"Distributed Denial of Service" Attacks: Is Pharma Ready for Cyber Warfare?

I think it was an American journalist (A.J. Liebling) who said "Freedom of the press is guaranteed only to those who own one." I was reminded of this after Senator Joe Lieberman pressured Amazon.com to remove WikiLeaks docs from its cloud servers and Amazon complied.

This concerns me. But of even greater concern to me is the spate of hacker attacks against Wikileaks and counter-attacks against Amazon and other web sites like Mastercard and Paypal that have also ceased doing business with WikiLeaks (see, for example, "Hackers Give Web Companies a Test of Free Speech").

Who's next?

Perhaps pharmaceutical companies are next. What's to prevent some hacker from deciding that the Lyrica.com web site should be shut down because he/she took issue with print ads that may be in violation of FDA regulations (eg, see "Pfizer's Latest Lyrica DTC Ad Should Be Cited By FDA as Misleading")?

I am not technically savvy enough to know how these attacks are done, but I understand it's a fairly simple thing to do. And I don't know how Web sites can protect themselves from hacker attacks in general.

But one thing I suspect: many pharmaceutical may not have a plan in place to protect their web sites. I know form experience that even the largest pharmaceutical company in the world was not too technically savvy about how to start up a twitter account and keep abreast of what was being said about it on Twitter (see "Follow Who's Following Me on Twitter. But NOT Phishy 'pfizer' Please!").

What do you think?

My Pharma Social Media Communication Experiment

I'm trying a little experiment today. I'm trying to use social media -- specifically Twitter -- to directly contact the press relations people (aka corporate communications staff) at a major pharmaceutical company (ie, Pfizer) about a Lyrica print ad that I blogged about a few days ago (see "Pfizer's Latest Lyrica DTC Ad Should Be Cited By FDA as Misleading").

[SEE UPDATE AT END OF THIS POST FOR RESULTS.]

I was urged to do this after the following exchange with Bruce Grant on my Facebook Page:

• Bruce Grant I think you should ask to see the evidence rather than speculate that it does not exist.
  

  Tuesday at 9:51pm · 
• 
  

  John Mack Well, Bruce, in this day and age of social media, I think what I did on my blog WAS to ask. Also, IF there is such evidence, my point is that it SHOULD be cited in the ads themselves.
  

  22 hours ago · 
• 
  

  Bruce Grant I remember the original social media -- mail and telephones. And when I was a journalist and had a question like this, I would call or write directly to the company with my inquiry...not wait to be overheard. Just sayin'. (BTW, did you check the Brief Summary page for references?)

  John Mack

  I did check the brief summary page, but I must admit I did not look for references. I will do that and see what I can find. Thanks for pointing that out. Usually, however, in physician ads anyway, there would be an asterisk to call attentio...n to specific sources of data cited.
  
  As I often say, I am NOT a journalist, especially when I am writing the blog. As you know, I have limited resources, except for my readers who often help me find answers. And that's really the point of my blog -- to stimulate discussion, which is the one thing many people say they appreciate. I will continue to respond to that need expressed by my readers.

I know for a fact that @Pfizer_news -- Pfizer's official corporate Twitter account -- follows me on Twitter. Pfizer uses this account to communicate Pfizer news to journalists among other stakeholders. Although I am not a journalist, I know that Pfizer is interested in keeping bloggers like me in the loop (see, for example, "The Social Media Revolution Will Not Be 'Televised'").

So, here's what I have done:

1. I tweeted this today at about 7:30 AM: "I hv bn urged by @grantbw 2 contact @Pfizer_news re this Lyrica print ad that I think FDA shld cite as misleading: http://bit.ly/fGBhwl" and
2. I DM'd (sent a direct message through Twitter to) @pfizer_news: "Who can I call about this Lyrica ad issue: http://bit.ly/fGBhwl" I also followed up with a DM giving Pfizer my phone number and direct e-mail address in case they want to respond to me "old school."

Since @Pfizer_news follows me, the person who monitors that account may see my tweet and SHOULD get my DM.

Everyone seems to be praising social media apps like Twitter for their communication abilities and I sure find it more convenient to use Twitter to contact Pfizer directly rather than witing for regular business hours to call by phone, which I know will be hellishly frustrating!. This is an experiment to see if it works. I will keep you posted.

UPDATE #1: At 11:49 AM I received this DM from @pfizer_news: "I've forwarded your message to Victoria Davis. Thanks." Victoria Davis is a Pfizer Media Relations primary care specialist who focuses on these products: Chantix, Lipitor, Apixaban, Premarin Family, Spiriva, Viagra and Pristiq. I'm not sure why @pfizer_news passed on my message to Victoria instead of, for example, Mackay Jimeson who is responsible for Lyrica, Celebrex, Spiriva, Toviaz, Dimebon, Apixaban, Tanezumab, Lipitor, Viagra, Chantix. But it's all good.

Meanwhile, beginning at about 9:10 AM I started calling by phone some of the people listed on Pfizer's News & Media page, including Chris Loder, Christine Neese, and MacKay Jimeson. I also called the general media contact number. They all were not available, so I left voicemail messages.

Finally, around 1:30 PM, Chris Loder, Pfizer's Head of US Media Relations, gave me a call and said he needed some time to research the issue, but promised someone would followup soon.

So, I'm happy to report that Pfizer is listening & responding via Twitter/social media. But I am not sure if it was Twitter or all the phone calls I made that got the attention of Chris. My bad for not doing a very good controlled study.

More later...

Pfizer's Latest Lyrica DTC Ad Should Be Cited By FDA as Misleading

Do you have "chronic widespread MUSCLE pain?" That's the question asked in a Lyrica direct-to-consumer (DTC) print Ad in a recent issue of Prevention magazine (see image below). "The answer may be over-active NERVES," says the ad. The implication is that Lyrica treats "muscle pain" caused by "over-active nerves."

Yet Lyrica is officially approved by the FDA "to treat Diabetic Nerve Pain, Pain after Shingles, and Fibromyalgia. LYRICA is also indicated to treat Partial Onset Seizures in adults with epilepsy who take 1 or more drugs for seizures." Neither "widespread MUSCLE pain" nor "Over-active NERVES" is mentioned in the approved labeling for Lyrica. And the National Institutes of Health (NIH) says that the causes of fibromyalgia are "unknown."

Pfizer even includes a diagram (left) showing how Lyrica "calms" the nerves, which "can provide significant relief from Fibromyalgia pain."

I think that all this is speculative hocus pocus that is not based on any reputable science at all! This is shameful coming from a company and an industry that promotes itself as being "science-based."

I'd like to see (1) references to scientific data, trials, etc. that supports Pfizer's hypothesis that fibromyalgia, aka "widespread muscle pain", is caused by "over-active NERVES" and (2) data to support the claim that Lyrica "calms" over-active nerves.

FDA "warning letters" often state that "Promotional materials are misleading if they suggest that a drug is useful in a broader range of conditions or patients than has been demonstrated by substantial evidence or substantial clinical experience." If Pfizer has no data to support the claims made in this ad, then the FDA should cite it as being misleading. That's my opinion. What do you think?

Abbott Fetes Barred Cardiologist with High Cholesterol Pig Roast

Practically every week I read amazing stories about stupid, immoral, unethical, or illegal activities perpetrated by the pharmaceutical industry. Stories that are bolstered with juicy quotes from internal corporate emails written by dumb executives. And I don't have to wait for Wikileaks to publish this stuff when the U.S. Senate and the Wall Street Journal (WSJ) are already doing it!

Take today for example. A story in the WSJ titled "Abbott Hired Barred Doctor" caught my attention (find it here). At first, I thought it was nothing new -- I already know that pharmaceutical companies have hired questionable physicians in the past, so it's not too exciting to learn that Abbott "hired a Baltimore-area cardiologist as a sales consultant after he was barred from practicing at a local hospital last year for allegedly putting heart stents in hundreds of patients who didn't need them."

What's interesting is the juicy stuff that the Senate learned from internal emails written by Abbott executives.

For example:

"In 2008 Abbott paid more than $1,000 for a pig roast, complete with mobile pig pit, at a party to fete the cardiologist the same week Dr. Midei, then head of the cardiac catheterization lab at St. Joseph Medical Center in Towson, Md., set a possible company record by implanting 30 stents in a single day."

and

"Charles Simonton, the medical director of Abbott's vascular division, said in another email cited by the [Senate report to be released today] that Dr. Midei should 'clearly avoid' the Baltimore area, but Dr. Simonton encouraged colleagues to 'please find key physicians or cath labs you'd like him to get in front of with our data.' Abbott wanted to hire Dr. Midei 'because he helped us so many times over the years,' yet another Abbott executive said in an email."

and

"Around that time, an Abbott executive complained to a colleague by email about one of the [Baltimore] Sun's journalists [who reported on the alleged overuse of stents at St. Joseph] 'Somebody needs to take this writer outside and kick his ass. Do I need to send in the Philly mob?' he wrote, according to the report."

What's really amazing is that a company supposedly dedicated to saving lives of patients with cholesterol-blocked coronary arteries would host a $1,407 pig roast complete with a mobile "Alabama pig pickin' pit," a whole pig smoked for 15 hours, Memphis-style ribs, chicken, hot dogs, cole slaw and two big peach cobblers. The only thing heart-healthy on that menu may have been the cole slaw! I can forgive the threat to kick the reporter's ass, but a pig roast in a cardiologist's back yard? Unforgivable!

Viagra Website Goes Dark!

No, Viagra.com hasn't been the target of "distributed denial of service" attacks by "unknown hackers," nor has Amazon pulled the site from its servers following political pressure from Senator Joe Lieberman, who chairs the Senate Homeland Security Committee. And Lieberman did NOT call for organizations hosting Viagra.com to terminate their relationship with the website.

All that's not likely to happen because here in America we value the freedom of information and believe the first amendment applies to corporate speech as well as to individual speech.

But Viagra.com has moved to the dark side and has become the first Rx drug site to use a black background, as far as I am aware (see screen shot below).

Several weeks ago, I noticed a similarly dark Viagra print ad in a magazine (see "Be a Macho Man! Ask Your Doctor for Viagra!"). The Viagra.com web site continues the "macho" theme as well.

Man, I'd love to be like one of these guys! Own a private plane and even know enough to work on its engine as well as not panic when my OLD car's water temperature gauge goes into the red zone while I'm driving  through the desert! Who knew such guys had ED (erectile dysfunction)?

ED guys don't have to ask mechanics for help on the road, but they DO have to ask their physicians for help getting an erection (ie, a prescription for Viagra). That's the best advice Viagra.com can offer!

P.S. Delving a bit deeper into the Viagra.com Web site, I find that "ED is More Common Than You Think" in the "Common Questions" section. There, Pfizer claims that "MORE THAN HALF OF MEN OVER 40 HAVE SOME DEGREE OF ED." I've often taken issue with this statement, so I researched the source that Pfizer cites for this: The Massachusetts Aging Men Study, which found that 52% of respondents claimed they had some degree of ED. Another analysis of this study concluded "Men who worked in blue-collar occupations were one and a half times more likely to develop ED compared to men in white-collar occupations" (see here). So why aren't blue-collar men depicted in Viagra ads instead of professional-looking guys and guys who own their own private planes? I doubt many blue-collar types are able to afford their own private airplane these days. What kind of world does Pfizer think we live in????

Are You Serious?TM A Good Example of Why Pharma Brand Managers "Love Its" TV

Many pharma marketing experts wonder why pharmaceutical marketers spend approximately 70% of their DTC advertising budgets on expensive TV advertising when they might get better bang for their bucks advertising through other channels such as the Internet.

Whether or not you agree with that, there's one indisputable factor about TV advertising to consider: the opportunity for brand managers to play at being directors, mingle with the stars, and even to have a "cameo" part in the production.

A good example of that is a disease awareness campaign called Are You Serious?^TM, launched by Johnson & Johnson's wholly-owned Centocor Ortho Biotech division. This was described in a JNJBTW Blog guest post (here) by Craig Stoltz, Director, Product Communications, Immunology, Centocor Ortho Biotech Inc.

BTW, J&J IS serious about trademarking "Are You Serious?" Here's the result of a trademark search I performed (click on image to enlarge):

According to Stoltz, the "renowned Saturday Night Live actor and comedian, Jon Lovitz" called HIM -- not the other way around -- to pitch the public awareness campaign. Apparently, Lovitz suffered from severe plaque psoriasis for a decade until he found a dermatologist "who knew what the hell he was doing" (according to a song supposedly written by Lovitz as part of the TV campaign. Find it here; see screen shot below).

I guess it's feasible that Lovitz would pick up the phone himself to call a product manager (er, excuse me, I mean "Director, Product Communications").

According to Stoltz:

"The campaign is a collaborative educational effort between Centocor Ortho Biotech Inc., maker of two treatments for the management of moderate or severe psoriasis, and the National Psoriasis Foundation (NPF), starring Lovitz. It aims to raise awareness about this autoimmune condition and motivate patients to speak with a dermatologist about how to effectively manage their symptoms. That’s what Lovitz did less than a year ago, and he couldn’t be more passionate about sharing his positive experience with others to let them know they absolutely can take control of their disease."

Stoltz also admitted that he made a cameo appearance in one of the "behind-the-scenes footage and blooper videos."

Unfortunately, I opted NOT to view the "behind-the-scenes" videos because it requires registration. Ever since I began covering the issue of online privacy related to healthcare marketing, I am a little afraid to give away personal information to a pharmaceutical company (see "FTC Issues Privacy Report Recommending 'Do Not Track' Option").

New Media, New Ways to Track You. Online Ad Technology is One Step Ahead of Lawmakers and Regulators

Citing privacy concerns, the Energy and Commerce Subcommittee on Commerce, Trade and Consumer Protection will hold a hearing tomorrow (December 2, 2010) on the feasibility of establishing a "Do Not Track" registry for the Internet.

Today, the Federal Trade Commission (FTC) will release its much-anticipated privacy report calling for a "do-not-track" tool for Web browsers (see "New Media Privacy Issues & Online Health Marketing" media advisory).

Also today, privacy wonks are meeting in Washington, DC at the National Press Club conference "The Future of Online Consumer Protections." Topics for discussion include:

• Protecting consumers while they surf the web: How to make a "Do Not Track Me" list work and other ideas.
• How costs can be cut with electronic medical records while still maintaining patient privacy.
• Is online health and drug marketing deceptive? Does it invade consumers' privacy?

One of the people presenting at that meeting is Jeff Chester, Founder and Executive Director of the Center for Digital Democracy (CDD). CDD and other privacy groups recently submitted a brief to the FTC citing "unfair and deceptive" online health and drug advertising practices (see, for example, "Center for Digital Democracy Challenges FTC to Reign In Online Pharma Marketing" and here).

Chester will be a guest on my Pharma Marketing Talk BlogTalkRadio show next Thursday and I'm currently hosting a survey on the issues (see below).

***********************************************************

New Media Tracking Technologies: Implications for Online Consumer Privacy
A conversation with Jeff Chester, Founder and Executive Director of the Center for Digital Democracy, about his organization's recently filed brief with the FTC requesting an "Investigation, Public Disclosure, Injunction, and Other Relief" regarding the array of sophisticated and non-transparent interactive marketing applications utilized by healthcare companies and the pharmaceutical industry to promote drugs online.

*********************************************************** 

While lawmakers and regulators are focused on "do not track" laws and web browser fixes, online advertising technology is already being "unleashed" that will make such laws, regulations, and fixes obsolete before the ink is dry. That's because these laws all focus on Web tracking cookies, which according to BlueCava CEO David Norris, "are a joke."

BlueCava and other companies are developing "digital fingerprint technology to identify how we use our computers, mobile devices and TV set-top boxes," according to this Wall Street Journal article. Here are some excerpts:

Device fingerprinting is a powerful emerging tool in this trade. It's "the next generation of online advertising," Mr. Norris says.

It might seem that one computer is pretty much like any other. Far from it: Each has a different clock setting, different fonts, different software and many other characteristics that make it unique. Every time a typical computer goes online, it broadcasts hundreds of such details as a calling card to other computers it communicates with. Tracking companies can use this data to uniquely identify computers, cellphones and other devices, and then build profiles of the people who use them.

Tracking companies are now embracing fingerprinting partly because it is much tougher to block than other common tools used to monitor people online, such as browser "cookies," tiny text files on a computer that can be deleted.

It's tough even for sophisticated Web surfers to tell if their gear is being fingerprinted. Even if people modify their machines—adding or deleting fonts, or updating software—fingerprinters often can still recognize them. There's not yet a way for people to delete fingerprints that have been collected. In short, fingerprinting is largely invisible, tough to fend off and semi-permanent.

Blue Cava also is seeking to use a controversial technique of matching online data about people with catalogs of offline information about them, such as property records, motor-vehicle registrations, income estimates and other details. It works like this: An individual logs into a website using a name or e-mail address.

The website shares those details with an offline-data company, which uses the email address or name to look up its files about the person.

The data company then strips out the user's name and passes BlueCava information from offline databases. BlueCava then adds those personal details to its profile of that device.

As a result, BlueCava expects to have extremely detailed profiles of devices that could be more useful to marketers. In its privacy policy, BlueCava says it plans to hang onto device data "for the foreseeable future."

Pretty scary, huh?