 83 percent% did not want their data collected. (Source: Huffington Post)

White House lowers expectations for privacy protections. Proponents of repealing the FCC’s privacy protections argued that the rules were unfairly stricter than protections in place for websites. Privacy advocates now have to hope that the rule’s repeal will push Congress to move toward providing comprehensive privacy protections for both ISP users and website visitors. @TonyRomm reports, however, that the White House is signalling that a comprehensive new rule will be unlikely in the short term as “the Trump administration’s chief legislative aide cast doubt on the idea, stating that ‘we were content right now on pulling back’ on the previous FCC’s privacy rules.” (Source: Recode)

Eight data breach lawsuits filed against Arby’s. Banks, credit unions, and customers have filed lawsuits against Arby’s claiming damages from the fast food chain’s February data breach. One of the credit unions suing Arby’s–North Alabama Educators Credit Union–stated in its lawsuit that “hundreds of thousands, if not millions, of credit and debit cards… were compromised due to Arby’s severely inadequate security practices… Arby’s actions and omissions left highly sensitive Payment Card Data of the Plaintiff’s customers exposed and accessible for hackers to steal for nearly three months.” (Source: Associated Press)

Breach du Jour: 20,000 Scottrade accounts. The stock trading company Scottrade accidentally left sensitive information unprotected in the cloud. The information included Social Security numbers, plain text passwords, and employee credentials used to obtain credit reports. Scottrade Bank stated that “it believes contact information was the primary goal of those responsible for compromising the database where the data was stored.” (Source: CSO)

GameStop investigates possible data breach. @briankrebs is reporting that retailer GameStop is investigating a possible credit card hack after credit cards used on its website were found for sale on the Dark Web. The alleged breach occurred between September 2016 and February 2017 and is believed to have compromised “customer card numbers, expiration dates, names, address and card verification values (CVV2), usually a 3-digit security code printed on the backs of credit cards.” (Source: Krebs on Security)

95,000 Canadian McDonald’s job applications stolen. Job applications submitted by anyone who applied for a job at a Canadian McDonald’s between March 2014 and March of 2017 have been stolen by hackers. @neuwaves reports that “McDonald’s seems to be a bit of a target for hackers lately, since its corporate Twitter account was allegedly compromised earlier in March.” (Source: Motherboard)

Are software developers responsible when their products are misused? The FBI recently arrested Taylor Huddleston for aiding hackers after the software he created — “Net Seal” — was used by hackers for fraudulent purposes. It seems that while Huddleston designed his software to remove fraudulently purchased programs from computers, hackers used the remote access feature of the software as a way to breach computers. Huddleson made a point of preventing his software from being used improperly. “Whenever he saw evidence that a particular buyer was using the product to hack, he’d log in to Net Seal and disable that user’s copy, cutting the hacker off from his infected slaves.” In spite of this, Huddleson faces jail time should the FBI succeed with its prosecution. (Source: The Daily Beast)

—————–

Upcoming events

May 24, 2017 – Planning for the Future: A Conference About Identity Theft – Washington, DC
The FTC will host an all-day conference to take a comprehensive look at how identity theft has evolved over the last decade and what can be done to address this challenge in the future. The conference will be used to gather input from academics, business and industry representatives, government experts, and consumer advocates. Participants will look at the current state of identity theft, examine potential future challenges, and discuss how to address these issues.

May 25, 2017 – Workshop on Technology and Consumer Protection (ConPro ’17) – San Jose, CA
At this year’s 38th IEEE Symposium on Security and Privacy, a Workshop on Technology and Consumer Protection (ConPro’17) will explore computer technology’s impact on consumers, with a special focus on privacy and ways in ”which computer science can prevent, detect, or address the potential for technology to deceive or unfairly harm consumers.” ConPro’17 aims to bring together academic and industry researchers along with government officials.

National Consumers League
Published April 12, 2017

Thank you for purchasing tickets to the 2019 Trumpeter Awards Dinner!

We appreciate your support and look forward to a wonderful evening of celebration.

You should receive email confirmation and a receipt shortly.

When
October 22, 2019 at 6pm

Where
The Mayflower Hotel
1127 Connecticut Ave NW, Washington, DC 20036

For questions about your purchase or about the Trumpeter Awards generally, contact

Molly Harman
mollyh@nclnet.org

(202) 207-2828