The Top 12 Crises Of 2016 – The Holmes Report

2. Mylan raises EpiPen prices 

It’s hard to imagine a more disturbing lead-in than the one that opened an NBC report on Mylan’s life-saving anti-allergy device EpiPen. “The cost of saving your child’s life has gotten a lot more expensive.” As if that wasn’t bad enough, the story was promptly tweeted out by then-presidential candidate Bernie Sanders as part of his campaign to rein in drug prices.

As William Comcowich, chief executive of CyberAlert, pointed out in a column, an online petition gathered more than 80,000 signatures in 45 days and prompted more than 120,000 letters to Congress.

The New York Times and Hillary Clinton soon piled on, the company’s stock price tumbled, and CEO Heather Bresch badly botched a CNBC interview.

“Of all the corporate crises in 2016, Mylan’s epic disaster with the EpiPen stands out as the one that generated the most anger,” says Michael Robinson, a veteran corporate affairs counselor who recently launched his own firm, The Montgomery Strategy Group. “Not a surprise given that consumer-facing companies are uniquely in possession of their customers’ trust.

“With the EpiPen literally the difference between life and death for millions (including children) and the fact that Mylan has no viable competition for the product, the made-for-cable-news tale of putting profits over people was complete. Yes, list pricing of pharmaceuticals is complicated and so is insurance reimbursement, but that is precisely the job of corporate communicators, to make an organization’s narrative clear and concise. And ideally to do so ahead of time, especially in an industry that is under the microscope and not known for its transparency.

“By the time Mylan CEO Heather Bresch testified before Congress, she embodied the classic crisis conundrum ‘when you’re explaining your losing,’ with predictable results.”

Gil Bashe, who leads the healthcare practice at New York’s Finn Partners, points to the broader implications for the healthcare sector: “The Mylan EpiPen crisis is a self-created reputation fiasco, another fallen pharma domino—along with KV Pharma, Turing and Valeant. Mylan joined a small, highly visible list of industry outliers who betrayed public trust and the core public belief that pharma companies aim to help patients live longer, healthier lives.

“The big takeaway for communicators and C-Suite leaders—whether championing generics or brands—is to always remember that their companies coexist within the healthcare ecosystem.  Whenever their decisions impact patients, payers, physicians and policymakers negatively, these voices will respond publicly and punitively.”

As EpiPen became a rallying moment for responsible pharma industry executives, Allergan CEO Brent Saunders stepped forward with a “social contract” that outlined the company’s principles around price transparency and acknowledge the importance of sector-wide collaboration.  Says Bashe: “More and more health communication leaders would be wise to reaffirm the great mission—to help heal and sustain life—committing to greater effort to place patients at the center.” — PH

4. Data breach at Yahoo!

Data breaches have become almost commonplace—last year’s crisis review covered breaches at Ashley Madison, Experian, Hilton, Hyatt and more—the December announcement from Yahoo! stood out for a couple of reasons: first, it involved more than a billion user accounts and second it involved cyber-attacks that dated back to 2013.

And, as Edelman chair of crisis and risk Harlan Loeb points out, it represented the first-time reputational damage from a hacking crisis presented a material valuation event: Verizon put its plans to acquire Yahoo on hold.

Loeb points to several key learnings from the incident, including the fact that data breaches can go undetected for a long time. “Although most incidents take 146 days to be detected, companies have great difficulty explaining why it takes so long,” he says. “And it is not satisfying to customers to acknowledge that the ‘offensive’ bad guys have the edge over the ‘defensive’ good guys. Often, therefore, the best strategy lies in addressing questions on timing using the date range of attacks and focusing proactive messaging on steps taken since the incident was detected.”

In addition, companies have to assess which information needs to be shared with specific stakeholders. Says Loeb: “This is especially true for an organization such as Verizon, which has an entire division dedicated to helping companies respond to security incidents.”

And finally, companies need to understand that security incidents can cascade. Yahoo—like Target before it—was forced to disclose a second security incident quickly after the first became public. Loeb’s advice: “Wait until a forensics investigation is complete or nearly complete before disclosing an incident. While a company’s hand may be forced to disclose an issue mid-investigation, it’s typically best to possess more certain information before communicating to ensure that the company is ‘telling all.’ Though a company may get dinged in the short term for waiting to disclose, the potential reputational damage triggered by disclosing incomplete information and multiple incidents is a ‘death of a thousand cuts.’”

And finally, the Yahoo incident may have wider implications. According to Michael Robinson: “The ultimate legacy of the mammoth Yahoo breach may well be the establishment of a de facto national data breach disclosure standard by the Securities & Exchange Commission given the clear and obvious material impact of this breach on the company’s investors and its position in the marketplace. Communicators can seize the opportunity to work even closer with their legal and investor relations colleagues to develop the internal consensus needed to drive the right type of proactive disclosure.” — PH