Friday Factoids

Generative AI

Friday Factoids

David ErmerCDC, Congress, FDA, Generative AI, Medical / Rx research, Rx coverage, U.S. Healthcare
Photo by Sincerely Media on Unsplash

From Washington, DC

  • Govexec tells us,
    • “The Office of Personnel Management on Thursday introduced a new form of paid leave designed for federal workers to use in connection with instances of domestic violence or other sexual or relationship-based trauma.
    • “In a memo to agency heads, acting OPM Director Rob Shriver said that although the federal government’s paid leave system “was not constructed with concepts of safe leave in mind,” the Biden administration is committed to protecting feds who have undergone relationship-based trauma and their families. * * *
    • “According to a new fact sheet on OPM’s website, the new safe leave will fall into a series of pre-existing leave categories, depending on what the federal employee intends to do while on leave.”
  • The Census Bureau announced,
    • “While the nation’s fastest-growing cities continue to be in Sun Belt states, new population estimates show that some of the top gainers are now on the outskirts of metropolitan areas or in rural areas.
    • “Today’s release of U.S. Census Bureau July 1, 2023, population estimates for cities and towns reveals geographic shifts in population growth compared to pre-pandemic July 1, 2019, estimates.
    • “The estimates also show that, on average, many small and midsize U.S. cities with populations under 50,000 saw relatively higher growth rates in 2023 than in 2019 before the pandemic hit while large cities generally grew at slower rates.
    • “Overall, the most populous cities continued to return to pre-pandemic trends thanks to increased growth rates and smaller population declines.”

From the public health and medical research front,

  • The Centers for Disease Control lets us know today,
    • “The amount of respiratory illness (fever plus cough or sore throat) causing people to seek healthcare is low nationally. This week, no jurisdictions experienced moderate, high, or very high activity.
    • “Nationally, emergency department visits with diagnosed COVID-19, influenza, and RSV are at low levels.
    • “Nationally, influenza test positivity decreased and RSV and COVID-19 test positivity remained stable at low levels compared to the previous week.
    • “Nationally, the COVID-19 wastewater viral activity level, which reflects both symptomatic and asymptomatic infections, is minimal.”
  • CNN reports,
    • “Laboratory tests by the US Department of Agriculture haven’t found any H5N1 bird flu virus in raw beef, but they are a good reminder why eating rare hamburgers can be risky.”Laboratory tests by the US Department of Agriculture haven’t found any H5N1 bird flu virus in raw beef, but they are a good reminder why eating rare hamburgers can be risky.
    • “As part of a suite of tests conducted to check safe food handling advice after the detection of H5N1 bird flu virus in dairy cattle, the USDA recently mixed a substitute virus into ground beef and then cooked patties at varying times and temperatures.
    • “Researchers found none of the virus in hamburgers cooked to 145 degrees, roughly the temperature of a medium burger, or well-done burgers cooked to 160 degrees. They did, however, find some live virus in patties cooked to 120 degrees or rare, although the virus was present “at much, much reduced levels,” said Eric Deeble, acting senior adviser for highly pathogenic avian influenza at the USDA.
    • “Whether that small amount of virus could make someone sick is still an unknown.
    • “The USDA already advises consumers to cook ground beef to an internal temperature of 160 degrees, as measured with a food thermometer, to avoid infections from bacteria such as salmonella and E. coli, he noted.
    • “I don’t think that anybody needs to change any of the safe food handling or safe cooking practices that are already recommended,” Deeble said.”
  • BioPharma Dive lets us know,
    • “New data from two late-stage studies of an experimental Bayer drug show it reduced the frequency and severity of common symptoms of menopause, supporting the company’s case for seeking regulatory approval.
    • “The results were disclosed by Bayer Thursday and will be presented at this year’s annual meeting of the American College of Obstetricians and Gynecologists in San Francisco.
    • “Bayer shared the trials’ success in January, but didn’t reveal specific findings. The company also announced positive results from a third Phase 3 study in March, when it confirmed plans to file for marketing authorization of the drug.
    • “Known as elinzanetant, Bayer’s drug would, if approved, compete with a medicine from Astellas called Veozah, which is approved in the U.S. to treat moderate-to-severe vasomotor symptoms caused by menopause.”
  • The New York Times reports,
    • “When a patient with a severe traumatic brain injury is comatose, in intensive care, unresponsive and hooked up to a ventilator, but not brain-dead, when is the time to withdraw life support? A small study on the fates of people in such situations suggests that doctors and patients’ families may make better decisions if they wait even a few days longer than usual.
    • “Often, a doctor sits down with family members within 72 hours of the patient’s admission to intensive care to discuss the patient’s prognosis, and whether they want to keep their loved one alive, or to remove life support.
    • “Experts say that many doctors would describe the outlook as grim — most likely death or severe disability. Reported outcomes of patients who had severe traumatic brain injuries show that most times the decision is to remove life support. The patient dies.
    • “The researchers behind the new study say that their limited data suggests that doctors’ predictions so soon after the injury frequently are wrong.
    • The study, published Monday in Journal of Neurotrauma, used a national database that included 1,392 traumatic brain injury patients.”
  • The Wall Street Journal points out that “A ‘Digital Twin’ of Your Heart Lets Doctors Test Treatments Before Surgery. Researchers create digital replicas of individual patients’ organs using data from exams and wearable devices: ‘You can run an infinite number of experiments’.”
    • “Kristin Myers, a mechanical engineering professor at New York’s Columbia University, is making digital copies of women’s uteruses and cervixes, hoping this can help in determining how a pregnancy will go. To do this, Myers uses an ultrasound to create 3-D computational models as part of an effort to someday solve the problem of preterm births. 
    • “The idea of digital twins in health is new,” she says. “We can offer better diagnoses. You can run an infinite number of experiments.”  
    • “At the National Cancer Institute, Emily Greenspan, a program director in the informatics and data science program, envisions a novel way to treat oncology patients. Instead of trying a drug and hoping it works, doctors would create a digital twin of the patient to predict how the disease would respond to a certain drug. 
    • “The institute has been working on creating virtual twins for best treatments of lung cancer, for instance. In the next five years the technology will likely become part of clinical decision-making, Greenspan says. 
    • “Predicting the best treatments and screening, these are blue-sky visions,” she said. “There is a lot of foundational research that’s needed.”
  • Amazing.

From the U.S. healthcare business front,

  • Beckers Payer Issues informs us,
    • “Employer adoption of ICHRAs is up 29% since 2023, according to a May 16 report from the HRA Council.
    • “ICHRAs, or individual coverage health reimbursement arrangements, allow employers to offer a defined tax-advantaged contribution used to reimburse premiums for an individual health plan purchased by an employee on their state’s ACA exchange.
    • Key numbers:
      • “1. ICHRA adoption grew 29% year over year between 2023 and 2024.
      • “2. ICHRAs grew 84% among employers with 50 or more employees.
      • “3. Among employers surveyed, 83% were not able to offer health benefits until they offered an ICHRA or Qualifying Small Employer HRA. 17% of employers switched from traditional group coverage.
      • “4. The number of employees offered a defined contribution health benefit now exceeds 200,000, which does not include dependents — some estimates have said more than 500,000 people are enrolled.”
  • Per Fierce Healthcare,
    • “For women who experience musculoskeletal (MSK) and pelvic health issues, the decline in estrogen during menopause can not only worsen existing symptoms but also trigger new joint, muscle and pelvic health issues.
    • “Research shows 71% of women who go through menopause experience joint and muscle pain.
    • “Digital health company Hinge Health expanded its movement- and behavior-based care to help women alleviate common menopause symptoms such as hot flashes, joint and muscle pain and pelvic floor disorders.             
    • “As part of the new movement-based menopause support offering, a physical therapist-led care team provides individuals with personalized exercise therapy and behavior-based lifestyle modifications. The aim is to alleviate joint and muscle pain, maintain muscle mass and bone density, and address vasomotor symptoms like hot flashes and mood swings, according to the company.
    • “Regular physical activity can reduce the frequency and severity of some disruptive symptoms that occur with menopause,” said Tamara Grisales, M.D., an urogynecologist at Hinge Health. “Exercise-focused programs complement traditional treatments like Hormone Replacement Therapy, providing a holistic approach to managing menopause.”
  • Beckers Hospital Review notes,
    • “Walgreens will sell a low-cost, over-the-counter version of the opioid overdose antidote naloxone, the company said May 15. 
    • “The Walgreens-brand nasal spray medication will retail for $34.99, a lower price than other branded versions of the drug (Narcan) sold by the retailer. The naloxone spray is currently available online and will hit store shelves nationwide by the end of the month.”

Cybersecurity Saturday

David ErmerCybersecurity, Generative AI

From the cybersecurity policy front,

  • Cybersecurity Dive reports,
    • “The Biden administration plans to pursue a liability framework to hold the software industry accountable for insecure software, according to administration officials and documents released by the Office of the National Cyber Director this week. 
    • “Federal officials said they have taken steps toward a long-stated goal of shifting the security burden away from technology users and onto the industry. 
    • “The administration wants to pursue a plan to create incentives that will help enable long-term investment in cybersecurity and resilience, Nick Leiserson, assistant national cyber director for cyber policy and programs, said during a panel Monday [May 6] at the RSA Conference in San Francisco.
    • “Leiserson cautioned the objective was not to create a liability framework for the purposes of opening up the software industry to lawsuits.
    • “That’s not the point,” Leiserson said during the panel discussion. “The point is to secure investments in secure software development.”
  • and
    • “The Biden administration plans to launch aggressive actions to enhance cyber resilience across key critical infrastructure sectors, including the healthcare and water sectors, which were the targets of significant threat activity in recent months, according to a report released Tuesday by the Office of the National Cyber Director.
    • “The U.S. wants to speed the flow of intelligence sharing and facilitate closer cooperation with the private sector. The administration also plans to enhance its ability to proactively disrupt threat activity and take down malicious actors. 
    • “We are in the midst of a fundamental transformation in our nation’s cybersecurity,” National Cyber Director Harry Coker Jr., said in a statement. “We have made progress in realizing an affirmative vision for a safe, prosperous and equitable digital future, but the threats we face remain daunting.”
  • In that regard, Govinfosecurity adds,
    • “As the Department of Health and Human Services works on a proposed update to the HIPAA Security Rule this year, regulators are also ratcheting up enforcement efforts – including resuming long-dormant HITECH Act HIPAA audits, said Melanie Fontes Rainer, director of HHS’ Office for Civil Rights. * * *
    • “HHS OCR plans by the end of the year to publish a proposed update to the HIPAA Security Rule to better reflect the evolution of technology and healthcare delivery that’s occurred over the last two decades since the regulations were first issued, she said.
    • “The beauty of the HIPAA Security Rule is that it’s 20 years old – it is technology-neutral, and it’s scalable. So we’re still able to use it and enforce the law vigorously,” she said in a video interview with Information Security Media Group. 
    • “But at the same time, “the downside of the HIPAA Security Rule is that it’s 20 years old and doesn’t reflect how we receive healthcare today,” she adds. “That’s why we’re taking a look at it to make sure we’re building into it practices – like end-to-end encryption – and things like that.”
  • Cyberscoop reports,
    • The U.S. and British governments on Tuesday [May 7] identified Dmitry Yuryevich Khoroshev as the leader, developer and administrator of the LockBit ransomware operation, one of the most prolific and profitable cybercriminal syndicates in recent years.
    • Khoroshev, a Russian national, has been LockBit’s main administrator and developer since at least September 2019 continuing through the present, U.S. federal prosecutors said in an indictment unsealed Tuesday. Since its inception, LockBit has been used in attacks against more than 2,500 targets in at least 120 countries, leading to at least $500 million in ransom payments to Khoroshev and his affiliates and “billions of dollars in broader losses, such as revenue, incident response, and recovery,” the Department of Justice said in a statement.
  • Dark Reading points out that at the RSA Conference “CISA courted the private sector to get behind CIRCIA Reporting Rules. New regulations will require the private sector to turn over incident data to CISA within three days or face enforcement. Here’s how the agency is presenting this as a benefit to the entire private sector.”

From the cyber breaches and vulnerabilities front,

  • Cyberscoop reports,
    • Ascension, a health care system with 140 hospitals in 19 states and Washington, D.C., and tens of thousands of employees and affiliated providers, detected a “cyber security event” Wednesday [May 8] that has caused a “disruption to clinical operations,” the company said
    • Major impacts to medical services have been reported in multiple states, including KansasFlorida and Michigan, including some patients being diverted to other hospitals and lack of access to digital records.
    • “We have to write everything on paper,” one physician in Michigan told the Detroit Free Press. “It’s like the 1980s or 1990s.”
  • Dark Reading adds,
    • “The provider has temporarily paused non-emergency medical procedures and appointments, and some hospitals are diverting emergency medical services. Patients were advised to bring relevant medical information to appointments due to system limitations.
    • “We are actively supporting our ministries as they continue to provide safe, patient care with established downtime protocols and procedures,” a company statement said. “It is expected that we will be utilizing downtime procedures for some time.”
    • “The organization has tapped incident response help from Mandiant for investigation and remediation efforts. It is unknown if any patient data was exposed in the attack.
    • “We are working to fully investigate what information, if any, may have been affected by the situation,” Ascension said. “Should we determine that any sensitive information was affected, we will notify and support those individuals in accordance with all relevant regulatory and legal guidelines.”
  • Cybersecurity Dive tells us,
    • “The FBI and Cybersecurity and Infrastructure Security Agency urged software companies to eliminate directory traversal vulnerabilities from their products, citing a rise in attacks against critical industries, including hospitals and school operations, in a secure by design alert released Thursday
    • “The agencies are seeking industry action following two recent campaigns where threat groups engaged in extensive exploitation activity. The agencies referenced a path traversal vulnerability in ConnectWise ScreenConnect, listed as CVE-2024-1708, and a vulnerability in the file upload functionality of Cisco AppDynamics Controller, listed as CVE-2024-20345.
    • “In total, directory traversal or path traversal vulnerabilities were identified in 55 different cases listed on CISA’s Known Exploited Vulnerabilities catalog, according to the alert.”

From the ransomware front,

  • American Hospital Association News informs us,
    • “The Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency, Department of Health and Human Services, and Multi-State Information Sharing and Analysis Center May 10 releasedjoint cybersecurity advisory to provide information on Black Basta, a ransomware variant whose actors have encrypted and stolen data from at least 12 out of 16 critical infrastructure sectors, including the health care and public health sector.”
  • Bleeping Computer’s The Week in Ransomware is back this week.

From the cybersecurity defenses front,

  • Cybersecurity Dive calls attention to the fact that “Officials see a real change in Microsoft’s security plans: financial accountability. CISA Director Jen Easterly pointed to Microsoft’s decision to link security to executive compensation as a meaningful signal of its priorities.”
  • Tech Target offers “five tips for building a cybersecurity culture at your company.”
  • Dark Reading considers the future path of CISOs while the ISACA Blog notes “A Better Path Forward for AI By Addressing Training, Governance and Risk Gaps.”
  • Finally, SC Media dives into the cybersecurity insurance market.

Friday Factoids

David ErmerCDC, Congress, COVID-19 vaccine, Employee Wellness Programs, FDA, Generative AI, Medical / Rx research, Obesity, U.S. Healthcare
Photo by Sincerely Media on Unsplash

From Washington, DC

  • Govexec reports,
    • “In the face of mounting pressure from lawmakers of all political stripes, watchdogs, stakeholders and even members of its own governing board, as well as another financial quarter in the red, leadership of the U.S. Postal Service is doubling down on its controversial plan to overhaul the agency. 
    • “USPS posted a net loss of $1.5 billion in the second quarter of fiscal 2024, though management noted that was trimmed to a $300 million loss after dispensing with costs outside of its control. USPS leaders boasted they have turned a $200 million profit in the first half of the fiscal year using that same metric, which marked a $600 million turnaround compared to the first six months of fiscal 2023.
    • “While First-Class mail volume has continued its longstanding decline, revenue grew in the quarter by nearly $500 million due in large part to the dramatic price increases USPS has instituted. The Postal Service has cut $100 million in costs, driven largely by a reduction in transportation expenses and slashing 9 million work hours. 
    • “On-time delivery of mail, however, has plummeted as USPS has instituted significant reforms to its network as laid out in Postmaster General Louis DeJoy’s 10-year Delivering for America plan.” 
  • HHS posted a fact sheet on new government efforts to reduce the impact of spread of avian flu H5N1
  • Senators John Fetterman (D PA) and Tina Smith (D MN) announced a bill, “the United States Senate Commission on Mental Health Act of 2024. The bill would establish a U.S. Senate Commission on Mental Health tasked with providing Congress and the president independent, expert policy recommendations to improve access to and affordability of mental health care services. * * * Full text of the bill can be found here.

From the public health and medical research front,

  • The Centers for Disease Control tells us today,
    • “The amount of respiratory illness (fever plus cough or sore throat) causing people to seek healthcare continues to decrease across most areas of the country. This week, no jurisdictions experienced moderate, high, or very high activity.
    • “Nationally, emergency department visits with diagnosed influenza are decreasing. Emergency department visits with COVID-19 and RSV remain stable at low levels.
    • “Nationally, influenza and RSV test positivity decreased compared to the previous week. COVID-19 test positivity remained stable at low levels.
    • “Nationally, the COVID-19 wastewater viral activity level, which reflects both symptomatic and asymptomatic infections, is minimal.”
  • STAT News reports “Harvard scientists unveil the most detailed map of the brain ever: ‘It’s an alien world inside your own head’”.
    • “On Thursday, [Dr. Jeffrey’ Lichtman and his partners unveiled the results of their [decade long] efforts in the prestigious journal Science, and also posted to the internet renderings of the human brain unlike any ever seen. They came complete with a program that allows viewers to move through a microscopic alien landscape so detailed Lichtman can’t resist waxing poetic when he talks about it.
    • “It’s an alien world inside your own head,” he said. “Neurons themselves are truly awe inspiringly beautiful. There’s no two ways about it.”
    • “True, the insights gleaned from the tiny sample have not yet unraveled the mysteries of autism, schizophrenia, or depression. They can’t yet explain the mechanics of human learning, memory, and personality on the cellular level. But they represent an important first step in that direction, and provide a tantalizing preview of the kind of insights we might see in the decades ahead.”
  • The Wall Street Journal reports,
    • Bristol Myers Squibb said on Friday that its trial evaluating a combination of cancer treatments failed to meet its primary endpoint.
    • “The company’s trial was evaluating the cancer-drug Opdivo and concurrent chemoradiotherapy, followed by Opdivo plus Yervoy, the brand name for a monoclonal antibody, in treating unresectable, locally advanced non-small cell lung cancer. The trial’s primary endpoint was progression-free survival.
    • “Bristol Myers Squibb said it would fully evaluate the data and work with investigators to share results with the scientific community.
    • “Opdivo and certain combinations with Opdivo are approved treatments for eligible patients with non-small cell lung cancer.”
  • Per Fierce Healthcare,
    • “Cancer diagnoses are on the rise among younger adults, and a new guidebook seeks to arm employers with the tools necessary to tackle this issue.
    • “The Northeast Business Group on Health’s new toolkit highlights actions employers can take to proactively address growing rates for five types of cancer in their workforce: breast cancer, colorectal cancer, head and neck cancer, cancer of the reproductive organs and skin cancer.
    • “There’s a clear business case for putting a focus on cancer, as the cost of therapies continues to increase and patients often require treatment for the long haul, NEBGH Medical Director Mark Cunningham-Hill, M.D., told Fierce Healthcare.
    • “He said that many employers, especially larger firms, have established sophisticated and comprehensive wellness and health programs for their workers. But they can do more to “connect the dots” between those offerings and critical preventive care around cancer and conditions that increase risk factors, like obesity.”
  • USA Data relates,
    • One out of every 42 babies born in the United States in 2021 was conceived using IVF or other assisted reproductive technologies.  
    • Parents who started treatments in 2021 gave birth to 97,128 babies, a 49% increase from 2012. In 2021, 238,126 patients initiated 413,776 IVF or similar treatment cycles, up 135% from 2012. 
    • IVF was most common in Washington, DC, with 5.8% of babies conceived via IVF, Massachusetts (5.4%), and New Jersey (5.0%). Less than one percent of infants born in Puerto Rico were conceived via IVF (0.4%). Alabama (0.6%) and Arkansas (0.7%) also had low rates.  

From the U.S. healthcare business front,

  • The Kaiser Family Foundation released a “KFF Health Tracking Poll May 2024: The Public’s Use and Views of GLP-1 Drugs.” Here are the key finding from the poll:
    • “The latest KFF Health Tracking Poll finds that about one in eight adults (12%) say they have ever taken a GLP-1 agonist – an increasingly popular class of prescription drugs used for weight loss and to treat diabetes or prevent heart attacks or strokes for adults with heart disease – including 6% who say they are currently taking such a drug. The share who report ever taking these drugs rises to four in ten (43%) among adults who have been told by a doctor that they have diabetes, a quarter who have been told they have heart disease, and one in five (22%) who have been told by a doctor that they are overweight or obese in the past five years1. Public awareness of GLP-1 drugs has increased in the past year, with about one-third (32%) of adults now saying they have heard “a lot” about these drugs, up from 19% in July 2023.
    • “Most adults who have taken GLP-1 drugs say they took them to treat a chronic condition including diabetes or heart disease (62%), while about four in ten say they took them primarily to lose weight.
    • “About half (54%) of all adults who have taken GLP-1 drugs say it was difficult to afford the cost, including one in five (22%) who say it was “very difficult.” While most insured adults who have taken these drugs say their insurance covered at least part of the cost, even among insured adults about half (53%) say the cost was difficult to afford2.
    • “While 8% of adults ages 65 and older say they have taken a GLP-1 medication for a chronic condition, just 1% say they have ever taken a GLP-1 drug to lose weight, which may reflect Medicare’s lack of coverage for prescription drugs used for weight loss. Nearly four in ten (37%) adults ages 65 and older report being told by a doctor they are overweight or obese in the past five years.
    • “With Medicare currently prohibited by law from covering prescription drugs used for weight loss, six in ten adults say they think Medicare should cover the cost of these drugs when prescribed for weight loss for people who are overweight, including more than half of Democrats, independents and Republicans. Similar shares of the public continue to support Medicare coverage of these drugs for weight loss even after hearing arguments for and against this proposal.”
  • Per BioPharma Dive,
    • “Sanofi will pay vaccine maker Novavax $500 million and take a small equity stake in the Maryland-based company as part of a broad COVID-19 shot alliance, the companies announced Friday.
    • “Through the deal, Sanofi will gain rights to co-market Novavax’s protein-based COVID vaccine globally, excepting certain countries, and a license to combine it with Sanofi’s existing influenza shots. Sanofi will also hold a non-exclusive right to use Novavax’s soap bark tree-derived adjuvant in other products it develops.
    • “Starting next year, Sanofi will book sales of Novavax’s COVID shot and pay Novavax double-digit percentage royalties. The French pharmaceutical company will also support certain R&D, regulatory and commercial expenses.”
  • Per MedTech Dive,
    • “Tandem Diabetes Care is recalling a version of its t:connect app for iPhone because of a fault that could drain insulin pump batteries, the Food and Drug Administration said Wednesday.”Tandem Diabetes Care is recalling a version of its t:connect app for iPhone because of a fault that could drain insulin pump batteries, the Food and Drug Administration said Wednesday.
    • “After updating the app in February, Tandem received 224 injury reports in about two months. The reports related to an issue that caused the app to crash and relaunch, resulting in excessive use of Bluetooth and potentially draining the battery of the connected insulin pump.
    • “The FDA categorized the event as a Class I recall because of the life-threatening potential for pumps to deliver too little insulin. Tandem corrected the fault in an app update in March.”
  • The Wall Street Journal explains why “Getting Alzheimer’s treatment to those who need it poses particular challenges.” For example
    • “The problem isn’t this drug. Sure. It has risks, et cetera,” said Jason Karlawish, co-director, of the Penn Memory Center at the University of Pennsylvania. “But the problem was the drug and the system — namely with a system of care for its delivery.”
    • “Karlawish said his memory center infused its first patient with Leqembi on November 16. He said that in the six months since, the number of patients who have received the drug there has climbed into the double-digits, reaching roughly 50 people. That, he said, required setting up an infrastructure that “either didn’t exist or existed in bits that had to be put together.”
  • MedCity new points out,
    • “Navigation challenges are the top reason consumers stop seeing healthcare providers, while experience issues are the main reason consumers leave their health insurer, a new survey found.
    • “The Accenture report, released last week, surveyed more than 9,700 insured consumers and 8,000 consumers who sought or received care in the prior year. The survey is a follow-up to a 2021 report, which examined why people are loyal or not loyal to their payer or provider.
    • “We wanted to leverage our patient and member experience surveys to continue to track the state of consumerism in health care, assessing how providers and health insurers perform across a number of key touchpoints that drive selection, loyalty, value and ease of use,” said Sarah Sinha, a managing director in Accenture’s health business, in an email.”
  • Insurance Business tells us,
    • “Offering support across a variety of functions including customer service, claims processing, underwriting, and fraud detection, the capability of AI to analyze large datasets and process information will continue to revolutionize insurance.
    • “Nirmal Ranganathan, vice president of engineering, AI, at Rackspace Technology, spoke with Insurance Business on how insurance companies can take advantage of AI to generate cost savings across their businesses.”
    • Check it out.

Cybersecurity Saturday

David ErmerCybersecurity, Generative AI

From the cybersecurity policy front,

  • Cybersecurity Dive lets us know,
    • “Legislators slammed UnitedHealth Group CEO Andrew Witty over the cyberattack on subsidiary Change Healthcare at two Congressional hearings on Wednesday, raising concerns about the technology firm’s lack of cybersecurity and the potentially huge breach of Americans’ health data.”
  • The American Hospital News reports
    • “The Biden Administration April 30 released a memo announcing updated critical infrastructure protection requirements, which include the Cybersecurity & Infrastructure Security Agency acting as the National Coordinator for Security and Resilience, and heightening the importance of minimum security and resilience requirements within health care and other critical infrastructure sectors, consistent with the National Cybersecurity Strategy.”  
  • and
    • “The Cybersecurity and Infrastructure Security Agency May 3 extended the comment period to July 3 for the April 4 proposed rule that would implement cyber incident and ransom payment reporting requirements under the Cyber Incident Reporting for Critical Infrastructure Act of 2022. The rule would require critical infrastructure organizations, including hospitals and health systems, to report a covered cyber incident to the federal government within 72 hours and ransom payments within 24 hours, among other requirements.”
  • Cyberscoop adds.
    • “A draft rule for cyber incident reporting asks far too much of critical infrastructure entities and of the agency tasked with carrying out the law, trade groups representing the electric, telecommunications and finance sectors said during a House hearing Wednesday.
    • “The cyber incident reporting mandate is one of the Cybersecurity and Infrastructure Security Agency’s biggest forays into a regulatory role — and it is proving to be a thorny one. The 447-page draft rule, released in March, would require select critical infrastructure companies to report significant cyber incidents within 72 hours and any ransomware payments within 24 hours. The rule was established largely for the government to better understand the cyber landscape after multiple major cyberattacks — such as the SolarWinds espionage campaign — highlighted the fact that many attacks go unnoticed.
    • “Witnesses before the House Homeland Security’s cybersecurity subcommittee were largely in agreement that the rule is an important step for broader cyber awareness but also too broad, increasing the likelihood of CISA becoming overwhelmed by reports. Meanwhile, front-line defenders — particularly smaller organizations — could be hampered by trying to both file reports and deal with an attack. CISA will not be able to keep up with the amount of data due to the broad definition of cyber incidents and who should report, the witnesses argued.”
  • Health IT Security informs us,
    • “The Federal Trade Commission (FTC) finalized updates to its Health Breach Notification Rule (HBNR) with the goal of clarifying the rule’s applicability to health apps and other technologies that fall outside HIPAA’s purview.
    • “The FTC issued the HBNR more than a decade ago, when health apps were not as embedded into the US healthcare landscape as they are now. The HBNR requires vendors of personal health records (PHRs), PHR-related entities, and third-party service providers that are not subject to HIPAA to notify the FTC and impacted individuals in the event of a health data breach.”

From the cybersecurity vulnerabilities and breaches front,

  • Cybersecurity Dive tells us,
    • “A ransomware group accessed Change Healthcare’s systems with compromised credentials, UnitedHealth Group CEO Andrew Witty said in written testimony prepared for a Wednesday hearing before the House Energy and Commerce Committee Subcommittee on Oversight and Investigations
    • “On Feb. 12, the AlphV ransomware group used those compromised credentials to “remotely access a Change Healthcare Citrix portal, an application used to enable remote access to desktops,” Witty said in his prepared remarks. “The portal did not have multifactor authentication.” 
    • “Once the threat actor gained access, they moved laterally within the systems in more sophisticated ways and exfiltrated data. Ransomware was deployed nine days later,” Witty said.”
  • and
    • “The exploitation of vulnerabilities almost tripled as an initial access vector in 2023, fueled in part by the MOVEit breach, Verizon said in its Data Breach Investigations Report released Wednesday.
    • “Ransomware actors increasingly targeted zero-day vulnerabilities in IT systems, Verizon found. About a third of all breaches in 2023 included some type of extortion, and MOVEit involved Clop ransomware exploiting zero-day vulnerabilities in the file-transfer service.
    • T”he report shows 15% of breaches involved a third party, which includes data custodians, software vulnerabilities and direct or indirect supply chain issues, according to the report. This figure represented a 68% increase from the prior year, Verizon said.”
  • and
    • “Pro-Russia hacktivists are targeting operational technology systems in the water, energy and agricultural sectors by exploiting poor cyber hygiene techniques, the Cybersecurity and Infrastructure Security Agency warned Wednesday. CISA issued a joint fact sheet with the FBI, National Security Agency and multiple international agencies.”Pro-Russia hacktivists are targeting operational technology systems in the water, energy and agricultural sectors by exploiting poor cyber hygiene techniques, the Cybersecurity and Infrastructure Security Agency warned Wednesday. CISA issued a joint fact sheet with the FBI, National Security Agency and multiple international agencies.
    • “Threat groups are looking to compromise industrial control systems at small-scale operations in North America and Europe that are exposed to the internet and use default passwords or lack multifactor authentication, officials warned.
    • “The targeting thus far has involved unsophisticated techniques that target components like human-machine interfaces. The agencies urged providers to immediately change to more complex passwords and implement multifactor authentication.” 
  • SC Media offers five takeaways from the Verizon report.
  • Bleeping Computer tells us,
    • “The NSA and FBI warned that the APT43 North Korea-linked hacking group exploits weak email Domain-based Message Authentication Reporting and Conformance (DMARC) policies to mask spearphishing attacks.
    • “Together with the U.S. State Department, the two agencies cautioned that the attackers abuse misconfigured DMARC policies to send spoofed emails which appear to come from credible sources such as journalists, academics, and other experts in East Asian affairs.”
    • “The DPRK leverages these spearphishing campaigns to collect intelligence on geopolitical events, adversary foreign policy strategies, and any information affecting DPRK interests by gaining illicit access to targets’ private documents, research, and communications,” the NSA said.”
  • CISA added the following known exploited vulnerabilities to its catalog this week.
    • On April 30, CVE-2024-29988 Microsoft SmartScreen Prompt Security Feature Bypass Vulnerability, and
    • On May 1, CVE-2023-7028 GitLab Community and Enterprise Editions Improper Access Control Vulnerability.
  • Tech Republic adds, “Researchers from the University of Illinois Urbana-Champaign found that OpenAI’s GPT-4 is able to exploit 87% of a list of vulnerabilities when provided with their NIST descriptions.”

From the cybersecurity defenses front.

  • Here is a link to Dark Reading’s CISO Corner.
  • Security Week reports, “In the wake of a scathing US government report that condemned Microsoft’s weak cybersecurity practices and lax corporate culture, security chief Charlie Bell is pledging significant reforms and a strategic shift to prioritize security above all other product features.”
  • ISACA released its 2023 annual report. “Access ISACA’s annual report here.”
  • Mercer Consulting considers how to modernize HR data strategy to address cybersecurity risks.

Cybersecurity Saturday

David ErmerCybersecurity, Generative AI, Uncategorized

From the cybersecurity policy front,

  • Cybersecurity Dive reports,
    • “The U.S. government and its partners have slowed the swell of ransomware over the last three years, Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, said Wednesday at an event.
    • “But the cyclical and persistent threat ransomware poses requires new ways of thinking, Easterly said, speaking at the Institute for Security and Technology’s annual ransomware task force event. Defenders and stakeholders have to turn the lens to software and hardware vendors, according to Easterly.
    • “There’s a lot about the villains. There’s a lot about victims. We do not talk enough about vendors,” she said.
    • “The way we are going to actually drive down the number of attacks, and the number of successful attacks, is if we go upstream and ensure that technology that is deployed and delivered is in fact prioritized to be secure,” Easterly said. “Not features, not speed to market, not driving down costs, but secure.”
  • Here is a link to a related blog post from the CISA Director on this important topic.
  • Cyberscoop adds,
    • ‘The Cybersecurity and Infrastructure Security Agency’s vulnerability warning program has issued more than 2,000 alerts to date to organizations that are running software with vulnerabilities being exploited by ransomware gangs, the agency’s director, Jen Easterly, said Wednesday.
    • “Currently running in a pilot phase, the program is mandated by the Cyber Incident Reporting for Critical Infrastructure Act of 2022 and aims to reduce the number of ransomware attacks by getting the owners and operators of vulnerable systems to patch them before they can be infiltrated. 
    • “The warning pilot is focused on reducing the prevalence of ransomware by using our vulnerability scanning tools to let businesses know if they have vulnerabilities that need to be patched,” Easterly said at an event hosted by the Institute for Security and Technology.
    • “Easterly said that since the pilot was launched in January of last year, it has expanded to include CISA’s database of known exploited vulnerabilities as well as common misconfigurations that can be linked to ransomware attacks. 
    • “In a Thursday blog about the warning pilot, CISA found that of the more than 1,700 notifications of vulnerable devices in 2023, 49% were mitigated through either patching, taking offline, or through other measures. The blog also said organizations reduce cyber risk when using CISA’s free cyber hygiene vulnerability scanning service, which monitors the web for vulnerable devices.
    • “Organizations participating in this no-cost service typically reduce their risk and exposure by 40% within the first 12 months and most see improvements in the first 90 days,” CISA said.”

From the cyber vulnerabilities and breaches front,

  • Cybersecurity Dive tells us,
    • “UnitedHealth Group said [on April 22] it paid hackers a ransom in an attempt to protect patient information from disclosure after a cyberattack against its subsidiary Change Healthcare in Februarythe company confirmed to Healthcare Dive on Monday. 
    • “The healthcare behemoth also said patient data was compromised. UnitedHealth found files involved in the cyberattack containing protected health information or personally identifiable information that “could cover a substantial proportion of people in America,” according to a press release. 
    • “UnitedHealth also said 22 screenshots of allegedly stolen files, some containing patient health information, were posted on the dark web for about a week. The healthcare giant said it’s continuing to monitor the internet and the dark web for stolen data. * * *
    • “The company also said it would take on breach reporting and notification requirements for customers whose data may have been exposed in the attack — a big concern for provider groups.”
  • Tech Crunch reports,
    • “U.S. health conglomerate Kaiser is notifying millions of current and former members of a data breach after confirming it shared patients’ information with third-party advertisers, including Google, Microsoft and X (formerly Twitter).
    • “In a statement shared with TechCrunch, Kaiser said that it conducted an investigation that found “certain online technologies, previously installed on its websites and mobile applications, may have transmitted personal information to third-party vendors.”
    • “Kaiser said that the data shared with advertisers includes member names and IP addresses, as well as information that could indicate if members were signed into a Kaiser Permanente account or service and how members “interacted with and navigated through the website and mobile applications, and search terms used in the health encyclopedia.”
    • “Kaiser said it subsequently removed the tracking code from its websites and mobile apps. ***
    • “Kaiser spokesperson Diana Yee said that the organization would begin notifying 13.4 million affected current and former members and patients who accessed its websites and mobile apps. The notifications will start in May in all markets where Kaiser Permanente operates, the spokesperson said.
    • “The health giant also filed a legally required notice with the U.S. government on April 12 but made public on Thursday confirming that 13.4 million residents had information exposed.”
  • Help Net Security informs us,
    • “More organizations hit by ransomware gangs are starting to realize that it doesn’t pay to pay up: “In Q1 2024, the proportion of victims that chose to pay touched a new record low of 28%,” ransomware incident response firm Coveware has found.
    • “Victim organizations are increasingly able to withstand an encryption attack and restore operations without the need for a decryption key, they said, and the stolen data is often leaked or traded even after the victims have paid the ransom, which repeatedly proves that paying up is no guarantee.
    • “LockBit was found to still be holding the stolen data of victims that had paid a ransom, and we have also seen prior Hive victims that had paid the extortion, have their data posted on the Hunters International leak site (a reboot / rebrand of Hive),” the company said, noting that “future victims of data exfiltration extortion are getting more evidence daily that payments to suppress leaks have little efficacy in the short and long term.”

From the cybersecurity defenses front,

  • Cybersecurity Dive lets us know,
    • “Global median dwell times — measured as the time that hackers remain undetected inside a targeted environment — have fallen to their lowest levels in more than a decade, according to the annual M-Trends report from Google Cloud’s Mandiant, released Tuesday. 
    • “Organizations were able to detect intrusions within a median of 10 days in 2023, compared with 16 days in 2022. Notably the largest improvements came in the Asia-Pacific region, where median dwell times fell to nine days in 2023, compared with 33 in 2022.  
    • :Zero-day vulnerabilities are a hot target for espionage actors as well as financially motivated threat groups. Zero-day usage rose 50% in 2023, compared with the prior year.”
  • and
    • “The majority of companies, 4 in 5, have suffered a cyberattack that wasn’t fully covered under their cyber insurance policy, according to an analysis by cyber risk quantification firm CYE.
    • “On average, each insurance gap left more than three-quarters of a breach uncovered, CYE said in a report released Wednesday. The research, which analyzed 101 breaches across various sectors, revealed an average of $27.3 million in uncovered losses per incident.
    • “This study underscores how many companies rely on cyber insurance to cover the losses incurred as a result of cyber incidents and are then taken by surprise when they find that their insurance only covers a small portion,” Nimrod Partush, vice president of data science at CYE, said in a press release.” 
  • Here is a link to Dark Reading’s latest CISO Corner.
  • SC Media considers whether the Change Healthcare case finally will make providers do a business impact analysis.

Friday Factoids

David ErmerACA, CDC, COVID-19, COVID-19 vaccine, Generative AI, Medical / Rx research, NIH, Rx coverage, U.S. Healthcare
Photo by Sincerely Media on Unsplash

From Washington, DC,

  • Perhaps the most convoluted provision in the Affordable Care Act is its individual non-discrimimination clause, Section 1557. The Obama Administration issued an implementing rule. The Trump Administration replaced the Obama Administration’s rule, and today the Biden Administration has replaced the Trump Administration rule.
    • Of note, “[f]or the first time, the Department will consider Medicare Part B payments as a form of Federal financial assistance for purposes of triggering civil rights laws enforced by the Department, ensuring that health care providers and suppliers receiving Part B funds are prohibited from discriminating on the basis of race, color, national origin, age, sex and disability.”
    • HHS will refer FEHB and FEDVIP complaints to OPM.
  • The Washington Post reports,
    • “Medtronic said Friday that the U.S. Food and Drug Administration has approved a new spinal-cord implant that relieves chronic pain, a bid to expand into a patient population that relies heavily on medications like opioids.
    • “The new device works by delivering an electrical pulse to the spinal cord, interrupting pain signals before they reach the brain in patients suffering from back, cervical and nerve damage. While earlier versions of the device provided a constant level of stimulation, Medtronic’s new product can read signals from nerve fibers and automatically adjust the intensity — a feature designed to avoid uncomfortable jolts when a patient sneezes, coughs or laughs.
    • “It’s like listening for whispers at a rock concert,” David Carr, a Medtronic vice president, said in an interview. * * *
    • “Medtronic’s Inceptiv contains a lithium battery that can be recharged through the skin, and two leads with electrodes — some to read the signals from nerve fibers, and others to deliver the electrical pulse. The device can adjust the level of stimulation 50 times a second, according to the company.
    • “Inceptiv is “the world’s smallest and thinnest fully implantable” spinal-cord stimulator, Medtronic said.”
  • Per BioPharma Dive,
    • “The Food and Drug Administration on Friday approved a new gene therapy for hemophilia, clearing Pfizer’s Beqvez for certain people with the less common “B” form of the bleeding condition.
    • “Beqvez is for adults with moderate to severe hemophilia B who currently use drugs to prevent bleeds or have repeated, spontaneous bleeding. Eligible individuals also must be tested to determine whether they have antibodies that neutralize Beqvez’s effects.
    • “Pfizer set the treatment’s list price at $3.5 million, a company spokesperson confirmed. That matches the cost of Hemgenix, the other available gene therapy for hemophilia B. Pfizer will offer insurers a warranty providing “financial protections” if Beqvez doesn’t work or its effects don’t last, the spokesperson wrote in an email, without providing details.”

From the public health and medical research front,

  • The Centers for Disease Control lets us know today,
    • “The amount of respiratory illness (fever plus cough or sore throat) causing people to seek healthcare continues to decrease across most areas of the country. This week, 0 jurisdictions experienced high activity compared to 1 jurisdiction experiencing high activity the previous week. No jurisdictions experienced very high activity. 
    • “Nationally, emergency department visits with diagnosed influenza are decreasing. Emergency department visits with COVID-19 and RSV remain stable at low levels.  
    • “Nationally, COVID-19, influenza, and RSV test positivity decreased compared to the previous week. 
    • “Nationally, the COVID-19 wastewater viral activity level, which reflects both symptomatic and asymptomatic infections, remains low.” 
  • American Hospital Association News adds,
    • “Adults age 65 and older are encouraged to receive an updated dosage of the COVID-19 vaccine, the Centers for Disease Control and Prevention announced April 25. The update provides protection against the JN.1 and other circulating variants of the virus, and should be administered at least four months following the previous dosage. The CDC’s Advisory Committee on Immunization Practices recommended the additional dose in February.”
  • On a related note, the CDC reports today
    • H5N1 bird flu is widespread in wild birds worldwide and is causing outbreaks in poultry and U.S. dairy cows with one recent human case in a U.S. dairy worker.
    • While the current public health risk is low, CDC is watching the situation carefully and working with states to monitor people with animal exposures.
    • CDC is using its flu surveillance systems to monitor for H5N1 activity in people.
  • Medscape tells us,
    • “The glucagon-like peptide 1 (GLP-1) receptor agonist semaglutide (Wegovy) not only induced weight loss but also improved knee pain in people with knee osteoarthritis (OA) and obesity, according to results from the STEP 9 study reported at the World Congress on Osteoarthritis (OARSI 2024).
    • “From baseline to week 68, the mean change in knee pain assessed using the Western Ontario and McMaster Universities Arthritis Index (WOMAC) pain score was a reduction of 41.7 points for semaglutide and a decrease of 27.5 points for a matching placebo. The estimated treatment difference of 14.1 points between the groups was statistically significant (< .001).
    • “As for weight loss, this also fell by a significantly greater amount in the people treated with semaglutide vs those given placebo, with respective reductions of 13.7% and 3.2% from baseline, with an estimated 10.5% greater weight loss with semaglutide.
    • “The interesting thing is whether there’s a specific action of GLP-1 receptor agonists on the joint, not through the weight loss but by itself,” principal study investigator Henning Bliddal, MD, DMSc, told Medscape Medical News ahead of reporting the results at OARSI 2024.”
  • The National Institutes of Health (“NIH”) Director writes in her blog,
    • “In Alzheimer’s disease, a buildup of sticky amyloid proteins in the brain clump together to form plaques, causing damage that gradually leads to worsening dementia symptoms. A promising way to change the course of this disease is with treatments that clear away damaging amyloid plaques or stop them from forming in the first place. In fact, the Food and Drug Administration recently approved the first drug for early Alzheimer’s that moderately slows cognitive decline by reducing amyloid plaques. Still, more progress is needed to combat this devastating disease that as many as 6.7 million Americans were living with in 2023.
    • Recent findings from a study in mice, supported in part by NIH and reported in Science Translational Medicine , offer another potential way to clear amyloid plaques in the brain. The key component of this strategy is using the brain’s built-in cleanup crew for amyloid plaques and other waste products: immune cells known as microglia that naturally help to limit the progression of Alzheimer’s. The findings suggest it may be possible to develop immunotherapies—treatments that use the body’s immune system to fight disease—to activate microglia in the brains of people with Alzheimer’s and clear amyloid plaques more effectively.
    • In their report, the research team—including Marco Colonna , Washington University School of Medicine in St. Louis, and Jinchao Hou, now at Children’s Hospital of Zhejiang University School of Medicine in Zhejiang Province, China—wrote that microglia in the brain surround plaques to create a barrier that controls their spread. Microglia can also destroy amyloid plaques directly. But how microglia work in the brain depends on a fine-tuned balance of signals that activate or inhibit them. In people with Alzheimer’s, microglia don’t do their job well enough.  * * *
    • [O]verall, these findings add to evidence that immunotherapies of this kind could be a promising way to treat Alzheimer’s. This strategy may also have implications for treating other neurodegenerative conditions characterized by toxic debris in the brain, such as Parkinson’s disease, amyotrophic lateral sclerosis (ALS), and Huntington’s disease. The hope is that this kind of research will ultimately lead to more effective treatments for Alzheimer’s and other conditions affecting the brain.
  • NIH announced
    • “One injected dose of an experimental malaria monoclonal antibody was 77% effective against malaria disease in children in Mali during the country’s six-month malaria season, according to the results of a mid-stage clinical trial. The trial assessed an investigational monoclonal antibody developed by scientists at the National Institutes of Health (NIH), and results appear in The New England Journal of Medicine.
    • “A long-acting monoclonal antibody delivered at a single health care visit that rapidly provides high-level protection against malaria in these vulnerable populations would fulfill an unmet public health need,” said Dr. Jeanne Marrazzo, director of the National Institute of Allergy and Infectious Diseases, part of NIH.”
  • and
    • “In a new analysis of genetic susceptibility to kidney cancer, an international team of researchers has identified 50 new areas across the genome(link is external) that are associated with the risk of developing kidney cancer. These insights could one day be used to advance our understanding of the molecular basis of kidney cancer, inform screening efforts for those at highest risk, and identify new drug targets. The study was led by scientists at the National Cancer Institute (NCI), part of the National Institutes of Health (NIH).”

From the U.S. healthcare business front,

  • Berkeley Public Health informs us,
    • “Does paying more to have your outpatient surgery done at a hospital, rather than at a freestanding surgical center, lead to better care? A new study led by James C. Robinson, professor of health economics at UC Berkeley School of Public Health, says no.
    • “In an investigation published in the April issue of The American Journal of Managed Care, Robinson and his team found that the higher prices typically charged by hospitals for four common surgeries were not justified by higher quality, as measured by the rate of post-surgical complications.
    • “The researchers analyzed more than 2 million national Blue Cross Blue Shield insurance claims from 2019-2020 for patients aged 18 to 65 who received a colonoscopy, knee or shoulder arthroscopy, or cataract removal surgery, and calculated the prices and rates of complications for each procedure.
    • “They found large differences in price, but very little difference in the rate of post-surgery complications.”
  • Health IT Analytics tells us about the top twelve ways that artificial intelligence will be used in healthcare.
  • HR Dive offers a tracker of state and local laws requiring employers to disclose pay or pay ranges.
    • “Pay disclosure laws have taken several forms. Some require employers to provide the minimum and maximum pay, or a pay range, for a given job upon the request of an applicant. Others mandate this practice without requiring candidates to ask first. The latest wave of laws now require employers to include this information in all applicable job postings.”
  • Per Biopharma Dive,
    • “U.S. Humira sales fell 40% year over year during the first three months of 2024, to about $1.8 billion, as biosimilar copycats put pressure on AbbVie’s top-selling drug, the company said Friday in its first quarter earnings report.
    • “The declines were “in line” with what the company had anticipated for its inflammatory disease drug, AbbVie commercial chief Jeffrey Stewart said in a call with investors. Humira now faces 10 copycat competitors in the U.S., the first of which launched Jan. 31, 2023.
    • “Stewart said the company also expected a recent decision by CVS Health, whose pharmacy benefit manager is the country’s largest by prescription claims, to remove Humira from its national pharmacy effective April 1. Although that has meant Humira’s market share dropped from 96% to 81% over two weeks, Stewart said some of the shift went to other branded medicines, like AbbVie’s products Skyrizi and Rinvoq.”
  • Beckers Payer Issues points out,
    • Centene reported nearly $1.2 billion in net income in the first quarter and a more than 18% decrease in Medicaid membership year over year, according to its first-quarter earnings posted April 26.
    • Total revenues in the first quarter were $40.4 billion, up 3.9% year over year.
    • Total net earnings in the first quarter were nearly $1.2 billion, up 2.9% since the same period last year.
    • The company raised its year-end adjusted EPS guidance to at least $6.80.
    • The company’s medical loss ratio was 87.1% in the first quarter and 87% during the same period last year.”
  • According to Fierce Healthcare,
    • “The new year is “off to a good start,” for Community Health Systems, which reported a somewhat narrowed $41 million net loss (-$0.32 per diluted share) and a solid uptick in operating revenues for its first quarter.
    • “The 71-hospital for-profit system had logged a $51 million net loss during the same period last year, which, at the time, CHS attributed to a bump in Medicare Advantage patient volume.
    • “After excluding adjustments related to impairment losses and business transformation costs, the company landed at a net loss of $0.14 per share, which was about in line with consensus estimates.
    • “However, CHS shared a rosier picture when it came to operating revenues. Its three-month net of $3.14 billion beat estimates by about $50 million and was a 1% increase over last year.”
  • Healthcare Dive reports,
    • “Universal Health Services delivered first quarter earnings results Wednesday that beat analysts’ estimates on stronger than expected revenue and volume metrics across its behavioral health and acute service lines.”Universal Health Services delivered first quarter earnings results Wednesday that beat analysts’ estimates on stronger than expected revenue and volume metrics across its behavioral health and acute service lines.
    • “UHS increased its same facility net revenues for its acute care and behavioral care service lines by 9.6% and 10.4%, respectively, during the first quarter of 2024 compared to the same period last year.
    • “However, the operator could suffer a “material” financial hit should the operator fail to lower a March $535 million judgment against a subsidiary, UHS disclosed in its earnings report. The for-profit health system is currently appealing the judgment in post-trial motions, said CFO Steve Filton during the earnings call.”

Midweek Update

David ErmerCongress, FDA, Federal employment benefits, Generative AI, Medical / Rx research, Mental health care, NIH, OPM, U.S. Healthcare, Uncategorized
Photo by Mel on Unsplash

From Washington, DC,

  • Here’s a link to a the brief text of Senate bill 4811 that would allow over 100,000 reservists and National Guard members who also are federal employees to transfer from the FEHB to the lower cost Tricare Reserve Select healthcare program effective January 1, 2025.
  • Kevin Moss, writing in Govexec, points out the advantages of FEHB high deductible health plans.
  • Beckers Hospital Review alerts us,
    • “A Senate committee opened an investigation into Novo Nordisk’s list prices for Ozempic and Wegovy, Novo Nordisk’s diabetes and weight loss drugs. 
    • “In an April 24 letter to Novo Nordisk’s CEO, the Senate Committee on Health, Education, Labor, and Pensions said Ozempic and Wegovy are “exorbitantly expensive,” which restricts access to the drugs for millions of Americans. 
    • “In the U.S., a four-week supply of Ozempic costs $969, and Wegovy is $1,349. That’s up to 15 times more than what Novo Nordisk charges in Canada, Europe and Japan, the letter said. 
    • “In 2023, pharmacies, clinics and hospitals spent more than $38 billion on the two products, which contain the same drug, semaglutide. They were the No. 1 pharmaceutical expense for U.S. healthcare, according to research published April 24.”
  • STAT News confirms,
    • “Spending on GLP-1 drugs like Ozempic and Wegovy ballooned last year and they’re set to cost the U.S. health care system and the federal government still more this year and beyond, two new reports released Wednesday show.
    • “One study from the American Society of Health-System Pharmacists found that GLP-1 treatments were a main driver of the increase in overall drug spending by health entities such as pharmacies and hospitals last year. In particular, expenditures on Novo Nordisk’s semaglutide — sold as Ozempic for diabetes and Wegovy for obesity — doubled to $38.6 billion, making the drug the top-selling medicine in 2023.
    • “The other report, by health policy research organization KFF, looked at the impact of the recent approval of Wegovy to prevent cardiovascular complications. Medicare is barred from covering drugs for weight loss purposes, but the new approval means the federal payer can now cover Wegovy when prescribed to reduce heart risks. As a result, Medicare could spend $2.8 billion in a year on the single drug, the researchers conservatively estimate.
    • “Taken together, the reports provide a window into the pressure that GLP-1 drugs could place on overall health care spending going forward, especially as more people take the medications. The treatments have been in short supply, but drugmakers are ramping up manufacturing capacity to meet the unprecedented demand from patients. The pharma companies are also seeking approval for even more indications like heart failure and sleep apnea.”
  • The New York Times reports,
    • “The Food and Drug Administration on Wednesday approved the sale of an antibiotic for the treatment of urinary tract infections in women, giving U.S. health providers a powerful new tool to combat a common infection that is increasingly unresponsive to the existing suite of antimicrobial drugs.
    • “The drug, pivmecillinam, has been used in Europe for more than 40 years, where it is often a first-line therapy for women with uncomplicated U.T.I.’s, meaning the infection is confined to the bladder and has not reached the kidneys. The drug will be marketed in the U.S. as Pivya and will be made available by prescription to women 18 and older. * * *
    • Utility Therapeutics, the U.S. company that acquired the rights to pivmecillinam, said it would be available in 2025. The company is also seeking F.D.A. approval for an intravenous version of the drug that is used for more serious infections and is usually administered in a hospital setting.
    • “Health practitioners said they were elated to have another tool in their arsenal given the growing challenge of antimicrobial resistance, which makes existing medications less effective as pathogens mutate in ways that allow them to survive a course of antibiotics.”
  • As we learned yesterday, “Day One Biopharmaceuticals drug Ojemda is now FDA-approved for advanced pediatric low-grade glioma, the most common type of brain cancer in children. The regulatory decision for Ojemda covers a broader swath of patients than a drug combination from Novartis approved for treating this childhood cancer.” MedCity News adds,
    • “Ojemda is available as an immediate-release tablet or an oral suspension, both administered once weekly. Dosing of the Day One drug is according to body surface area, which is consistent with dosing for other pediatric medications, Blackman said. Day One has set a $33,816 wholesale price for a 28-day supply. That means the annual cost of the therapy will top $440,000. Ojemda’s price is the same for all packages of the drug and will not change as a child grows and needs higher doses, Chief Commercial Officer Lauren Merendino said.
    • “The two formulations of Ojemda can be taken at home, which minimizes disruption to the lives of patients and families, Merendino said. Day One’s goal is to establish Ojemda as the physician’s first choice of therapy for pLGG. Merendino said the drug should become available in about two weeks.”

From the public health and medical research front,

  • The Washington Post reports,
    • “Dairy cows must be tested for bird flu before moving across state lines, under a federal order issued Wednesday, as evidence mounts that the virus is more widespread than feared among cows in the United States.
    • Biden administration officials said the move is meant to contain transmission of the virus known as H5N1 and to reduce the threat to livestock, but they maintained that the risk to humans remains low. * * *
    • “An order issued by the U.S. Agriculture Department that takes effect Monday requires every lactating dairy cow to be tested before moving across state lines. Cows carrying the virus would have to wait 30 days and test negative before being moved, officials said. Positive test results would trigger additional requirements for herd owners to disclose information, including the movement of animals, to aid epidemiologic investigations, and for laboratories and state veterinarians to report cases to the USDA.
    • “Requiring positive test reporting will help USDA better understand this disease and testing before interstate movement will limit the spread of the virus,” Mike Watson, administrator of the USDA’s Animal and Plant Health Inspection Service, told reporters.
    • “This is an evolving situation, and we are treating it seriously and with urgency,” he said.”
  • The International Foundation of Employee Benefit Plans discusses “What Health Plan Sponsors Should Know About the Emerging Mental Health Needs of Youth.”
  • The National Cancer Institute released its latest Cancer Information Highlights.
  • The National Institutes of Health announced,
    • “In a proof-of-concept study, researchers demonstrated the effectiveness of a potential new therapy for Timothy syndrome, an often life-threatening and rare genetic disorder that affects a wide range of bodily systems, leading to severe cardiac, neurological, and psychiatric symptoms as well as physical differences such as webbed fingers and toes. The treatment restored typical cellular function in 3D structures created from cells of people with Timothy syndrome, known as organoids, which can mimic the function of cells in the body. These results could serve as the foundation for new treatment approaches for the disorder. The study, supported by the National Institutes of Health (NIH), appears in the journal Nature.
    • “Not only do these findings offer a potential road map to treat Timothy syndrome, but research into this condition also offers broader insights into other rare genetic conditions and mental disorders,” said Joshua A. Gordon, M.D., Ph.D., director of the National Institute of Mental Health, part of NIH.”
  • A primary care expert writing in Medscape offers a commentary on the new Shield blood test available for colon cancer screening.
    • “We will need to be clear [to patients] that the blood test is not yet endorsed by the USPSTF or any major guideline group and is a second-line test that will miss most precancerous polyps. As with the stool tests, it is essential to emphasize that a positive result must be followed by diagnostic colonoscopy. To addend the cancer screening maxim I mentioned before, the blood test is not the best test for CRC, but it’s probably better than no test at all.”
  • Health IT Analytics tells us,
    • “Researchers from the University of Virginia (UVA) have developed a machine learning tool designed to assess and predict adverse outcome risks for patients with advanced heart failure with reduced ejection fraction (HFrEF), according to a recent study published in the American Heart Journal.
    • “The research team indicated that risk models for HFrEF exist, but few are capable of addressing the challenge of missing data or incorporating invasive hemodynamic data, limiting their ability to provide personalized risk assessments for heart failure patients.
    • “Heart failure is a progressive condition that affects not only quality of life but quantity as well,” explained Sula Mazimba, MD, an associate professor of medicine at UVA and cardiologist at UVA Health, in the news release. “All heart failure patients are not the same. Each patient is on a spectrum along the continuum of risk of suffering adverse outcomes. Identifying the degree of risk for each patient promises to help clinicians tailor therapies to improve outcomes.”

From the U.S. healthcare business front,

  • The Wall Street Journal reports,
    • “Prices for surgery, intensive care and emergency-room visits rise after hospital mergers. The increases come out of your pay. 
    • “Hospitals have struck deals in recent years to form local and regional health systems that use their reach to bargain for higher prices from insurers. Employers have often passed the higher rates onto employees. 
    • “Such price increases added an average of $204 million to national health spending in the year after mergers of nearby hospitals, according to a study published Wednesday by American Economic Review: Insights. 
    • “Workers cover much of the bill, said Zack Cooper, an associate professor of economics at Yale University who helped conduct the study. Employers cut into wagesand trim jobs to offset rising insurance premiums, he said. “The harm from these mergers really falls squarely on Main Street,” Cooper said. 
    • “Premiums are rising at their fastest pace in more than a decade, driven up by persistently high inflation across the economy. Rising costs have fueled contentious negotiations that have led some hospitals and insurers to cancel contracts, leaving patients in the lurch. 
    • “Hospital mergers make the price pressures worse.” 
  • Per BioPharma Dive,
    • “Biogen has seen “encouraging early trends” in the launch of its postpartum depression pill Zurzuvae, revealing in first quarter earnings drug sales that surpassed the estimates of Wall Street analysts.
    • “Biogen said sales of Zurzuvae between January and March hit $12 million, up from $2 million in the fourth quarter of 2023 and doubling consensus estimates of $5 million to $6 million. The company didn’t, however, reveal the number of prescriptions filled for Zurzuvae, making demand for the drug difficult to track. 
    • “Zurzuvae, which was discovered by Biogen partner Sage Therapeutics and approved by the Food and Drug Administration last August, is the only pill available specifically meant to treat postpartum depression, or PPD. But its sales prospects are uncertain, as the condition often goes undiagnosed, and many who are diagnosed don’t receive treatment.”  
  • STAT News tells us,
    • “A year ago, when Novo Nordisk announced it would cut the price of multiple insulin products by up to 75%, President Biden, lawmakers, and patient groups all counted the move as a win.
    • But several months later, Novo decided to discontinue one of those products, the basal insulin Levemir.
    • “Though the insulin won’t officially be off the market until the end of this year, patients are already running into supply disruptions and insurance cutoffs, leaving them with few options. The discontinuation, which is happening only in the U.S., has now drawn alarm from some Democratic senators, who sent a letter to Novo last week demanding an explanation.
    • “The turn of events highlights a key gap in policy efforts: Even if officials can get drugmakers to cut prices, the companies can choose to just pull a drug off the market, without guaranteeing that other manufacturers will continue to make the compound.”
  • Beckers Payer Issues informs us,
    • “Humana reported $741 million in net income in the first quarter of 2024. 
    • “The company published its first quarter earnings report April 24, beating investor expectations. In Q1 2023, Humana posted $1.2 billion in net income.
    • “Total revenue in the first quarter was $29.6 billion, up 10.7% year over year. 
    • “Humana’s medical loss ratio was 88.9% in the first quarter, which the company projects will rise to about 90% for the full year.”
  • Beckers Hospital Review notes,
    • “Cleveland Clinic’s eHospital program has expanded and now monitors 248 patient beds in ICUs and other units across the organization’s network.
    • “The eHospital program launched in 2014 as a pilot in one intensive care unit. The program is centered around a component known as the “bunker,” an operations center on Cleveland Clinic’s main campus. The operations center is staffed from 7 p.m. to 7 a.m. daily by a team consisting of two critical care nurses and a physician. Their primary responsibility is to monitor patients across various ICU units within the Cleveland Clinic network.”
  • and identifies the 25 most expensive hospital drugs.
    • “Keytruda (pembrolizumab) was nonfederal hospitals’ costliest drug expense in 2023, according to research published April 24 in the American Journal of Health-System Pharmacy
    • “In 2021 and 2022, COVID-19 drug Veklury (remdesivir) was the No. 1 pharmaceutical expense for the nation’s hospitals. Most medicines on the list saw modest changes from the prior year except for TNKase (tenecteplase), a cardiovascular therapy that cost hospitals 87.9% more in 2023.” 

Cybersecurity Saturday

David ErmerCybersecurity, Generative AI, Uncategorized

From the cybersecurity policy front,

  • Cyberscoop informs us,
    • “FBI Director Christopher Wray warned Thursday that the threat posed by Chinese hacking operations to U.S. critical infrastructure has become more urgent, as intelligence agencies have said that groups like Volt Typhoon are preparing for the possibility of widespread disruptive actions as early as 2027.
    • “Wray said during a speech at Vanderbilt University that China has targeted dozens of oil pipeline entities since 2011, in some cases ignoring business and financial information entirely while stealing data on control and monitoring systems.
    • “More recently, Volt Typhoon has conducted broad targeting of American companies in the water, energy and telecommunications sectors, among others, which U.S. officials have described as “pre-positioning” for future attacks that could disrupt or halt systems responsible for critical services upon which Americans rely. Dragos, a private threat intelligence company that focuses on critical infrastructure, said in February that the group has also been observed targeting entities that provide satellite and emergency management services.
    • “The ultimate purpose of this activity is to give Beijing “the ability to physically wreak havoc on our critical infrastructure at a time of its choosing,” Wray said.”
  • The Hill reports,
    • “Artificial intelligence (AI) is making ransomware faster and easier to use as the online crime hits record levels, experts said at a House Financial Services subcommittee hearing Tuesday.”Artificial intelligence (AI) is making ransomware faster and easier to use as the online crime hits record levels, experts said at a House Financial Services subcommittee hearing Tuesday.
    • “We have tremendous concern about the future of AI and the direction it is allowing criminal actors to take, including more sophisticated deepfakes that ultimately form the first step in the chain of ransomware attacks,” said Megan Stifel, chief strategy officer at the Institute for Security and Technology.”
  • Cybersecurity Dive adds,
    • The Institute for Security and Technology’s Ransomware Task Force threw cold water on the need for a ransomware payment ban in a report released Wednesday.
    • The nonprofit Institute for Security and Technology rejects the viability of a ransom payment ban for multiple reasons, including: 
      • Concerns about a ban’s impact on ransom payment reporting by victims. 
      • The potential to drive more payments underground. 
      • And the unintended consequences and practicalities of critical infrastructure exemptions.
      • Rather than a ban, the RTF detailed 16 milestones it asserts would be “the most reasonable and effective approach to reducing payments.” 
    • “While a ban may be an easier policy lift than activities designed to drive preparedness, it will almost certainly create the wrong kind of impact,” the RTF co-chairs said via email. “The number of organizations making payments is declining, which suggests we’re on the right path.”
  • HHS’s Office for Civil Rights, which enforces the HIPAA Privacy and Security Rules, continues to update its “Change Healthcare Cybersecurity Incident Frequently Asked Questions” website.
  • The U.S. Government Accountability Office released a report titled “Cybersecurity: Implementation of Executive Order Requirements is Essential to Address Key Actions.”
    • “In 2021, the President issued an executive order to help protect federal IT systems from cyberattacks. The order contains 55 leadership and oversight requirements. DHS’s Cybersecurity and Infrastructure Security Agency, the National Institute of Standards and Technology, and the Office of Management and Budget are responsible for implementing them.
    • “These agencies have fully completed 49 of 55 requirements. Remaining requirements include improving software that is critical to the supply chain and ensuring that other agencies have sufficient resources to carry out the order.
    • “We recommended that these agencies implement the order’s remaining requirements.”
  • The Cybersecurity and Infrastructure Security Administration Agency (CISA) announced,
    • “CISA hosted the final round of the fifth annual President’s Cup Cybersecurity Competition this week and announced the winners today of the three competitions.
    • “The President’s Cup is a national competition designed to recognize the top federal cybersecurity talent. Three separate competitions take place during each President’s Cup; two Individuals tracks -– Track A which focuses on defensive work roles and tasks from the NICE Framework, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, and Track B which focuses on offensive work roles and tasks, and a Teams competition comprised of defensive and offensive challenges. The first rounds of the competition began earlier this year in January.
    • “This year’s winning team, known as Artificially Intelligent, was composed of members of the Department of Defense, U.S. Army, and the U.S. Air Force. Artificially Intelligent featured four members of last year’s winning teams, including one member who has been on every winning team since President’s Cup began five years ago. The winner of Individuals Track A was U.S. Army Major Nolan Miles, and the winner of the Individuals Track B was U.S. Marine Corps Staff Sergeant Michael Torres. SSG Torres also finished in second place of the Individuals Track A competition and is the first Individuals winner to repeat having won President’s Cup 3 Track A.”

From the cybersecurity vulnerabilities and breaches front,

  • Cybersecurity Dive reports,
    • “Palo Alto Networks and security researchers said a growing number of attackers are targeting a command injection vulnerability in the PAN-OS operating system, which powers the security vendor’s firewall products. 
    • “Palo Alto Networks is aware of an increasing number of attacks that leverage the exploitation of this vulnerability,” the company’s Unit 42 threat intelligence team said in a Tuesday update on its original threat brief. The vendor hasn’t disclosed how many devices are actively exploited, but said it observed 20 additional IP addresses attempting to exploit CVE-2024-3400.
    • “Since releasing the initial advisory on Friday [April 12], the company expanded the range of PAN-OS versions that are impacted by the CVE and retracted a secondary mitigation action. “Disabling telemetry is no longer an effective mitigation. Device telemetry does not need to be enabled for PAN-OS firewalls to be exposed to attacks related to this vulnerability,” the company said in an update.”
  • On April 18, HHS’s Health Sector Cybersecurity Coordination Center (HC3) issued an update on the Palo Alto Networks Firewalls (CVE-2024-3400).
    • On April 12, 2024, Palo Alto Networks issued a warning about CVE-2024-3400, a zero-day command injection vulnerability found in its firewalls operating PAN-OS v10.2, 11.0, and 11.1 with configurations for both GlobalProtect gateway and device telemetry enabled. There have been an increasing number of attacks observed against this vulnerability since its release. In the original advisory, it was believed that disabling device telemetry would work as an effective secondary mitigation, but the most recent update states that device telemetry does not need to be enabled for PAN-OS to be vulnerable to attacks. Hotfixes were also released starting on April 14, 2024. HC3 strongly encourages all organizations to review the updated security advisory and apply any mitigations to prevent serious damage from occurring to the Healthcare and Public Health (HPH) sector.
  • Per Cybersecurity Dive,
    • “The rapid adoption of artificial intelligence tools is potentially making them “highly valuable” targets for malicious cyber actors, the National Security Agency warned in a recent report.
    • “Bad actors looking to steal sensitive data or intellectual property may seek to “co-opt” an organization’s AI systems to achieve, according to the report. The NSA recommends organizations adopt defensive measures such as promoting a “security-aware” culture to minimize the risk of human error and ensuring the organization’s AI systems are hardened to avoid security gaps and vulnerabilities.
    • “AI brings unprecedented opportunity, but also can present opportunities for malicious activity,” NSA Cybersecurity Director Dave Luber said in a press release.”
  • Dark Reading adds,
    • “A slicker phishing lure and some basic malware was about all threat actors have been able to squeeze out of artificial intelligence (AI) and large language model (LLM) tools so far — but that’s about to change, according to a team of academics.
    • “Researchers at the University of Illinois Urbana-Champaign have demonstrated that by using GPT-4 they can automate the process of gathering threat advisories and exploiting vulnerabilities as soon as they are made public. In fact, GPT-4 was able to exploit 87% of vulnerabilities it was tested against, according to the research. Other models weren’t as effective.
    • “Although the AI technology is new, the report advises that in response, organizations should tighten up tried-and-true best security practices, particularly patching, to defend against automated exploits enabled by AI. Moving forward, as adversaries adopt more sophisticated AI and LLM tools, security teams might consider using the same technologies to defend their systems, the researchers added. The report pointed to automating malware analysis a promising use-case example.”
  • and
    • “An ongoing, highly sophisticated phishing campaign may have led some LastPass users to give up their all-important master passwords to hackers.
    • “Password managers store all of a user’s passwords — for Instagram, their job, and everything in between — in one place, protected by one “master” password. They unburden users from having to remember credentials for hundreds of accounts, and empower them to use more complicated, unique passwords for each account. On the other hand, if a threat actor gains access to the master password, they’ll have keys to every single one of the accounts within.
    • “Enter CryptoChameleon, a new, hands-on phishing kit of unparalleled realism. 
    • “CryptoChameleon attacks tend not to be so widespread, but they’re successful at a clip largely unseen across the cybercrime world, “which is why we typically see this targeting enterprises and other very high-value targets,” explains David Richardson, vice president of threat intelligence at Lookout, which first identified and reported the latest campaign to LastPass. “A password vault is a natural extension, because you’re obviously going to be able to monetize that at the end of the day.”
  • Healthcare IT Security lets us know,
    • “Healthcare organizations are 65% less likely to fully outsource their cybersecurity services than organizations in other sectors, Kroll researchers said in the new report, “The State of Cyber Defense: Diagnosing Cyber Threats in Healthcare.”
    • “Their research maps out the cybersecurity threat landscape the healthcare sector currently operates in, looking at detection and response, cyber threat intelligence and offensive security.
    • “The realities of healthcare IT’s complexities, “not to mention the extremely time-poor staff that need both maximum convenience and security from IT operations,” make it hard for the industry to protect itself, according to Devon Ackerman, Kroll’s global head of incident response and cyber risk.”

From the ransomware front,

  • SC Media reports,
    • “The Akira ransomware group netted itself $42 million in payments in the last year from over 250 organizations, according to a joint advisory released April 18 by four leading cybersecurity agencies across Europe and the United States. [Here is a link to CISA’s Stop Akira Ransomware sire.]
    • “The advisory, which said Akira was now attacking Linux machines as well as Windows, was posted by the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, Europol’s European Cybercrime Center, and the National Cyber Security Centre in the Netherlands.
    • “CISA said the advisory’s main goal was to help organizations mitigate these attacks by disseminating known Akira ransomware tactics, techniques and procedures, as well as indicators of compromise identified through FBI investigations as recent as February 2024.
    • “Evolving from an initial focus on Windows systems to a Linux variant targeting VMware ESXi virtual machines, CISA said in August 2023 the double-extortion group started deploying the Rust-based code Megazord and Akira, written in C++, as well as Akira_v2, also Rust-based.”
  • and
    • “Has ransomware hit a ceiling? We doubt it, but the pause outlined in a new report on active adversaries tells us ransomware has either saturated the available targets or enterprise defenses are starting to bear fruit.
    • “In its active adversaries report for the first half of 2024, Sophos’ X-Ops team analyzed more than 150 incident response cases. Through such a large analysis, the report provides good insights into the current tactics, techniques and procedures attackers currently employ. This is useful for anyone trying to better defend their systems.
    • “Sophos concludes that, despite a pause in the rise of ransomware, organizations are failing to take the steps necessary to adequately defend themselves against the increase in attacks to come. * * *
    • “The report concludes that while the current threat landscape is relatively calm, defenders must urgently learn from previous mistakes and prioritize basic security practices. Failing to bolster defenses now will only ease attackers’ impending sieges as they continue sharpening their capabilities.”
  • TechTarget identifies the top 13 ransomware targets in 2024 and beyond.
  • Bleeping Computer’s the Week in Ransomware is back.

From the cybersecurity defenses front,

  • “Healthcare Dive spoke with two cyber experts — Phil Morris and Chad Peterson, both managing directors at cybersecurity firm NetSPI — about how healthcare organizations can recover from the attack and what they need to do to protect themselves going forward.”
    • “HEALTHCARE DIVE: A survey by the American Hospital Association found that 94% of respondents were financially impacted by the Change attack. Why were so many providers impacted by this breach?
    • PHIL MORRIS: The cyberattack at Change Healthcare is really like the Francis Scott Key Bridge incident in Baltimore. It’s at the nexus of a very complex ecosystem we call healthcare delivery and payment systems here in the U.S. They handle so many claims, [pharmacy benefit managers], imaging, analytics and revenue management.
    • “It’s really a weak spot in the resiliency of healthcare because we have such a profit-driven healthcare system, that bringing that organization down had a rippling effect across not just hospitals but also network providers, pharmacies and patients. The ripple effects of this will go out across the healthcare system for some time.
    • CHAD PETERSON: Unfortunately, it’s a case of too many eggs in one basket, and it was the major choke point for a lot of healthcare systems that do their processing through [Change Healthcare]. So what they did is they basically hit the most vulnerable area to have the greatest impact.”
  • Healthcare Dive also reports on how cybersecurity took center stage at the American Hospital Association conference held last week.
    • “The majority of healthcare attacks aren’t coming from domestic hackers, experts stressed.
    • “Almost all cyberattacks against hospitals, including life-threatening ransomware attacks, originate from criminal gangs based in non-cooperative foreign jurisdictions,” AHA’s Riggi said. “That’s a euphemism, folks, for Russia, China, North Korea and Iran.” 
  • On April 15, CISA issued joint guidance deploying AI systems securely.
  • Tech Target offers four tips on securing cybersecurity insurance this year.
  • An ISACA expert discusses “Evolving Threats to Cloud Computing Infrastructure and Suggested Countermeasures.”

Friday Factoids

David ErmerCDC, COVID-19, FDA, Federal employment benefits, Generative AI, Medical / Rx research, Medicare, Mental health care, Obesity, U.S. Healthcare
Photo by Sincerely Media on Unsplash

From Washington, DC,

  • Healthcare Dive informs us,
    • “Providers and drugmakers are once again at odds over the 340B drug discount program: this time, over a rule finalized by the Biden administration on Thursday making changes to its dispute resolution process.
    • “The final rule, which will become effective in mid-June, is meant to make dispute resolution more accessible and efficient, according to the Health Resources and Services Administration, or HRSA, the agency that oversees 340B. Along with lowering barriers to enter the process, the rule requires parties to make a good faith effort to resolve disputes before bringing them to arbiters and creates an appeals process if either party doesn’t like the result.
    • “Provider groups the American Hospital Association and 340B Health said the rule should streamline the arbitration process and preserve the integrity of the controversial program. Meanwhile, pharmaceutical lobby PhRMA said the new process “panders to 340B hospitals” while ignoring drugmakers’ concerns.”
  • KFF lets us know,
    • Federal data from 2019 shows just 4% of potentially eligible enrollees participated in the program, a figure that appears to have held steady through 2023, according to a Mathematica analysis. About 12,000 physicians billed Medicare under the CCM mantle in 2021, according to the latest Medicare data analyzed by KFF Health News. (The Medicare data includes doctors who have annually billed CCM at least a dozen times.)
    • “By comparison, federal data shows about 1 million providers participate in Medicare.
    • Even as the strategy has largely failed to live up to its potential, thousands of physicians have boosted their annual pay by participating, and auxiliary for-profit businesses have sprung up to help doctors take advantage of the program. The federal data showed about 4,500 physicians received at least $100,000 each in CCM pay in 2021. * * *
    • “This program had potential to have a big impact,” said Kenneth Thorpe, an Emory University health policy expert on chronic diseases. “But I knew it was never going to work from the start because it was put together wrong.”
    • “He said most doctors’ offices are not set up for monitoring patients at home. “This is very time-intensive and not something physicians are used to doing or have time to do,” Thorpe said.”
  • Reg Jones offers “A Refresher Course on FEGLI Life Insurance” in FedWeek.

From the public health and medical research front,

  • The Centers for Disease Control reports today,
    • “The amount of respiratory illness (fever plus cough or sore throat) causing people to seek healthcare continues to decrease across most areas of the country. This week, 2 jurisdictions experienced high activity compared to 1 jurisdiction experiencing high activity the previous week. No jurisdictions experienced very high activity. 
    • “Nationally, emergency department visits with diagnosed influenza are decreasing. Emergency department visits with COVID-19 and RSV remain stable at low levels.  
    • “Nationally, COVID-19, influenza, and RSV test positivity decreased compared to the previous week. 
    • “Nationally, the COVID-19 wastewater viral activity level, which reflects both symptomatic and asymptomatic infections, remains low.” 
  • The National Institutes of Health announced,
    • “Despite Food and Drug Administration (FDA)-approval of seven next-generation antibiotics to fight infections caused by resistant “gram-negative” bacteria, clinicians frequently continue to treat antibiotic-resistant infections with older generic antibiotics considered to be less effective and less safe, according to a study by researchers at the National Institutes of Health’s (NIH) Clinical Center. Researchers examined the factors influencing doctors’ preference for newer antibiotics over traditional generic agents to shed light on the decision-making processes among clinicians when treating patients with challenging bloodstream infections caused by gram-negative bacteria and significant comorbidities.
    • “The study revealed that at a considerable proportion of hospitals, particularly smaller facilities located in rural areas, staff were reluctant to adopt newer antibiotics. Researchers identified a large cost disparity between older and newer classes of antibiotics; the newer drugs can cost approximately six times more than the older medications, which could disincentivize prescribing.
    • “Researchers also highlight that next-gen agents are prescribed more often at hospitals where lab results that show the medications are effective against a patient’s bacterial infection are reported to prescribers. Scientists suggest that earlier and more widespread availability of such lab testing might improve use. Additionally, authors recommend that future public health policies and economic strategies on further development and use of similar antibiotics should be designed to identify and overcome additional barriers.
    • “Gram-negative bacteria are a class of bacteria resistant to multiple drugs and increasingly resistant to most antibiotics. According to the Centers for Disease Control and Prevention, they are able to find new paths of resistant and pass along genetic material that enables other bacteria to become drug resistant.”
  • The American Hospital Association News adds,
    • “In clinical trials involving 220,000 patients at 59 HCA Healthcare hospitals, algorithm-driven computerized alerts helped clinicians better identify the appropriate antibiotic for 28% of patients with pneumonia and 17% of patients with urinary tract infections, according to studies funded by the Centers for Disease Control and Prevention published April 19 in JAMA. To reduce antibiotic resistance, physicians treating patients with a low risk for antibiotic-resistant bacteria were prompted to give standard-spectrum antibiotics.”In clinical trials involving 220,000 patients at 59 HCA Healthcare hospitals, algorithm-driven computerized alerts helped clinicians better identify the appropriate antibiotic for 28% of patients with pneumonia and 17% of patients with urinary tract infections, according to studies funded by the Centers for Disease Control and Prevention published April 19 in JAMA. To reduce antibiotic resistance, physicians treating patients with a low risk for antibiotic-resistant bacteria were prompted to give standard-spectrum antibiotics.
    • “Pneumonia and urinary tract infections are two of the most common infections requiring hospitalization and a major reason for overuse of broad-spectrum antibiotics,” said Sujan Reddy, M.D., medical officer in CDC’s Division of Healthcare Quality Promotion. “The INSPIRE trials have found a highly effective way to help physicians follow treatment recommendations to optimize antibiotic selection for each patient. These trials show the value of harnessing electronic health data to improve best practice.”
  • Health IT Analytics tells us,
    • “Artificial intelligence (AI)-driven tools can improve the skin cancer diagnostic accuracy of clinicians, nurse practitioners and medical students, according to a study published last week in npj Digital Medicine.
    • “The researchers underscored that AI-based skin cancer diagnostic tools are developing rapidly, and these tools are likely to be deployed in clinical settings upon appropriate testing and successful validation.”

From the U.S. healthcare business front,

  • Per BioPharma Dive,
    • “Alvotech and U.S. commercial partner Teva have signed a “long-term agreement” with an unspecified company to boost access to their biosimilar version of AbbVie’s blockbuster drug Humira, Alvotech said Friday. An Alvotech spokesperson declined to provide specifics.
    • “The deal comes seven weeks after the Food and Drug Administration approved Alvotech’s biosimilar, Simlandi, which the agency previously rejected multiple times. For patients to receive treatment, Alvotech and Teva must first cut deals with drug wholesalers, pharmacies and insurers that negotiate prices before agreeing to cover the therapy.
    • “CVS Health, whose pharmacy benefit manager is the country’s largest by prescription claims, removed Humira from its national formularyon April 1. Wall Street analysts have already reported substantial declines in Humira prescriptions over the last few weeks, when compared to the same period in 2023.”
  • According to Beckers Hospital Review,
    • “Change Healthcare has reinstated 80% of the functionality for its claims, payment and pharmacy services following a February ransomware attack, the company said.
    • “Those three areas represent most of Change Healthcare’s customers and continue to be restored, according to an April 16 earnings call from parent company UnitedHealth Group.
    • “Now we’ve still got work to do,” said Roger Connor, CEO of OptumInsight, the UnitedHealth unit that includes Change, during the call. “We’ve got another set of products coming online … in the coming weeks, but pleased with that progress.”
  • The AHA News reports,
    • “Patients went out-of-network 3.5 times more often to see a behavioral health clinician than a medical/surgical clinician in 2021, and up to 20 times more often for certain behavioral health visits, according to a new study by RTI International. For example, patients went out-of-network 8.9 times more often to see a psychiatrist, 10.6 times more often to see a psychologist, 6.2 times more often for acute behavioral inpatient care, and 19.9 times more often for sub-acute behavioral inpatient care.”
  • The Wall Street Journal reports,
    • “Social media is displacing physicians as the trusted authorities on whether patients should take one of the medicines. People are not only deciding to take a weight-loss drug—called GLP-1s— based on posts by friends and influencers but sometimes also skipping their doctor to go with one mentioned online.
    • “The virtual word-of-mouth can come across as authentic and accessible. People say they appreciate the tips and support they get from other online users. But many influencers and friends on social media play up all the pounds a person lost while playing down side effects that can be nasty, such as painful headaches and bouts of vomiting. Some omit the risks altogether.
    • “Unlike company drug advertisements, social-media posts don’t have to describe a drug’s side effects, suggest other resources or tell people to speak with their doctors.”
  • Ruh roh. This is why health plans are offering coaching services to these folks.

Friday Factoids

David ErmerCDC, COVID-19, FDA, Generative AI, HSA, Medical / Rx research, Obesity, OPM, U.S. Healthcare
Photo by Sincerely Media on Unsplash

From Washington, DC

  • The Washington Post reports,
    • On Thursday, FDA Commissioner Robert Califf appeared before the panel for the first time this Congress, facing a roughly four-hour grilling on a wide range of issues, from the infant formula crisis to tobacco regulation to an abortion pill. 
    • * * * Of note,
      • “The composition of a highly pathogenic strain of bird flu doesn’t appear to be resistant to current treatments already on the market for the flu, Califf said. This comes after a dairy worker in Texas was recently treated for bird flu, which has been identified in dairy cattle for the first time. 
      • “It’s always the case that when you have an actual illness you have to empirically prove that it works,” Califf said. “Fortunately right now, there’s really only one infected human that we know of, so it’s not something that we can test. But it looks good at this point.”
  • House Budget Committee Health Care Task Force (HCTF) Chair Rep. Michael C. Burgess, M.D. (R-TX) wrote an op-ed in the Hill about how to pay for 21st Century medicine.
    • “Medical advances have opened a new world of hope for patients suffering from serious and life-threatening diseases. We need to match our 21st century science with 21st century payment models and offer patients hope without breaking the budget.
    • “My legislation, the Preventive Health Savings Act, offers another new tool to help Congress identify the long-term savings generated by some of these novel therapies and assist in implementing new payment pathways.
    • “We can keep marching forward and saving lives, or we can turn the clock back. Congress needs to address these challenges by anticipating the future instead of wallowing in the past.”
  • Fierce Healthcare adds,
    • Instead of enacting public option plans, states should target reinsurance programs, a new report from the Partnership for America’s Health Care Future argues.
    • The group includes a collection of health plans, hospital groups and pharma companies brought together largely to oppose Medicare for All. This study was authored by three policy experts with the Hoover Institution at Stanford University.
  • OPM could encourage Congress to create a reinsurance pool for gene therapy treatments within FEHBP and PSHBP using the unused portion of the 1% surcharge on FEHB premiums intended to fund OPM’s FEHB / PSHB administrative costs.
  • Assistant Secretary of Labor for Employee Benefit Security Lisa Gomez wrote in her blog about how to unlock the power of prevention in the fight against cancer.
  • The Washington Post points out,
    • “Covid forced the public health field and health-care sector to work toward a shared goal of keeping people from becoming so ill that they overwhelm hospitals. Now, a group of health-care leaders — the Common Health Coalition, which represents physicians, hospitals and insurers — is trying to build upon these collaborations to better prepare localities for future health threats.”
  • Govexec.com informs us,
    • “The Office of Personnel Management issued a final rule Friday that would cull Social Security numbers from any mailed document in an effort to prevent fraud. 
    • “The rule, which was published in the Federal Register, is part of the implementation of the 2017 Social Security Number Fraud Prevention Act and is designed to help protect the identifiers, which can be used in various forms of identity theft. 
    • “The theft and fraudulent use of SSNs can result in significant repercussions for the SSN holder, as well as the entities from which SSNs were stolen,” OPM officials said in the Federal Register notice. “This direct final rule formalizes in regulation OPM’s current practice of safeguarding SSNs in mailed documents and will support efforts to protect individual privacy.”

From the public health and medical research front,

  • The Centers for Disease Control let us know earlier today,
    • “The amount of respiratory illness (fever plus cough or sore throat) causing people to seek healthcare continues to decrease across most areas of the country. This week, 1 jurisdiction experienced high activity compared to 6 jurisdictions experiencing high activity the previous week. [The outlier jurisdiction is North Dakota.]  No jurisdictions experienced very high activity. 
    • “Nationally, emergency department visits with diagnosed influenza are decreasing.  Emergency department visits with COVID-19 and RSV remain stable at low levels.  
    • “Nationally, COVID-19, influenza, and RSV test positivity decreased compared to the previous week. 
    • Nationally, the COVID-19 wastewater viral activity level, which reflects both symptomatic and asymptomatic infections, remains low.”
  • The Washington Post offers detailed background on prostate cancer following former NIH Director Francis Collins announced that he has the disease.
  • The Wall Street Journal reports,
    • “The European Union’s drug regulator found no link between the class of medicines behind 
    • Novo Nordisk’s blockbuster Ozempic and Wegovy treatments and reports of suicidal thoughts in patients.
    • “A study by a European Medicines Agency committee had been looking at potential links between the popular weight-loss and diabetes drugs and reports of suicidal and self-harming thoughts from people using them, but it said Friday that the evidence doesn’t support a causal association.
    • “The U.S. Food and Drug Administration came to the same conclusion in January while British health authorities are carrying out their own review.”
  • Today, the FEHBlog heard an OptumRx speaker at a local conference describe the following demographic characteristics of members of employer sponsored plans who use GLP-1 weight loss drugs.
    • 4 out of 5 are women
    • Average age range is 35-54 with a concentration in the 45 to 54 age range.
    • Average BMI is 35. According to the Cleveland Clinic, “Class III obesity, formerly known as morbid obesity, is a complex chronic disease in which a person has a body mass index (BMI) of 40 or higher or a BMI of 35 or higher and is experiencing obesity-related health conditions.”
  • Bear in mind that most employer sponsored plans do not cover retirees while the FEHBP does. The FEHBlog expects that the speaker provided a useful perspective on GLP-1 use among active employees participating the FEHP. KFF remind us the there are plenty of Medicare beneficiaries using GLP-1 drugs for diabetes.
    • In 2022, Medicare gross total spending reached $5.7 billion on Ozempic (semaglutide), Rybelsus (semaglutide), and Mounjaro (tirzepatide), all of which it covered for diabetes that year, according to just-released Medicare drug spending data [before manufacturer rebates]. That was up from $57 million in 2018. 
  • The Optum speaker also remarked that biosimilar competition caused Abbvie to lower the price of its blockbuster Humira drug by 30% in 2023. He explained that it takes time for biosimilars to gain market share when the brand drug drops its price substantially.
  • Per Fierce Healthcare,
    • “Approximately 40,000 women die of breast cancer in the U.S. each year.
    • “One way of reducing that number is ensuring access to preventive screenings such as mammograms. But health-related social needs can have an impact on a woman’s chance of being up to date with her mammogram. For example, women are less likely to get a mammogram if they feel socially isolated, have lost a job or don’t have reliable transportation, according to a recent Centers for Disease Control and Prevention (CDC) Vital Signs report.”
  • The New York Times provides expert opinions on whether artificial intelligence mammograms are worth the cost.
    • “The Food and Drug Administration has authorized roughly two dozen mammography A.I. products. Some of these are being rolled out to patients in a small number of clinics and tested by other hospitals that want to be certain of the value these tools provide before offering them to patients. 
    • “There is currently no billing code that radiologists can use to charge insurance providers for the technology. That means some centers may punt the cost to patients, charging between $40 to $100 out of pocket for an A.I. analysis. Other hospitals may absorb the cost and offer the additional analysis for free. Still others may keep the technology for research until they are more certain of the value it can provide to patients.
    • “It will take some time for A.I. to become part of routine care, which would lead insurance companies to consider reimbursing their cost. Until then, most patients don’t need A.I. for their mammograms, said Dr. Katerina Dodelzon, a radiologist who specializes in breast imaging at NewYork-Presbyterian/Weill Cornell Medical Center, though it might provide some extra reassurance for those who are particularly anxious about their results.”
  • Medscape tells us,
    • “Early data suggested that several new multicancer early detection (MCED) tests in development show promise for identifying cancers that lack routine screening options.
    • “Analyses presented during a session at the American Association for Cancer Research annual meeting, revealed that three new MCED tests — CanScan, MERCURY, and OncoSeek — could detect a range of cancers and recognize the tissue of origin with high accuracy. One — OncoSeek — could also provide an affordable cancer screening option for individuals living in lower income countries.
    • “The need for these noninvasive liquid biopsy tests that can accurately identify multiple cancer types with a single blood draw, especially cancers without routine screening strategies, is pressing. 
    • “We know that the current cancer standard of care screening will identify less than 50% of all cancers, while more than 50% of all cancer deaths occur in types of cancer with no recommended screening,” said co-moderator Marie E. Wood, MD, of the University of Colorado Anschutz Medical Campus, in Aurora, Colorado.”

From the U.S. healthcare business front,

  • Healthcare Dive reports,
    • “More than three-fourths of all U.S. doctors are now employed by hospitals, health insurers, private equity or other corporate entities, as rampant consolidation continues to shrink the number of independent physicians, according to new data.
    • “Between 2019 and 2024, more than 44,000 medical practices were acquired, according to the report published Thursday by Avalere Health, commissioned by the Physicians Advocacy Institute. As a result, nearly 60% of medical practices are now owned by corporations.
    • “As of January 2024, physician practice ownership by corporations — including health insurers, pharmacy chains and PE firms — exceeded ownership by hospitals and health systems for the first time, 30.1% to 28.4%. However, hospitals employ more than half of all U.S. physicians, while other corporations employ a little over one-fifth.”
  • MedTech Dive informs us,
    • “Roche has received the Food and Drug Administration’s breakthrough device designation for a blood test to support earlier diagnosis of Alzheimer’s disease, the Swiss drug and diagnostics company said Thursday.
    • “The test, once approved, could help healthcare providers identify whether amyloid pathology, a marker for Alzheimer’s disease, is present or absent in patients.
    • “The Elecsys pTau217 plasma biomarker test is being developed as part of an ongoing partnership between Roche and Eli Lilly. * * *
    • “New and emerging Alzheimer’s therapies aimed at slowing cognitive decline in the earlier stages of the disease call for confirmation of amyloid pathology, yet the only methods currently cleared for that task are cerebrospinal fluid (CSF) tests and amyloid positron emission tomography, or PET, scan imaging, according to Roche.”
  • Per BioPharma Dive, while “new postpartum depression drugs are here, diagnosis, treatment hurdles still stand in the way. Two Sage Therapeutics medicines are approved for the condition. But uptake of the first has been minimal, while the launch of the second [which is a pill] is still getting off the ground.”
  • The Employee Benefit Research Institute made available a new paper on high deductible health plans with health savings accounts.
    • “The purpose of this paper is to examine the impact of plan type on use of health care services and spending. The analysis focuses on enrollees in HSA plans and PPO enrollees who are in health plans with deductibles large enough to be HSA eligible as a way of isolating the impact of the HSA on use of health care services.”