Weekend update

Generative AI

Weekend update

David ErmerCongress, FDA, Generative AI, Medical / Rx research, Medicare, Rx coverage, U.S. Healthcare
Photo by Tomasz Filipek on Unsplash

From Washington, DC,

  • The Medicare open enrollment period began today. It ends on December 7, 2023.

From the public health and research front,

  • Fortune Well informs us
    • The medicine in the diabetes drug Mounjaro [the Godzilla of GLP-1 drugs] helped people with obesity or who are overweight lose at least a quarter of their body weight, or about 60 pounds on average when combined with intensive diet and exercise, a new study shows.
    • By comparison, a group of people who also dieted and exercised but then received dummy shots lost weight initially but then regained some, researchers reported Sunday in the journal Nature Medicine.
    • “This study says that if you lose weight before you start the drug, you can then add a lot more weight loss after,” said Dr. Thomas Wadden, a University of Pennsylvania obesity researcher and psychology professor who led the study.
    • The results, which were also presented Sunday at a medical conference, confirm that the drug made by Eli Lilly & Co. has the potential to be one of the most powerful medical treatments for obesity to date, outside experts said.
  • The FDA has approved Mounjaro as a diabetes treatment but not a weight loss treatment yet.
  • The New York Times tells us,
    • “An Oxford University researcher and her team showed that digital wearable devices can track the progression of Parkinson’s disease in an individual more effectively than human clinical observation can, according to a newly published paper.
    • “By tracking more than 100 metrics picked up by the devices, researchers were able to discern subtle changes in the movements of subjects with Parkinson’s, a neurodegenerative disease that afflicts 10 million people worldwide.
    • “The lead researcher emphasized that the latest findings were not a treatment for Parkinson’s. Rather, they are a means of helping scientists gauge whether novel drugs and other therapies for Parkinson’s are slowing the progression of the disease.”
  • The Washington Post interviews “physician Rosanne Leipzig, vice chair for education at the Brookdale Department of Geriatrics and Palliative Medicine at the Icahn School of Medicine at Mount Sinai in New York.” Dr. Leipzig is the author of “Honest Aging: An Insider’s Guide to the Second Half of Life.” The reporter described the book as “the most comprehensive examination of what to expect in later life I’ve come across in a dozen years covering aging.”
  • The Washington Post also reports,
    • “The United States faces a “bloody transfusion problem” that is fueling preventable deaths and putting national security at risk, three military and civilian physicians write in a JAMA opinion essay.
    • “The JAMA op-ed, published Oct. 12, highlights blood transfusions’ importance in emergency care. Emergency transfusions can decrease deaths, especially when given early, the physicians write. But not enough healthcare facilities and emergency vehicles are equipped for the procedures, they add, which presents a “substantial risk to our nation’s security infrastructure.”
    • “One reason is the national blood supply, which the writers call “tenuous” because of its reliance on volunteers, as well as problems with blood storage and the places where blood is collected and processed.
    • “The physicians cite a 2020 Health and Human Services report that characterized the national blood supply system as “struggling.” That report said blood availability is hindered by issues with donor recruitment, an aging donor population and problems funding collection centers.”

From the U.S. healthcare business front,

  • MedTech Dive points out,
    • “Best Buy plans to start selling continuous glucose monitors in the next few weeks, in the tech retailer’s first foray into prescription-based medical device sales.”Best Buy plans to start selling continuous glucose monitors in the next few weeks, in the tech retailer’s first foray into prescription-based medical device sales.
    • “The company plans to sell the Dexcom G7 CGM at launch and is looking to offer additional CGM systems from other manufacturers, according to the company.
    • “Customers who want to buy a CGM will be routed to the virtual care platform Wheel, where clinicians will determine a patient’s eligibility and write a prescription. Pharmacy tech provider HealthDyne will receive and process prescriptions, and consumers can then purchase the CGMs on Best Buy’s website for home delivery.”
  • BioPharma Dive notes,
    • “Pfizer said on Friday afternoon it plans to cut billions of dollars in spending and lay off staff as it adjusts to lower demand for its COVID-19 drug Paxlovid and vaccine Comirnaty. 
    • “The pharmaceutical company is also significantly revising down its revenue forecast to between $58 billion and $61 billion for the year, a $9 billion cut from its previously issued guidance. 
    • “The bulk of that adjustment is due to the return by the U.S. governmentof nearly 8 million treatment courses of Paxlovid labeled under the drug’s emergency clearance. Distribution of that product will be stopped in November as Pfizer shifts to selling Paxlovid commercially, which it now expects to begin on a wide scale in January. The antiviral treatment won full U.S. approval in May.”

Midweek Update

David ErmerCongress, FDA, Generative AI, Medical / Rx research, OPM, Rx coverage, U.S. Healthcare
Photo by Manasvita S on Unsplash

From Washington, DC

  • Roll Call reports
    • “House Majority Leader Steve Scalise’s bid for speaker was on shaky ground Wednesday as Republicans went back behind closed doors to figure out next steps even after selecting the Louisianan as their nominee during a morning conference meeting.
    • “Several conservatives said they won’t support Scalise on the floor, even as his top rival for the job, Judiciary Chairman Jim Jordan, R-Ohio, is supporting him and encouraging others to do so. Instead of kicking off the formal nominating speeches and votes on the floor Wednesday after coming into session at 3 p.m., Speaker Pro Tempore Patrick T. McHenry recessed the chamber.” * * *
    • “The House adjourned for the night before 7 p.m. An advisory from House Democrats said votes were “possible” Thursday, and the chamber is scheduled to gavel back into session at noon.”
  • On September 18, 2023, the Senate Health Education Labor and Pensions Committee will hold a hearing on the nomination of Dr. Monica Bertagnolli to be Director of the National Institutes of Health.
  • Govexec tells us,
    • “The Biden administration on Wednesday released a new requirement for agencies throughout government to think more carefully about expanding competition through their regulatory actions. 
    • “President Biden has targeted antitrust trends in the economy as a key part of his domestic agenda and the White House said the new guidance will help enforce those efforts through an “all-of-government approach to competition.” The Office of Information and Regulatory Affairs document creates frameworks for agencies as they develop and analyze potential regulatory actions. 
    • “OIRA noted that agencies can shape markets through their regulations and urged them to draft those rules to enhance competition.” 
  • Federal New Network explores the role of Janice Underwood, the first-ever governmentwide chief diversity officer and a senior leader at the Office of Personnel Management.

From the public health and research front,

  • KFF informs us,
    • “Sepsis, the body’s extreme response to an infection, affects 1.7 million adults in the United States annually. It stems from fungal, viral, or bacterial infections, similar to what struck Madonna this year, although the singer never said whether she was diagnosed with sepsis. Treatment delays of even a few hours can undermine a patient’s chance of survival. Yet sepsis can be difficult to diagnose because some patients don’t present with common symptoms like fever, rapid heart rate, or confusion.
    • “A Biden administration rule, finalized in August, ups the ante for hospitals, setting specific treatment metrics that must be met for all patients with suspected sepsis, which could help save some of the 350,000 adults who die of infections annually. Children, too, are affected, with some estimates that 75,000 are treated each year for sepsis, and up to 20% of them die. Hospitals that fail to meet the requirements risk losing potentially millions in Medicare reimbursement for the year.
    • “Still, because the rule applies broadly, it has triggered pushback for its lack of flexibility.
    • “Efforts to reduce sepsis deaths are welcome, but “where it gets controversial becomes ‘Is this the best way to do it?’” said Chanu Rhee, an infectious disease physician and associate professor of population medicine at Harvard Medical School.”
  • Reuters reports,
    • “Novo Nordisk (NOVOb.CO) said on Tuesday it will stop a trial studying Ozempic to treat kidney failure in diabetes patients ahead of schedule because it was clear from an interim analysis that the treatment would succeed.
    • “Novo said the trial would be halted almost a year early based on a recommendation from the independent data monitoring board overseeing the study. Independent monitors can recommend stopping a trial early if there is clear evidence that a drug is going to succeed or fail based on interim analyses. * * *
    • “The Danish drugmaker said the trial was testing whether the widely used diabetes drug, which contains the active ingredient semaglutide, could delay the progression of chronic kidney disease and lower the risk of death from kidney and heart problems.
    • “Semaglutide is also the active ingredient in Novo Nordisk’s powerful weight-loss drug Wegovy.
    • “Barclays analyst Emily Field said in a note that the company’s decision affirmed the view that GLP-1 receptor agonists like Ozempic have “therapeutic benefits far beyond their original intended purpose.”
    • FEHBlog note — Why then doesn’t Novo Nordisk lower the price of this apparent cure-all?
  • Medscape adds,
    • “People taking semaglutide or liraglutide for weight management are at a higher risk for rare but potentially serious gastrointestinal issues, compared with those taking naltrexone/bupropion, according to a large epidemiologic study.
    • “Patients” taking either of these glucagon-like peptide-1 (GLP-1) receptor agonists had nine times an elevated risk for pancreatitis. They were also four times more likely to develop bowel obstruction and over 3.5 times more likely to experience gastroparesis.
    • “The research letter was published online today in the Journal of the American Medical Association.
    • “Investigators say their findings are not about scaring people off the weight loss drugs, but instead about increasing awareness that these potential adverse outcomes can happen.
    • “* * * People taking a GLP-1 agonist to treat diabetes might be more willing to accept the risks, given their potential advantages, especially for lowering the risk for heart problems, said Mahyar Etminan, PharmD, MSc, the study’s senior author and an expert in drug safety and pharmacoepidemiology at UBC. “But those who are otherwise healthy and just taking them for weight loss might want to be more careful in weighing the risk–benefit equation.”
    • “People taking these drugs for weight loss have an approximately 1%–2% chance of experiencing these events, including a 1% risk for gastroparesis, Etminan said.”
  • The Brown & Brown consulting firm offers a four-step plan for employer action to “focus on their benefits, helping to enable employees with easy access to preventive care, early detection, navigation and support specific to breast cancer.
  • The New York Times points out,
    • “The Food and Drug Administration issued an alert on Tuesday about the dangers of treating psychiatric disorders with compounded versions of ketamine, a powerful anesthetic that has become increasingly popular among those seeking alternative therapies for depression, anxiety, post-traumatic stress disorder and other difficult-to-treat mental health problems.”
  • and
    • “A new AI tool diagnoses brain tumors on the operating table;
    • “A new study describes a method for faster and more precise diagnoses, which can help surgeons decide how aggressively to operate.”

From the U.S. healthcare business front,

  • The VTDigger lets us know that following regulatory approval, “Blue Cross Blue Shield of Vermont can now move forward with an agreement that will make the Berlin-based nonprofit a subsidiary of the much larger Blue Cross Blue Shield of Michigan.”
  • Per Fierce Healthcare
    • “Des Moines, Iowa-based UnityPoint Health and Albuquerque, New Mexico-based Presbyterian Healthcare Services are no longer working toward a merger, the systems announced Wednesday.”
  • and
    • new analysis finds that more pharmacists are electronically prescribing medications as they assist in managing chronic disease, which offers a peek at the next evolution in primary care.
    • * * * Lynne Nowak, M.D., Surescripts’ first chief data and analytics officer, told Fierce Healthcare in an interview at HLTH that the findings highlight the potential pharmacists and other clinicians have in addressing those access gaps.
    • “We’re not saying that pharmacists should be doing the job of a physician,” Nowak said. “They’re not trying to replace them, but just looking at this broader view of a care team and ensuring they’re all connected.”
  • STAT News reports,
    • “Bruce Broussard, CEO of health insurance giant Humana, will step down next year after leading the company for more than a decade.
    • “Humana named Jim Rechtin — who is the CEO of Envision Healthcare, the controversial physician staffing firm that is working its way through bankruptcy — as Broussard’s replacement. Rechtin will serve as president and chief operating officer starting Jan. 8 and then take over as CEO in the “latter half of 2024,” the company said in a news release.”
  • Per Healthcare Dive,
    • “Walgreens has named former Cigna executive Tim Wentworth as its new chief executive officer, the retail pharmacy company announced late Tuesday.
    • Wentworth is replacing Roz Brewer a little over a month after she announced her unexpected departure from Walgreens.
    • “Wentworth, who will become Walgreens CEO effective Oct. 23, is the former CEO of Express Scripts, the pharmacy benefit manager acquired by Cigna in 2018. At Cigna, he led the health services business Evernorth.”
  • and
    • “CVS Health wants to create a “super app” connecting multiple omnichannel modalities of the healthcare experience, including benefits, delivery and retail channels, chief medical officer Sree Chaguturu said Tuesday at the HLTH conference in Las Vegas.
    • “A super app is a widely adopted mobile or web application that combines multiple services in one platform. Super apps are ubiquitous in Asia, but haven’t taken off in the U.S. due to a fragmented app market, concerns about advertising revenue, the country’s payment system structure and a strict regulatory environment, according to the Harvard Business Review.”
  • The WTW consulting firm offers an infographic displaying the results of their employer survey of Best Practices in Healthcare.

Monday Roundup

David ErmerGenerative AI, Mental health care, No Surprises Act, Telehealth, U.S. Healthcare
Photo by Sven Read on Unsplash

Happy Columbus Day / Indigenous Peoples’ Day

In anticipation of my residential move to Texas, which occurred in April 2022, the FEHBlog applied to waive into the Texas bar. My application was approved on June 30, 2022. (The FEHBlog remains a member of the DC Bar.)

The FEHBlog then became acquainted with the Texas Bar’s continuing legal education requirement. Last year, I took a 15-hour televised course on eldercare. This year, I am attending the Texas Health Law Conference in downtown Austin.

The FEHBlog had lunch today (by happenstance) with a lawyer who told me that he represents a rural hospital near Odessa. The hospital has twelve beds. Beckers Hospital Review points out 2023 Texas hospital closings and bankruptcies.

There was a provider-oriented session on the No Surprises Act. The speakers quipped that the law is no balance billing law with surprises for providers. At least the speakers agree with the FEHBlog that the law is helping patients.

From the public health front,

  • Healthcare Finance tells us that telehealth may be the solution to the chronic illness problem plaguing a large part of our country, as reported by the Washington Post last week.
    • “More patients with chronic disease. Fewer providers to take care of them. An aging population. SDOH barriers. Telemedicine and remote patient monitoring are essential tools to help manage these healthcare hurdles, an expert says.”
  • The Hill adds,
    • “The Biden administration on Friday extended flexibilities regarding controlled substances to be prescribed via telemedicine. 
    • “The Drug Enforcement Administration (DEA) said in a notice it would allow providers to continue using telemedicine to prescribe certain controlled substances through the end of 2024.”  
  • NBC News reports,
    • “The coronavirus isn’t the only pathogen that can cause symptoms that last months, or even years after an initial infection is overcome, a new study published Friday in The Lancet’s eClinicalMedicine suggests. 
    • “In an analysis of data from 10,171 U.K. adults, the researchers found evidence of a “long cold” syndrome that can follow infection with a variety of common respiratory viruses, including common cold viruses and influenza.
    • “While some of the symptoms of long Covid and long colds overlapped, the study noted that people with long Covid were more likely to continue to experience lightheadedness, dizziness and problems with taste and smell; lingering long cold symptoms were more likely to include coughing, stomach pain and diarrhea. 
    • “Experts said the new research could help shine a light on the types of long-lasting symptoms that come after recovery from an illness, including chronic fatigue syndrome.”
  • Fierce Healthcare discusses how payers are tackling the food insecurity issue in our country.
  • Cardiovascular Business lets us know,
    • “The American Heart Association (AHA) has developed a brand new strategy for the prevention and management of cardiovascular disease (CVD). 
    • “This updated approach highlights the close relationship CVD has with three other significant health conditions: kidney disease, type 2 diabetes (T2D) and obesity. Patients with CVD, for example, often face a heightened risk of developing kidney disease, T2D or obesity. The opposite can also be true—patients with any of those three conditions may face a heightened risk of developing CVD. 
    • “With these close connections in mind, the AHA has defined a new health condition: cardiovascular-kidney-metabolic (CKM) syndrome. CKM syndrome involves nearly every major organ in the body, the group said in a new statement, though its biggest impact is on a patient’s cardiovascular system. 
    • “Anyone who has CVD, or even faces a risk of developing CVD in the future, may have CKM syndrome. By educating physicians and patients alike on the way these different conditions interact with one another and implementing a screening strategy for CKM syndrome, the AHA believes it can help patients get the care they need to live longer, healthier lives.”  

From the U.S. healthcare business front,

  • The Wall Street Journal informs us,
    • “The biopharmaceutical company on Sunday said that it had entered into a definitive merger agreement with Mirati under which it would pay $58.00 per share in cash. Mirati stockholders will also receive one non-tradeable contingent value right per share, potentially worth $12.00 per share in cash.
    • “Mirati’s board unanimously approved the transaction. * * *
    • “The acquisition of Mirati will add the Krazati lung cancer medicine to Bristol Myers Squibb’s commercial portfolio. It also includes access to clinical assets that Bristol Myers Squibb said would complement its oncology pipeline.”

The other business news comes from the HLTH conference ongoing in Las Vegas, NV.

  • Per Healthcare Dive,
    • “Venture capital firm General Catalyst plans to buy an unnamed health system to act as a proving ground for new technology to improve hospital operations and patient care. 
    • “The impending purchase is part of a new health business being spun out by General Catalyst, called the Health Assurance Transformation Corporation, or HATCo, General Catalyst managing director Hemant Taneja and former Intermountain CEO (and new HATCo CEO) Marc Harrison said Sunday at the HLTH conference in Las Vegas.
    • “Harrison and Taneja did not share details on what health system General Catalyst would be looking to acquire, when an acquisition could happen or how much the VC firm plans to spend.”
  • Per Fierce Healthcare,
    • Here’s an overview of the second day of the conference and moreover
    • “Headway, a startup that connects patients with mental health providers covered by insurance, picked up $125 million in fresh funding to build out its provider network to all 50 states. * * *
    • “This latest round of capital will go toward investing in technology and tools to help mental health providers grow their practice, Andrew Adams, co-founder and CEO, wrote in a blog post.
    • “We have plans to make Headway available to individuals seeking care in all 50 states and the District of Columbia very soon and will be building products to help providers deliver care across state lines in 2024. We’re also further investing in ensuring patients have a simplified experience understanding their insurance benefits and changes, with excellent visibility, support, and accuracy,” Adams wrote.”
  • and
    • “Main Street Health focuses exclusively in rural communities and partners with primary care clinics in these regions by placing a health navigator in each facility. The navigator then assists with care coordination, including reaching out to patients about preventive screenings, contacting them with medication reminders, scheduling primary care visits following a hospital discharge and providing support for social needs.
    • “The company currently operates in 18 states by partnering with more than 900 clinics. The expansion brings its total footprint to 26 states. The average clinic working with Main Street Health is based in a town with between 3,000 and 5,000 people and includes 2.5 providers, according to an announcement.
    • “Value-based care company Main Street Health is charting an expansion into eight additional states as it banks more than $315 million in new capital.”

Weekend update

David ErmerCongress, COVID-19, COVID-19 vaccine, Generative AI, HSA, Rx coverage, U.S. Healthcare

From Washington, DC,

  • The Senate is on State work break this week, while the House of Representatives is focusing on electing a new Speaker on Wednesday October 11.
  • The Motley Fool tells us,
    • “The most important day of the year for the more than 66 million people who receive a Social Security benefit each month is nearly here. This coming Thursday, Oct. 12, 2023, at 08:30, a.m., ET, the Social Security Administration (SSA) will announce the 2024 cost-of-living adjustment (COLA). * * *
    • “Suffice it to say, the 2024 Social Security COLA isn’t going to be anywhere close to [2023’s historic] 8.7%. It will, however, be an above-average boost to benefits.
    • “According to the latest estimate from Mary Johnson, senior Social Security policy analyst at The Senior Citizens League (TSCL), a nonpartisan senior advocacy group focused on advancing issues important to seniors, the program’s COLA is expected to hit 3.2% for 2024. Over the past 20 years, Social Security’s COLA has averaged just 2.6%.”  

From the public health front,

  • The Washington Post informs us,
    • “In a sobering analysis, researchers warn that those who’ve had childhood cancer are highly likely to face physical and mental health challenges later in life, with 95 percent developing a “significant health problem” related to their cancer or treatment by age 45.”In a sobering analysis, researchers warn that those who’ve had childhood cancer are highly likely to face physical and mental health challenges later in life, with 95 percent developing a “significant health problem” related to their cancer or treatment by age 45.
    • “The researchers reviewed 73 studies, including 39 cohort studies that followed patients over time. Publishing their findings in JAMA, they said approximately 15,000 children and adolescents through age 19 are diagnosed with cancer every year and that 85 percent of children now live five years or more beyond their diagnosis. That’s compared with just 58 percent in the 1970s, according to the American Cancer Society.
    • “The research documented a variety of concerns for young cancer survivors, ranging from subsequent hormone issues to reproductive health challenges, problems with muscles and bones, cognitive impairment and more.”
  • The New York Times lets us know,
    • “A new study has an encouraging message for Americans who shy away from Covid shots because of worries about side effects: The chills, fatigue, headache and malaise that can follow vaccination may be signs of a vigorous immune response.
    • “People who had those side effects after the second dose of a Covid vaccine had more antibodies against the coronavirus at one month and six months after the shot, compared with those who did not have symptoms, according to the new study. Increases in skin temperature and heart rate also signaled higher antibody levels”
  • MedPage Today explains why utilizing artificial intelligence may reduce maternal and infant mortality.
    • “For example, “One of the biggest threats to maternal and infant health is the unmet needs within the social determinants of health, which often directly influence mothers’ ability to access healthcare services. If a pregnant woman doesn’t have access to reliable transportation to get her to and from the doctor or lives a significant distance from one, AI can measure how that might impact health outcomes for her and her unborn child. Then, it can flag it for her doctor or health plan so they can help solve these issues before they cause larger problems.
    • “The result? Reduced racial disparities for maternal health, fewer preterm births and neonatal intensive care unit (NICU) admissions, and shorter NICU stays.” 
  • Medscape reports,
    • “Once weekly glucagon-like peptide 1 receptor agonist (GLP-1 RA) semaglutide (Ozempic, Novo Nordisk) significantly improved A1clevel and body weight for up to 3 years in a large cohort of adults with type 2 diabetes, show real-world data from Israel.
    • “Treatment with semaglutide was associated with reductions in both A1c (-0.77%; P < .001) and body weight (-4.7 kg; P < .001) at 6 months of treatment. These reductions were maintained for up to 3 years and, in particular, in those patients with higher adherence to the therapy.
    • “Avraham Karasik, MD, from the Institute of Research and Innovation at Maccabi Health Services, Tel Aviv, Israel, led the study and presented the work as a poster at this year’s annual meeting of the European Association for the Study of Diabetes (EASD).”

From the U.S. healthcare business front

  • Forbes reports
    • “Uber Health is partnering with UnitedHealth Group’s Optum health services business to make paying for ancillary benefits like ride share and product delivery easier for seniors via the Uber app.
    • “Health plan benefit cards, including health spending account (HSA) and flexible spending (FSA) cards, can be added as a form of payment within the Uber app,” Optum and Uber said in statement released Sunday during HLTH 2023 in Las Vegas. “This payment option can then be used to cover eligible expenses, including health related rides (like non- emergency doctor visits), over-the-counter items and healthy food.”
  • Per Healthcare Dive,
    • “Rite Aid on Wednesday said it has failed to meet the New York Stock Exchange’s continued listing standards. The retailer is no longer in compliance with NYSE standards on minimum stock price and market capitalization. The NYSE listing standards require a $1.00 average closing share price over a 30 trading-day period. 
    • “As of midday Thursday, Rite Aid’s stock was trading at about 50 cents on the NYSE. Rite Aid now has 10 business days to formally confirm if it will seek to regain compliance and six months to do so. But the company said it, “can provide no assurances that it will be able to regain compliance with the NYSE’s continued listing standards.”
    • “News that Rite Aid faces delisting comes weeks after reports emerged that the company, which has $3.3 billion in debt, may seek to close up to 500 of its 2,200 locations as part of a possible Chapter 11 bankruptcy filing.”

Midweek update

David ErmerCDC, Congress, COVID-19 testing, FDA, Generative AI, Medical / Rx research, NIH, No Surprises Act, Rx coverage, U.S. Healthcare
Photo by Manasvita S on Unsplash

From Washington, DC

  • Roll Call informs us
    • House Republicans appeared to be moving closer to an agreement Wednesday on an opening bid for stopgap funding legislation that would keep the lights on at federal agencies beyond Sept. 30 and pave the way for their chamber to take up its full-year appropriations bills.
    • At least a handful of conservative holdouts still maintained their opposition as of Wednesday night, which would be enough to sink a revised bill unless GOP leaders are able to change some minds in the next few days. Speaker Kevin McCarthy, R-Calif., is expected to keep the chamber in session on Saturday if necessary.
    • Even if GOP leaders’ new effort is successful, however, it was starting to look more like a bid to reopen the government after a brief shutdown, given the deadline is 10 days away and the Senate is likely to ping-pong a much different bill back to the House.
  • The FEHBlog notes that it would not be unusual for Congress to pass a brief continuing resolution next week to allow for the passage of a longer continuing resolution, thereby side stepping the partial government shutdown.
  • Fierce Healthcare offers details on the House Ways and Means Committee’s No Surprises Act hearing, while Healthcare Dive shares details on the House Oversight and Accountability’s PBM reform hearing. Both hearings were held yesterday.
  • Speaking of the No Surprises Act, the ACA regulators released a proposed rule increasing the government’s NSA arbitration fee from $50 per party to $150 per party next year. The FEHBlog has no idea why the government doesn’t ladder the fee based on the amount in dispute. The government also increased the maximum fee independent dispute resolution entities can charge the parties.
  • MedCity News informs us
    • “FDA Approves GSK Myelofibrosis Med That Has Edge Over Others in Drug Class 
    • “FDA approval of GSK’s Ojjaara in myelofibrosis introduces a new competitor to blockbuster Incyte drug Jakafi. Ojjaara was part of GSK’s $1.9 billion acquisition of Sierra Oncology last year.”
  • and
    • “FDA Rejects ARS Pharma’s Nasal Spray Alternative to Injectable Epinephrine 
    • “ARS Pharmaceuticals frames its intranasal epinephrine spray as a needle-free alternative to products such as EpiPen. Though this spray won the backing of an FDA advisory committee, the agency is now requiring that ARS Pharma run another study to support a regulatory submission.”

From the public health and medical research fronts,

  • STAT News reports,
    • “The federal government is again offering free Covid-19 tests to Americans, providing a fifth round of free tests in part to meet current needs and in part to stimulate a domestic testing industry that has struggled with cratering demand for rapid diagnostics.
    • “The measure, announced Wednesday, will see rapid tests released from the Strategic National Stockpile. In addition, 12 domestic test manufacturers will receive investments totaling $600 million to help “warm-base” the U.S. capacity for rapid test production, both for Covid and future disease threats. * * *
    • “Households will be entitled to receive four free rapid tests apiece, with ordering at COVIDtests.gov opening on Sept. 25. O’Connell said test shipments are expected to start on Oct. 2.”
  • The FEHBlog thinks that the government is fighting the last pandemic. Why not incent the production of the FDA-approved (last February) at-home tests for Covid or the flu, not just Covid?
  • In any event, the Wall Street Journal points out
    • “Don’t throw out that seemingly outdated at-home rapid Covid-19 test just yet. It may still be good. 
    • “The Food and Drug Administration has been extending expiration dates for some authorized at-home, over-the-counter Covid test kits, meaning some unused tests may still be viable. The agency’s updated list of expiration dates may be useful to those reaching for their stash of Covid-19 tests amid new variants and a recent bump in cases and hospitalizations.”
  • The National Institutes of Health announced,
    • “A trial of a preventive HIV vaccine candidate has begun enrollment in the United States and South Africa. The Phase 1 trial will evaluate a novel vaccine known as VIR-1388 for its safety and ability to induce an HIV-specific immune response in people. The National Institute of Allergy and Infectious Diseases (NIAID), part of the National Institutes of Health, has provided scientific and financial support throughout the lifecycle of this HIV vaccine concept and is contributing funding for this study.”
  • Per NBC News,
    • “Is morning the best time of day to exercise? Research published Tuesday in the journal Obesity finds that early morning activity — between 7 a.m. and 9 a.m. — could help with weight loss. 
    • “My cautious suggestion from this study is that if we choose to exercise in the early morning before we eat, we can potentially lose more weight compared to exercise at other times of the day,” said lead researcher Tongyu Ma, a research assistant professor at The Hong Kong Polytechnic University.”

From the U.S. healthcare business front,

  • Healthcare Dive tells us
    • “Ochsner Health is launching a pilot program this month that will use generative artificial intelligence to draft “simple” messages to patients.
    • “About a hundred clinicians across the New Orleans-based health system will participate in the first phase of the program, where AI will prepare responses to patient questions unrelated to diagnoses or clinical judgments. The messages will be reviewed and edited by providers before being sent to patients, according to a news release. 
    • “Ochsner is part of an early adopter group of Microsoft’s Azure OpenAI Service, which integrates with the Epic electronic health record. The health system will test the messaging feature over three phases this fall, and Ochsner will collect patient feedback to improve the system.” 
  • Per Fierce Healthcare,
    • “Making sense of mountains of data continues to be an often elusive goal for most of the healthcare system, but Cambia Health Solutions said it hopes its latest effort will allow it to better corral useable information.
    • “Cambia and Abacus Insights, a data management company that tacklesthe challenge of making healthcare networks interoperable, launched a new data aggregating system that processes information for about 3.4 million members across four Blues plans. 
    • “According to an Abacus case study (PDF), “Cambia recognized that to deliver care orchestrated around the unique needs of each individual, data must be actionable. To be actionable, case study data must be understandable, usable, timely, and have clinical utility.”

Tuesday Tidbits

David ErmerACA, CMS, Generative AI, OPM, Telehealth
Photo by Patrick Fore on Unsplash

From Washington DC,

  • Govexec.com offers an interview with OPM’s Deputy Director Rob Shriver.
  • The American Hospital Association informs us
    • “The Centers for Medicare & Medicaid Services will select up to eight states to participate in a new voluntary all-payer model that aims to curb health care cost growth, improve population health, and advance health equity by reducing disparities in health outcomes. CMS plans to detail requirements for the States Advancing All-Payer Health Equity Approaches and Development Model in a funding opportunity notice this fall. Participating states will receive up to $12 million each to implement the model during one of three start dates, with the model concluding in December 2034. CMS expects to begin the pre-implementation period for the first cohort next summer. The model will build on best practices from the Maryland Total Cost of Care model, the Pennsylvania Rural Health Model, and the Vermont All-Payer ACO Model.

From Harrisburg, PA,

  • The Pennsylvania Department of State announced,
    • “Starting Sept. 5, 2023, registered nurses and licensed practical nurses from other states who hold multistate licenses through the Nurse Licensure Compact m(NLC) will be able to provide in-person and telehealth services to PA patients. * * * Pennsylvania nurses will be able to apply for a multistate license once the compact has been fully implemented.”
  • Here is a link to nurse.org’s “Compact Nursing States List 2023,” which now includes forty states, Guam, and the Virgin Islands.
  • This type of licensing flexibility should help with nursing shortages.

From the Affordable Care Act front, Beyond the Basics provides an updated guide to minimum essential coverage.

From the generative AI front, STAT News now provides a tracking service that serves as a guide to health systems and companies driving the adoption of this important new technology.

Speaking of technology,

  • BioPharma Dive reports
    • Beam Therapeutics has begun human testing in the U.S. of a first-of-its-kind gene editing medicine for cancer, the company said Tuesday.
    • “Beam, a pioneering developer of a precise gene editing technique known as base editing, said in a short statement that it’s dosed its first patient in a study of the treatment, called BEAM-201. The trial involves patients with an aggressive form of blood cancer known as T-cell acute lymphoblastic leukemia/T-cell lymphoblastic lymphoma, or T-ALL/T-LL. It will eventually enroll about 100 participants, according to a federal database.
    • “The study’s start makes BEAM-201 the first base editing therapy to enter clinical testing in the U.S., and marks the first time patients have received a cell therapy made by “multiplex editing,” in which several genes are edited. The edits are designed to eliminate expression of four genes known as CD7, TRAC, PDCD1 and CD52.
    • “Beam claims this approach could lead to a more powerful and durable treatment. In its statement, the company noted BEAM-201’s potential to sidestep a variety of issues associated with cell therapies, like propensity for the modified cells to kill one another, or become weaker as time goes on.
    • “Beam also believes the simultaneous edits could yield a more potent donor-derived, or “off the shelf,” cell therapy. Such allogeneic treatments would be more convenient than the personalized CAR-T therapies on the market, but results to date haven’t proven they’re more powerful at killing cancer cells.”
  • Very Buck Rogers.

From the telehealth front,

  • Per Healthcare Dive,
    • “Approximately one-third of behavioral health patients seeking therapy or medication visits said their clinicians did not offer both telehealth and in-person care, according to a study from nonprofit research organization Rand.
    • “The study, published on Tuesday in Health Affairs, revealed that 45% of behavioral health patients did not believe their clinicians considered their preferences for virtual or in-person care. In addition, 32% of respondents said they did not receive their preferred method of treatment.
    • “Despite the lack of choice offered by providers, many patients undergoing behavioral health therapy preferred in-person visits due to the personal nature of the treatment, the ability to build a rapport with providers, and fears around data security and privacy, the report found.”
  • Such reports explain why hub and spoke telemental services are not a solution for mental health parity.

From the human resources front,

  • The Society for Human Resource Management advises,
    • Even though [last week’s] proposed overtime rule is likely to be challenged in court after it is finalized, employers should start examining how it will affect their workplaces, legal experts say.
    • “I don’t think businesses should act now and make concrete changes,” said Jeff Ruzal, an attorney with Epstein Becker Green in New York City. “A preliminary injunction is likely” after the rule is finalized, he said, but employers “should study and audit the workplace” and prepare for the rule to possibly take effect. They should analyze who is exempt and nonexempt and plan for complying “without jeopardizing the business or payroll.” 

Midweek update

David ErmerFDA, Generative AI, Medical / Rx research, NIH, Rx coverage, U.S. Healthcare
Photo by Manasvita S on Unsplash

From Washington DC,

  • “Today, U.S. Department of Health and Human Services (HHS) Secretary Xavier Becerra declared a Public Health Emergency (PHE) for the state of Florida to address the health impacts of Hurricane Idalia and the Administration for Strategic Preparedness and Response (ASPR) deployed approximately 68 emergency response personnel to the state. At President Biden’s direction, HHS is aiding impacted communities through the Administration’s whole-of-government response effort.”
  • The Society for Human Resource Management informs us,
    • “The Department of Labor (DOL) has proposed an increase to the Fair Labor Standards Act’s (FLSA’s) annual salary-level threshold to $55,068 from $35,568 for white-collar exemptions to overtime requirements. The department also is proposing automatic increases every three years to the overtime threshold. * * * *
    • “To be exempt from overtime under the FLSA’s “white-collar” executive, administrative and professional exemptions, employees must be paid a salary of at least the threshold amount and meet certain duties tests. If they are paid less or do not meet the tests, they must be paid 1 and a half times their regular hourly rate for hours worked in excess of 40 in a workweek. * * *
    • “Under the new rule, approximately 300,000 more manufacturing workers would be entitled to overtime pay, the Labor Department reports. A similar number of retail workers would be eligible, along with 180,000 hospitality and leisure workers, and 600,000 in the health care and social services sector.” 
  • MedCity News relates,
    • “A Bristol Myers drug that treats anemia caused by a type of blood cancer now has an FDA approval that moves it up in the hierarchy of treatments, expanding the eligible patient population and positioning the therapy to achieve its blockbuster expectations.
    • “The drug, Reblozyl, treats myelodysplastic syndromes (MDS), a group of cancers in which the immature blood cells in bone marrow do not mature to become healthy blood cells. In 2020, the FDA approved Reblozyl as a second-line treatment for the anemia resulting from MDS. The FDA decision announced late Monday makes it a first-line therapy.”
  • The National Institutes of Health announced,
    • “In a study of 152 deceased athletes less than 30 years old who were exposed to repeated head injury through contact sports, brain examination demonstrated that 63 (41%) had chronic traumatic encephalopathy (CTE), a degenerative brain disorder associated with exposure to head trauma. Neuropsychological symptoms were severe in both those with and without evidence of CTE. Suicide was the most common cause of death in both groups, followed by unintentional overdose.
    • “Among the brain donors found to have CTE, 71% had played contact sports at a non-professional level (youth, high school, or college competition). Common sports included American football, ice hockey, soccer, rugby, and wrestling. The study, published in JAMA Neurology, confirms that CTE can occur even in young athletes exposed to repetitive head impacts. The research was supported in part by the National Institute of Neurological Disorders and Stroke (NINDS), part of the National Institutes of Health.” 

From the public health, medical research and Rx coverage fronts,

  • STAT News reports,
    • “The first Alzheimer’s therapy to clearly slow cognitive decline, approved in the United States last month, lifted the hope of patients and their families. But creating access to the program is a painfully slow process, even in Massachusetts, where large hospital systems have been preparing for months to administer the much-anticipated medicine.
    • “Thousands of patients are stuck on waiting lists across the state and nationally as hospitals struggle to ramp up infusion centers and monitoring processes for the drug, called Leqembi, while neurologists grapple with workforce and capacity constraints. * * *
    • “Hospitals say the backlog is temporary, reflecting the challenge of building from scratch a treatment infrastructure for new Alzheimer’s drugs. Leqembi, developed by Biogen and its Japanese partner, Eisai, was the first such treatment to be green-lighted by the Food and Drug Administration. The agency will evaluate a second therapy, Eli Lilly’s donanemab, later this year.”
  • and
    • KRAS, one of the most common genetic mutations in cancer, has been one of the most tantalizing oncogenic targets for drug developers since its discovery four decades ago. An altered KRAS gene can drive cells to divide uncontrollably, propelling them down the path towards malignancy. But for most of the last four decades, any attempt to target KRAS failed, leading many researchers to doom the protein as “undruggable.”
    • “In the last few years, that attitude has sharply turned around. In 2013, Kevan Shokat, a biologist at the University of California, San Francisco, discovered a key chemical vulnerability in a specific subset of mutant oncogenic KRAS that made it possible to design small molecules that would bind to the protein. This discovery catalyzed a frenzy of drug development around KRAS inhibitors, which eventually led to the first approved KRAS drugs in the last couple of years. Those successes are now driving a new wave of early-stage innovation around the target.
    • “It broke the code for us, for KRAS,” said Ravi Salgia, chair of medical oncology and therapeutics research at the City of Hope. “That gives us more hope to say we’ve spent more than 30 years studying it. Now, great breakthroughs have occurred. Let’s keep going forward.”
    • “That includes work around new small molecules for other subsets of mutant KRAS as well as immunotherapy approaches for targeting the oncogene. These therapies could potentially treat a wide range of different KRAS-mutant cancers including lung, pancreas, and colorectal cancers.”
  • CNN tells us,
    • “A group of novel synthetic opioids emerging in illicit drugs in the United States may be more powerful than fentanyl, 1,000 times more potent than morphine, and may even require more doses of the medication naloxone to reverse an overdose, a new study suggests.
    • Nitazenes are a synthetic opioid, like fentanyl, although the two drugs are not structurally related. In the small study published Tuesday in the journal JAMA Network Open most of the patients who overdosed on nitazenes received two or more doses of the opioid overdose reversal drug naloxone, whereas most patients who overdosed on fentanyl received only a single dose of naloxone.
    • “Clinicians should be aware of these opioids in the drug supply so they are adequately prepared to care for these patients and anticipate needing to use multiple doses of naloxone,” the researchers, from the Icahn School of Medicine at Mount Sinai in New York, Lehigh Valley Health Network based in Pennsylvania, and other US institutions, wrote in the study. “In addition, to date there has been a lack of bystander education on repeat naloxone dosing.”

From the U.S. healthcare business front,

  • Per Healthcare Dive, and the FEHBlog agrees,
    • “Ensuring workers can find and access high-quality providers is key to tamping down healthcare costs and improving outcomes in the employer-sponsored insurer market, according to a study by Morgan Health and Embold Health published in NEJM Catalyst. 
    • “Employers can now access more data on the quality of care provided by clinicians, so they should take a larger role in health plan network design and steer workers toward higher-performing providers, according to the report. 
    • “Clinician quality can drive poor outcomes, missed treatments and unnecessary care, the report said. For example, among the top 10% of about 800 cardiologists in Ohio by quality rank, an average of 73% of patients with coronary artery disease were taking cholesterol-lowering statins regularly, compared with only 39% for the bottom 10% of clinicians.” 
  • The Wall Street Journal reports
    • “In a male-dominated industry, female surgeons spend more time in the operating room, and their patients endure fewer postoperative complications.
    • “That’s the conclusion of two research studies published Wednesday in JAMA Surgery. Researchers found better outcomes for patients treated by female surgeons in the sweeping reviews of millions of procedures in Canada and Sweden. 
    • In the first study, 17 researchers in the U.S. and Canada followed the outcomes for 1.2 million patients in Canada undergoing common surgeries between 2007 and 2020.
    • “The study authors found that at both 90 days and one year following surgery, patients treated by female surgeons were less likely to experience adverse postoperative issues, including death. The outcome differences were modest, but consistent.”
  • Fierce Healthcare relates,
    • “Earlier this year, Anthem Blue Cross and Blue Shield unveiled a new virtual-first plan that harnesses artificial intelligence to streamline health services for members, the insurer announced.
    • “Now, it’s making that plan available in several additional states beginning Jan. 1. Large group fully insured or self-funding employer clients in Connecticut and Virginia can select Anthem Link Virtual First plans, which harness the power of the insurer’s Sydney app to connect members with benefits details, cost transparency information and more around the clock.
    • “Stephanie DuBois, a spokesperson for Anthem Blue Cross and Blue Shield in Connecticut, told Fierce Healthcare in an email that the plans first became available to large group self-insured employers in California, Missouri and New York as well as large group self-funded and fully insured employers in Georgia starting in July.
    • “Members can access Anthem Link Virtual First plans through Sydney Health, which is a digital member engagement platform that includes access to benefits, tools, resources and provider care 24/7,” DuBois said. “Sydney Health also offers an AI-driven symptom checker that intuitively uses the information members provide to narrow down millions of medical data points and assess specific symptoms before seeing a doctor.”

Tuesday Tidbits

David ErmerCDC, Electronic health records, FDA, Generative AI, Medicare, Telehealth, U.S. Healthcare, Uncategorized
Photo by Patrick Fore on Unsplash

From Washington, DC,

  • Healio informs us,
    • “An FDA panel voted that for adults with uncontrolled hypertension, the benefits of an ultrasound renal denervation device outweigh its risks.
    • Concerns about long-term durability of effect were expressed.”
  • The Department of Health and Human Services announced
    • “award[ing] more than $1.4 billion for Project NextGen to support the development of a new generation of tools and technologies to protect against COVID-19 for years to come.
    • “The awards announced today follow extensive coordination with industry partners and include support for clinical trials that will enable the rapid development of even more effective and longer-lasting coronavirus vaccines, a new monoclonal antibody, and transformative technologies to streamline manufacturing processes.”
  • The U.S. Preventive Services Task Force reaffirmed its 2019 Grade A recommendation that “clinicians prescribe preexposure prophylaxis using effective antiretroviral therapy to persons who are at increased risk of HIV acquisition to decrease the risk of acquiring HIV.”
  • The Centers for Disease Control lets us know, based on a survey,
    • About 20% of women reported mistreatment while receiving maternity care.
    • About 30% of Black, Hispanic, and multiracial women reported mistreatment. 
    • Almost half (45%) of women held back from asking questions or sharing concerns during their maternity. * * *
    • Mistreatment was reported most often by Black, Hispanic, and multiracial moms and those with public insurance or no insurance.
  • That’s a big bowl of wrong. The CDC observes,
    • Respectful maternity care is free from harm and mistreatment, maintains privacy, confidentiality, and dignity, and allows for shared decision-making and continuous support.
  • The Department of Justice announced yesterday,
    • [“D]eferred prosecution agreements resolving criminal antitrust charges against Teva Pharmaceuticals USA, Inc. and Glenmark Pharmaceuticals Inc., USA. As part of those agreements, both companies will divest a key business line involved in the misconduct, and as an additional remedial measure, Teva will make a $50 million drug donation to humanitarian organizations. Teva will pay a $225 million criminal penalty — the largest to date for a domestic antitrust cartel — and Glenmark will pay a $30 million criminal penalty. Both companies will face prosecution if they violate the terms of the agreements, and if convicted, would likely face mandatory debarment from federal health care programs.
    • “The agreements each require the companies to undertake remedial measures, including the timely divestiture of their respective drug lines for pravastatin, a widely used cholesterol medicine that was a core part of the companies’ price-fixing conspiracy. This extraordinary remedy forces the companies to divest a business line that was central to the misconduct. Teva must also donate $50 million worth of clotrimazole and tobramycin, two additional drugs with prices affected by Teva’s criminal schemes, to humanitarian organizations that provide medication to Americans in need. Both Teva and Glenmark have agreed, among other things, to cooperate with the department in the ongoing criminal investigations and resulting prosecutions, report to the department on their compliance programs, and modify those compliance programs where necessary and appropriate.” 
  • Federal New Network reports that OPM released guidance for hybrid teleworkers who are covered under the Fair Labor Standards Act.
  • The Equal Employment Opportunity Commission released its new strategic plan for fiscal years 2022 through 2026
    • “The new Strategic Plan reflects our thoughtful assessment of the agency’s mission, goals, and objectives in light of current conditions and what we expect in the next few years,” said EEOC Chair Charlotte A Burrows. “It emphasizes expanding the EEOC’s capacity to eliminate systemic barriers to equal opportunity in the workplace, using technology and other tools to improve our services to the public, and achieving organizational excellence with a culture of accountability, inclusivity, and accessibility. I am grateful for the hard work of our staff across the agency who assisted in developing this plan and look forward to its successful implementation.”.

From the public health front,

  • The Washington Post explains
    • how to address the factors that may underlie the growing number of women under age 40 who are afflicted with breast cancer,
  • and
    • how to guard against germs in leafy green salads.

From the U.S. healthcare business front,

  • The FEHBlog was surprised to read in the Wall Street Journal that
    • “America’s nursing homes are fading away.
    • “The U.S. has at least 600 fewer nursing homes than it did six years ago, according to a Wall Street Journal analysis of federal data. More senior care is happening at home, and the Covid-19 pandemic caused many families to shun nursing homes while draining workers from an already short-staffed industry.
    • “The result? Frail elderly patients are stuck in hospitals, a dangerous place for seniors, waiting for somewhere to go—sometimes for months. Beds are disappearing while the need for senior care is growing. The American population 65 and older is expected to swell from 56 million in 2020 to 81 million by 2040.
  • MedPage Today notes.
    • “States that recently adopted less-restrictive policies surrounding the use of telepharmacy had fewer pharmacy deserts in the following year, a cohort study involving a dozen states showed.
    • “Compared with nearby states that made no changes, states that formally implemented or updated pro-telepharmacy policies had a 4.5% relative decrease (95% CI 1.6-7.4) in the percentage of regions defined as pharmacy deserts (P=0.001) and an 11.1% relative decrease (95% CI 2.4-22.6) in the proportion of people living in one of these deserts (P=0.03).
    • “And in general, telepharmacies tended to serve areas of high medical need, reported Jessica Adams, PharmD, of TelePharm in Iowa City, Iowa, and colleagues.
    • “As pharmacy closures and socioeconomic factors persist, pharmacy deserts are likely to expand unless policies are implemented to ensure continued access to pharmacy services,” the researchers wrote in JAMA Network Open
  • The Business Group on Health points out,
    • “Mental health needs among workforces continued to climb this year, with 77% of large employers reporting an increase and another 16% anticipating one in the future, according to Business Group on Health’s 2024 Large Employer Health Care Strategy Survey.
    • “This represents a 33 percentage-point surge over last year, when 44% of employers saw an increase in employee mental health concerns.
    • “The Business Group survey, released today in Washington, DC, also showed that cancer was still the top driver of large companies’ health care costs while rising prescription drug costs also proved to be a leading concern. Cancer overtook musculoskeletal conditions last year as the top driver of large companies’ healthcare costs and shows no sign of abating in the coming years.
    • “Yet as businesses respond to the increase in mental health needs, grapple with soaring health care costs and address issues of health equity and affordability, they will continue to invest strategically in diverse health and well-being offerings for the upcoming year, the survey also showed.”
  • Axios reports that “Middle-class Americans [who earn $50,000 to $100,000 annually] are the most likely to be saddled with medical debt, with nearly 1 in 4 — or roughly 17 million people — having unpaid medical bills, according to a report shared first with Axios from center-left think tank Third Way.”
  • Per Healthcare Dive,
    • “Epic and Microsoft announced on Tuesday an expanded collaboration focused on integrating generative artificial intelligence tools in the vendor’s electronic health records system. 
    • “The partners are working to “rapidly deploy dozens” of AI technologies, including clinical note summarization, medical coding suggestions and data exploration tools that aim to fill gaps in clinical evidence by using real-world data. 
    • “The expanded partnership is intended to speed the development of AI tools in healthcare, bringing the technology as “quickly as possible, responsibly and in partnership with providers,” according to a blog post by Eric Boyd, corporate vice president of AI platform at Microsoft.”

Cybersecurity Saturday

David ErmerCybersecurity, Generative AI

From the cybersecurity policy front,

  • Cybersecurity Dive informs us,
    • “The National Institute of Standards and Technology released a long-anticipated draft version of the Cybersecurity Framework 2.0 Tuesday,  the first major update of the agency’s risk guidance since 2014. 
    • “After originally focusing risk guidance on critical infrastructure, the updated framework includes a wider array of organizations, including small- and medium-sized businesses, local schools and other entities. 
    • “The revised framework also addresses the role of corporate governance and the growing risks to digital networks via third-party relationships. * * *
    • “NIST will release a CSF 2.0 reference tool in a few weeks to help users browse, search and export data in a format that is machine-readable. It will also hold a workshop in the fall for additional public comments. 
    • “The deadline for public comments is Nov. 4, and NIST plans to publish a final version of CSF 2.0 in early 2024.”
  • Health IT Security adds,
    • As previously reported, the NIST CSF can be an asset to healthcare organizations looking to bolster their cybersecurity programs. Alongside other voluntary frameworks and HIPAA compliance actions, healthcare organizations can leverage the NIST framework to enhance privacy and security protections.
  • Politico updates us on the Federal Trade Commission’s proposed health data breach rule.
    •  In May, the Federal Trade Commission proposed a sweeping expansion of health data privacy rules, and now, the period for the public to weigh in has ended.
    • “While many comments were supportive, others were concerned that the FTC was overstepping its authority, opening itself up to litigation, and urged more clarity.” * * *
    • “The proposal would clarify that health app developers would be subject to regulations requiring them to notify customers if their identifiable data is accessed by hackers or business partners or shared for marketing without patient approval. The rule would include those offering health services and supplies — broadly defined to include fitness, sleep, diet and mental health products and services, among a laundry list of categories.”
  • The Wall Street Journal summarizes the Security and Exchange Commission’s final cyber rule:
    • The U.S. Securities and Exchange Commission has approved new regulations requiring public companies to disclose cybersecurity breaches within four business days of becoming aware of a material impact resulting from the incident.
    • The regulations dropped the requirement for companies to disclose the names of cybersecurity experts on company boards and the nature of their expertise..
    • Companies are now required to report information regarding their cybersecurity risk management, strategy and governance annually.
    • Despite the SEC not requiring cyber expertise, experts believe having cyber oversight on the board is still beneficial and a priority.

From the cybersecurity vulnerabilities and breaches front,

  • Cybersecurity Dive informs us,
    • “The mass exploit of a zero-day vulnerability in MOVEit has compromised more than 600 organizations and 40 million individuals to date, but the numbers mask a more disastrous outcome that’s still unfolding.
    • “The victim pool represents some of the most entrenched institutions in highly sensitive — and regulated — sectors, including healthcare, education, finance, insurance, government, pension funds and manufacturing.
    • “The subsequent reach and potential exposure caused by the Clop ransomware group’s spree of attacks against these organizations is vast, and the number of downstream victims is not yet fully realized. * * *
    • “The widespread attack against MOVEit and its customers was “highly creative, well-planned, organized by multiple groups and executed well since they were able to poach records at scale,” independent analyst Michael Diamond said via email.
    • “Without a doubt, they hit one of the juicy parts of the orchard from an information perspective that they’ll continue to monetize and use for attacks in the future,” Diamond said. “My impression is that this is only going to get worse over time.”
    • “Diamond isn’t alone in forecasting the worst is yet to come.”
  • The Cybersecurity and Infrastructure Security Agency added one known exploited vulnerability to its catalog on August 7 and another one on August 9.
  • The Wall Street Journal reports that “AI Is Generating Security Risks Faster Than Companies Can Keep Up: Rapid growth of generative AI-based software is challenging business technology leaders to keep potential cybersecurity issues in check.”
  • The Healthcare Sector Cybersecurity Coordination Center released a threat analysis on multifactor authentication (good) and smishing (bad).

From the ransomware front,

  • Cybersecurity Dive pointed out on August 7, 2023,
    • “A ransomware attack against Prospect Medical Holdings disrupted healthcare services across multiple states last week, prompting multiple hospital closures as response and recovery efforts are underway.
    • “Prospect Medical Holdings recently experienced a data security incident that has disrupted our operations,” the healthcare provider said Friday in a statement. The California-based company operates 16 hospitals and more than 165 clinics and outpatient facilities in California, Connecticut, Pennsylvania and Rhode Island.”

From the cybersecurity defenses front,

  • FedScoop reports
    • “The White House on Wednesday [August 9] announced a competition for cybersecurity researchers that is intended to spur the use of artificial intelligence to identify and fix software vulnerabilities.
    • “Teams that compete in the “AI Cyber Challenge,” which the Defense Advanced Research Projects Agency will lead, can win prizes worth up to $18.5 million. The agency has also allocated an additional $7 million in prize money for small businesses that participate.
    • “As part of the competition, researchers will use AI technology to fix software vulnerabilities, with a particular focus on open-source software. Leading AI companies Anthropic, Google, Microsoft and OpenAI will make their technology available for the challenge, according to the Biden administration.
    • “The White House’s announcement comes amid continued concern over rising cyber supply-chain risk across the federal government and the private sector. Last September, the Office of Management and Budget stipulated that all software providers would have to self-attest to the security of their products before deploying them on federal agency systems.”

Cybersecurity Saturday

David ErmerCybersecurity, Generative AI

From the cybersecurity policy front —

  • Cybersecurity Scoop reports,
    • “The Cybersecurity and Infrastructure Security Agency [CISA] released its strategic plan for fiscal year 2024 through 2026 on Friday, following a plethora of strategies and implementation plans released over the past several months by the White House aimed at improving the nation’s overall cybersecurity preparedness. 
    • “Within CISA, this Plan will serve as a keystone for implementation, resource, and operational planning, as further executed through our Annual Operating Plans. Externally, it will help stakeholders understand and participate in our long-term cybersecurity planning and prioritization,” the document reads.
    • CISA’s strategic plan will focus on three goals: address immediate threats, harden the terrain and drive security at scale. Additionally, the strategy has nine objectives, three for each goal, outlining the agency’s scope for the next three years.
    • “The release comes shortly after the Office of the National Cyber Director released a National Cyber Workforce and Education Strategy, as well as the National Cybersecurity Strategy in March and subsequent Implementation Plan in July.”
  • and
    • “The Biden administration’s strategy for building the U.S. cybersecurity workforce calls for government, industry and civil society groups to collaborate in increasing the number of cybersecurity workers and also urges an overhaul of the U.S. immigration system. 
    • “To address a dire shortage of cybersecurity workers, Monday’s strategy document takes a broad approach in overhauling the cybersecurity workforce. “The national cyber director’s office can only really task federal departments and agencies because, realistically, we need all of society. We need them to be feel supported and heard and seen as we approach these ecosystem models,” Acting National Cyber Director Kemba Walden told CyberScoop.”

From the cybersecurity breaches and vulnerabilities front —

  • Health IT Security brings us up to date on MOVEit breaches affecting healthcare organizations.
  • Health IT Security adds, “The healthcare sector continued to face a high volume of cyberattacks in the past few months as infostealing malware rose in popularity, BlackBerry stated in its latest Global Threat Intelligence Report.”
  • Cybersecurity Dive reports
    • “Half of the 12 most-commonly exploited vulnerabilities in 2022 were discovered the previous year, cyber authorities from the Five Eyes said in a joint advisory released Thursday. One of the top 12 vulnerabilities was discovered in 2018.
    • “Flaws in Microsoft products accounted for 1 in 3 of the most-routinely exploited vulnerabilities, including three Exchange Server CVEs from 2021. Two-thirds of the most-exploited vulnerabilities were found in products from three vendors: Atlassian, Microsoft and VMware.
    • “Other vendors that made the list include Apache’s Log4j, F5 Networks, Fortinet and Zoho.
    • * * * “Delayed or inconsistent vulnerability patching remains an underlying problem. This, combined with the unmet need for vendors, designers and developers to adhere to secure-by-design and secure-by-default principles, is aggravating the risk of compromise by malicious cyber actors.
    • “The Five Eyes intelligence alliance, which includes authorities from the U.S., Australia, Canada, New Zealand and the U.K., reiterated the need for vendors to follow secure design practices throughout the software development lifecycle.”
  • Security Week tells us
    • The US government’s cybersecurity agency CISA is calling attention to under-researched attack surfaces in UEFI [Unified Extensible Firmware Interface], warning that the dominant firmware standard presents a juicy target for malicious hackers.
    • “UEFI is a critical attack surface. Attackers have a clear value proposition for targeting UEFI software,” the agency said in a call-to-action penned by CISA technical advisor Jonathan Spring and vulnerability management director Sandra Radesky. 
  • CISA’s Director Jen Easterly blogs about the importance of securing the Border Gateway Protocol, which she describes as being the most important part of the internet you have never heard of.
  • On July 31, CISA added another known exploited vulnerability to its catalog.

From the ransomware front —

  • HHS’s Health Sector Cybersecurity Coordination Center released a sector alert on August 4, 2023.
    • “Rhysida is a new ransomware-as-a-service (RaaS) group that has emerged since May 2023. The group drops an eponymous ransomware via phishing attacks and Cobalt Strike to breach targets’ networks and deploy their payloads. The group threatens to publicly distribute the exfiltrated data if the ransom is not paid. Rhysida is still in early stages of development, as indicated by the lack of advanced features and the program name Rhysida-0.1. The ransomware also leaves PDF notes on the affected folders, instructing the victims to contact the group via their portal and pay in Bitcoin. Its victims are distributed throughout several countries across Western Europe, North and South America, and Australia. They primarily attack education, government, manufacturing, and technology and managed service provider sectors; however, there have been recent attacks against the Healthcare and Public Health (HPH) sector.”
  • Bleeping Computer informs us that “Clop ransomware now uses torrents to leak data and evade takedowns” and it offers its Week in Ransomware.
    • “Ransomware gangs continue to prioritize targeting VMware ESXi servers, with almost every active ransomware gang creating custom Linux encryptors for this purpose.
    • “This week, BleepingComputer analyzed the Linux encryptor for Abyss Locker and illustrated how it was specifically designed to encrypt ESXi virtual machines.”

From the cybersecurity defenses front —

  • Per Forbes
    • “Traditional passwords have proven to be an increasingly problematic authentication strategy in the evolving face of cybersecurity. Biometrics, such as fingerprints, facial recognition and iris scanning, are ushering in a new era of safe authentication.
    • “Biometrics provide distinct advantages over passwords in terms of security, convenience and user experience. But why exactly are biometrics more secure, and how can businesses successfully implement this technology into their existing strategies?
    • Forbes article explains how.
  • HelpNet offers advice on building cybersecurity defenses.
  • Security Intelligence explains how artificial intelligence can reduce data breach life cycles and costs.