AARP
Recently AARP has been testifying before Congress and speaking out in other ways about prescription drug prices. We’ve encouraged AARP members to learn more about candidates’ positions on prescription drug pricing in advance of the 2018 elections, and we will soon be releasing new Rx Price Watch reports. In addition, we’ve just released the 2018 edition of Across the States: Profiles of Long-Term Services and Supports, which provides comparable state data, rankings, and national averages on a range of LTSS indicators.
Alliance for Aging Research
On July 24, 2018 the nation’s leading heart disease patient advocates announced the launch of the Heart Valve Disease Policy Task Force, a coalition of non-profit organizations uniting for a common voice in support of improved access, research, and awareness on heart valve disease detection and treatment. The Task Force will work with patients, medical providers, and key policymakers to focus attention on national policy issues affecting the diagnosis and treatment of heart valve disease.
The first issue that the Task Force is engaging in is the Centers for Medicare and Medicaid Services (CMS) National Coverage Determination of a minimally-invasive valve disease treatment called transcatheter aortic valve replacement (TAVR). CMS announced recently its plans to reevaluate if, and under what circumstances, it will pay for TAVR. The biggest debate regarding this coverage decision is whether the government should continue to require a minimum number of annual surgical and interventional cardiac procedures for a hospital to maintain a TAVR program. Learn more about the launch and the activities of the Task Force.
AMAG Pharmaceuticals
AMAG President and CEO Bill Heiden will chair the 2019 Boston March for Babies, which will take place Saturday, May 11 in Boston. The Boston walk is expected to raise $800,000, placing it among the five largest March of Dimes walks in the country. As chair of the Executive Leadership Team, Bill will be leading a group of a dozen Boston-area executives to raise funds and awareness of the walk. AMAG is the event’s presenting sponsor for the third consecutive year, with employees raising nearly $75,000 to support MoD.
America’s Health Insurance Plans
Across the country, America’s Health Insurance Plans (AHIP) is educating consumers and policymakers on the innovations in health insurance today. The “Better Care” initiative highlights the value and innovation stories about how health insurers are helping to bring about the best possible care and health for consumers. Oftentimes, challenges in transportation, language, and social barriers stand in the way of patients receiving optimal care; this initiative seeks to build awareness about the changing role of insurers across the country in improving and expanding access to health. This year, AHIP has engaged in “Better Care” campaigns in eight states, with activities including media interviews and op-eds, digital testimonial sharing, policymaker education and “Value Forums” – all showcasing insurer innovation in areas such as telehealth, preventive care, senior health, mental health, women’s health, combatting the opioid epidemic, and Medicare Advantage.
American Medical Women’s Association
The American Medical Women’s Association (AMWA) has launched a campaign to educate physicians about the rise of counterfeit drug use. This initiative was motivated in large part by the recent NCL Health Advisory Council meeting and the fact that many physicians are not aware of the widespread use of online pharmacies, which are usually unlicensed and unregulated.
American Society of Health-System Pharmacists
The American Society of Health-System Pharmacists (ASHP), in collaboration with the American Society of Anesthesiologists, American Hospital Association, American Society of Clinical Oncology, and the Institute for Safe Medication Practices, convened the “Summit on Drug Shortages as a Matter of National Security: Improving the Resilience of the Nation’s Critical Healthcare Infrastructure” on September 20, 2018. The meeting examined drug shortages and their impact on national security and the healthcare infrastructure, including discussion of the vulnerabilities of the supply chain and foreign dependence on pharmaceutical ingredients, disaster planning and response, and evaluation of risk factors associated with pharmaceutical manufacturing and distribution. The day-long meeting included perspectives from both public and private stakeholders, and resulted in solutions-oriented recommendations and best practices to ensure supply chain security and continuity in the event of a disaster or attack. Meeting attendees included clinician groups such as the American Medical Association, nursing, emergency room physicians, and others, as well as industry and supply chain representatives, and members of the public sector including FDA, CDC, HHS, DoD and the VA. For additional information on drug shortages and other critical issues impacting the practice of pharmacy, ASHP invites you to attend its Midyear Clinical Meeting in Anaheim, California on December 2 – 6, 2018.
Association for Accessible Medicines
On September 4th, the Food and Drug Administration (FDA) held a public hearing on “Facilitating Competition and Innovation in the Biological Products Marketplace”. Association for Accessible Medicines (AAM) Senior Vice President of Policy & Strategic Alliances and Executive Director of AAM’s Biosimilars Council Christine Simmon used the opportunity to call on FDA to support key federal agencies and Congress around measures that will facilitate biosimilars competition. She noted that FDA approval is not enough on its own to unlock the cost-savings potential of biosimilar medicines. A fully mature biosimilars market will require the FDA to work alongside agencies like the Centers for Medicare and Medicaid Services (CMS), the U.S. Trade Representative (USTR), and the Patent and Trademark Office (PTO). Under those agencies’ jurisdictions fall a host of barriers, which are frustrating continued biosimilar development.
Following the FDA meeting, from September 5 to 7, AAM and the Council held the first GRx+Biosims Conference, a first-of-its-kind combined conference that united stakeholders to hear directly from government officials, learn best practices, and connect with peers in the generics and biosimilars industry. The three-day event was a resounding success with over 500 attendees. Several highlights came at the top of the conference with remarks from CMS Administrator Seema Verma as well as Dan Best, Senior Advisor to the Secretary for Drug Pricing Reform and John O’Brien, Advisor to the Secretary & Deputy Assistant Secretary (Health Policy), of the Department of Health and Human Services (HHS), who all expressed the Administration’s strong support for continued growth of generics and biosimilars and their commitment to lowering costs for patients.
BeMedWise Program at NeedyMeds
With the NCPIE – NeedyMeds transition completed, the BeMedWise program is finalizing the framework for the new BeMedWise Council. In the coming weeks, we will be inviting our former NCPIE members and stakeholders to participate. The BeMedWise Council partners will work collaboratively to identify and develop highly-relevant BeMedWise programs that support the BeMedWise program’s mission to promote the wise use of medicines through trusted communication for better health.
Upcoming BeMedWise Council engagement opportunities include the 33rd annual “Talk About Your Medicine’s” Month (TAYMM) in October. Our 2018 TAYMM theme is –Taking Action to Prevent Opioid Misuse and Abuse and we will be sending the comprehensive communications toolkit to our partners and stakeholders in the next few weeks. To kick off TAYMM, NeedyMeds will host a webinar on Opioid Safety on October 4, 2018 @ 1:30 PM Eastern Time – Learn more and Register here. Also new this year will be a dedicated “Talk About Your Medicines Month” website which will feature our customary tips/downloads, resources, past observances, and more.
Black Women’s Health Imperative
The Black Women’s Health Imperative (BWHI) advances and promotes Black women’s health through five priority areas: wellness, HIV prevention, reproductive justice, research translation, and policy and advocacy. BWHI is leading efforts on these critical issues with the inaugural release of Black Women Vote: The 2018 National Health Policy Agenda.
The Agenda was created to help inform policymakers and other stakeholders on the critical health policy issues that impact the well-being of Black women. Most importantly, this Health Policy Agenda provides an opportunity for Black women voters to engage in policy discussions to ensure that key health policy issues impacting Black women are taken into account in the political process. Less than 2 months away from the midterm elections, BWHI will debut the agenda on Friday, September 14, 2018, at the Congressional Black Caucus Foundation Health Braintrust: Truth and Reconciliation in Health. It will be available to the public on the same day. The agenda will also include a two-page, fill-in report card for voters to assess potential candidates’ policy positions.
BWHI is also shaping and supporting legislation to improve maternal health outcomes for Black women. BWHI recently endorsed Sen. Cory Booker’s bill — the Maximizing Outcomes for Moms through Medicaid Improvement and Enhancement of Services (MOMMIES) Act; Sen. Kamala Harris’ bill — the Maternal Care Access and Reducing Emergencies (CARE) Act; Rep. Robin Kelly’s bill — the Mothers and Offspring Mortality & Morbidity Awareness (MOMMA) Act, and its Senate companion.
If you or your organization are interested in learning more information about the agenda or upcoming legislation, please email tboyd@bwhi.org.
Council for Affordable Health Coverage
The Council for Affordable Health Coverage (CAHC) and brokerage firm Willis Towers Watson released a new whitepaper depicting how rising health care costs have diminished American workers’ take-home pay, concentrating income among the wealthiest Americans. The report explains that, while total compensation has risen steadily since 1980, health benefits have taken up an ever-increasing piece of the pie for low and middle-income earners with little to show for it. Washington Post columnist Robert Samuelson summed up the report’s findings succinctly: “For the bottom 60 percent of U.S. workers, wage gains have been completely wiped out by contributions for employer-provided health insurance.”
CAHC President Joel White called the report, “A stinging indictment on our health care system — one that’s eroding hardworking Americans’ wages, exacerbating income inequality and offering too little value in return” adding, “this analysis will fuel our coalition’s continued work to protect employer health coverage. We must foster competitive, transparent markets that align incentives to place consumers at the center of a value-based care system.” The full report and executive summary, also cited by Axios, can be found at CAHC.net.
FDA Office of Women’s Health
9/27 – 9/28 Scientific Conference: Opioid and Nicotine Use, Dependence, and Recovery: Influences of Sex and Gender
Join the FDA Office of Women’s Health, in collaboration with the Center for Drug Evaluation and Research and Center for Tobacco Products, for a conference on Opioid and Nicotine Use, Dependence, and Recovery: Influences of Sex and Gender. The conference will include presentations by experts in the field of opioid and tobacco research, professional education, and clinical care on the biological (sex) and sociological (gender) influences on use, misuse, and recovery. This public meeting will be held on September 27 and 28, 2018, 8:30 AM – 4:00 PM, FDA White Oak Campus, Silver Spring, MD. Click here to register for the webcast. For more information about the conference and to view the agenda, visit https://www.fda.gov/ForConsumers/ByAudience/ForWomen/ucm610847.htm.
OWH 2018 Research Grants
The FDA Office of Women’s Health (OWH) promotes and conducts research initiatives that facilitate FDA regulatory decision-making and advance the understanding of sex differences and health conditions unique to women. OWH awards research grants to address regulatory research questions related to women’s health issues and the impact of sex differences on product safety and efficacy. View 2018 research grants awarded by OWH.
Healthcare Distribution Alliance and Allied Against Opioid Abuse
Allied Against Opioid Abuse (AAOA) has had a busy summer, hosting roundtables and events across the country to draw attention to the rights, risks, and responsibilities associated with prescription opioids. Recently, AAOA joined the Minnesota Twins and the Hennepin County Sheriff Office’s #NOverdose campaign to raise awareness about the opioid abuse epidemic at a baseball game against the Cleveland Indians. During the game, AAOA debuted its new video, focused on promoting the safe storage and disposal of prescription medicines.
Later this month, AAOA will be releasing a suite of resources specific to the pharmacy community. The Pharmacy Toolkit has been developed in collaboration with the National Community Pharmacists Association (NCPA) and the National Alliance of State Pharmacy Associations (NASPA), and will include materials to help pharmacists engage with and educate their patients. For more information on AAOA activities or to get involved with the organization, please contact Lee Lynch (llynch@reservoircg.com).
The Healthcare Distribution Alliance is the founding member of Allied Against Opioid Abuse.
HealthyWomen
HealthyWomen released the WomenTALK® 2018 survey September 10 highlighting mounting barriers women face related to affordable, accessible health care. At a Capitol Hill briefing September 13 hosted by HealthyWomen, panelists addressed insights gained from interviews with more than 1,000 women. Highlights included new evidence indicating that women now pay higher monthly premiums for their health insurance, yet confront mounting obstacles to getting the treatments their health care professionals prescribe. The briefing covered diseases, such as opioid use disorder, for which women may unknowingly face major insurance coverage gaps, and opportunities for expanding the preventive care lens to include brain health as a touchpoint. Panelists were: Beth Battaglino, RN, CEO, HealthyWomen; Stacey Worthy, JD, Policy Advisor, HealthyWomen; Carol McDaid, Principal, Capitol Decisions; and Jill Lesser, President, WomenAgainstAlzheimer’s. View the WomenTALK 2018 survey here.
Monica Mallampalli, PhD, Advisor, Strategic Development and Stakeholder Engagement, HealthyWomen, participated in the 23rd Annual HeLa Women’s Health Symposium, “Birthing Babies—A Solution Symposium Around the Crisis of African-Amercian Maternal and Infant Mortality on September 28, 2018 in Atlanta. The symposium was sponsored by Morehouse School of Medicine and the March of Dimes.
National Alliance for Caregiving
The National Alliance for Caregiving recently released a new report, “Moving Forward on Behalf of Family Caregivers in the U.S.: Designing a Public-Private Fund to Support Research and Innovation.” The nation has begun to recognize the essential role that unpaid friends and family members play in supporting individuals with ongoing health and assistance needs. Yet these informal support systems are not sufficient to support the many Americans with care needs. Policymakers need pathways that will encourage businesses, entrepreneurs, think tanks, and incubators to find sustainable marketplace solutions to support and augment the support provided by family caregivers across the lifespan.
With a grant from the Robert Wood Johnson Foundation, the National Alliance for Caregiving was honored to host a one-day summit on Public-Private Innovation in Family Caregiving on April 24, 2018. The new report captures the multi-stakeholder input of that summit and offers a roadmap for next steps.
National Association of Nurse Practitioners in Women’s Health
The National Association of Nurse Practitioners in Women’s Health (NPWH) is busy gearing up for its 21st Annual Premier Women’s Healthcare Conference, being held October 10-13 in San Antonio, Texas. We anticipate attendance from almost 700 WHNPs and others interested in women’s health! We are also in the process of launching our Patient Portal this fall. Finally, the next meeting of our Healthy at Any Age Coalition will be held on November 8 in Washington, DC. If you would like to attend, email info@npwh.org.
National Partnership for Women and Families
Survey Report – Listening to Mothers in California
The National Partnership for Women & Families released Listening to Mothers in California, a statewide population-based survey of women who gave birth in 2016. It is the first state-level fielding of the national Listening to Mothers survey and the first Listening to Mothers survey available in both English and Spanish. The new survey highlights the voices of women themselves and focuses on important topics such as bias and discrimination in health care, disparities faced by women of color, maternal mental health, current maternity care practices, and more. The full survey report is available here. Read issue briefs on the experiences of women of color at http://www.nationalpartnership.org/issues/health/listening-to-mothers-ca/more-resources.html
Fact Sheet – Women’s Health Coverage: Stalled Progress
New data released this month by the U.S. Census Bureau reveal that we still have much progress to make around providing health insurance to women and families, according to analysis by the National Partnership for Women & Families. The data show that 88.9 percent of adult women (ages 18-64) now have health insurance coverage versus 89.4 percent in 2017. Additionally, large and shameful disparities persist in access to health insurance. National Partnership analyses show that women of color are more likely to be uninsured.
USP
General Chapter <797> Pharmaceutical Compounding ‒ Sterile Preparations is now open for public comment until November 30, 2018. To provide a unified approach to quality compounding, USP intends to align the timing and content of General Chapters <795>, <797>, and <800> Hazardous Drugs—Handling in Healthcare Settings. Among other proposed content in the revisions, hazardous drug handling sections in <795> and <797> will reference General Chapter <800>. The Intended Official Date for Chapters <795>,<797>, and <800> is December 1, 2019.
The #DataInsecurity Digest | Issue 79
/byGoogle+ user data compromised, GAO reports on weapon vulnerability, CA legislating stronger passwords
By John Breyault (@jammingecono, johnb@nclnet.org)
NCL Vice President of Public Policy, Telecommunications and Fraud
Subscribe here. Tell us what you think.
Editor’s note: Big Tech again found itself in the headlines after Google revealed that hundreds of thousands of Google+ users may have had their personal data compromised. Even more disturbingly, a GAO report rocked Washington when it found that many (if not all) of our recently manufactured weapons are vulnerable to hacking. California provided a little solace to its hacker-plagued residents when it passed a law requiring stronger default passwords for connected devices.
And now, on to the clips!
—————–
Breach du jour: Hundreds of thousands of Google+ users. @dmac1 and @bobmcmillan report that a “software glitch in the social site gave outside developers potential access to private Google+ profile data between 2015 and March 2018, when internal investigators discovered and fixed the issue.” The software giant then “opted not to disclose the issue this past spring, in part because of fears that doing so would draw regulatory scrutiny and cause reputational damage,” and “ trigger “immediate regulatory interest.” (Source: Wall Street Journal)
Google faces Congressional scrutiny. In the aftermath of Google’s breach, Senator Richard Blumenthal (D-CT) said that Google, which is currently operating under an FTC consent decree, “must explain its unwillingness to disclose this breach and the FTC must conduct a fulsome investigation. But to truly end this cycle of broken promises, we need a national privacy framework that protects consumers and empowers the FTC to hold companies accountable.” (Source: Washington Post)
Facebook says its largest security lapse to date was smaller than originally thought. Originally, Facebook estimated that 50 million users had their personal data compromised between July 2017 and September 2018. It now believes the number to be closer to 30 million. @KirstenGrind reports that, “of the 30 million impacted, Facebook said 14 million were the most affected. They had their names and contact details–including phone numbers and email addresses–accessed, along with such data as their gender or relationship status, as well as the last 10 places they checked into or 15 most recent searches. Fifteen million others had their names and contacts accessed.” (Source: Wall Street Journal)
All of the United States military weapons made in the last five years are susceptible to hacking. A bombshell GAO report found that “from 2012 to 2017, (Department of Defense) testers routinely found mission-critical cyber vulnerabilities in nearly all weapon systems that were under development.” @rabrowne75 reports that “one of the reasons that the weapons systems are so vulnerable to cyber-attack is their connectivity to other systems, something long seen by the Pentagon as an advantage.” (Source: CNN)
California bans weak default passwords. Starting in 2020, every connected device made or sold in California must have a unique default password. Previously, “easy-to-guess passwords have helped some cyber-attacks spread more quickly and cause more harm.” The law will require strong passwords and “allows customers who suffer harm when a company ignores the law to sue for damages.” (Source: BBC)
Quick hit: Government website administrators to begin using two-factor authentication. “Federal and state employees responsible for running government websites will soon have to use two-factor authentication to access their administrator accounts, adding a layer of security to prevent intruders from taking over dot-gov domains.” (Source: Washington Post)
Op-ed watch: Data security is about to get much worse. @schneierblog argues that security risks “are about to get worse because computers are being embedded into physical devices and will affect lives, not just our data. Security is not a problem the market will solve.” @schneierblog further argues that data security is a market failure that requires good government regulations as “buyers can’t differentiate between secure and insecure products, so sellers prefer to spend their money on features that buyers can see.” (Source: New York Times)
Kanye reveals his woefully poor cyber hygiene. In a meeting with President Trump, the rapper received wide criticism after a clip of him “mashing the “0” button as he unlocked his iPhone to show Trump a picture of a hydrogen-powered airplane he said could replace Air Force One went viral…” inadvertently revealing his six-digit security key of “000000” to the world. (Source: Washington Post)
Events
October 2018 – National Cybersecurity Awareness Month
Every October, the National Cybersecurity Alliance organizes the National Cybersecurity Awareness Month to address specific challenges and identify opportunities for behavioral change. (Source: Stay Safe Online)
National Consumers League
Published October 18, 2018
The #DataInsecurity Digest | Issue 78
/byFacebook, Uber, others in the firing line as Big Tech data breaches draw increased scrutiny
By John Breyault (@jammingecono, johnb@nclnet.org)
NCL Vice President of Public Policy, Telecommunications and Fraud
Subscribe here. Tell us what you think.
Editor’s note: The hammer is poised to fall on several of Big Tech’s biggest names thanks to numerous recent data security missteps. Facebook again made headlines after it announced that at least 50 million of its users had their accounts compromised. The fallout for Facebook could just be starting as European regulators are already investigating whether Facebook did all it could to safeguard European consumers’ data. If the very recent past provides an omen of things to come, Facebook could be in trouble. Last week, Uber agreed to pay the largest multi-state penalty ever levied by state officials for its 2016 data breach. In the face of the breaches, it seems that top executives may finally be coming around on comprehensive privacy and data security legislation, if their statements at last week’s Senate Commerce Committee hearing are to be taken at face value. How much teeth such legislation has and, importantly, whether it preempts existing state laws, are sure to pad DC lobbyists’ paychecks for the foreseeable future.
And now, on to the clips!
—————–
At least 50 million Facebook accounts hacked. @aarontmak reports that “hackers were essentially able to log in and take over users’ accounts…The hackers may also have been able to manipulate the Facebook Login feature, which allows people to use their Facebook usernames and passwords as login credentials for other apps and websites. This means that the hackers could, theoretically, have breached apps like Instagram, Tinder, and Airbnb using the access tokens they stole.” (Source: Slate)
Quick hit: Facebook risks a fine of $1.63 billion if the EU finds that it violated GDPR. “The main question regulators will face is whether Facebook invested enough in security to avert a breach.” (Source: Wall Street Journal)
Uber to pay $148 million to settle national data breach case. Last week Uber settled with 50 states and the District of Columbia when it agreed to pay out the “largest multistate penalty ever levied by state authorities for a data breach,” for waiting a year to disclose the breach to its riders and drivers. In addition to the financial penalty, “Uber will be required to make changes to its practices and to its corporate culture. Uber agreed to undergo regular third-party audits of its security practices and to set up a program allowing employees to file concerns about ethics violations they may have witnessed while on the job. It also agreed to take precautions to safeguard any Uber data that may be held by third parties…” (Source: Washington Post)
Tech companies are fine with a federal privacy law… just so long as it undermines strong state laws. In last week’s Commerce Committee hearing, executives from Amazon, Alphabet, Apple, AT&T, Charter, and Twitter told Senators that they “support federal legislation to protect data privacy but want Congress to preempt tough new rules adopted by California.” One concession the tech executives made was to not “rule out…allowing the FTC to write rules,” in regards to privacy. The executives, however, wanted to see more details before committing to the proposal. (Source: Reuters)
Quick hit: Tech executives remain opposed to reasonable breach notifications. In last week’s privacy hearing, when “Sen. Amy Klobuchar (D-MN) asked whether companies should be required to notify customers of data breaches within 72 hours, they shook their heads silently. ‘I’m going to take that as a no,” the senator commented. (Source: Washington Post)
United States updates foreign cyber strategy by opening door to military retaliation. National Security Advisor John Bolton said, “We will respond offensively as well as defensively,” adding that “it’s important for people to understand that we’re not just on defense.” @jacq_thomsen reports that Bolten “added that not every response to a cyberattack would necessarily occur in cyberspace, opening the door for possible sanctions or military actions.” (Source: The Hill)
Report watch: 73 percent of data breaches are financially motivated. Verizon’s newly released data breach report also found that 68 percent of data breaches take months or longer to discover and that around 4 percent of users will still fall victim to any given phishing scam. (Source: Verizon)
Medical data breaches continue to increase. In the last seven years, there have been “2,149 breaches involving a total of 176.4 million patient records…. During the period, the total number of breaches increased nearly every year starting at 199 in 2010 and rising to 344 in 2017. (Source: Reuters)
Blog watch: A look at what the GAO’s long-awaited Equifax report missed. @RobWright22 argues that while the “GAO report offers a comprehensive look at the numerous missteps made by Equifax, which allowed attackers to maintain a presence in the company’s network for 76 days and extract massive amounts of personal data without being detected,” it neglected to go into such things as Equifax’s “website issues,” pin problems, insider trading, and Equifax’s lack of response plan. (Source: Tech Target)
Upcoming Events
October 2018 – National Cybersecurity Awareness Month
Every October, the National Cybersecurity Alliance organizes the National Cybersecurity Awareness Month to address specific challenges and identify opportunities for behavioral change. (Source: Stay Safe Online)
National Consumers League
Published October 4, 2018
Health Advisory Council Newsletter | 2018 Q3 | Member Q&A
/byBeth Battaglino, RN
CEO, HealthyWomen
Q. How would you describe your work at HealthyWomen and how it relates to HealthyWomen’s overarching mission?
A. As Chief Executive Officer for HealthyWomen, I am responsible for business development and strategic positioning for our organization. I pursue innovative partnerships with key health care professionals and consumer advocates to implement engaging and informative programs. Our creative team and I work together to implement these programs to improve women’s health awareness. We continually examine how to grow and expand our programming to meet women’s needs and where and how women want to receive the information. We also understand that nothing is more important to women’s health than access to competent and affordable care, and we work to educate women about health policy issues.
Q. How long have you been at HealthyWomen, and what do you love most about your job?
A. I’ve been with HealthyWomen in several positions for more than 25 years—long enough to witness so much important and exciting progress in women’s health care—and long enough to realize how much more there is to accomplish. One of the things I love most about my job is how different it is day-to-day. Creating new partnerships and engaging with long-standing partners provides fresh and creative insight about how best to communicate health information to women ages 35+—our core audience. And, of course, I love hearing directly from women about the health challenges they face and the information that matters most to them. Our audience has a huge influence on how we develop and launch program initiatives. We understand that when it comes to how we share information, it cannot be a one-size-fits-all approach. With the ever-changing communications touchpoints available to consumers, our objective is always to ensure the information and resources we create are delivered through a multi-platform approach so that we can reach women in the way they want to receive health and wellness information today. Our audience is why HealthyWomen exists, and we are committed to evolving to meet her needs.
Q. What are the biggest challenges and opportunities facing HealthyWomen today?
A. One of our biggest challenges is staying on top of technology advances and consumer preferences for online engagement. Technology changes on a dime, and we are constantly reviewing and tracking consumer preferences for receiving health information and evolving to deliver it efficiently, but there is always more to learn and new ways to reach women. Encouraging women to prioritize their health is another challenge – and an opportunity for HealthyWomen. We know from our HealthiHer Movement that women need encouragement to put their health at the top of their lists – and not after everyone else’s needs. Another opportunity for HealthyWomen is supporting women as they navigate today’s complex health care system. It’s funny…when I first started at HealthyWomen, I regularly answered a toll-free number for the organization, and I described my job to friends and family as holding someone’s hand and guiding her to the answers and resources she needs. We are still doing that 25 years later!
Q. What HealthyWomen initiatives would you like to share with the Council?
A. We recently released findings from our WomenTalk® 2018 survey that highlighted many insurance-related obstacles women encounter when they try to access quality, affordable health care. With open enrollment just around the corner, we will be alerting women to be sure they understand their health insurance options and choose health insurance that best meets their needs—for preventive health services as well as for chronic health care needs.
HealthyWomen is also collaborating with the Legal Action Center to provide legislators with resources on opioid use disorder to help them confront the many complex issues—many of which are unique to women’s health—presented by the opioid epidemic. Our new online tool kit, “Resources for Strengthening Families and Communities by Improving Access to Treatment for Substance-Use Disorder,” is one example of this effort. We are working with Women In Government to reach as many legislators as possible. Of course, HealthyWomen works daily to engage women on a broad range of health topics.
Q. What does HealthyWomen value about membership in NCL’s Health Advisory Council?
A. I value NCL’s commitment to make the marketplace safer and healthier for consumers and workers, and the support the Health Advisory Council provides to NCL for consumer education and advocacy. It is important to HealthyWomen to collaborate with our partners—in industry, nonprofit organizations, health professional groups and government agencies—with similar interests. Collaboration broadens our outreach and strengthens our impact. I particularly value NCL’s Health Advisory Council’s effort to engage diverse perspectives on the many issues facing organizations like HealthyWomen as we work together to help women be informed about their health. I look forward to working together with all of NCL’s Health Advisory Council membership to improve women’s health.
Health Advisory Council Newsletter | 2018 Q3
/byWelcome to the Q3 issue of the Health Advisory Council Newsletter. Below you will find NCL policy updates, a new Q&A with HealthyWomen, member updates, and more.
We hope you will join us on December 3 from 4:00 PM – 6:30 PM for NCL’s Health Advisory Council Membership Meeting and Holiday Reception at the Pillsbury Conference Center in Washington, DC. Stay tuned for additional details!
Counterfeit drugs and importation
Following up to our panel discussion on counterfeit drugs at our June 27 Health Advisory Council Spring Membership meeting, NCL issued a statement on July 30 expressing concerns about FDA establishing a working group to examine the possibility of importing prescription drugs. Noting that every head of Health and Human Services and the FDA for the last 18 years has refused to certify the safety of drug importation, NCL stated its fear that authorizing importation, even under limited circumstances to address drug shortages, would expose consumers to unknown risks and undermine the security of the U.S. pharmaceutical supply chain. Rather than considering importation, NCL encouraged FDA to pursue other strategies to ensure the availability of multiple FDA-approved and marketed versions of medically necessary drugs.
NCL is also pleased to announce that Pfizer has recently joined Eli Lilly and PhRMA as supporters of NCL’s planned Counterfeit Drugs Consumer Education Campaign. We are still seeking additional campaign partners. For information about how your organization can join this resource-rich platform to educate consumers on making smart purchasing decisions and avoiding the scourge of counterfeit drugs, please contact NCL Director of Development Charlotte Gray at charlotteg@nclnet.org.
Click here for more NCL health policy updates.
Member spotlight
Get to know HealthyWomen with a new Q&A.
Get the latest updates on programs, policy, and initiatives from our Members.
If you have time-sensitive information and updates you’d like to share with the Health Advisory Council in between NCL’s quarterly newsletters, please contact Karin Bolte (karinb@nclnet.org) and we will be happy to forward your materials to the Council membership. We also encourage you to contact us with your ideas and suggestions for Council activities.
————
National Consumers League
Health Advisory Council Newsletter | Q3 2018
Published September 27, 2018
NCL health policy updates | Health Advisory Council Newsletter | 2018 Q3
/byNCL health policy at work
Counterfeit drugs and importation
Following up to our panel discussion on counterfeit drugs at our June 27 Health Advisory Council Spring Membership meeting, NCL issued a statement on July 30 expressing concerns about FDA establishing a working group to examine the possibility of importing prescription drugs. Noting that every head of Health and Human Services and the FDA for the last 18 years has refused to certify the safety of drug importation, NCL stated its fear that authorizing importation, even under limited circumstances to address drug shortages, would expose consumers to unknown risks and undermine the security of the U.S. pharmaceutical supply chain. Rather than considering importation, NCL encouraged FDA to pursue other strategies to ensure the availability of multiple FDA-approved and marketed versions of medically necessary drugs.
NCL is also pleased to announce that Pfizer has recently joined Eli Lilly and PhRMA as supporters of NCL’s planned Counterfeit Drugs Consumer Education Campaign. We are still seeking additional campaign partners. For additional information, please contact Charlotte Gray, NCL’s Director of Development, at charlotteg@nclnet.org, about how your organization can join this resource-rich platform to educate consumers on making smart purchasing decisions and improve understanding about how to avoid the scourge of counterfeit drugs.
Supporting biosimilar competition
On September 4, NCL’s Senior Director of Health Policy Karin Bolte attended the FDA’s Facilitating Competition and Innovation in the Biological Products Marketplace public hearing. Recognizing that the entry of biosimilars into the U.S. market presents an opportunity to broaden patient access to life-saving biologic treatments while bolstering competition and reducing costs, NCL joined a group letter and submitted comments to the FDA in support of biosimilar competition.
Opposing the addition of a citizenship question to the 2020 Census
In follow-up to an April letter to the House Committee on Oversight and Government Reform, in July and August NCL joined comments and amicus briefs spearheaded by the Leadership Conference on Civil and Human Rights expressing concerns that adding a citizenship question to the decennial census would increase census costs and jeopardize a fair and accurate count by deterring many people from responding. An accurate census count is critical since it provides the basis for fair voting representation and the identification of current and future needs for health care, infrastructure, education, housing, and other services.
Fighting the opioid epidemic
Continuing our focus on the opioid epidemic, on July 23 in Las Vegas, NCL’s Executive Director Sally Greenberg joined Nevada State Senator Pat Spearman and allies for the launch of the Rx Abuse Leadership Initiative (RALI), a Nevada-based coalition of more than a dozen local, state, and national organizations dedicated to finding solutions to end the opioid crisis in the state. NCL is committed to partnering with RALI coalitions across the country to educate consumers about the safe use and disposal of opioids and resources available to support addiction treatment and recovery. (Pictured at right: Greenberg at the Maryland RALI launch earlier this year.)
Supporting access to women’s reproductive healthcare
As a long-time supporter of the Title X Family Planning Program, on August 1, NCL issued a statement and filed comments opposing the Trump Administration’s Title X “Compliance with Statutory Program Requirements” proposed rule that would restrict the ability of millions of patients to obtain contraception and preventive care. The proposed rule would also seriously restrict the ability of clinicians to explain contraceptive and reproductive healthcare options to their patients.
In addition, NCL joined a series of amicus briefs defending the ACA’s contraceptive coverage requirements. Today, under the ACA, an estimated 62.4 million women are eligible for coverage of the contraceptive method that works best for them, irrespective of cost. The Trump Administration’s interim final rules would reverse these gains by establishing a sweeping exemption that would allow virtually any employer or university to deny insurance coverage for contraception and related services to employees, students, and their dependents.
Health Advisory Council Member Updates | Q3 2018
/byAARP
Recently AARP has been testifying before Congress and speaking out in other ways about prescription drug prices. We’ve encouraged AARP members to learn more about candidates’ positions on prescription drug pricing in advance of the 2018 elections, and we will soon be releasing new Rx Price Watch reports. In addition, we’ve just released the 2018 edition of Across the States: Profiles of Long-Term Services and Supports, which provides comparable state data, rankings, and national averages on a range of LTSS indicators.
Alliance for Aging Research
On July 24, 2018 the nation’s leading heart disease patient advocates announced the launch of the Heart Valve Disease Policy Task Force, a coalition of non-profit organizations uniting for a common voice in support of improved access, research, and awareness on heart valve disease detection and treatment. The Task Force will work with patients, medical providers, and key policymakers to focus attention on national policy issues affecting the diagnosis and treatment of heart valve disease.
The first issue that the Task Force is engaging in is the Centers for Medicare and Medicaid Services (CMS) National Coverage Determination of a minimally-invasive valve disease treatment called transcatheter aortic valve replacement (TAVR). CMS announced recently its plans to reevaluate if, and under what circumstances, it will pay for TAVR. The biggest debate regarding this coverage decision is whether the government should continue to require a minimum number of annual surgical and interventional cardiac procedures for a hospital to maintain a TAVR program. Learn more about the launch and the activities of the Task Force.
AMAG Pharmaceuticals
AMAG President and CEO Bill Heiden will chair the 2019 Boston March for Babies, which will take place Saturday, May 11 in Boston. The Boston walk is expected to raise $800,000, placing it among the five largest March of Dimes walks in the country. As chair of the Executive Leadership Team, Bill will be leading a group of a dozen Boston-area executives to raise funds and awareness of the walk. AMAG is the event’s presenting sponsor for the third consecutive year, with employees raising nearly $75,000 to support MoD.
America’s Health Insurance Plans
Across the country, America’s Health Insurance Plans (AHIP) is educating consumers and policymakers on the innovations in health insurance today. The “Better Care” initiative highlights the value and innovation stories about how health insurers are helping to bring about the best possible care and health for consumers. Oftentimes, challenges in transportation, language, and social barriers stand in the way of patients receiving optimal care; this initiative seeks to build awareness about the changing role of insurers across the country in improving and expanding access to health. This year, AHIP has engaged in “Better Care” campaigns in eight states, with activities including media interviews and op-eds, digital testimonial sharing, policymaker education and “Value Forums” – all showcasing insurer innovation in areas such as telehealth, preventive care, senior health, mental health, women’s health, combatting the opioid epidemic, and Medicare Advantage.
American Medical Women’s Association
The American Medical Women’s Association (AMWA) has launched a campaign to educate physicians about the rise of counterfeit drug use. This initiative was motivated in large part by the recent NCL Health Advisory Council meeting and the fact that many physicians are not aware of the widespread use of online pharmacies, which are usually unlicensed and unregulated.
American Society of Health-System Pharmacists
The American Society of Health-System Pharmacists (ASHP), in collaboration with the American Society of Anesthesiologists, American Hospital Association, American Society of Clinical Oncology, and the Institute for Safe Medication Practices, convened the “Summit on Drug Shortages as a Matter of National Security: Improving the Resilience of the Nation’s Critical Healthcare Infrastructure” on September 20, 2018. The meeting examined drug shortages and their impact on national security and the healthcare infrastructure, including discussion of the vulnerabilities of the supply chain and foreign dependence on pharmaceutical ingredients, disaster planning and response, and evaluation of risk factors associated with pharmaceutical manufacturing and distribution. The day-long meeting included perspectives from both public and private stakeholders, and resulted in solutions-oriented recommendations and best practices to ensure supply chain security and continuity in the event of a disaster or attack. Meeting attendees included clinician groups such as the American Medical Association, nursing, emergency room physicians, and others, as well as industry and supply chain representatives, and members of the public sector including FDA, CDC, HHS, DoD and the VA. For additional information on drug shortages and other critical issues impacting the practice of pharmacy, ASHP invites you to attend its Midyear Clinical Meeting in Anaheim, California on December 2 – 6, 2018.
Association for Accessible Medicines
On September 4th, the Food and Drug Administration (FDA) held a public hearing on “Facilitating Competition and Innovation in the Biological Products Marketplace”. Association for Accessible Medicines (AAM) Senior Vice President of Policy & Strategic Alliances and Executive Director of AAM’s Biosimilars Council Christine Simmon used the opportunity to call on FDA to support key federal agencies and Congress around measures that will facilitate biosimilars competition. She noted that FDA approval is not enough on its own to unlock the cost-savings potential of biosimilar medicines. A fully mature biosimilars market will require the FDA to work alongside agencies like the Centers for Medicare and Medicaid Services (CMS), the U.S. Trade Representative (USTR), and the Patent and Trademark Office (PTO). Under those agencies’ jurisdictions fall a host of barriers, which are frustrating continued biosimilar development.
Following the FDA meeting, from September 5 to 7, AAM and the Council held the first GRx+Biosims Conference, a first-of-its-kind combined conference that united stakeholders to hear directly from government officials, learn best practices, and connect with peers in the generics and biosimilars industry. The three-day event was a resounding success with over 500 attendees. Several highlights came at the top of the conference with remarks from CMS Administrator Seema Verma as well as Dan Best, Senior Advisor to the Secretary for Drug Pricing Reform and John O’Brien, Advisor to the Secretary & Deputy Assistant Secretary (Health Policy), of the Department of Health and Human Services (HHS), who all expressed the Administration’s strong support for continued growth of generics and biosimilars and their commitment to lowering costs for patients.
BeMedWise Program at NeedyMeds
With the NCPIE – NeedyMeds transition completed, the BeMedWise program is finalizing the framework for the new BeMedWise Council. In the coming weeks, we will be inviting our former NCPIE members and stakeholders to participate. The BeMedWise Council partners will work collaboratively to identify and develop highly-relevant BeMedWise programs that support the BeMedWise program’s mission to promote the wise use of medicines through trusted communication for better health.
Upcoming BeMedWise Council engagement opportunities include the 33rd annual “Talk About Your Medicine’s” Month (TAYMM) in October. Our 2018 TAYMM theme is –Taking Action to Prevent Opioid Misuse and Abuse and we will be sending the comprehensive communications toolkit to our partners and stakeholders in the next few weeks. To kick off TAYMM, NeedyMeds will host a webinar on Opioid Safety on October 4, 2018 @ 1:30 PM Eastern Time – Learn more and Register here. Also new this year will be a dedicated “Talk About Your Medicines Month” website which will feature our customary tips/downloads, resources, past observances, and more.
Black Women’s Health Imperative
The Black Women’s Health Imperative (BWHI) advances and promotes Black women’s health through five priority areas: wellness, HIV prevention, reproductive justice, research translation, and policy and advocacy. BWHI is leading efforts on these critical issues with the inaugural release of Black Women Vote: The 2018 National Health Policy Agenda.
The Agenda was created to help inform policymakers and other stakeholders on the critical health policy issues that impact the well-being of Black women. Most importantly, this Health Policy Agenda provides an opportunity for Black women voters to engage in policy discussions to ensure that key health policy issues impacting Black women are taken into account in the political process. Less than 2 months away from the midterm elections, BWHI will debut the agenda on Friday, September 14, 2018, at the Congressional Black Caucus Foundation Health Braintrust: Truth and Reconciliation in Health. It will be available to the public on the same day. The agenda will also include a two-page, fill-in report card for voters to assess potential candidates’ policy positions.
BWHI is also shaping and supporting legislation to improve maternal health outcomes for Black women. BWHI recently endorsed Sen. Cory Booker’s bill — the Maximizing Outcomes for Moms through Medicaid Improvement and Enhancement of Services (MOMMIES) Act; Sen. Kamala Harris’ bill — the Maternal Care Access and Reducing Emergencies (CARE) Act; Rep. Robin Kelly’s bill — the Mothers and Offspring Mortality & Morbidity Awareness (MOMMA) Act, and its Senate companion.
If you or your organization are interested in learning more information about the agenda or upcoming legislation, please email tboyd@bwhi.org.
Council for Affordable Health Coverage
The Council for Affordable Health Coverage (CAHC) and brokerage firm Willis Towers Watson released a new whitepaper depicting how rising health care costs have diminished American workers’ take-home pay, concentrating income among the wealthiest Americans. The report explains that, while total compensation has risen steadily since 1980, health benefits have taken up an ever-increasing piece of the pie for low and middle-income earners with little to show for it. Washington Post columnist Robert Samuelson summed up the report’s findings succinctly: “For the bottom 60 percent of U.S. workers, wage gains have been completely wiped out by contributions for employer-provided health insurance.”
CAHC President Joel White called the report, “A stinging indictment on our health care system — one that’s eroding hardworking Americans’ wages, exacerbating income inequality and offering too little value in return” adding, “this analysis will fuel our coalition’s continued work to protect employer health coverage. We must foster competitive, transparent markets that align incentives to place consumers at the center of a value-based care system.” The full report and executive summary, also cited by Axios, can be found at CAHC.net.
FDA Office of Women’s Health
9/27 – 9/28 Scientific Conference: Opioid and Nicotine Use, Dependence, and Recovery: Influences of Sex and Gender
Join the FDA Office of Women’s Health, in collaboration with the Center for Drug Evaluation and Research and Center for Tobacco Products, for a conference on Opioid and Nicotine Use, Dependence, and Recovery: Influences of Sex and Gender. The conference will include presentations by experts in the field of opioid and tobacco research, professional education, and clinical care on the biological (sex) and sociological (gender) influences on use, misuse, and recovery. This public meeting will be held on September 27 and 28, 2018, 8:30 AM – 4:00 PM, FDA White Oak Campus, Silver Spring, MD. Click here to register for the webcast. For more information about the conference and to view the agenda, visit https://www.fda.gov/ForConsumers/ByAudience/ForWomen/ucm610847.htm.
OWH 2018 Research Grants
The FDA Office of Women’s Health (OWH) promotes and conducts research initiatives that facilitate FDA regulatory decision-making and advance the understanding of sex differences and health conditions unique to women. OWH awards research grants to address regulatory research questions related to women’s health issues and the impact of sex differences on product safety and efficacy. View 2018 research grants awarded by OWH.
Healthcare Distribution Alliance and Allied Against Opioid Abuse
Allied Against Opioid Abuse (AAOA) has had a busy summer, hosting roundtables and events across the country to draw attention to the rights, risks, and responsibilities associated with prescription opioids. Recently, AAOA joined the Minnesota Twins and the Hennepin County Sheriff Office’s #NOverdose campaign to raise awareness about the opioid abuse epidemic at a baseball game against the Cleveland Indians. During the game, AAOA debuted its new video, focused on promoting the safe storage and disposal of prescription medicines.
Later this month, AAOA will be releasing a suite of resources specific to the pharmacy community. The Pharmacy Toolkit has been developed in collaboration with the National Community Pharmacists Association (NCPA) and the National Alliance of State Pharmacy Associations (NASPA), and will include materials to help pharmacists engage with and educate their patients. For more information on AAOA activities or to get involved with the organization, please contact Lee Lynch (llynch@reservoircg.com).
The Healthcare Distribution Alliance is the founding member of Allied Against Opioid Abuse.
HealthyWomen
HealthyWomen released the WomenTALK® 2018 survey September 10 highlighting mounting barriers women face related to affordable, accessible health care. At a Capitol Hill briefing September 13 hosted by HealthyWomen, panelists addressed insights gained from interviews with more than 1,000 women. Highlights included new evidence indicating that women now pay higher monthly premiums for their health insurance, yet confront mounting obstacles to getting the treatments their health care professionals prescribe. The briefing covered diseases, such as opioid use disorder, for which women may unknowingly face major insurance coverage gaps, and opportunities for expanding the preventive care lens to include brain health as a touchpoint. Panelists were: Beth Battaglino, RN, CEO, HealthyWomen; Stacey Worthy, JD, Policy Advisor, HealthyWomen; Carol McDaid, Principal, Capitol Decisions; and Jill Lesser, President, WomenAgainstAlzheimer’s. View the WomenTALK 2018 survey here.
Monica Mallampalli, PhD, Advisor, Strategic Development and Stakeholder Engagement, HealthyWomen, participated in the 23rd Annual HeLa Women’s Health Symposium, “Birthing Babies—A Solution Symposium Around the Crisis of African-Amercian Maternal and Infant Mortality on September 28, 2018 in Atlanta. The symposium was sponsored by Morehouse School of Medicine and the March of Dimes.
National Alliance for Caregiving
The National Alliance for Caregiving recently released a new report, “Moving Forward on Behalf of Family Caregivers in the U.S.: Designing a Public-Private Fund to Support Research and Innovation.” The nation has begun to recognize the essential role that unpaid friends and family members play in supporting individuals with ongoing health and assistance needs. Yet these informal support systems are not sufficient to support the many Americans with care needs. Policymakers need pathways that will encourage businesses, entrepreneurs, think tanks, and incubators to find sustainable marketplace solutions to support and augment the support provided by family caregivers across the lifespan.
With a grant from the Robert Wood Johnson Foundation, the National Alliance for Caregiving was honored to host a one-day summit on Public-Private Innovation in Family Caregiving on April 24, 2018. The new report captures the multi-stakeholder input of that summit and offers a roadmap for next steps.
National Association of Nurse Practitioners in Women’s Health
The National Association of Nurse Practitioners in Women’s Health (NPWH) is busy gearing up for its 21st Annual Premier Women’s Healthcare Conference, being held October 10-13 in San Antonio, Texas. We anticipate attendance from almost 700 WHNPs and others interested in women’s health! We are also in the process of launching our Patient Portal this fall. Finally, the next meeting of our Healthy at Any Age Coalition will be held on November 8 in Washington, DC. If you would like to attend, email info@npwh.org.
National Partnership for Women and Families
Survey Report – Listening to Mothers in California
The National Partnership for Women & Families released Listening to Mothers in California, a statewide population-based survey of women who gave birth in 2016. It is the first state-level fielding of the national Listening to Mothers survey and the first Listening to Mothers survey available in both English and Spanish. The new survey highlights the voices of women themselves and focuses on important topics such as bias and discrimination in health care, disparities faced by women of color, maternal mental health, current maternity care practices, and more. The full survey report is available here. Read issue briefs on the experiences of women of color at http://www.nationalpartnership.org/issues/health/listening-to-mothers-ca/more-resources.html
Fact Sheet – Women’s Health Coverage: Stalled Progress
New data released this month by the U.S. Census Bureau reveal that we still have much progress to make around providing health insurance to women and families, according to analysis by the National Partnership for Women & Families. The data show that 88.9 percent of adult women (ages 18-64) now have health insurance coverage versus 89.4 percent in 2017. Additionally, large and shameful disparities persist in access to health insurance. National Partnership analyses show that women of color are more likely to be uninsured.
USP
General Chapter <797> Pharmaceutical Compounding ‒ Sterile Preparations is now open for public comment until November 30, 2018. To provide a unified approach to quality compounding, USP intends to align the timing and content of General Chapters <795>, <797>, and <800> Hazardous Drugs—Handling in Healthcare Settings. Among other proposed content in the revisions, hazardous drug handling sections in <795> and <797> will reference General Chapter <800>. The Intended Official Date for Chapters <795>,<797>, and <800> is December 1, 2019.
The #DataInsecurity Digest | Issue 77
/byWarren: A year after Equifax, it doesn’t look like we’re any safer
By John Breyault (@jammingecono, johnb@nclnet.org)
NCL Vice President of Public Policy, Telecommunications and Fraud
Subscribe here. Tell us what you think.
Editor’s note: The one-year anniversary of the Equifax breach is prompting a flurry of complaints from policymakers at the lack of action in Congress and elsewhere to better protect consumers’ sensitive data. For example, Sen. Warren and Rep. Cummings may be previewing lines of questions at the next week’s privacy hearing where representatives of Big Tech (but no consumer advocates) are slated to testify. Meanwhile, the discovery of a new hardware vulnerability in Intel chips could put nearly every computer at risk of a new hacking technique that has no easy fix. Finally, the telecoms are plugging their new Project Verify as a way to address the broken username + password authentication system. Security researchers like Brian Krebs are less than confident in the new tech.
And now, on to the clips!
—————–
More than a year after the Equifax breach, Sen. Warren (D-MA) and Rep. Cummings (D-MD) ask why the FTC and CFPB have not taken any action. In a letter, the legislators write “[i]n response to Congressional inquiry into your investigations, you reaffirmed your commitment to protecting consumer privacy, promoting data security, and using your agencies’ authorities to address wrongdoing by CRAs. Yet, to date, your agencies appear to have taken no definitive action to hold Eqtlifax accountable.” (Source: Senator Warren)
Hearing watch: Six tech companies including Amazon AT&T, Twitter, and Google will detail their consumer data privacy practices to a U.S. Senate panel on Sept. 26. Commerce Committee Chairman John Thune (R-SD) commented that the hearing will provide “an opportunity to explain their approaches to privacy,” and identify what “Congress can do to promote clear privacy expectations without hurting innovation.” (Source: Reuters)
‘Nearly all’ laptops and desktops—both Windows and Mac users—vulnerable to new attack that can steal sensitive data in minutes. @nxsollek comments that there is no easy fix for the security flaw. “Unfortunately, there is nothing Microsoft can do, since we are using flaws in PC hardware vendors’ firmware,” said security consultant Olle Segerdahl. “Intel can only do so much, their position in the ecosystem is providing a reference platform for the vendors to extend and build their new models on… Companies, and users, are on their own.” (Source: TechCrunch)
Could Project Verify be the replacement to passwords we’ve been waiting for? Project Verify and the four major mobile companies behind it say that it could “improve online authentication because they alone have access to several unique signals and capabilities that can be used to validate each customer and their mobile device(s). This includes knowing the approximate real-time location of the customer; how long they have been a customer and used the device in question; and information about components inside the customer’s phone that are only accessible to the carriers themselves, such as cryptographic signatures tied to the device’s SIM card.” However, as @briankrebs points out, “A key question about adoption of this fledgling initiative will be how much trust consumers place with the wireless companies, which have struggled mightily over the past several years to validate that their own customers are who they say they are,” through the proliferation of the SIM Swap Scam.” @ncweaver worries “this new solution could make mobile phones and their associated numbers even more of an attractive target for cyber thieves.” (Source: Krebs on Security)
Data management company mismanaged 440 million of their users’ records. Security researchers recently discovered that Veeam “exposed [a] database containing more than 200 gigabytes of customer records, mostly names, email addresses, and in some cases IP addresses. That might not seem like much but that data would be a goldmine for spammers or bad actors conducting phishing attacks.” (Source: TechCrunch)
Suggested reading: The art of shaming. @troyhunt posits how shaming companies is sometimes effective in getting them to take action to improve their security. “What public shaming does is appeals to a different set of priorities…” @troyhunt argues that while flagging lackluster security to developers doesn’t always work, public shaming will often serve as a catalyst for action. (Source: troyhunt.com)
Cyber experts warn of increased data insecurity in wake of Hurricane Florence. Cyber experts warn that as companies in harm’s way “shift technology operations to backup sites and issue emergency equipment … systems and data can be exposed…Think of a crab shedding its shell. Moving from one to another is the most vulnerable time.” (Source: Wall Street Journal)
Upcoming Events
October 2018 – National Cybersecurity Awareness Month
Every October, the National Cybersecurity Alliance organizes the National Cybersecurity Awareness Month to address specific challenges and identify opportunities for behavioral change. (Source: Stay Safe Online)
National Consumers League
Published September 20, 2018
The #DataInsecurity Digest | Issue 76
/byFinancial data breach legislation on tap in Congress while cybersecurity insurance gets more attention
By John Breyault (@jammingecono, johnb@nclnet.org)
NCL Vice President of Public Policy, Telecommunications and Fraud
Subscribe here. Tell us what you think.
Editor’s note: With more Americans feeling less secure over the safety of their financial data, Congress may soon take action to require that victims are notified after big banks compromise their financial data. While this is a step forward, we think the proposed bill misses an opportunity to try to protect consumers’ personal information and connected devices more broadly. These fears seem to be having more impact on the economy, with a new study finding that fears about cybersecurity are preventing consumers from installing smart devices in their homes. Finally, cybersecurity insurance seems to be getting more attention as companies struggle with ways to hedge their breach risks. However, a lack of good actuarial data is making it difficult to accurately price that risk.
And now, on to the clips!
—————–
In the past year, 71 percent of Americans feel less secure over the safety of their financial data. The same survey found that “[m]ore than three-fifths (61%) don’t feel prepared to handle a situation in which their personal financial information is involved in a data breach online.” (Source: Nerd Wallet)
House Financial Services committee considering data breach notification bill for financial industry. @morningcybersec reports that after years of deadlock, “the House Financial Services panel might consider data breach notification and security legislation that applies only to the banking sector, a GOP committee aide told MC … Now, the Financial Services Committee wants to make some headway even if it has to do it by itself, using a modified existing draft bill written by Rep. Blaine Luetkeymeyer as a vehicle, the aide said.”(Source: Politico’s Morning Cybersecurity)
Inspector General finds that State Department was not protecting its visa data. “The division’s information security team also wasn’t regularly patching the system, scanning it for computer viruses or auditing for evidence about whether it had been compromised by hackers, according to the inspector general’s report.” (Source: Next Gov)
Majority of 25 most populous U.S. cities have cyber insurance or are shopping for it. Analysis by the Wall Street Journal found that in the aftermath of the Atlanta cyberattack, cities are taking steps to protect themselves from the next attack. “Cities including Boston, Nashville, Tenn., Washington, D.C., and San Jose, Calif., are actively researching cyber insurance. Dallas, San Diego, Denver and Detroit are among those that already have cyber policies…Some cities—including New York, Chicago and Philadelphia—declined to say whether they have cyber insurance. Some, like San Antonio, have cyber coverage through an existing property policy. Others say they are self-insured, which can entail creating a special fund to cover losses.” (Source: Wall Street Journal)
But … but … cybersecurity insurance marketplace is ‘young and fragmented.’ More companies are turning to cybersecurity insurance as a way to hedge against data breach risk, but the industry is still in its infancy, says Axios’ @shanvav. “The cybersecurity insurance marketplace is young and fragmented. Not all formulas for premiums are equal, and there’s no consensus in the market about how to price them.” (Source: Axios)
Spousal spy apps continue to demonstrate the importance of data minimization. TheTruthSpy, an app developer that markets its products to jealous spouses, is the latest spousal spy app to suffer a breach. “This is the seventh company that sells spyware to average consumers that’s been breached in the last two years. Several hackers have targeted the sketchy industry of consumer spyware, exposing their mediocre security and questionable ethics.” L.M., the hacker responsible for this latest breach commented to @lorenzofb that “This data is very dangerous. You can know everything about any person, and also you know the attacker identity. It is very easy to ransomware them, and gain a lot of dirty money … Any black hat hacker can fu** them and turn their life into a hell.” (Source: Motherboard)
14.8 million Texas voter records left unsecured. Researchers found a “file — close to 16 gigabytes in size…” that contained “personal information like a voter’s name, address, gender and several years’ worth of voting history, including primaries and presidential elections.” The file is believed to have been “originally compiled by Data Trust, a Republican-focused data analytics firm created by the GOP to provide campaigns with voter data.” (Source: Techcrunch)
Breach du jour: Air Canada. Many of Air Canada’s mobile app users may have had their personal data compromised. The app contains personal data such as “email addresses, Aeroplan number, passport numbers, NEXUS numbers, Known Traveler numbers, genders, birthdates, nationalities, passport expiration dates, passport countries of issuance and countries of residence… Any of this data may have been improperly accessed.” (Source: ZD Net)
Data insecurity issues are slowing smart device adoption in the home. Fortunately, some companies appear to be taking notice and are rethinking their practices. According to new research, “69 percent of [businesses] noted that the recent focus on data privacy has made them rethink their plans to collect and use data from smart devices. This trend was even stronger for companies that manufacture connected devices for consumer use…” (Source: IOT For All)
Upcoming Events
October 2018 – National Cybersecurity Awareness Month
Every October, the National Cybersecurity Alliance organizes the National Cybersecurity Awareness Month to address specific challenges and identify opportunities for behavioral change. (Source: Stay Safe Online)
National Consumers League
Published September 6, 2018
The #DataInsecurity Digest | Issue 75
/byBreach costs continue to climb while worries of state-sponsored hacks go unheeded
By John Breyault (@jammingecono, johnb@nclnet.org)
NCL Vice President of Public Policy, Telecommunications and Fraud
Subscribe here. Tell us what you think.
Editor’s note: As the average cost of a data breach climbs to $3.86 million, cyber experts continue to express alarm over our lack of security. Last week, a survey of leading cyber experts found that 94 percent thought that President Trump was not doing enough to deter cyberattacks. Meanwhile, an 11-year-old boy was able to hack a model election return website, and the FBI warned banks that a massive ATM hack is on the horizon. And if you needed any reminder that hacking is big business in Russia and Ukraine, WIRED has two must-reads on the $10 billion cost of the NotPetya malware and the indictment of three Ukrainians, who are estimated to have netted more than a billion dollars from payment card hacking.
And now, on to the clips!
—————–
Average cost of data breach increases to $3.86 million. A new IBM Security study found healthcare breaches to be the most costly, with the average record loss costing $408 — nearly three times the average cost of a regular record ($141). The report also found that “the average time to detect and contain a mega breach was 365 days — 99 days longer than a smaller breach (266 days).” (Source: NBC News)
Quick hit: 94 percent of cyber experts agree that Trump Administration is not doing enough to deter Russian cyber attacks. (Source: Washington Post)
NotPetya: ‘The most devastating cyberattack in history.’ The release last summer of the NotPetya malware by Russian state-sponsored hackers was “an act of cyberwar by almost any definition,” writes @a_greenberg. “The result was more than $10 billion in total damages, according to a White House assessment confirmed to WIRED by former Homeland Security Adviser Tom Bossert, who at the time of the attack was President Trump’s most senior cybersecurity-focused official.” (Source: WIRED)
The 2018 healthcare breach toll: 6.1 million individuals (and counting). The Department of Health and Human Services (HHS) maintains a “wall of shame” documenting breaches at healthcare facilities subject to the Health Insurance Portability and Accountability Act’s (better known as HIPAA) breach reporting rules. As of August 21, 229 breaches were added to the list, affecting more than 6 million individuals. “Since 2009, a total of 2,411 incidents impacting 187.7 million individuals have been posted to the wall of shame,” writes @HealthInfoSec. “Of those, 520 breaches involved hacking/IT incidents, impacting 141 million individuals, or about 75 percent of all victims affected by major health data breaches.” (Source: BankInfoSecurity)
Quick hit: Judge approves $114 million for victims of 2015 Anthem data breach. (Source: Bloomberg Law)
An 11-year-old was able to hack into a model election results website and change people’s votes in 10 minutes. After the child hacked the replica of the Florida state election website and changed voting results, the National Association of Secretaries of State issued a statement commenting that, “while it is undeniable (that) websites are vulnerable to hackers, election night reporting websites are only used to publish preliminary, unofficial results for the public and the media. The sites are not connected to vote counting equipment and could never change actual election results.” (Source: PBS Newshour)
FBI warns banks of coming ATM hack that would allow cyber criminals to withdraw millions. According to an FBI alert, an “ATM cashout scheme is planned in the coming days. The FBI said ‘unspecified reports’ indicate that the attack is likely to involve a card issuer breach that enables cyber criminals to clone cards for gangs to use to make ATM withdrawals.” (Source: Computer Weekly)
Botnets take aim at banks. A “network of millions of hacked computers that do the bidding of criminals suddenly shifted its focus this morning: Normally it sends consumers spam email pushing pharmaceuticals and penny stocks, but now it’s conducting a more targeted phishing campaign to hack into bank networks, according to new research by Cofense.” @joeuchill comments that this represents “a large operation to pivot — and almost certainly not one to change focus without some major goal in mind.” (Source: Axios)
Despite some efforts, political campaigns remain vulnerable to cyberattacks. @martinmatishak writes that “the Democrats’ cyber-trauma of 2016 has inspired increased awareness — and some paranoia — about digital security. But experts say it’s not enough.” Many “candidates and campaigns have yet to implement standard safeguards to prevent breaches of their computer networks, websites and emails.” (Source: Politico)
DOJ indicts three individuals linked to a billion dollars in hacking fraud. The hacking group FIN7 is believed to be responsible for “stealing more than 15 million credit card numbers from over 3,600 business locations.” Members of this organization made a name for themselves by “applying a level of sophistication that we’re not used to really seeing from financially motivated actors.” (Source: Wired)
Upcoming Events
October 2018 – National Cybersecurity Awareness Month
Every October, the National Cybersecurity Alliance organizes the National Cybersecurity Awareness Month to address specific challenges and identify opportunities for behavioral change. (Source: Stay Safe Online)
National Consumers League
Published August 23, 2018
The #DataInsecurity Digest | Issue 74
/byAdministration claims Russian hacking threat being taken seriously; evidence suggests otherwise
By John Breyault (@jammingecono, johnb@nclnet.org)
NCL Vice President of Public Policy, Telecommunications and Fraud
Subscribe here. Tell us what you think.
Editor’s note: Despite vocal assurances from senior leaders within the Trump Administration that they are doing all they can to secure our digital infrastructure and elections, cyber experts remain concerned over the lack of concrete steps that are being taken. This concern has only grown with the recent string of cybersecurity failures at the agency level in recent months. And despite new threats like crypto-jacking and “sextortion,” consumer uptake of digital hygiene technology like password managers remains low.
And now, on to the clips!
—————–
Senior intelligence officials stress their commitment to securing the midterm elections during White House press conference. @shaneharris and @feliciasonmez report that while the press conference “did not offer new details about any attacks or announce new policies, their show of unity just steps from the Oval Office appeared aimed at easing public concerns about President Trump’s public skepticism of Russia’s intentions.” However, when National Security Agency Director Paul Nakasone, the individual that has the authority to attack and disable foreign computer networks, was asked what orders he had been given to counteract Russian interference, he didn’t answer the question directly and instead responded that, “We’re not going to accept meddling in the elections.” (Source: Washington Post)
Democrats remain concerned over lack of action taken to secure elections. In a letter that was sent out the same day as the White House press conference, a group of senators wrote that National Security Advisor John Bolton continues to ignore their requests for action and that “Republicans in the Senate [need] to reconsider their position blocking critical funding requested by 21 states to bolster election security ahead of the midterms.” (Source: The Hill)
Nearly two years in to the Trump Administration, VPOTUS gives first cybersecurity speech. In the speech, Vice President Mike Pence commented that “[w]hile other nations certainly possessed the capability, the fact is Russia meddled in our 2016 elections.” @D_Hawk notes that “despite the tough rhetoric from Pence and other top administration officials, the broader conference highlights only incremental steps the administration is taking to address the problem.” (Source: Washington Post)
Despite rhetoric, government agencies continually fail to take basic steps to secure data. @D_Hawk offers a sobering report on the most recent slew of federal cyber vulnerabilities: “A top lawmaker on Capitol Hill sounded the alarm about agencies’ use of a web program widely known to be outdated and vulnerable. Across town, the Government Accountability Office revealed in a new report that agencies still hadn’t implemented hundreds of recommendations to shore up their cyberdefenses. And even the watchdog at the National Security Agency, which is tasked with defending U.S. communication systems, rebuked the agency for failing to properly safeguard sensitive data stored in its networks.” (Source: Washington Post)
‘Breach fatigue’ one reason only 12 percent of consumers use password managers. Despite repeated warnings from cybersecurity experts, consumer uptake of good data hygiene practices like password managers remains low, reports @MeleChristopher. “A ‘recency bias’ leads consumers to believe that as a breach recedes in the headlines, it becomes less threatening, … [h]owever, the data in the Equifax breach does not have a half-life and could be used for nefarious purposes at any point.” (Source: New York Times)
Every Republican and Democratic FTC commissioner implored Congress to grant the agency rule-making authority on data privacy issues. At a congressional oversight hearing, each commissioner explained the Commission’s need for more tools to protect consumers. Commissioner Chopra commented that the FTC’s “existing toolkit won’t do the trick… We need the ability to deter misconduct through financial penalties and sensible safeguards that can evolve with the marketplace.” (Source: Adexchanger)
Equifax agrees to a consent decree, avoiding financial penalty with eight states. However, Equifax must perform a detailed assessment of cyber threats, boost board oversight of cybersecurity, and improve processes for patching known security vulnerabilities, according to the terms of the agreement. The consent decree was approved by regulators in Alabama, California, Georgia, Maine, Massachusetts, New York, North Carolina, and Texas. (Source: Reuters)
Quick hit: Equifax breach was a little more than a year ago today. @lillyhnewman provides a look back at the catastrophic breach. (Source: Wired)
Cryptojacking displaces ransomware as greatest cyber threat. For those of you not yet familiar with the term, @TheEbizWizard explains that “cryptojacking is where an attacker surreptitiously installs cryptocurrency mining software on a target system. The software – which may not even technically be malware – consumes processor cycles and their requisite electricity to process cryptocurrency transactions, thus earning the attacker a commission, usually in the anonymous cryptocurrency Monero.” (Source: Forbes)
New ‘sextortion’ scam utilizes breached passwords to blackmail victims. @briankrebs reports that victims of this new scam receive an email from a fraudster falsely claiming to have “compromised your computer and used your webcam to record a video of you while you were watching porn. The missive threatens to release the video to all your contacts unless you pay a Bitcoin ransom. What spooked people most about this scam was that its salutation included a password that each recipient legitimately used at some point online.” (Source: Krebs on Security)
Upcoming Events
August 9-12, 2018 – DEF CON 26 – Las Vegas, NV
DEF CON is the world’s longest-running and largest underground hacking conference. Each summer, hackers, corporate IT professionals, and three-letter government agencies all converge on Las Vegas to absorb cutting-edge hacking research from the most brilliant minds in the world. (Source: DEF CON)
October 2018 – National Cybersecurity Awareness Month
Every October, the National Cybersecurity Alliance organizes the National Cybersecurity Awareness Month to address specific challenges and identify opportunities for behavioral change. (Source: Stay Safe Online)
National Consumers League
Published August 9, 2018