March 22, 2023

A Promising Drug With a Flaw

Then people using Pradaxa started showing up in his emergency room. One man in his 70s fell at home and arrived at the hospital alert and talking. But he rapidly declined. “We pretty much threw the whole kitchen sink at him,” recalled Dr. Cotton, who works at Memorial Hermann-Texas Medical Center. “But he still bled to death on the table.”

Unlike warfarin, an older drug, there is no antidote to reverse the blood-thinning effects of Pradaxa.

“You feel helpless,” Dr. Cotton said. The drug has contributed to the bleeding deaths of at least eight patients at the hospital. “And that’s a very bad feeling for us.”

Pradaxa has become a blockbuster drug in its two years on the market, bringing in more than $1 billion in sales for its maker, the privately held German drug maker Boehringer Ingelheim.

But Pradaxa has been linked to more than 500 deaths in the United States, and a chorus of complaints has risen from doctors, victims’ families and others in the medical community, who worry that the approval process was not sufficiently rigorous because it allowed a potentially dangerous drug to be sold without an option for reversing its effects.

Pradaxa is an example, some critics say, of what can happen when a drug that performs well in tightly controlled trials is released into the messy world of real-life medicine. Boehringer Ingelheim said it was working on developing an antidote but that even without one, patients in a large clinical trial died at roughly the same rate as those who were taking warfarin.

The Food and Drug Administration released a report on Friday that found that the drug did not show a higher risk of bleeding than for patients taking warfarin. The report did not address the lack of an antidote for Pradaxa.

“The evolving spontaneous reporting patterns do not indicate a change in the favorable benefit-risk profile of Pradaxa, when used correctly according to the approved label,” Boehringer Ingelheim said in a statement. In other words, the drug is still safe. But some reports have indicated that doctors are not sufficiently cautious when prescribing Pradaxa, giving the drug to older people or those with kidney problems even though there is evidence that the bleeding risks are higher in those groups. The company recommends testing patients’ kidney function before prescribing Pradaxa and notes that the risk of bleeding increases with age.

“The problem is that the people that prescribe this, as a general rule, are cardiologists and family practitioners,” said Dr. Mark L. Mosley, director of the emergency room at Wesley Medical Center in Wichita, Kan. “The people that see the harm are your E.R. docs and your trauma docs.”

Critics say that at least until an antidote is found, better disclosure or more limited use of Pradaxa may be preferable. Patients’ lawyers have begun turning their attention to the drug. More than 100 lawsuits have been filed in federal courts and lawyers say thousands more are expected.

When the F.D.A. approved Pradaxa in October 2010, the drug was hailed as the first in a new category of replacements for warfarin, the nearly 60-year-old drug used to prevent strokes in people with a heart-rhythm disorder known as atrial fibrillation.

Warfarin requires careful monitoring of a patient’s diet and drug regimen, and frequent blood tests to ensure that it is working. Pradaxa required no such monitoring and, compared with warfarin, appeared to be better at preventing strokes.

Sales of the drug took off. By the end of 2011, after just over a year on the market, 17 percent of patients with atrial fibrillation were being prescribed Pradaxa, compared with 44 percent for warfarin, according to a study released in September. About 725,000 patients in the United States have used the drug, according to the F.D.A.

But almost as soon as doctors started prescribing Pradaxa, concerns surfaced about its safety. Pradaxa was identified as the primary suspect in 542 patient deaths reported to the F.D.A. in 2011, and was linked to more reports of injury or death than any of the more than 800 drugs regularly monitored by the Institute for Safe Medication Practices, a nonprofit based in Pennsylvania that monitors medicine safety.

Dr. Mosley said he found it “shocking, just shocking” that the F.D.A. approved Pradaxa, which is also called dabigatran, even though no antidote was available.

In a statement, the F.D.A. said, “the lack of an antidote notwithstanding, dabigatran was superior to warfarin in preventing strokes in a large clinical trial. The rates of bleeding were similar.” In the study it released on Friday, the F.D.A. examined health insurance claims and hospital data and reached a similar conclusion.

Warfarin, which is also known by the brand name Coumadin, can often be reversed by giving a patient vitamin K or other substances. Warfarin, too, can be deadly but, doctors said, they at least have options.

“The practical experience is that once hemorrhagic complications occur in this drug, it is much more likely to be a catastrophe than with Coumadin,” said Dr. Richard H. Schmidt, an associate professor of neurosurgery at the University of Utah, who treated an 83-year-old man who died from bleeding and was using Pradaxa.

Boehringer Ingelheim recommends treating bleeding patients with dialysis to help flush the drug from the body, although it notes that “the amount of data supporting this approach is limited.”

Several doctors said that option was not realistic. “People that are bleeding to death aren’t going to tolerate being put on dialysis,” Dr. Cotton said.

Two other new drugs intended as warfarin replacements also lack antidotes. Doctors said they had not seen as many bleeding deaths associated with Xarelto, which was approved in 2011 and is sold by Bayer and Johnson Johnson. On Friday, the F.D.A. approved Xarelto to also treat deep vein thrombosis and pulmonary embolism, two kinds of blood clots. Pradaxa is approved in the United States only to prevent stroke in patients with atrial fibrillation. A third drug, Eliquis, by Bristol-Myers Squibb and Pfizer, has not yet been approved by the F.D.A. Representatives for both drugs said trials showed their products were safe, adding that the companies were investigating different antidotes. Boehringer Ingelheim is expected to present several new studies of Pradaxa’s safety and efficacy — including one that examines potential antidotes — at the American Heart Association scientific conference next week in Los Angeles.

Some cardiologists have said that Pradaxa and the other new drugs represent real advances over warfarin. Around 40 percent of people with atrial fibrillation do not take any drugs for it, a recent study showed, putting them at risk for strokes.

“I think the benefit of the drug clearly exceeds the risk because to me, a disabling stroke has a greater weight than a bleeding complication,” said Dr. Sanjay Kaul, a cardiologist at Cedars-Sinai Medical Center in Los Angeles and a member of the F.D.A. committee that voted to approve Pradaxa.

But those calculations make little sense to Walter Daumler, who said he watched his 78-year-old sister, Doris, bleed to death in May. Mr. Daumler, who lives in Wisconsin, has hired a lawyer and is considering suing. He said the doctors told him that because she was on Pradaxa, there was nothing they could do.

“My No. 1 goal is to stop this insidious drug,” Mr. Daumler said. “To get this off the market, so others will not undergo or witness what I saw.”

Article source:

Hacker Attacks Like Stratfor’s Require Fast Response

In the film “Pulp Fiction,” Harvey Keitel plays the Wolf, a fast-talking and meticulous man who is called in to deal with the aftermath of an accidental shooting.

In the messy world of computer security breaches, Kevin Mandia is something like the Wolf. Mr. Mandia has spent his entire career cleaning up problems much like the recent breach at Stratfor, the security group based in Austin, Tex., that was hacked over the Christmas weekend.

Hackers claiming to be members of the collective known as Anonymous defaced Stratfor’s Web site and published over 50,000 of its customers’ credit card numbers online. They have threatened to release more card details and a trove of 3.3 million e-mails between Stratfor and its clients, which include Goldman Sachs, the Defense Department, Los Alamos National Laboratory and the United Nations.

That means Stratfor is in the position of trying to recover from a potentially devastating attack without knowing whether the worst is over.

“They’re in a bad place,” said Mr. Mandia, who is not involved in the Stratfor case. “If the attacker is going to release their e-mails, there’s no way to shut them down.”

Stratfor joins a list of other hapless prominent organizations that have recently been breached by so-called hacktivists — hackers whose goal is to embarrass and expose them. Among its predecessors are Sony, the security company HBGary and the Arizona Department of Public Safety.

Unlike extortion cases, in which hackers typically demand a fee for not disclosing specific proprietary information, attacks by hacktivists put companies in a potentially more precarious and vulnerable waiting mode. The companies do not know precisely what has been stolen, how destructive its disclosure will be, when it will be dumped online or even whether the hackers are still roaming through their internal networks. All the while, they must reassure anxious clients and try to minimize the inevitable public relations fallout.

“We call it a three-alarm fire,” said Jamie May, chief investigator at Debix, the identity protection company that was hired by Sony after its breach earlier this year.

“It’s easy for companies to get ahead of themselves and rush into bad decisions that make a situation worse,” she said, “which is why it is often helpful to work with a company that has done this before.”

The breach at Stratfor, which markets its security expertise, could be particularly embarrassing if hackers can prove their claims that they were able to gain access to the company’s sensitive data because it was not encrypted — a basic first step in data protection.

Stratfor has not clarified whether its data was encrypted, and did not respond to requests for comment. With its Web site still down, the company has been using its Facebook page to share updates about matters like its offer of identity-theft protection for customers. But some customers have left comments on the page complaining that they did not hear directly from Stratfor about the breach, and found out that their card information was compromised only when their banks notified them of unauthorized charges.

Mr. Mandia’s computer security and forensics firm, Mandiant, has responded to breaches, extortion attacks and economic espionage campaigns at 22 companies in the Fortune 100 in the last two years alone, Mr. Mandia said. He calls the first hour he spends with companies “upchuck hour.”

“I need to get as much data as I can get. I come in and say ‘Get me your firewall logs. Give me your Web logs. Tell me what you know so far. Who do you think might have done this? Give me your e-mails,’ ” he said. “Everybody’s vomiting information on a table. It’s never pretty and it’s always unstructured.”

Time is of the essence. “Every minute you take to figure this out, you could be losing more e-mails and more credit data,” he said. The goal is to determine quickly the “fingerprint” of the intrusion and its scope, Mr. Mandia said: “How did the guy break in? What did he take? When did he break in? And, how do I stop this?”

The first thing a forensics team will do is try to get the hackers off the company’s network, which entails simultaneously plugging any security holes, removing any back doors into the company’s network that the intruders might have installed, and changing all the company’s passwords.

“This is something most people fail at,” Mr. Mandia said. “It’s like removing cancer. You have to remove it all at once. If you only remove the cancer in your leg, but you have it in your arm, you might as well have not had the operation on your leg.”

Likewise, if a company misses one back door or one compromised password, the intruders can immediately come back in.

Once the network has been secured, a forensics team will comb through a company’s data to determine the impact of the breach, so it can begin notifying affected customers, determine its liability and try to get ahead of the news cycle.

But in a hacktivist case like Stratfor’s, in which hackers are threatening to disburse more credit card details and sensitive correspondence, Mr. Mandia said there comes a point when “you just have to sit back and hope.”

“If anybody was any good at preventing leaks, we would have never seen WikiLeaks,” Mr. Mandia said. “The U.S. government would have stopped it and that data would never have been dumped.”

Meanwhile, Stratfor’s hackers have taken to Twitter to announce that they plan to release more Stratfor data over the next several days.

That may offer at least one possible silver lining. In the world of computer security, experts say, the most dangerous breaches are the quiet ones — the ones in which hackers make off with a company’s intellectual property and leave no trace.

“The hacks that do the most damage,” Mr. Mandia said, “don’t have Twitter feeds.”

Article source: