Frequently Asked Questions
What happened? In June 2019, Amarin learned that there may have been an issue concerning a database maintained by one of its copay assistance vendors. This database contains information about consumers who use or have expressed interest in the Amarin product Vascepa®. Because we take confidentiality matters seriously, Amarin promptly started investigating this event and instructed the vendor to take the database offline. Amarin also suspended active data feeds to the vendor. As part of the investigation, the vendor confirmed that its database had been subject to unauthorized access and acquisition. According to the vendor, no Social Security numbers or financial account information were stored in the database. Based on this assurance, we have no reason to believe that your identity has been stolen or that you are at risk for identity theft as a result of this matter.
What specific information was involved? According to the vendor, its database was misconfigured for a period of time. During that period, the database was accessed a number of times by an unknown party or parties, and information was taken from the database.
According to the vendor, information in the database included names, postal and email addresses, phone numbers, and information about consumers’ use of certain supplements or medications, including Vascepa®. The database also contained information about certain copay transactions for Vascepa®, including dates the transactions were completed. However, the vendor has told us that the database did not contain Social Security numbers or financial account information.
So, the bottom line is that, while we know that information was taken, we do not know exactly what information was taken or which individuals that information concerned. We also have no knowledge that any information from the database has been made public.
What is a copay assistance program? A copay assistance program helps consumers with the cost of their copayment when purchasing a drug. The Vascepa® Savings Card Program offers eligible consumers assistance with paying their copayment on their Vascepa® prescription.
Was my insurance information affected? According to the vendor, your health insurance information was not affected. If you participate in the Vascepa® Savings Card program, your member ID for that program may have been affected. However, that member ID is different from any member ID your health insurance carrier may provide.
Why was my information in this database? If you joined or inquired about Amarin’s Vascepa® Savings Card copay assistance program, then the information you provided in connection with your membership or inquiry was stored in the vendor’s database. This made it possible for the vendor to provide certain management services in connection with the program.
Who was responsible for the security of my information? The vendor was responsible for the proper maintenance and security of its database. Nevertheless, Amarin understands that the security of your information is important. For this reason, we promptly took action on learning of this event and took the database offline. We are taking other measures to address this event and are continuing to evaluate ways to help prevent this type of event from happening in the future.
When did this take place? We did not learn of a potential problem until June 2019. In conducting our investigation, we were informed by the vendor that the database it maintained had been misconfigured between May 2, 2018, and June 20, 2019, which potentially allowed unauthorized access to data during that time. The vendor further informed us that it had found evidence that the database had been accessed a number of times between May 29, 2019, and June 20, 2019, and that information had been taken from the database.
What did you do when you found out this happened? We promptly suspended active data feeds to the database and instructed the vendor to take the database offline. We also opened an investigation and engaged leading experts to assist us.
Has the problem been contained? According to the vendor, yes. The vendor has told us that the database is offline and that passwords providing access to the database have been changed.
Am I at risk for identity theft? We have no reason to believe that your identity has been stolen or that you are at risk for identity theft as a result of this event. According to the vendor, no Social Security numbers or financial account information were stored in the database.
Do I need to take any action? We have provided notification of this event for your awareness but no action on your part is required. However, you may wish to look at the steps outlined in the additional resources section to more generally protect yourself from identity theft. In addition, if for any reason you notice any services you did not authorize on your health care bills, we recommend that you contact your health plan for verification.