to prescribers; reporting to pricing services inflated average wholesale prices that were then used by federal programs to set reimbursement rates; engaging in
off-label promotion; and submitting inflated best price information to the Medicaid Rebate Program to reduce liability for Medicaid rebates. Efforts to ensure that our business arrangements with third parties
will comply with applicable healthcare laws and regulations will involve substantial costs. It is possible that governmental authorities will conclude that our business practices may not comply with current or future statutes, regulations or case
law involving applicable fraud and abuse or other healthcare laws and regulations.
If our operations are found to be in violation of any of these laws or
any other governmental regulations that may apply to us, we may be subject to significant civil, criminal and administrative penalties, damages, disgorgement, fines, imprisonment, exclusion from government funded healthcare programs, such as
Medicare and Medicaid, additional oversight and reporting obligations, contractual damages, reputational harm, diminished profits and future earnings, and the curtailment or restructuring of our operations. If any of the physicians or other
healthcare providers or entities with whom we expect to do business are found to be not in compliance with applicable laws, that person or entity may be subject to criminal, civil or administrative sanctions, including exclusions from government
funded healthcare programs.
Laws, restrictions, and other regulatory measures are also imposed by anti-kickback, fraud and abuse, and other healthcare
laws and regulations in international jurisdictions, and in those jurisdictions we face the same issues as in the United State regarding exposure to criminal sanctions, civil penalties, program exclusion, contractual damages, reputational harm, and
diminished profits and future earnings.
We depend on our information technology systems and those of our third-party collaborators, service
providers, contractors or consultants. Our internal computer systems, or those of our third-party collaborators, service providers, contractors or consultants, may fail or suffer security breaches, disruptions, or incidents, which could result in a
material disruption of our development programs or loss of data or compromise the privacy, security, integrity or confidentiality of sensitive information related to our business and have a material adverse effect on our reputation, business,
financial condition or results of operations.
In the ordinary course of our business, we collect, store and transmit large amounts of
confidential information, including intellectual property, proprietary business information and personal information. Our internal technology systems and infrastructure, and those of our current or future third-party collaborators, service
providers, contractors and consultants are vulnerable to damage from computer viruses, unauthorized access or use resulting from malware, natural disasters, terrorism, war and telecommunication and electrical failures,
denial-of-service attacks, cyber-attacks or cyber-intrusions over the Internet, hacking, phishing and other social engineering attacks, persons inside our organizations
(including employees or contractors), loss or theft, or persons with access to systems inside our organization. Attacks on information technology systems are increasing in their frequency, levels of persistence, sophistication and intensity, and
they are being conducted by increasingly sophisticated and organized foreign governments, groups and individuals with a wide range of motives and expertise. In addition to extracting or accessing sensitive information, such attacks could include the
deployment of harmful malware, ransomware, denial-of-service attacks, social engineering and other means to affect service reliability and threaten the security,
confidentiality, integrity and availability of information. The prevalent use of mobile devices that access sensitive information also increases the risk of data security incidents which could lead to the loss of confidential information or other
intellectual property. While to our knowledge we have not experienced any material system failure, accident or security breach to date, if such an event were to occur and cause interruptions in our operations or the operations of third-party
collaborators, service providers, contractors and consultants, it could result in a material disruption of our development programs and significant reputational, financial, legal, regulatory, business or operational harm. The costs to us to
mitigate, investigate and respond to potential security incidents, breaches, disruptions, network security problems, bugs, viruses, worms, malicious software programs and security vulnerabilities could be significant, and while we have implemented
security measures to protect our data security and information technology systems, our efforts to address these problems may not be successful, and these problems could result in unexpected interruptions, delays, cessation of service and other harm
to our business and our competitive position.
26