Tuesday Tidbits

Uncategorized

Tuesday Tidbits

David ErmerCDC, Congress, COVID-19 vaccine, FDA, Medical / Rx research, NIH, U.S. Healthcare, Uncategorized
Photo by Patrick Fore on Unsplash

From Washington, DC,

  • The American Hospital Association New tells us,
    • The House Energy and Commerce Oversight and Investigations subcommittee June 4 hosted a hearing to discuss oversight of the 340B Drug Pricing Program. AHA sent a letter to the subcommittee for the hearing, urging Congress to protect the program and highlighted its value to hospitals and health systems.
  • Roll Call offers more details on this policy issue.
  • Per a Health and Human Services press release,
    • “The U.S. Department of Health and Human Services (HHS), through the Centers for Medicare & Medicaid Services (CMS) in partnership with the Substance Abuse and Mental Health Services Administration (SAMHSA), today welcomed 10 new states into the Certified Community Behavioral Health Clinic (CCBHC) Medicaid Demonstration Program, after they successfully developed the necessary state-level infrastructure and worked with providers in their states to develop programs that meet CCBHC standards: Alabama, Illinois, Indiana, Iowa, Kansas, Maine, New Hampshire, New Mexico, Rhode Island and Vermont. The CCBHC Medicaid Demonstration Program provides states with sustainable funding that helps them expand access to mental health and substance use services, supporting President Biden’s Unity Agenda and the Biden-Harris Administration’s efforts to tackle the country’s mental health and addiction crises. The expansion of the program directly supports the President’s national strategy to transform our behavioral health system and builds on the Administration’s previous work to build a better crisis continuum of care, including through the transition to the 988 Suicide & Crisis Lifeline, add a new mobile crisis benefit to Medicaid and new crisis codes to the Medicare program.”
  • NBC News reports,
    • A Food and Drug Administration advisory panel on Tuesday declined to recommend the approval of MDMA as a treatment for post-traumatic stress disorder, a major setback for advocates who have long pushed to include psychedelics in treating mental health disorders.
    • The two votes — one for the treatment’s efficacy and one for its safety, by the agency’s Psychopharmacologic Drugs Advisory Committee — marked the first time that FDA advisers have considered a Schedule I psychedelic for medical use. If approved by the FDA, it would be the first new treatment for PTSD in more than two decades.
    • The votes reflected panel members’ struggle to balance the need for new PTSD treatments against serious concerns about the data submitted by drugmaker Lykos Pharmaceuticals, which was marred by inconsistencies, poor study design and allegations of misconduct.
    • “It sounds like MDMA has really impacted a number of people in positive ways, but it seems that there are so many problems with the data,” said Melissa Decker Barone, an adjunct assistant professor in the department of psychiatry at the University of Maryland School of Medicine. * * *
    • Last week, the Institute for Clinical and Economic Review, a non-profit group that evaluates the cost of drugs, said patients and providers in the trial treated psychedelics “more like a religious movement than like pharmaceutical products.” * * *
    • “The decision will now go to the FDA, which is expected to make a final ruling by August 11. The committee’s vote is only a recommendation, and the agency doesn’t have to follow its advice, although it usually does.”
  • Reuters adds,
    • “The FDA’s staff in separate documents said vaccine makers developing the new booster shots may need to consider targeting one of the JN.1 subvariants such as KP.2, as further evolution of the virus could take it away from the older strain. * * *”The FDA’s staff in separate documents said vaccine makers developing the new booster shots may need to consider targeting one of the JN.1 subvariants such as KP.2, as further evolution of the virus could take it away from the older strain. * * *
    • “The FDA staff’s review for updating viral strains for vaccines in the U.S. differs from that of the World Health Organization’s advisers, who in April recommended targeting only the JN.1 strain.
    • “Since then, the subvariant KP.2 has become the dominant strain in the U.S., estimated to account for about 28.5% of cases over a two-week period ended May 25, according to data from the U.S. Centers for Disease Control and Prevention.”
  • Healthcare Dive informs us,
    • “Scan Health Plan won a lawsuit that alleged the federal government had improperly calculated its 2024 Medicare Advantage star ratings, which it argued could cost the insurer millions of dollars. “Scan Health Plan won a lawsuit that alleged the federal government had improperly calculated its 2024 Medicare Advantage star ratings, which it argued could cost the insurer millions of dollars. 
    • “The case centered around recent changes in how the CMS determined quality measures for the private Medicare plans. Scan alleged the agency didn’t follow its stated methodology, causing its rating to drop “precipitously” to 3.5 stars and risking $250 million in quality bonus payments. 
    • “The U.S. District Court for the District of Columbia ruled for the California-based insurer Monday, barring the federal government from using Scan’s original 2024 Star Rating for quality bonus decisions.”

From the public health and medical research front,

  • The New York Times reports,
    • “Surgeons removed the kidney of a genetically engineered pig from a critically ill patient last week after the organ was damaged by inadequate blood flow related to a heart pump that the woman had also received, according to officials at NYU Langone Transplant Institute.”Surgeons removed the kidney of a genetically engineered pig from a critically ill patient last week after the organ was damaged by inadequate blood flow related to a heart pump that the woman had also received, according to officials at NYU Langone Transplant Institute.
    • “The patient, Lisa Pisano, 54, who is still hospitalized, went back on kidney dialysis after the pig’s organ was removed. She lived with the transplanted organ for 47 days, Dr. Robert Montgomery, director of the institute, said. The kidney showed no signs of organ rejection.
    • “Lisa is in stable condition, and her left ventricular assist device is still functioning,” Dr. Montgomery said, referring to the heart pump. “We are hoping to get Lisa back home to her family soon.”
  • Health Day lets us know,
    • “As the H5N1 avian flu continues to spread among dairy cows in the United States, nearly 5 million doses of flu vaccine are now being prepared for possible use in humans.
    • “Since the outbreak in livestock began this spring, bird flu has been confirmed in three humans who worked on dairy farms in Texas and Michigan, and health experts are concerned the virus could mutate to the point where it could spread easily among humans.
    • “In response, vaccine maker CSL Seqirus announced last week that it has been tasked with making the additional doses of flu vaccine at its North Carolina plant.
    • “It utilizes a highly scalable method of production and is currently positioned to deliver up to 150 million influenza vaccine doses to support an influenza pandemic response within six months of a pandemic declaration,” the company noted in a news release.”
  • ABC News relates,
    • “Cases of whooping cough are on the rise across the United States, data from the Centers for Disease Control and Prevention shows. “Cases of whooping cough are on the rise across the United States, data from the Centers for Disease Control and Prevention shows.
    • “There have been at least 4,864 whooping cough cases reported this year. This is nearly three times higher than the 1,746 cases reported at the same time last year.
    • “The number of cases for 2024 is similar to those seen in 2018-2019, before the COVID-19 pandemic.
    • “The national trends mirror those seen in many U.S. states. The Oregon Health Authority said Thursday that 178 cases have been reported as of May 29, a 770% increase from the 20 cases reported by at the same time in 2023, according to local ABC News affiliate KATU. * * *
    • “There are two types of vaccines used today to protect against whooping cough: diphtheria, tetanus, and pertussis (DTaP) vaccine for babies and children younger age 7 and tetanus, diphtheria, and pertussis (Tdap) vaccines for children aged 7 and older, adults and pregnant women.
    • “People often think ‘Well once you get vaccinated you have lifelong immunity,’ and that’s actually not the case. You certainly need to get those booster doses,” Madad said.”
  • Beckers Hospital Review points out
    • “Mississippi is the unhealthiest state in the nation for older adults in 2024, according to the United Health Foundation’s 12th annual “America’s Health Rankings Senior Report.”
    • “The May 30 report provides a comprehensive look at the health and well-being of Americans 65 and older.   
    • “State rankings were derived from 35 measures across five categories of health: social and economic factors, physical environment, behaviors, clinical care and health outcomes. The full methodology can be viewed here.
  • The National Institutes of Health shared their most recent research insights.
  • NIH announced in various press releases,
    • “Two clinical trials have launched to examine a novel long-acting form of HIV pre-exposure prophylaxis (PrEP) in cisgender women and people who inject drugs. The mid-stage studies will assess the safety, acceptability, and pharmacokinetics (how a drug moves through the body) of lenacapavir, an antiretroviral drug administered by injection every six months. The studies are sponsored and funded by Gilead Sciences, Inc., and implemented through the HIV Prevention Trails Network (HPTN). The HPTN is supported by grants from the National Institutes of Health’s (NIH) National Institute of Allergy and Infectious Diseases (NIAID), with scientific collaboration on this study and others from the National Institute on Drug Abuse (NIDA) as well as co-funding from NIDA and other NIH institutes.”
  • and
    • “A five-minute cognitive assessment coupled with a decision tree embedded in electronic medical records, known as 5-Cog, improved dementia diagnosis and care, based on a clinical trial funded by the National Institutes of Health (NIH) and conducted in an urban primary care setting. Researchers evaluated the system among 1,200 predominantly Black and Hispanic American older adults who presented to primary care with cognitive concerns. The findings appear in Nature Medicine. * * *
    • “5-Cog combines three metrics designed to test memory recall, the connection between cognition and gait, and the ability to match symbols to pictures. Importantly, these tests are easy to perform, relatively quick, and are not affected by reading level or ethnic/cultural differences among patients. * * *
    • “Cognitive impairment is often difficult to diagnose in the busy primary care setting and, as a result, beneficial care plans are likely underutilized. This can result in lack of detection, which delays the start of support services and critical planning. Underdiagnosis is even more prevalent among older Black and Hispanic patients compared to white patients, suggesting this tool may be even more valuable to the populations represented in the study.”
  • and
    • “For military members and veterans who have been diagnosed with post-traumatic stress disorder (PTSD), adding a service dog to their usual care could reduce the severity of PTSD symptoms, feelings of anxiety, and lower depression while enhancing their quality of life and psychosocial functioning, according to a study funded by the National Institutes of Health.”For military members and veterans who have been diagnosed with post-traumatic stress disorder (PTSD), adding a service dog to their usual care could reduce the severity of PTSD symptoms, feelings of anxiety, and lower depression while enhancing their quality of life and psychosocial functioning, according to a study funded by the National Institutes of Health.
    • “The trial, which is the largest nationwide study comparing service dog partnerships to usual care alone, included 156 military members and veterans diagnosed with PTSD. Participants were recruited through the database of K9s For Warriors, an accredited non-profit service dog provider. Under U.S. federal law(link is external), service dogs are “individually trained to work or perform tasks for people with disabilities.”

From the U.S. healthcare business front,

  • Per MedTech Dive,
    • “Abbott received clearance from the Food and Drug Administration for an over-the-counter glucose monitor. “Abbott received clearance from the Food and Drug Administration for an over-the-counter glucose monitor. 
    • “The device, called Lingo, first debuted in the U.K. last year as a sensor for people who don’t have diabetes to track glucose spikes. Abbott hopes to bring it to the U.S. but has shared few details about its plans. 
    • “With the recent FDA clearance, Abbott will compete with Dexcom for a new category of over-the-counter glucose monitors. Dexcom received FDA clearance for the first over-the-counter CGM in March.”
  • Per Healthcare Dive,
    • “Steward Health Care is aggressively courting new debtor-in-possession lenders to stay afloat amid its Chapter 11 restructuring process. Without additional capital, the health system says it will run out of funds by June 14.
    • “Medical Properties Trust, Steward’s landlord and initial DIP financier, appears unlikely to step up to the plate to offer more funds.
    • “The Dallas-based health system, which employs 30,000 people across eight states, declared bankruptcy last month. At the time, the real estate investment trust put up $75 million of DIP financing and said it might offer up to $225 million more, contingent upon successful asset sales.
    • “But MPT has since shown little interest in providing additional financial support for Steward. As of Friday, Steward’s attorneys told the court that MPT had made no further commitment to pony up funds, leaving the health system in immediate need of new funding.”

 

Happy Memorial Day!

David ErmerACA, CDC, Congress, COVID-19, Medical / Rx research, Obesity, U.S. Healthcare, Uncategorized

From Washington, DC —

  • Congress is not in session this week of Memorial Day.
  • FEHB and for the first time PSHBP plans must submit their 2025 benefit and rate proposals no later than this coming Friday May 31.
  • The No Surprises Act RxDC reporting deadline for the 2023 calendar year is this coming Saturday, June 1.

From the public health and medical research front,

  • The Washington Post warns us,
    • “Summer offers a reminder of why covid is unlike the flu, a more predictable fall and winter respiratory virus. Coronavirus ebbs and flows throughout the year, and hospitalizations have always risen in summer months when people travel more and hot weather drives people indoors. For now, covid activity is low nationally, the CDC said Friday. The number of Americans dying of covid is less than half what it was a year ago, with a death toll around 2,000 in April. The virus poses a graver threat to the severely immunocompromised and elderly. But it can still surprise younger healthy people, for whom a bout of covid can range from negligible sniffles to rarer long-term debilitating effects. * * *
    • “The CDC and health authorities continue to promote the coronavirus vaccine, last updated in fall 2023 for a subvariant no longer in circulation, as the best form of protection against the disease. Just 23 percent of adults have received a dose of the latest vaccine, the CDC estimates. Experts say the existing formula should still confer protection against severe illness from the FLiRT variants. People 65 and older qualify for a second dose, but only 7 percent have received two shots.”
  • The Post also lets us know,
    • “When asked, 75 percent of survey respondents said they felt mental health conditions are identified and treated worse than physical health issues, according to a new survey from West Health and Gallup.
    • “The poll surveyed a random sample of 2,266 U.S. adults 18 and older. In addition to perceptions about treatment, the survey also gauged mental health conditions among participants. Of the respondents: 51 percent reported experiencing depression, anxiety or another mental health condition in the previous 12 months. * * *
    • “The main barriers, according to those surveyed, were affordability and difficulty in finding an adequate provider. Participants also cited shame and embarrassment as keeping them from treatment. This was particularly felt among participants who had experienced a mental health issue in the past year: 74 percent of those respondents thought people with mental health conditions are viewed negatively. 
    • “Additionally, 75 percent of adults 65 or older thought mental health conditions carry a negative stigma, but 53 percent of the participants felt psychological counseling or therapy is “very effective” or “effective.” Fewer adults felt medication was effective.”
  • Fortune Well tells us,
    • “Attention-deficit/hyperactivity disorder (ADHD) is one of the most common neurodevelopmental disorders of childhood, and it’s usually diagnosed in kids. But ADHD tends to be underdiagnosed in women and people of color, which can lead to some people reaching adulthood before realizing they may have the condition.” 
    • The article delves into the signs and symptoms of ADHD in adults and treatment options.
  • Fortune Well also considers,
    • “Could Ozempic be the answer to a longer life?
    • “It’s the question many scientists are asking about the controversial drug, a glucagon-like peptide-1 receptor agonist (GLP-1), as some research suggests it could help humans age with less chronic diseases. The same goes for glucose-dependent insulinotropic peptide receptor agonists (GIP) such as Zepbound and Mounjaro, leaving some experts to start seeing them as potential longevity pills and considering how in the future they can be prescribed safely to more people, especially as rates of obesity continue to rise.
    • “The singular most effective and consistent way of extending lifespan in animals is caloric restriction,” says Dr. Douglas Vaughan, a professor of medicine at Northwestern University and director of the Potocsnak Longevity Institute. “That’s been demonstrated to work on everything from worms to flies to mice to monkeys. If you can find a way to get people to chronically reduce their caloric intake, it sort of makes sense that it might have an effect on aging. It’s probably not as simple as that and there could be unexpected effects of these drugs that might negate or prevent the anti aging effect, but it’s a great hypothesis and it needs to be tested rigorously.”

From the U.S. healthcare business front,

  • Fierce Healthcare notes,
    • “Elevance Health’s philanthropic arm is launching a new initiative that aims to provide loans to small businesses and other organizations in a bid to address health equity.
    • “The Elevance Health Foundation has made a $10 million commitment to the “impact investing” effort, according to an announcement. The loans offered through the program will be offered at below Prime rates, and the partners will deploy the funds to address key social needs like access to care, food insecurity and health disparities.
    • “The foundation also intends to seek out purpose-driven businesses that may not be able to access traditional banking, particularly those owned by women and people of color, who can impact equity in their communities.
    • “Shantanu Agrawal, chief health officer at Elevance Health, told Fierce Healthcare that the foundation has historically offered grant-based programs, which does limit the reach of its work to non-profit organizations. The team “took a step back” and examined other ways it could invest in communities before landing on this loan program, he said.”
  • The Wall Street Journal reports that
    • “the debt-collection spree is an example of how some hospitals in recent years have become more aggressive in recouping bills from the estimated more than 15 million Americans who have medical debt. The issue can be particularly acute in rural areas like Pratt, where residents are more likely to be older and uninsured, and hospitals are under financial stress
    • “A nationwide increase in debt-collection cases has drawn scrutiny from some attorneys and judges who say they eat up court and law-enforcement resources. In nine states with easy-to-access court data, debt cases—including those for medical bills, credit cards, and auto and student loans—made up 29% of civil dockets in 2013, compared with 42% in 2021; debt claims were the most common civil cases in 13 of 16 states that year, according to the nonprofit Pew Charitable Trusts.”

Thursday Miscellany

David ErmerAHRQ, CDC, Congress, FDA, Medical / Rx research, Patient safety, Rx coverage, U.S. Healthcare, Uncategorized
Photo by Josh Mills on Unsplash

From Washington, DC,

  • The Hill informs us,
    • “Blockbuster weight-loss drug Wegovy could bankrupt the U.S. health care system unless the price drops, according to a staff report released Wednesday from the office of Senate Health Committee Chair Bernie Sanders (I-Vt.). 
    • “Unless prices dramatically decline, Wegovy and weight loss drugs could push Americans to spend $1 trillion per year on prescription drugs, the report concluded.
    • “Pricing drugs based on their value cannot serve as a blank check, or the sole determinant for how we understand what to pay for essential goods,” the report stated. As important as these drugs are, they will not do any good for the millions of patients who cannot afford them.” 
    • “The report ups the pressure from Sanders on Danish drugmaker Novo Nordisk to lower the price of Wegovy and Ozempic.”
  • The good Senator has a point here. Drug manufacturers need a dose or two of price reasonableness.
  • STAT News reports,
    • “A House subcommittee on Thursday advanced legislation that would extend some pandemic-era telehealth policies in Medicare for two years, bringing the panel’s approach in line with another committee.
    • “During the pandemic, Congress extended flexibilities that changed what kinds of care Medicare beneficiaries could receive over telehealth and where. Originally, the House Energy and Commerce health subcommittee had considered a bill that would have enacted the policies permanently, but amended the legislation Thursday to pare it down to a two-year extension. The bill passed to the full committee unanimously on a 21-0 vote.
    • “The approach is in line with that of another panel, the House Ways and Means Committee, which passed a two-year extension earlier this month. Both bills include similar provisions that would pay for the extension in part through reforms to the way in which pharmacy middlemen operate.”
  • American Hospital Association News shares,
    • “The AHA shared a series of proposals to strengthen rural health care with the Senate Finance Committee for a hearing May 16 titled, “Rural Health Care: Supporting Lives and Improving Communities.” The proposals include policies promoting flexible payment options; ensuring fair, timely and adequate reimbursement; bolstering the workforce; and improving maternal health. During the hearing, several members focused on access to obstetric services and augmenting the number of medical residency slots awarded to rural hospitals. Jeremy P. Davis, MHA, president and CEO of AHA-member Grande Ronde Hospital in La Grande, Ore., and other health care leaders and policy researchers testified.”
  • The Department of Health and Human Services celebrates the Administration’s mental healthcare accomplishments.
  • The New York Times reports,
    • “The Food and Drug Administration on Thursday approved an innovative new treatment for patients with a form of lung cancer. It is to be used only by patients who have exhausted all other options to treat small cell lung cancer, and have a life expectancy of four to five months. * * *
    • “Each year, about 35,000 Americans are diagnosed with small cell lung cancer and face a grim prognosis. The cancer usually has spread beyond the lung by the time it is detected. * * *
    • “The drug tarlatamab, or Imdelltra, made by the company Amgen, tripled patients’ life expectancy, giving them a median survival of 14 months after they took the drug. Forty percent of those who got the drug responded.
    • “After decades with no real advances in treatments for small cell lung cancer, tarlatamab offers the first real hope, said Dr. Anish Thomas, a lung cancer specialist at the federal National Cancer Institute who was not involved in the trial.
    • “I feel it’s a light after a long time,” he added.”
  • Tammy Flanagan, writing in Govexec, discusses FEHB annuitant reactions to Part D EGWP offerings in various FEHB plans for 2024.
  • Federal News Network notes,
    • After a couple years of uncertainty, satisfaction among federal employees is beginning to rise at many agencies.
    • In a preview of the latest Best Places to Work in the Federal Government rankings, out of the top 10 agencies in each of the four categories — large, midsize and small agencies, as well as agency subcomponents — prioritizing employee engagement was the common thread, the Partnership for Public Service said.
    • “At a time when our nation faces both critical challenges and exciting opportunities at home and abroad, an engaged federal workforce is vitally important,” Max Stier, president and CEO of the Partnership for Public Service, said in a statement. “The top-ranked agencies have excelled at keeping their workforces engaged and motivated and, as a result, they are well positioned to deliver results for the public.” * * *
    • “The Environmental Protection Agency, Energy Department, Office of Personnel Management and National Credit Union Administration all moved up in the rankings and increased their overall scores.” 
  • The CDC is promoting its new and improved website.

From the public health and medical research front,

  • The New York Times informs us,
    • “With Pride events scheduled worldwide over the coming weeks, U.S. officials are bracing for a return of mpox, the infectious disease formerly called monkeypox that struck tens of thousands of gay and bisexual men worldwide in 2022. A combination of behavioral changes and vaccination quelled that outbreak, but a majority of those at risk have not yet been immunized.
    • “On Thursday, the Centers for Disease Control and Prevention warned of a deadlier version of mpox that is ravaging the Democratic Republic of Congo and urged people at risk to be vaccinated as soon as possible. No cases of that subtype have been identified outside Africa so far. But the escalating epidemic in Congo nevertheless poses a global threat, just as infections in Nigeria set off the 2022 outbreak, experts said.
    • “This is a very important example of how an infection anywhere is potentially an infection everywhere, and why we need to continue to improve disease surveillance globally,” said Anne Rimoin, an epidemiologist at the University of California, Los Angeles. * * *
    • “The C.D.C. is focusing on encouraging Americans at highest risk to become vaccinated before the virus resurges. The agency’s outreach efforts include engaging with advocacy groups and social media influencers who have broad appeal among the L.G.B.T.Q. community. In December, the agency urged clinicians to remain alert for possible cases in travelers from Congo.”
  • and
    • “Heart disease, diabetes and kidney disease are among the most common chronic illnesses in the United States — and they’re all closely connected.
    • “Adults with diabetes are twice as likely to have heart disease or a stroke compared with those who don’t have diabetes. People with diabetes — Type 1 and Type 2 — are also at risk of developing kidney disease. And when the kidneys don’t work well, a person’s heart has to work even harder to pump blood to them, which can then lead to heart disease.
    • “The three illnesses overlap so much that last year the American Heart Association coined the term cardiovascular-kidney-metabolic syndrome to describe patients who have two or more of these diseases, or are at risk of developing them. A new studysuggests that nearly 90 percent of American adults already show some early signs of these connected conditions.
    • “While only 15 percent of Americans meet the criteria for advanced stages of C.K.M. syndrome, meaning they have been diagnosed with diabetes, heart disease or kidney disease or are at high risk of developing them, the numbers are still “astronomically higher than expected,” said Dr. Rahul Aggarwal, a cardiology fellow at Brigham and Women’s Hospital in Boston and co-author of the study.
    • “The research suggests that people should pay attention to shared risk factors for these diseases early on — including excess body fat, uncontrolled blood sugar, high blood pressure and high cholesterol or triglyceride levels.”
  • BioPharma Dive points out,
    • “An experimental Roche drug helped people with obesity lose an average of nearly 19% of their body weight over six months, after adjusting for placebo, in an early-stage trial, the company said Thursday.
    • “Roche is awaiting additional data from a study of the drug, called CT-388, in people with diabetes as well as obesity. It also didn’t provide specifics on the drug’s side effect profile. CT-388 is currently only in a Phase 1 program involving 96 people. Larger and longer trials are needed before the company can ask the Food and Drug Administration for approval.
    • “Roche acquired CT-388 through a $2.7 billion acquisition of biotechnology startup Carmot Therapeutics in December. The deal was part of a rush by pharmaceutical companies to capture a share of a market estimated to be worth more than $100 billion annually by early next decade.”
  • and
    • “A once-weekly form of insulin being developed by Eli Lilly proved just as effective at controlling blood sugar in adults with diabetes as commonly used daily injections, according to results from two clinical trials that were released by the drugmaker Thursday.”A once-weekly form of insulin being developed by Eli Lilly proved just as effective at controlling blood sugar in adults with diabetes as commonly used daily injections, according to results from two clinical trials that were released by the drugmaker Thursday.
    • “Lilly is betting that its experimental drug, dubbed insulin efsitora alfa, could provide a longer-lasting and more convenient option than daily treatment for managing diabetes. 
    • “With efsitora, we have an opportunity to provide an innovative once-weekly solution that safely achieves and maintains A1C control, reduces treatment burden of traditional daily injections and potentially improves adherence for people with diabetes,” said Jeff Emmick, a senior vice president of product development for Lilly, in a statement on the trial results.” 
  • The National Institutes of Health Director, in her blog, discusses “Speeding the Diagnosis of Rare Genetic Disorders with the Help of Artificial Intelligence.”
  • The National Institutes of Health announced,
    • “People were more likely to develop a type of treatment-resistant hypertension when they experienced adverse effects of economic and social conditions that influence individual and group differences in health status, known as social determinants of health. Additionally, this risk was higher among Black American adults than white American adults, according to a study funded by the National Institute of Neurological Disorders and Stroke (NINDS), part of the National Institutes of Health.”People were more likely to develop a type of treatment-resistant hypertension when they experienced adverse effects of economic and social conditions that influence individual and group differences in health status, known as social determinants of health. Additionally, this risk was higher among Black American adults than white American adults, according to a study funded by the National Institute of Neurological Disorders and Stroke (NINDS), part of the National Institutes of Health.
    • “Factors linked to this increased risk included having less than a high school education; a household income less than $35,000; not seeing a friend or relative in the past month; not having someone to care for them if ill or disabled; lack of health insurance; living in a disadvantaged neighborhood; and living in a state with low public health infrastructure. Apparent treatment-resistant hypertension is defined as the need to take three or more types of anti-high blood pressure medication daily and is associated with an increased risk for stroke, coronary heart disease, heart failure, and all-cause mortality.”
  • The U.S. Preventive Services Task Force released a final research plan for “Unhealthy Alcohol Use in Adolescents and Adults: Screening and Behavioral Counseling Interventions.”
  • Beckers Hospital Review alerts us,
    • “In 2023, patient falls were once again the most common sentinel event reported by healthcare organizations, according to a May 15 report from The Joint Commission.
    • “The Joint Commission defines a sentinel event as a patient safety event that results in death, permanent harm, severe temporary harm or intervention required to sustain life.
    • “The accrediting body received 1,411 reports of sentinel events in 2023, on par with the volume reported in 2022. Only a small portion of all sentinel events are reported to The Joint Commission, meaning conclusions about the events’ frequency and long-term trends should not be drawn from the dataset, the organization said.
    • “In total, 96% of healthcare organizations voluntarily reported sentinel events. About 18% of events were associated with patient death, 8% with permanent harm or loss of function, 57% with severe temporary harm and 12% with unexpected additional care or extended healthcare stays.”

From the U.S. healthcare business front,

  • The Wall Street Journal reports,
    • “One reason U.S. inflation is still high: Increases in prices for procedures to prop open clogged arteries, provide intensive care for newborns and biopsy breasts.
    • “Hospitals didn’t raise prices as early in the pandemic as supermarkets, retailers and restaurants. But they have been making up ground since then. Their increases have contributed to stubbornly high inflation readings from the consumer-price index, which in April increased 3.4% from a year ago. 
    • “Hospital prices specifically jumped 7.7% last month from a year ago, the highest increase in any month since October 2010, the Labor Department said Wednesday. * * *
    • Economists said they expect higher hospital inflation to persist as recent years’ labor-market disruption continues to ripple through wages and health-insurance contracts. 
    • “We’re not expecting much slowing,” said Alan Detmeister, an economist for UBS. “This was a very large shock that we saw in the healthcare industry over Covid, and it takes years for those to pass through to the prices.”
    • Hospital price increases are responsible for about 23% of the growth in U.S. health spending each year, on average, according to an analysis by federal actuaries for the Journal. Health-insurance premiums last year shot up at the fastest rate in a decade
    • Premiums rise with health spending. Public employees in California saw premiums increase 11% this year, largely because of rising prices, which alone raised their premiums by 8%, said the California Public Employees’ Retirement System. 
  • Healthcare Finance adds,
    • The Centers for Medicare and Medicaid Services’ January [2024] expansion of the two-midnight rule to include Medicare Advantage plans has contributed to higher inpatient volumes and revenue growth in the first quarter of the year, according to a Strata Decision Technology report.
    • This is because inpatient services have higher reimbursement levels compared to outpatient services and the two-midnight rule concerns inpatient care.
  • Per Fierce Healthcare,
    • “Though held in check by inflation, Cleveland Clinic’s first-quarter operations trickled past last year’s tally thanks to a jump in volumes and revenues.
    • The nonprofit system reported this week a $50.2 million operating gain (1.3% operating margin), as opposed to the prior year’s $32.3 million (0.9% operating margin). Operating revenues rose 10.2% year over year to nearly $3.9 billion while operating expenses followed close behind with a 9.8% increase.
    • “Cleveland Clinic enjoyed “strong demand for both inpatient and outpatient services” during the quarter, management wrote in commentary on its operations. Compared to the prior year, acute admissions rose 6.7%, total surgical cases by 3.7% and outpatient evaluation and management visits by 3.9%.
    • “The system’s 9.4% increase in net patient service revenue was also boosted by rate increases among Cleveland Clinic’s managed care contracts that went into effect with the new year. Additionally, management wrote, “over the last few years, the system initiated national, regional and local revenue management projects designed to improve patient access throughout the system while striving to ensure the safety of patients, caregivers and visitors.”
  • According to Healthcare Dive,
    • “[Philadelphia based] Jefferson Health and [Allentown, PA, based] Lehigh Valley Health Network signed a definitive agreement Wednesday to merge. The health systems expect the deal to close later this summer, pending regulatory approval, according to a press release. Deal terms were not disclosed.”
  • Fierce Healthcare adds,
    • “UnitedHealth Group’s investments in affordable housing have topped $1 billion, with the program a keystone in its overarching strategy to address health equity and disparities.
    • “The company has made investments in housing since 2011 and, in that time, has supported the development of affordable and mixed income units across 31 states and the District of Columbia, creating more than 25,000 homes for people and families who face housing insecurity.
    • “The investments include direct funding from the company as well as those made through Low-Income Housing Investment Tax Credits and Community Reinvestment Act loans, UnitedHealth said. The company has backed both new development and rehabilitation for older locations in urban, suburban and rural markets. * * *
    • “UnitedHealth is tracking the health benefits of these investments and spent two years measuring outcomes against a baseline set by Stewards of Affordable Housing for the Future and the National Affordable Housing Trust. It found that people living in the properties it backed were more likely to receive annual checkups, with 95% having one in the past year.
    • “In addition, residents living in these locations reported better mental health compared to low-income individuals across the country.”

Weekend Update

David ErmerUncategorized

From Washington, DC

  • Here is a link to OPM’s Postal Service Health Benefits Program final implementation rule as it will be published in the Federal Register on May 6.

From the public health and medical research front,

  • Fortune Well tells us,
    • “The number of patients hospitalized due to COVID-19 has hit its lowest weekly level since the start of the pandemic.
    • “The Centers for Disease Control and Prevention reports just 5,615 were hospitalized in the U.S. due to the coronavirus the week of April 20, the most recent data available. That’s far below the 150,650 who were admitted the week of Jan. 15, 2022, when the Omicron variant was at its peak.
    • “While the CDC will continue to monitor COVID cases, it is seemingly feeling comfortable enough with current levels and the effectiveness of vaccines that, as of May 1, it has stopped requiring hospitals to report COVID-19 admissions, capacity numbers and occupancy data. (It is, however, encouraging them to report that data voluntarily.)”
  • The New York Times provides four takeaways from its investigation of the side effects of Covid vaccines.
    • “For most people, the benefits of Covid vaccines outweigh any risks.
    • “Federal surveillance has found some side effects but may miss others.
    • “Proving vaccination led to an illness is complicated, and
    • “Understanding the full range of side effects may take years.”
  • The Washington Post reports,
    • Cancer drug trials are structured to promote high doses, which then become routine patient care. With evidence that thousands of patients become so ill that they skip doses or stop taking the drugs — risking resurgence of their cancers — the FDA has begun requiring companies to pinpoint the right dosage before drugs reach patients. The initiative, Project Optimus, [was] launched in 2021 * * *.
  • Fortune Well lets us know,
    • “Choosing the stairs over the elevator has been considered sage fitness advice for years, but new research backs up this health tip. A meta-analysis presented at a European Society of Cardiology conference this past weekend found that people who routinely climb stairs were 39% less likely to die from heart disease, compared to those who didn’t. They also had a lower risk of stroke and heart attack.
    • “I was surprised that such a simple form of exercise can reduce all-cause mortality,” study author Dr. Sophie Paddock, of the University of East Anglia and Norfolk and Norwich University Hospital Foundation Trust in the UK told NPR.
    • “Her team reviewed data from about 480,000 participants, analyzing their risk of heart disease based on factors like blood pressure, smoking history, cholesterol, and genetic risk factors. Participants, who ranged in age from mid-30s to mid-80s, also answered questions about their lifestyle and exercise habits. The stair climbers were better able to ward off heart disease over the course of 12 years. 
    • “A 2023 study, published in the journal Atherosclerosis, looked at exactly how many flights of stairs you need to climb daily to better your heart health. The short answer? Climbing just five flights per day could reduce your risk of cardiovascular disease by 20%.” 

From the U.S. healthcare business front,

  • The American Hospital Association finds that “America’s Hospitals and Health Systems Continue to Face Escalating Operational Costs and Economic Pressures as They Care for Patients and Communities.”
  • Per BioPharma Dive,
    • “Novartis is expanding its pipeline of radiopharmaceutical drugs, announcing Thursday it has agreed to pay $1 billion to acquire biotechnology company Mariana Oncology.
    • “Mariana, which specializes in the targeted radiation medicines, could receive up to $750 million more from Novartis if certain milestones are met. The deal hands Novartis several drug programs, including one candidate being tested as a treatment for small cell lung cancer.
    • “Novartis currently sells two approved radiopharmaceuticals, Pluvicto and Lutathera. Their success has helped spark a run of acquisitions by other large drug companies, including AstraZeneca’s planned purchase of Fusion Pharmaceuticals for $2.4 billion.”
  • Per MedTech Dive,
    • “Medical products supplier Medline has agreed to acquire Ecolab’s global surgical solutions business for $950 million in cash, to gain its sterile drapes and fluid temperature management systems, the companies said on Tuesday.
    • “Ecolab makes sterile drapes for surgeons, patients and operating room equipment.
    • “The St. Paul, Minnesota-based company said it will continue to serve hospitals through its infection prevention and instrument reprocessing businesses, and the sale of surgical solutions will allow it to better focus on those lines to drive profitable long-term growth.”
  • AHIP notes,
    • “AHIP is releasing a new survey conducted by NORC at the University of Chicago which highlights broad satisfaction with employer-provided coverage (EPC) and the value it brings, including convenient access to high-quality care.
    • “This report shines a light on how employer-provided coverage delivers high-quality, affordable health care for more than half of all Americans and their families,” said Jeanette Thornton, AHIP’s executive vice president of policy and strategy. “Serving every age, race, ethnicity, and income level, employer-provided coverage is the cornerstone for good health in America.”

Cybersecurity Saturday

David ErmerCybersecurity, Generative AI, Uncategorized

From the cybersecurity policy front,

  • Cybersecurity Dive reports,
    • “The U.S. government and its partners have slowed the swell of ransomware over the last three years, Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, said Wednesday at an event.
    • “But the cyclical and persistent threat ransomware poses requires new ways of thinking, Easterly said, speaking at the Institute for Security and Technology’s annual ransomware task force event. Defenders and stakeholders have to turn the lens to software and hardware vendors, according to Easterly.
    • “There’s a lot about the villains. There’s a lot about victims. We do not talk enough about vendors,” she said.
    • “The way we are going to actually drive down the number of attacks, and the number of successful attacks, is if we go upstream and ensure that technology that is deployed and delivered is in fact prioritized to be secure,” Easterly said. “Not features, not speed to market, not driving down costs, but secure.”
  • Here is a link to a related blog post from the CISA Director on this important topic.
  • Cyberscoop adds,
    • ‘The Cybersecurity and Infrastructure Security Agency’s vulnerability warning program has issued more than 2,000 alerts to date to organizations that are running software with vulnerabilities being exploited by ransomware gangs, the agency’s director, Jen Easterly, said Wednesday.
    • “Currently running in a pilot phase, the program is mandated by the Cyber Incident Reporting for Critical Infrastructure Act of 2022 and aims to reduce the number of ransomware attacks by getting the owners and operators of vulnerable systems to patch them before they can be infiltrated. 
    • “The warning pilot is focused on reducing the prevalence of ransomware by using our vulnerability scanning tools to let businesses know if they have vulnerabilities that need to be patched,” Easterly said at an event hosted by the Institute for Security and Technology.
    • “Easterly said that since the pilot was launched in January of last year, it has expanded to include CISA’s database of known exploited vulnerabilities as well as common misconfigurations that can be linked to ransomware attacks. 
    • “In a Thursday blog about the warning pilot, CISA found that of the more than 1,700 notifications of vulnerable devices in 2023, 49% were mitigated through either patching, taking offline, or through other measures. The blog also said organizations reduce cyber risk when using CISA’s free cyber hygiene vulnerability scanning service, which monitors the web for vulnerable devices.
    • “Organizations participating in this no-cost service typically reduce their risk and exposure by 40% within the first 12 months and most see improvements in the first 90 days,” CISA said.”

From the cyber vulnerabilities and breaches front,

  • Cybersecurity Dive tells us,
    • “UnitedHealth Group said [on April 22] it paid hackers a ransom in an attempt to protect patient information from disclosure after a cyberattack against its subsidiary Change Healthcare in Februarythe company confirmed to Healthcare Dive on Monday. 
    • “The healthcare behemoth also said patient data was compromised. UnitedHealth found files involved in the cyberattack containing protected health information or personally identifiable information that “could cover a substantial proportion of people in America,” according to a press release. 
    • “UnitedHealth also said 22 screenshots of allegedly stolen files, some containing patient health information, were posted on the dark web for about a week. The healthcare giant said it’s continuing to monitor the internet and the dark web for stolen data. * * *
    • “The company also said it would take on breach reporting and notification requirements for customers whose data may have been exposed in the attack — a big concern for provider groups.”
  • Tech Crunch reports,
    • “U.S. health conglomerate Kaiser is notifying millions of current and former members of a data breach after confirming it shared patients’ information with third-party advertisers, including Google, Microsoft and X (formerly Twitter).
    • “In a statement shared with TechCrunch, Kaiser said that it conducted an investigation that found “certain online technologies, previously installed on its websites and mobile applications, may have transmitted personal information to third-party vendors.”
    • “Kaiser said that the data shared with advertisers includes member names and IP addresses, as well as information that could indicate if members were signed into a Kaiser Permanente account or service and how members “interacted with and navigated through the website and mobile applications, and search terms used in the health encyclopedia.”
    • “Kaiser said it subsequently removed the tracking code from its websites and mobile apps. ***
    • “Kaiser spokesperson Diana Yee said that the organization would begin notifying 13.4 million affected current and former members and patients who accessed its websites and mobile apps. The notifications will start in May in all markets where Kaiser Permanente operates, the spokesperson said.
    • “The health giant also filed a legally required notice with the U.S. government on April 12 but made public on Thursday confirming that 13.4 million residents had information exposed.”
  • Help Net Security informs us,
    • “More organizations hit by ransomware gangs are starting to realize that it doesn’t pay to pay up: “In Q1 2024, the proportion of victims that chose to pay touched a new record low of 28%,” ransomware incident response firm Coveware has found.
    • “Victim organizations are increasingly able to withstand an encryption attack and restore operations without the need for a decryption key, they said, and the stolen data is often leaked or traded even after the victims have paid the ransom, which repeatedly proves that paying up is no guarantee.
    • “LockBit was found to still be holding the stolen data of victims that had paid a ransom, and we have also seen prior Hive victims that had paid the extortion, have their data posted on the Hunters International leak site (a reboot / rebrand of Hive),” the company said, noting that “future victims of data exfiltration extortion are getting more evidence daily that payments to suppress leaks have little efficacy in the short and long term.”

From the cybersecurity defenses front,

  • Cybersecurity Dive lets us know,
    • “Global median dwell times — measured as the time that hackers remain undetected inside a targeted environment — have fallen to their lowest levels in more than a decade, according to the annual M-Trends report from Google Cloud’s Mandiant, released Tuesday. 
    • “Organizations were able to detect intrusions within a median of 10 days in 2023, compared with 16 days in 2022. Notably the largest improvements came in the Asia-Pacific region, where median dwell times fell to nine days in 2023, compared with 33 in 2022.  
    • :Zero-day vulnerabilities are a hot target for espionage actors as well as financially motivated threat groups. Zero-day usage rose 50% in 2023, compared with the prior year.”
  • and
    • “The majority of companies, 4 in 5, have suffered a cyberattack that wasn’t fully covered under their cyber insurance policy, according to an analysis by cyber risk quantification firm CYE.
    • “On average, each insurance gap left more than three-quarters of a breach uncovered, CYE said in a report released Wednesday. The research, which analyzed 101 breaches across various sectors, revealed an average of $27.3 million in uncovered losses per incident.
    • “This study underscores how many companies rely on cyber insurance to cover the losses incurred as a result of cyber incidents and are then taken by surprise when they find that their insurance only covers a small portion,” Nimrod Partush, vice president of data science at CYE, said in a press release.” 
  • Here is a link to Dark Reading’s latest CISO Corner.
  • SC Media considers whether the Change Healthcare case finally will make providers do a business impact analysis.

Midweek Update

David ErmerCongress, FDA, Federal employment benefits, Generative AI, Medical / Rx research, Mental health care, NIH, OPM, U.S. Healthcare, Uncategorized
Photo by Mel on Unsplash

From Washington, DC,

  • Here’s a link to a the brief text of Senate bill 4811 that would allow over 100,000 reservists and National Guard members who also are federal employees to transfer from the FEHB to the lower cost Tricare Reserve Select healthcare program effective January 1, 2025.
  • Kevin Moss, writing in Govexec, points out the advantages of FEHB high deductible health plans.
  • Beckers Hospital Review alerts us,
    • “A Senate committee opened an investigation into Novo Nordisk’s list prices for Ozempic and Wegovy, Novo Nordisk’s diabetes and weight loss drugs. 
    • “In an April 24 letter to Novo Nordisk’s CEO, the Senate Committee on Health, Education, Labor, and Pensions said Ozempic and Wegovy are “exorbitantly expensive,” which restricts access to the drugs for millions of Americans. 
    • “In the U.S., a four-week supply of Ozempic costs $969, and Wegovy is $1,349. That’s up to 15 times more than what Novo Nordisk charges in Canada, Europe and Japan, the letter said. 
    • “In 2023, pharmacies, clinics and hospitals spent more than $38 billion on the two products, which contain the same drug, semaglutide. They were the No. 1 pharmaceutical expense for U.S. healthcare, according to research published April 24.”
  • STAT News confirms,
    • “Spending on GLP-1 drugs like Ozempic and Wegovy ballooned last year and they’re set to cost the U.S. health care system and the federal government still more this year and beyond, two new reports released Wednesday show.
    • “One study from the American Society of Health-System Pharmacists found that GLP-1 treatments were a main driver of the increase in overall drug spending by health entities such as pharmacies and hospitals last year. In particular, expenditures on Novo Nordisk’s semaglutide — sold as Ozempic for diabetes and Wegovy for obesity — doubled to $38.6 billion, making the drug the top-selling medicine in 2023.
    • “The other report, by health policy research organization KFF, looked at the impact of the recent approval of Wegovy to prevent cardiovascular complications. Medicare is barred from covering drugs for weight loss purposes, but the new approval means the federal payer can now cover Wegovy when prescribed to reduce heart risks. As a result, Medicare could spend $2.8 billion in a year on the single drug, the researchers conservatively estimate.
    • “Taken together, the reports provide a window into the pressure that GLP-1 drugs could place on overall health care spending going forward, especially as more people take the medications. The treatments have been in short supply, but drugmakers are ramping up manufacturing capacity to meet the unprecedented demand from patients. The pharma companies are also seeking approval for even more indications like heart failure and sleep apnea.”
  • The New York Times reports,
    • “The Food and Drug Administration on Wednesday approved the sale of an antibiotic for the treatment of urinary tract infections in women, giving U.S. health providers a powerful new tool to combat a common infection that is increasingly unresponsive to the existing suite of antimicrobial drugs.
    • “The drug, pivmecillinam, has been used in Europe for more than 40 years, where it is often a first-line therapy for women with uncomplicated U.T.I.’s, meaning the infection is confined to the bladder and has not reached the kidneys. The drug will be marketed in the U.S. as Pivya and will be made available by prescription to women 18 and older. * * *
    • Utility Therapeutics, the U.S. company that acquired the rights to pivmecillinam, said it would be available in 2025. The company is also seeking F.D.A. approval for an intravenous version of the drug that is used for more serious infections and is usually administered in a hospital setting.
    • “Health practitioners said they were elated to have another tool in their arsenal given the growing challenge of antimicrobial resistance, which makes existing medications less effective as pathogens mutate in ways that allow them to survive a course of antibiotics.”
  • As we learned yesterday, “Day One Biopharmaceuticals drug Ojemda is now FDA-approved for advanced pediatric low-grade glioma, the most common type of brain cancer in children. The regulatory decision for Ojemda covers a broader swath of patients than a drug combination from Novartis approved for treating this childhood cancer.” MedCity News adds,
    • “Ojemda is available as an immediate-release tablet or an oral suspension, both administered once weekly. Dosing of the Day One drug is according to body surface area, which is consistent with dosing for other pediatric medications, Blackman said. Day One has set a $33,816 wholesale price for a 28-day supply. That means the annual cost of the therapy will top $440,000. Ojemda’s price is the same for all packages of the drug and will not change as a child grows and needs higher doses, Chief Commercial Officer Lauren Merendino said.
    • “The two formulations of Ojemda can be taken at home, which minimizes disruption to the lives of patients and families, Merendino said. Day One’s goal is to establish Ojemda as the physician’s first choice of therapy for pLGG. Merendino said the drug should become available in about two weeks.”

From the public health and medical research front,

  • The Washington Post reports,
    • “Dairy cows must be tested for bird flu before moving across state lines, under a federal order issued Wednesday, as evidence mounts that the virus is more widespread than feared among cows in the United States.
    • Biden administration officials said the move is meant to contain transmission of the virus known as H5N1 and to reduce the threat to livestock, but they maintained that the risk to humans remains low. * * *
    • “An order issued by the U.S. Agriculture Department that takes effect Monday requires every lactating dairy cow to be tested before moving across state lines. Cows carrying the virus would have to wait 30 days and test negative before being moved, officials said. Positive test results would trigger additional requirements for herd owners to disclose information, including the movement of animals, to aid epidemiologic investigations, and for laboratories and state veterinarians to report cases to the USDA.
    • “Requiring positive test reporting will help USDA better understand this disease and testing before interstate movement will limit the spread of the virus,” Mike Watson, administrator of the USDA’s Animal and Plant Health Inspection Service, told reporters.
    • “This is an evolving situation, and we are treating it seriously and with urgency,” he said.”
  • The International Foundation of Employee Benefit Plans discusses “What Health Plan Sponsors Should Know About the Emerging Mental Health Needs of Youth.”
  • The National Cancer Institute released its latest Cancer Information Highlights.
  • The National Institutes of Health announced,
    • “In a proof-of-concept study, researchers demonstrated the effectiveness of a potential new therapy for Timothy syndrome, an often life-threatening and rare genetic disorder that affects a wide range of bodily systems, leading to severe cardiac, neurological, and psychiatric symptoms as well as physical differences such as webbed fingers and toes. The treatment restored typical cellular function in 3D structures created from cells of people with Timothy syndrome, known as organoids, which can mimic the function of cells in the body. These results could serve as the foundation for new treatment approaches for the disorder. The study, supported by the National Institutes of Health (NIH), appears in the journal Nature.
    • “Not only do these findings offer a potential road map to treat Timothy syndrome, but research into this condition also offers broader insights into other rare genetic conditions and mental disorders,” said Joshua A. Gordon, M.D., Ph.D., director of the National Institute of Mental Health, part of NIH.”
  • A primary care expert writing in Medscape offers a commentary on the new Shield blood test available for colon cancer screening.
    • “We will need to be clear [to patients] that the blood test is not yet endorsed by the USPSTF or any major guideline group and is a second-line test that will miss most precancerous polyps. As with the stool tests, it is essential to emphasize that a positive result must be followed by diagnostic colonoscopy. To addend the cancer screening maxim I mentioned before, the blood test is not the best test for CRC, but it’s probably better than no test at all.”
  • Health IT Analytics tells us,
    • “Researchers from the University of Virginia (UVA) have developed a machine learning tool designed to assess and predict adverse outcome risks for patients with advanced heart failure with reduced ejection fraction (HFrEF), according to a recent study published in the American Heart Journal.
    • “The research team indicated that risk models for HFrEF exist, but few are capable of addressing the challenge of missing data or incorporating invasive hemodynamic data, limiting their ability to provide personalized risk assessments for heart failure patients.
    • “Heart failure is a progressive condition that affects not only quality of life but quantity as well,” explained Sula Mazimba, MD, an associate professor of medicine at UVA and cardiologist at UVA Health, in the news release. “All heart failure patients are not the same. Each patient is on a spectrum along the continuum of risk of suffering adverse outcomes. Identifying the degree of risk for each patient promises to help clinicians tailor therapies to improve outcomes.”

From the U.S. healthcare business front,

  • The Wall Street Journal reports,
    • “Prices for surgery, intensive care and emergency-room visits rise after hospital mergers. The increases come out of your pay. 
    • “Hospitals have struck deals in recent years to form local and regional health systems that use their reach to bargain for higher prices from insurers. Employers have often passed the higher rates onto employees. 
    • “Such price increases added an average of $204 million to national health spending in the year after mergers of nearby hospitals, according to a study published Wednesday by American Economic Review: Insights. 
    • “Workers cover much of the bill, said Zack Cooper, an associate professor of economics at Yale University who helped conduct the study. Employers cut into wagesand trim jobs to offset rising insurance premiums, he said. “The harm from these mergers really falls squarely on Main Street,” Cooper said. 
    • “Premiums are rising at their fastest pace in more than a decade, driven up by persistently high inflation across the economy. Rising costs have fueled contentious negotiations that have led some hospitals and insurers to cancel contracts, leaving patients in the lurch. 
    • “Hospital mergers make the price pressures worse.” 
  • Per BioPharma Dive,
    • “Biogen has seen “encouraging early trends” in the launch of its postpartum depression pill Zurzuvae, revealing in first quarter earnings drug sales that surpassed the estimates of Wall Street analysts.
    • “Biogen said sales of Zurzuvae between January and March hit $12 million, up from $2 million in the fourth quarter of 2023 and doubling consensus estimates of $5 million to $6 million. The company didn’t, however, reveal the number of prescriptions filled for Zurzuvae, making demand for the drug difficult to track. 
    • “Zurzuvae, which was discovered by Biogen partner Sage Therapeutics and approved by the Food and Drug Administration last August, is the only pill available specifically meant to treat postpartum depression, or PPD. But its sales prospects are uncertain, as the condition often goes undiagnosed, and many who are diagnosed don’t receive treatment.”  
  • STAT News tells us,
    • “A year ago, when Novo Nordisk announced it would cut the price of multiple insulin products by up to 75%, President Biden, lawmakers, and patient groups all counted the move as a win.
    • But several months later, Novo decided to discontinue one of those products, the basal insulin Levemir.
    • “Though the insulin won’t officially be off the market until the end of this year, patients are already running into supply disruptions and insurance cutoffs, leaving them with few options. The discontinuation, which is happening only in the U.S., has now drawn alarm from some Democratic senators, who sent a letter to Novo last week demanding an explanation.
    • “The turn of events highlights a key gap in policy efforts: Even if officials can get drugmakers to cut prices, the companies can choose to just pull a drug off the market, without guaranteeing that other manufacturers will continue to make the compound.”
  • Beckers Payer Issues informs us,
    • “Humana reported $741 million in net income in the first quarter of 2024. 
    • “The company published its first quarter earnings report April 24, beating investor expectations. In Q1 2023, Humana posted $1.2 billion in net income.
    • “Total revenue in the first quarter was $29.6 billion, up 10.7% year over year. 
    • “Humana’s medical loss ratio was 88.9% in the first quarter, which the company projects will rise to about 90% for the full year.”
  • Beckers Hospital Review notes,
    • “Cleveland Clinic’s eHospital program has expanded and now monitors 248 patient beds in ICUs and other units across the organization’s network.
    • “The eHospital program launched in 2014 as a pilot in one intensive care unit. The program is centered around a component known as the “bunker,” an operations center on Cleveland Clinic’s main campus. The operations center is staffed from 7 p.m. to 7 a.m. daily by a team consisting of two critical care nurses and a physician. Their primary responsibility is to monitor patients across various ICU units within the Cleveland Clinic network.”
  • and identifies the 25 most expensive hospital drugs.
    • “Keytruda (pembrolizumab) was nonfederal hospitals’ costliest drug expense in 2023, according to research published April 24 in the American Journal of Health-System Pharmacy
    • “In 2021 and 2022, COVID-19 drug Veklury (remdesivir) was the No. 1 pharmaceutical expense for the nation’s hospitals. Most medicines on the list saw modest changes from the prior year except for TNKase (tenecteplase), a cardiovascular therapy that cost hospitals 87.9% more in 2023.” 

Cybersecurity Saturday

David ErmerCybersecurity, Generative AI, Uncategorized

From the cybersecurity policy front,

  • Cyberscoop informs us,
    • “FBI Director Christopher Wray warned Thursday that the threat posed by Chinese hacking operations to U.S. critical infrastructure has become more urgent, as intelligence agencies have said that groups like Volt Typhoon are preparing for the possibility of widespread disruptive actions as early as 2027.
    • “Wray said during a speech at Vanderbilt University that China has targeted dozens of oil pipeline entities since 2011, in some cases ignoring business and financial information entirely while stealing data on control and monitoring systems.
    • “More recently, Volt Typhoon has conducted broad targeting of American companies in the water, energy and telecommunications sectors, among others, which U.S. officials have described as “pre-positioning” for future attacks that could disrupt or halt systems responsible for critical services upon which Americans rely. Dragos, a private threat intelligence company that focuses on critical infrastructure, said in February that the group has also been observed targeting entities that provide satellite and emergency management services.
    • “The ultimate purpose of this activity is to give Beijing “the ability to physically wreak havoc on our critical infrastructure at a time of its choosing,” Wray said.”
  • The Hill reports,
    • “Artificial intelligence (AI) is making ransomware faster and easier to use as the online crime hits record levels, experts said at a House Financial Services subcommittee hearing Tuesday.”Artificial intelligence (AI) is making ransomware faster and easier to use as the online crime hits record levels, experts said at a House Financial Services subcommittee hearing Tuesday.
    • “We have tremendous concern about the future of AI and the direction it is allowing criminal actors to take, including more sophisticated deepfakes that ultimately form the first step in the chain of ransomware attacks,” said Megan Stifel, chief strategy officer at the Institute for Security and Technology.”
  • Cybersecurity Dive adds,
    • The Institute for Security and Technology’s Ransomware Task Force threw cold water on the need for a ransomware payment ban in a report released Wednesday.
    • The nonprofit Institute for Security and Technology rejects the viability of a ransom payment ban for multiple reasons, including: 
      • Concerns about a ban’s impact on ransom payment reporting by victims. 
      • The potential to drive more payments underground. 
      • And the unintended consequences and practicalities of critical infrastructure exemptions.
      • Rather than a ban, the RTF detailed 16 milestones it asserts would be “the most reasonable and effective approach to reducing payments.” 
    • “While a ban may be an easier policy lift than activities designed to drive preparedness, it will almost certainly create the wrong kind of impact,” the RTF co-chairs said via email. “The number of organizations making payments is declining, which suggests we’re on the right path.”
  • HHS’s Office for Civil Rights, which enforces the HIPAA Privacy and Security Rules, continues to update its “Change Healthcare Cybersecurity Incident Frequently Asked Questions” website.
  • The U.S. Government Accountability Office released a report titled “Cybersecurity: Implementation of Executive Order Requirements is Essential to Address Key Actions.”
    • “In 2021, the President issued an executive order to help protect federal IT systems from cyberattacks. The order contains 55 leadership and oversight requirements. DHS’s Cybersecurity and Infrastructure Security Agency, the National Institute of Standards and Technology, and the Office of Management and Budget are responsible for implementing them.
    • “These agencies have fully completed 49 of 55 requirements. Remaining requirements include improving software that is critical to the supply chain and ensuring that other agencies have sufficient resources to carry out the order.
    • “We recommended that these agencies implement the order’s remaining requirements.”
  • The Cybersecurity and Infrastructure Security Administration Agency (CISA) announced,
    • “CISA hosted the final round of the fifth annual President’s Cup Cybersecurity Competition this week and announced the winners today of the three competitions.
    • “The President’s Cup is a national competition designed to recognize the top federal cybersecurity talent. Three separate competitions take place during each President’s Cup; two Individuals tracks -– Track A which focuses on defensive work roles and tasks from the NICE Framework, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, and Track B which focuses on offensive work roles and tasks, and a Teams competition comprised of defensive and offensive challenges. The first rounds of the competition began earlier this year in January.
    • “This year’s winning team, known as Artificially Intelligent, was composed of members of the Department of Defense, U.S. Army, and the U.S. Air Force. Artificially Intelligent featured four members of last year’s winning teams, including one member who has been on every winning team since President’s Cup began five years ago. The winner of Individuals Track A was U.S. Army Major Nolan Miles, and the winner of the Individuals Track B was U.S. Marine Corps Staff Sergeant Michael Torres. SSG Torres also finished in second place of the Individuals Track A competition and is the first Individuals winner to repeat having won President’s Cup 3 Track A.”

From the cybersecurity vulnerabilities and breaches front,

  • Cybersecurity Dive reports,
    • “Palo Alto Networks and security researchers said a growing number of attackers are targeting a command injection vulnerability in the PAN-OS operating system, which powers the security vendor’s firewall products. 
    • “Palo Alto Networks is aware of an increasing number of attacks that leverage the exploitation of this vulnerability,” the company’s Unit 42 threat intelligence team said in a Tuesday update on its original threat brief. The vendor hasn’t disclosed how many devices are actively exploited, but said it observed 20 additional IP addresses attempting to exploit CVE-2024-3400.
    • “Since releasing the initial advisory on Friday [April 12], the company expanded the range of PAN-OS versions that are impacted by the CVE and retracted a secondary mitigation action. “Disabling telemetry is no longer an effective mitigation. Device telemetry does not need to be enabled for PAN-OS firewalls to be exposed to attacks related to this vulnerability,” the company said in an update.”
  • On April 18, HHS’s Health Sector Cybersecurity Coordination Center (HC3) issued an update on the Palo Alto Networks Firewalls (CVE-2024-3400).
    • On April 12, 2024, Palo Alto Networks issued a warning about CVE-2024-3400, a zero-day command injection vulnerability found in its firewalls operating PAN-OS v10.2, 11.0, and 11.1 with configurations for both GlobalProtect gateway and device telemetry enabled. There have been an increasing number of attacks observed against this vulnerability since its release. In the original advisory, it was believed that disabling device telemetry would work as an effective secondary mitigation, but the most recent update states that device telemetry does not need to be enabled for PAN-OS to be vulnerable to attacks. Hotfixes were also released starting on April 14, 2024. HC3 strongly encourages all organizations to review the updated security advisory and apply any mitigations to prevent serious damage from occurring to the Healthcare and Public Health (HPH) sector.
  • Per Cybersecurity Dive,
    • “The rapid adoption of artificial intelligence tools is potentially making them “highly valuable” targets for malicious cyber actors, the National Security Agency warned in a recent report.
    • “Bad actors looking to steal sensitive data or intellectual property may seek to “co-opt” an organization’s AI systems to achieve, according to the report. The NSA recommends organizations adopt defensive measures such as promoting a “security-aware” culture to minimize the risk of human error and ensuring the organization’s AI systems are hardened to avoid security gaps and vulnerabilities.
    • “AI brings unprecedented opportunity, but also can present opportunities for malicious activity,” NSA Cybersecurity Director Dave Luber said in a press release.”
  • Dark Reading adds,
    • “A slicker phishing lure and some basic malware was about all threat actors have been able to squeeze out of artificial intelligence (AI) and large language model (LLM) tools so far — but that’s about to change, according to a team of academics.
    • “Researchers at the University of Illinois Urbana-Champaign have demonstrated that by using GPT-4 they can automate the process of gathering threat advisories and exploiting vulnerabilities as soon as they are made public. In fact, GPT-4 was able to exploit 87% of vulnerabilities it was tested against, according to the research. Other models weren’t as effective.
    • “Although the AI technology is new, the report advises that in response, organizations should tighten up tried-and-true best security practices, particularly patching, to defend against automated exploits enabled by AI. Moving forward, as adversaries adopt more sophisticated AI and LLM tools, security teams might consider using the same technologies to defend their systems, the researchers added. The report pointed to automating malware analysis a promising use-case example.”
  • and
    • “An ongoing, highly sophisticated phishing campaign may have led some LastPass users to give up their all-important master passwords to hackers.
    • “Password managers store all of a user’s passwords — for Instagram, their job, and everything in between — in one place, protected by one “master” password. They unburden users from having to remember credentials for hundreds of accounts, and empower them to use more complicated, unique passwords for each account. On the other hand, if a threat actor gains access to the master password, they’ll have keys to every single one of the accounts within.
    • “Enter CryptoChameleon, a new, hands-on phishing kit of unparalleled realism. 
    • “CryptoChameleon attacks tend not to be so widespread, but they’re successful at a clip largely unseen across the cybercrime world, “which is why we typically see this targeting enterprises and other very high-value targets,” explains David Richardson, vice president of threat intelligence at Lookout, which first identified and reported the latest campaign to LastPass. “A password vault is a natural extension, because you’re obviously going to be able to monetize that at the end of the day.”
  • Healthcare IT Security lets us know,
    • “Healthcare organizations are 65% less likely to fully outsource their cybersecurity services than organizations in other sectors, Kroll researchers said in the new report, “The State of Cyber Defense: Diagnosing Cyber Threats in Healthcare.”
    • “Their research maps out the cybersecurity threat landscape the healthcare sector currently operates in, looking at detection and response, cyber threat intelligence and offensive security.
    • “The realities of healthcare IT’s complexities, “not to mention the extremely time-poor staff that need both maximum convenience and security from IT operations,” make it hard for the industry to protect itself, according to Devon Ackerman, Kroll’s global head of incident response and cyber risk.”

From the ransomware front,

  • SC Media reports,
    • “The Akira ransomware group netted itself $42 million in payments in the last year from over 250 organizations, according to a joint advisory released April 18 by four leading cybersecurity agencies across Europe and the United States. [Here is a link to CISA’s Stop Akira Ransomware sire.]
    • “The advisory, which said Akira was now attacking Linux machines as well as Windows, was posted by the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, Europol’s European Cybercrime Center, and the National Cyber Security Centre in the Netherlands.
    • “CISA said the advisory’s main goal was to help organizations mitigate these attacks by disseminating known Akira ransomware tactics, techniques and procedures, as well as indicators of compromise identified through FBI investigations as recent as February 2024.
    • “Evolving from an initial focus on Windows systems to a Linux variant targeting VMware ESXi virtual machines, CISA said in August 2023 the double-extortion group started deploying the Rust-based code Megazord and Akira, written in C++, as well as Akira_v2, also Rust-based.”
  • and
    • “Has ransomware hit a ceiling? We doubt it, but the pause outlined in a new report on active adversaries tells us ransomware has either saturated the available targets or enterprise defenses are starting to bear fruit.
    • “In its active adversaries report for the first half of 2024, Sophos’ X-Ops team analyzed more than 150 incident response cases. Through such a large analysis, the report provides good insights into the current tactics, techniques and procedures attackers currently employ. This is useful for anyone trying to better defend their systems.
    • “Sophos concludes that, despite a pause in the rise of ransomware, organizations are failing to take the steps necessary to adequately defend themselves against the increase in attacks to come. * * *
    • “The report concludes that while the current threat landscape is relatively calm, defenders must urgently learn from previous mistakes and prioritize basic security practices. Failing to bolster defenses now will only ease attackers’ impending sieges as they continue sharpening their capabilities.”
  • TechTarget identifies the top 13 ransomware targets in 2024 and beyond.
  • Bleeping Computer’s the Week in Ransomware is back.

From the cybersecurity defenses front,

  • “Healthcare Dive spoke with two cyber experts — Phil Morris and Chad Peterson, both managing directors at cybersecurity firm NetSPI — about how healthcare organizations can recover from the attack and what they need to do to protect themselves going forward.”
    • “HEALTHCARE DIVE: A survey by the American Hospital Association found that 94% of respondents were financially impacted by the Change attack. Why were so many providers impacted by this breach?
    • PHIL MORRIS: The cyberattack at Change Healthcare is really like the Francis Scott Key Bridge incident in Baltimore. It’s at the nexus of a very complex ecosystem we call healthcare delivery and payment systems here in the U.S. They handle so many claims, [pharmacy benefit managers], imaging, analytics and revenue management.
    • “It’s really a weak spot in the resiliency of healthcare because we have such a profit-driven healthcare system, that bringing that organization down had a rippling effect across not just hospitals but also network providers, pharmacies and patients. The ripple effects of this will go out across the healthcare system for some time.
    • CHAD PETERSON: Unfortunately, it’s a case of too many eggs in one basket, and it was the major choke point for a lot of healthcare systems that do their processing through [Change Healthcare]. So what they did is they basically hit the most vulnerable area to have the greatest impact.”
  • Healthcare Dive also reports on how cybersecurity took center stage at the American Hospital Association conference held last week.
    • “The majority of healthcare attacks aren’t coming from domestic hackers, experts stressed.
    • “Almost all cyberattacks against hospitals, including life-threatening ransomware attacks, originate from criminal gangs based in non-cooperative foreign jurisdictions,” AHA’s Riggi said. “That’s a euphemism, folks, for Russia, China, North Korea and Iran.” 
  • On April 15, CISA issued joint guidance deploying AI systems securely.
  • Tech Target offers four tips on securing cybersecurity insurance this year.
  • An ISACA expert discusses “Evolving Threats to Cloud Computing Infrastructure and Suggested Countermeasures.”

Midweek Update

David ErmerCDC, FDA, Federal employment benefits, Medical / Rx research, OPM, Rx coverage, U.S. Healthcare, Uncategorized
Photo by Manasvita S on Unsplash

From Washington, DC,

  • The Federal Times and Federal News Network discuss OPM’s plans to tighten internal controls over family member eligibility in the FEHBP. OPM’s actions will shift the burden of monitoring family member eligibility from the FEHB plans to employing agencies, which is where the responsibility belongs.
  • OPM also should be filling the greatest internal control gap in the FEHB – the fact that OPM does not allow carriers, which bear the insurance risk, to reconcile premium payments to individual enrollees. A cost effective solution is available by implementing the HIPAA 820 electronic enrollment roster transaction which systematically generates such reconciliations.
  • Per BioPharma Dive,
    • “Alvotech and Teva on Tuesday won Food and Drug Administration approval for Selarsdi, the second biosimilar poised to challenge Johnson & Johnson’s blockbuster psoriasis drug, Stelara.
    • “The FDA cleared Selarsdi for treatment of moderate to severe plaque psoriasis and active psoriatic arthritis in adults and children who are at least 6 years old. The companies said they expect to begin selling the medicine on or after Feb. 21, 2025, a delayed introduction due to a legal settlement with J&J.
    • “The two companies are likely to enter the market after Amgen, which won approval for an interchangeable biosimilar called Wezlana in October. Amgen is also subject to a legal settlement, and the company has said its product will launch no later than Jan. 1, 2025.”
  • Healthcare Dive had the time to report on the CBO report on Medicare Accountable Care Organizations which the FEHBlog noted yesterday.
    • “Accountable care organizations led by independent physicians save Medicare more money than other types of ACOs, according to a new Congressional Budget Office review of existing research.
    • Independent physician-led ACOs have clear financial incentives to reduce hospital care to lower spending, while hospital-led ACOs — which earn more revenue when patients are admitted — do not, the CBO found. Hospitals also have less direct control over what services patients receive.
    • “ACOs with a larger proportion of primary care providers also saved Medicare more money, along with ACOs whose initial spending was higher than their peers in the same region, according to the report.”
  • The FEHBlog’s primary care provider practices in such an ACO.

From the public health and medical research front,

  • The New York Times reports,
    • “A pill taken once a week. A shot administered at home once a month. Even a jab given at a clinic every six months.
    • “In the next five to 10 years, these options may be available to prevent or treat H.I.V. Instead of drugs that must be taken daily, scientists are closing in on longer-acting alternatives — perhaps even a future in which H.I.V. may require attention just twice a year, inconceivable in the darkest decades of the epidemic.
    • “This period is the next wave of innovation, newer products meeting the needs of people, particularly in prevention, in ways that we didn’t ever have before,” said Mitchell Warren, executive director of the H.I.V. prevention organization AVAC.
    • “Long-acting therapies may obviate the need to remember to take a daily pill to prevent or treat H.I.V. And for some patients, the new drugs may ease the stigma of the disease, itself an obstacle to treatment.”
  • STAT News lets us know,
    • “Eli Lilly reported positive results for its obesity drug Zepbound in obstructive sleep apnea, giving the medication a new edge in the highly competitive obesity market.
    • “The results also pave the way for Zepbound to potentially become the first approved treatment for obstructive sleep apnea, or OSA, a common disorder characterized by breathing interruptions during sleep.
    • “In one year-long Phase 3 study that looked at patients with obesity who were not on PAP therapy, a form of ventilation, those taking Zepbound experienced a reduction of 25.3 events per hour on the apnea-hypopnea index (AHI), a measure of the number of times breathing stops and becomes restricted while sleeping. That compares with a reduction of 5.3 events in patients on placebo, Lilly said in a press release Wednesday.
    • “In another Phase 3 study in patients who were on PAP therapy, those on Zepbound had a reduction of 29.3 events per hour on the AHI, compared with a reduction of 5.5 events in patients on placebo.
    • “Severe OSA is defined as having over 30 events per hour, and moderate OSA is defined as 15 to 30 events per hour.”
  • CNBC adds,
    • “Most doses of Eli Lilly’s highly popular weight loss drug Zepbound and diabetes counterpart Mounjaro will be in short supply through the second quarter of this year due to increased demand, according to an update on the Food and Drug Administration’s drug shortage database.
    • “A previous update said some doses of both treatments would have limited availability through April.
    • “The new update suggests that the insatiable demand for a buzzy class of weight loss and diabetes drugs is still trouncing supply, even as Eli Lilly and Novo Nordisk work to increase production of those treatments.” 
  • The Associated Press informs us,
    • “For decades, patients seeking medication for pain have had two choices: over-the-counter drugs like aspirin or powerful prescription opioids like oxycodone.
    • “Opioid prescriptions have plummeted over the last decade as doctors have become more attuned to the risks of addiction and misuse during the country’s ongoing drug epidemic.
    • “Vertex Pharmaceuticals recently reported positive results for a non-opioid painkiller, one of several medications the Boston-based drugmaker has been developing for various forms of pain. Patients taking the drug after surgery experienced more pain relief than those getting a placebo, although the drug didn’t meet a secondary goal of outperforming treatment with an opioid.
    • The AP interviews Vertex’s chief scientist Dr. David Altshuler about the company’s research and development plans.
  • Beckers Hospital Review tells us,
    • “In recent months, parts of the U.S. have reported outbreaks of pertussis, or whooping cough. While some regional outbreaks are expected each year, health officials are underscoring the importance of boosters in adults to protect infants from severe illness, NBC News reported April 17.  * * *
    • “The TDap vaccine is recommended for children 11 and older who have not received the DTaP series. Adults should receive a Tdap booster dose every 10 years, according to the CDC. 
    • “Anyone who comes to see [a] new baby should have had a recent inoculation with Tdap vaccine to provide a cocoon of protection around that baby,” William Schaffner, MD, professor of infectious diseases at Nashville, Tenn.-based Vanderbilt University Medical Center, told NBC News.” 

From the U.S. healthcare business front,

  • Healthcare Dive relates,
    • “Steward Health Care is on the clock. 
    • “The Dallas-based healthcare network has until the end of the month to prove to lenders it has the cash on hand to begin repaying its significant debts — or it could face bankruptcy proceedings. 
    • “Demonstrating solvency could be a tall order because the health system owes a lot of parties a significant amount of money, according to analysts familiar with the system. 
    • “Should Steward fail, it would be one of the largest provider bankruptcies in decades, said Laura Coordes, professor of law at the Sandra Day O’Connor College of Law at Arizona State University.” 
  • MedTech Dive notes, “Abbott looks to ‘highly productive’ device pipeline for future growth. CEO Robert Ford highlighted new and upcoming products throughout the earnings call, calling the recently approved Triclip valve a “billion-dollar opportunity.”
  • According to BioPharma Dive,
    • “An experimental drug designed to improve brain function in people with nerve-degrading disorders has failed a mid-stage study that tested it against Parkinson’s disease.
    • “The trial enrolled almost 90 participants, who once a day were given either a placebo or a drug from Sage Therapeutics called SAGE-718. Summary results released Wednesday showed no significant difference between the two groups in how their mental abilities changed over the course of six weeks, as measured by a scale clinicians use evaluate cognition. * * *
    • “Sage is still testing SAGE-718 across three additional trials that should have data this year. One, codenamed “Lightwave,” is focused on people with mild cognitive impairment and mild dementia due to Alzheimer’s disease. The other two, “Surveyor” and “Dimension,” are investigating whether the drug can help Huntington’s disease patients with cognitive impairment.”
  • Beckers Hospital Review points out and names ten of twenty most popular drugs are in shortage.

Cybersecurity Saturday

David ErmerCybersecurity, Uncategorized

From the cybersecurity policy front,

  • Cybersecurity Dive reports,
    • “FBI Director Christopher Wray said state-linked threat groups are ramping up threat activity against the U.S., and pose a continued risk to key critical infrastructure sectors, in a speech Tuesday before the American Bar Association’s Standing Committee on Law and National Security
    • “Threat actors linked with the People’s Republic of China are continuing to build out offensive capabilities, setting up access to various sectors such as the water, energy and telecommunications industries, according to Wray. 
    • “We’re seeing hostile nation states become more aggressive in their efforts to steal our secrets and our innovation, target our critical infrastructure, export their aggression to our shores and front and center is China,” Wray said.”
  • and
    • “The [NIST] National Vulnerability Database is so overwhelmed with a steadily increasing number of software and hardware flaws that the National Institute of Standards and Technology, which maintains the common vulnerabilities and exposures repository, called for a slight pause to regroup and reprioritize its efforts.”The National Vulnerability Database is so overwhelmed with a steadily increasing number of software and hardware flaws that the National Institute of Standards and Technology, which maintains the common vulnerabilities and exposures repository, called for a slight pause to regroup and reprioritize its efforts.
    • “NIST scaled back the NVD program in mid-February, and is currently prioritizing analysis of the most significant or actively exploited vulnerabilities. The slowdown was precipitated by “an increase in software and, therefore, vulnerabilities, as well as a change in interagency support,” NIST said in the announcement.
    • The federal agency is seeking more support from within the government and reassigning staff as it assembles a public-private consortium to address long-term challenges and determine how to improve the NVD program. In the interim, the temporary delays in CVE analysis will result in less detailed analysis of vulnerabilities deemed non-urgent. * * *
  • and
    • “More than two dozen industry stakeholders, including the U.S. Chamber of Commerce, are seeking to extend the deadline to file comments on the Cyber Incident Reporting for Critical Infrastructure Act, according to a letter released Friday. The new deadline would be July 3 if the requested 30-day delay is granted. 
    • “The Cybersecurity and Infrastructure Security Agency issued the notice for CIRCIA, which will require critical infrastructure providers to report significant cyber incidents within 72 hours of discovery and report ransom payments within 24 hours. The notice was published Thursday in the Federal Register and currently has a June 3 deadline for public comments.
    • “The letter, signed by a range of industry groups including the American Bankers Association, National Retail Federation and American Petroleum Institute, is asking for additional time to absorb the complex set of regulations involved in reporting covered cyberattacks and breaches as well as reporting payments to federal authorities.”
  • NextGov relates,
    • “As intelligence agencies work to jettison Chinese cyberspies embedded in critical infrastructure and internet equipment throughout the U.S., a top cybersecurity CEO says that the hackers’ campaign is so robust and widespread that there will be victims targeted in the operation who won’t know they are impacted.
    • “To me, Volt Typhoon is the natural progression of great … Chinese cyberespionage,” said Kevin Mandia, CEO of Google cybersecurity subsidiary Mandiant, who spoke in an exclusive interview with Nextgov/FCW at the Google Cloud Next conference in Las Vegas.”
  • “DoD, GSA, and NASA recently established Federal Acquisition Regulation (FAR) part 40, Information Security and Supply Chain Security. The intent of this RFI is to solicit feedback from the general public on the scope and organization of FAR part 40.” Comments for this case are due by June 10, 2024. For information on how to comment, please visit the Federal eRulemaking portal.
  • Federal News Network lets us know,
    • “Sean Connelly, who has led many of the major federal cybersecurity initiatives over the last decade, is leaving federal service.
    • “Connelly, whose official title is senior cybersecurity architect and Trusted Internet Connections (TIC) program manager for the Cybersecurity and Infrastructure Security Agency, has been instrumental in everything from a major chunk of the lifecycle of the TIC program to the development and advancement of the concepts behind zero trust to the integration of these initiatives with others, including the Einstein and continuous diagnostics and mitigation (CDM) programs.
    • “Federal News Network has learned Connelly’s last day will be April 19. * * *
    • “Sources say Connelly will be joining Zscaler to work on zero trust from an international compliance perspective. He will help non-U.S. governments move toward a zero trust architecture based on the experience of the federal agencies.
    • “Connelly is now the second federal cyber executive to leave to join Zscaler in the last two weeks. Brian Conrad, the former acting director of the Federal Risk Authorization and Management Program (FedRAMP) joined the cyber company in early April to lead Zscaler’s international cloud security compliance program.”

From the cybersecurity vulnerabilities and breaches front,

  • Cyberscoop informs us,
    • “The Cybersecurity and Infrastructure Security Agency published an emergency directive Thursday in response to a Russian intelligence-linked hacking campaign that breached Microsoft, telling affected federal civilian agencies whose emails were stolen or passwords accessed to reset authentication credentials.
    • CISA’s directive comes in the week after CyberScoop first reported its existence.
    • “Microsoft and CISA have notified all federal agencies whose email correspondence with Microsoft was identified as exfiltrated by Midnight Blizzard,” the directive reads, referring to Microsoft’s name for the hacking group. “In addition, Microsoft has represented to CISA that for the subset of affected agencies whose exfiltrated emails contain authentication secrets, such as credentials or passwords, Microsoft will provide metadata for such emails to those agencies.
    • “Midnight Blizzard’s successful compromise of Microsoft corporate email accounts and the exfiltration of correspondence between agencies and Microsoft presents a grave and unacceptable risk to agencies,” it continues.”
  • Cybersecurity Dive tells us,
    • “Ivanti Connect Secure devices were exploited and compromised by more threat groups than previously thought, Mandiant said in research released Thursday.
    • “Post-exploitation activity observed by Mandiant includes lateral movement with the aid of open-source tools and multiple custom malware families. 
    • “Mandiant said it observed “eight distinct clusters involved in the exploitation of one or more of” Ivanti’s vulnerabilities CVE-2023-46805CVE-2024-21887 and CVE-2024-21893, which the vendor first disclosed Jan. 10. This includes five China-linked espionage groups and three financially motivated attackers.”
  • Cyberscoop offers the reflections of Mandiant experts on this cybsercurity landscape.
  • Security Week lets us know,
    • Palo Alto Networks disclosed [a state-sponsored] vulnerability on Friday, warning that it was aware of limited in-the-wild exploitation and promising patches within the next two days.
    • “Tracked as CVE-2024-3400 (CVSS score of 10/10), the security defect is described as a command injection issue allowing unauthenticated attackers to execute arbitrary code on impacted firewalls, with root privileges.
    • “According to the vendor, all appliances running PAN-OS versions 10.2, 11.0, and 11.1 that have GlobalProtect gateway and device telemetry enabled are vulnerable. Other PAN-OS versions, cloud firewalls, Panorama appliances, and Prisma Access are not affected.”
  • CISA added new known exploited vulnerabilities to its catalog this week.
    • April 11, 2024
      • CVE-2024-3272 D-Link Multiple NAS Devices Use of Hard-Coded Credentials Vulnerability
      • CVE-2024-3273 D-Link Multiple NAS Devices Command Injection Vulnerability
    • April 12, 2024
      • CVE-2024-3400 Palo Alto Networks PAN-OS Command Injection Vulnerability
    • FEHBlog note the CVE references are to the NIST National Vulnerability Database discussed above..
  • The HHS Health Sector Cybersecurity Coordination Center (HC3) posted its “March Vulnerabilities of Interest to the Health Sector.”
    • “In March 2024, vulnerabilities to the health sector have been released that require attention. This includes the monthly Patch Tuesday vulnerabilities released by several vendors on the second Tuesday of each month, along with mitigation steps and patches. Vulnerabilities for March are from Ivanti, Microsoft, Google/Android, Apple, Mozilla, Cisco, SAP, VMWare, Adobe, Fortinet, and Atlassian. A vulnerability is given the classification of a zero-day when it is actively exploited with no fix available, or if it is publicly disclosed. HC3 recommends patching all vulnerabilities, with special consideration to the risk management posture of the organization.”

From the ransomware front,

  • TechTarget notes,
    • “Sophos said the majority of cyberattacks it investigated in 2023 involved ransomware, while 90% of all incidents included abuse of remote desktop protocol.
    • “The security vendor published its Active Adversary Report of 2024 Wednesday that drew on data from more than 150 incident response (IR) investigations it conducted in 2023. Breaking down the data set, 88% of the investigations were derived from organizations with fewer than 1,000 employees, while 55% involved companies with 250 employees or fewer. Twenty-six sectors were represented, and manufacturing remained the No. 1 sector to engage the Sophos IR team for the fourth consecutive year.
    • “For the report, Sophos tracked attack types, initial access vectors and root causes, and found that trends have remained consistent for the past two years. While attackers frequently abuse remote desktop protocol (RDPs) and credential access to infiltrate a victim’s network, enterprises continue to leave RDPs exposed and often lack multifactor authentication (MFA) protocols.
    • “Sophos added that enterprises also fell short regarding sufficient log visibility, which can hinder IR investigations.”
  • WIRED reports,
    • “Since Monday [April 8, 2024], RansomHub, a relatively new ransomware group, has posted to its dark-web site that it has 4 terabytes of Change Healthcare’s stolen data, which it threatened to sell to the “highest bidder” if Change Healthcare didn’t pay an unspecified ransom. RansomHub tells WIRED it is not affiliated with AlphV and “can’t say” how much it’s demanding as a ransom payment. * * *
    • “RansomHub initially declined to publish or provide WIRED any sample data from that stolen trove to prove its claim. But on Friday, a representative for the group sent WIRED several screenshots of what appeared to be patient records and a data-sharing contract for United Healthcare, which owns Change Healthcare, and Emdeon, which acquired Change Healthcare in 2014 and later took its name.
    • “While WIRED could not fully confirm RansomHub’s claims, the samples suggest that this second extortion attempt against Change Healthcare may be more than an empty threat. “For anyone doubting that we have the data, and to anyone speculating the criticality and the sensitivity of the data, the images should be enough to show the magnitude and importance of the situation and clear the unrealistic and childish theories,” the RansomHub contact tells WIRED in an email.
    • “We are working with law enforcement and outside experts to investigate claims posted online to understand the extent of potentially impacted data,” Change Healthcare said in an email to WIRED. “Our investigation remains active and ongoing. There is no evidence of any new cyber incident at Change Healthcare.”

From the cybersecurity defenses front,

  • MedCity News discusses four lessons learned from the Change Health cyberattack.
  • According to Dark Reading,
    • The US Cybersecurity and Infrastructure Security Agency (CISA) has given organizations a new resource for analyzing suspicious and potentially malicious files, URLs, and IP addresses by making its Malware Next-Gen Analysis platform available to everyone earlier this week.
    • The question now is how organizations and security researchers will use the platform and what kind of new threat intelligence it will enable beyond what is available via VirusTotal and other malware analysis services.
    • The Malware Next-Gen platform uses dynamic and static analysis tools to analyze submitted samples and determine if they are malicious. It gives organizations a way to obtain timely and actionable information on new malware samples, such as the functionality and actions a string of code can execute on a victim system, CISA said. Such intelligence can be crucial to enterprise security teams for threat hunting and incident response purposes, the agency noted.
  • According to Cybersecurity Dive,
    • “CISOs and other management level cybersecurity executives are gaining more influence and importance as companies have begun to recognize the need for strong cyber governance and oversight, according to a report from Moody’s Ratings
    • “About 90% of cybersecurity managers now report to a top level company executive, compared with 62% in 2021. A higher percentage of these cybersecurity executives now report directly to company CEOs, according to the report, which is based on a survey of more than 2,000 organizations around the world that issue debt, including 1,100 in North America. 
    • “The role of the CISO has risen in seniority and visibility within organizations,” Steven Libretti, assistant VP and analyst at Moody’s Ratings, said via email. “This means more direct reporting lines from the cyber manager to the C-suite executives and more frequent cyber briefings to the CEO.”
    • “Moody’s identified a more regular cadence within organizations of CISOs and other cybersecurity managers providing updates to the C-suite and board of directors. About 40% of cyber managers conduct monthly meetings with their CEO, according to the report.” 

Weekend Update

David ErmerCongress, Federal employment benefits, Medical / Rx research, OPM, SDOH, U.S. Healthcare, Uncategorized

Today is World Health Day.

  • McKinsey & Co. tells us,
    • “The good news: People are living longer. The bad news: People are spending more time in poor health. Global longevity has risen substantially in the past 60 years, increasing life spans by 20 years on average, but every additional year of life is paid for with an average of six months in ill health. According to a recent report from the McKinsey Health Institute (MHI), a focus on immediately influenceable interventions at the city level can add approximately 20 billion to 25 billion years of higher-quality life at a global level—that’s an average of five additional years per person living in urban areas. All organizations across sectors have a role to play to capture this opportunity, write McKinsey’s Hemant AhlawatErica Hutchins CoePooja Kumar, and Drew Ungerman.”
  • On April 5, 2024, “House Committee on Oversight and Accountability Chairman James Comer (R-Ky.) announced a markup will take place on Wednesday, April 10 at 10:00 am ET to consider a series of legislation,” including
    • H.R. 7868, the FEHB Protection Act: The bill requires federal agencies to verify that an employee is eligible to add a family member to their Federal Employees Health Benefits Program (FEHBP) health coverage plan. This bill also requires the Office of Personnel Management (OPM) to consider coverage of ineligible individuals when conducting FEHBP fraud risk assessments and requires a comprehensive audit be conducted of employee family members currently enrolled in the FEHBP. Finally, the bill requires OPM to disenroll any ineligible individual found to be receiving FEHBP coverage.
  • Congress should be including in H.R. 7868 a provision requiring federal agencies to use the HIPAA 820 electronic enrollment roster transaction which would allow carriers to systematically reconcile individual enrollees with their premium payments. None of the provisions in HR 7868 would provide a greater improvement in internal controls than implementing the HIPAA 820 because half of the FEHB enrollment is self only. Moreover, what is the sense of confirming family member enrollment if the enrollee in question is not paying for family coverage?
  • The current premium reconciliation process known as CLER was implemented in 2001, eleven years before the HIPAA 820 was introduced. The time has long passed for CLER to be replaced by the much more efficient HIPAA 820.

From the FEHB front,

  • FedWeek highlights how FEHB plans coordinate their benefits with other coverage.
  • Tammy Flanagan writing in Govexec discusses the importance of knowing Medicare and FEHB coordination of benefit rules before requesting agency help.
  • In the Federal Times, Reg Jones answers the following question “Will my spouse be covered once I qualify for Medicare Part B?

From the public health and medical research front,

  • The National Institutes of Health announced today,
    • “Adults with heart disease risks who received daily reminders or incentives to become more active increased their daily steps by more than 1,500 after a year, and many were still sticking with their new habit six months later, according to a study supported by the National Institutes of Health that published in Circulation(link is external).
    • “The improvements, which also resulted in an extra 40 minutes of moderate exercise each week, correlated with a 6% reduced risk of premature death and a 10% reduced risk of cardiovascular-related deaths, compared to data from prior studies. The Department of Health and Human Services recommends(link is external) that most adults should get at least 150 minutes of moderate aerobic exercise per week, such as brisk walking, or 75 minutes of vigorous exercise, like fast cycling, or a combination of the two, paired with twice-weekly strength sessions.
    • “Researchers found that while a simple daily reminder was effective in helping people move more, offering financial incentives or point-based rewards, such as in a game, was even more effective. However, combining the two incentives proved most effective. Participants who got both were still logging improvements in activity levels six months after the rewards stopped.
    • “Even moderate exercise can drastically reduce cardiovascular risk, so finding low-cost ways to get people moving and stay in a fitness program that they can do at home is a huge win for public health,” said Alison Brown, Ph.D., R.D., a program officer at the National Heart, Lung, and Blood Institute (NHLBI), part of NIH.”
  • The New York Times offers an interview with Dr. Nora Volkow, the director of the National Institute on Drug Abuse.
    • What’s the big picture on teens and drug use?
      • People don’t really realize that among young people, particularly teenagers, the rate of drug use is at the lowest risk that we have seen in decades. And that’s worth saying, too, for legal alcohol and tobacco.
    • What do you credit for the change?
      • One major factor is education and prevention campaigns. Certainly, the prevention campaign for cigarette smoking has been one of the most effective we’ve ever seen.
      • Some of the policies that were implemented also significantly helped, not just making the legal age for alcohol and tobacco 21 years, but enforcing those laws. Then you stop the progression from drugs that are more accessible, like tobacco and alcohol, to the illicit ones. And teenagers don’t get exposed to advertisements of legal drugs like they did in the past. All of these policies and interventions have had a downstream impact on the use of illicit drugs. * * *
      • “But we don’t want to become complacent. The supply of drugs is more dangerous, leading to an increase in overdose deaths. We’re not exaggerating. I mean, taking one of these drugs can kill you.”
  • Fortune Well explores the non-invasive colorectal cancer screening alternatives to a full blown colonoscopy.
  • The Washington Post reports,
    • “Black and White patients face significant disparities in access to kidney transplants depending on whether their residential neighborhoods and transplant centers were racially segregated, a recent study has found.
    • “The study, published in JAMA Internal Medicine, looked at 162,587 first-time live-donor kidney transplantation candidates in the national transplant registry from January 1995 through December 2021. Participants were tracked for an average of 1.9 years. * * *
    • “Overall, 7.1 percent of Black candidates in segregated neighborhoods received a live kidney transplant over a three-year period, while 9 percent of their Black counterparts in less segregated areas received a transplant. The percentage of White candidates who received similar transplants was similar in highly segregated neighborhoods and more diverse areas during the period — 19.7 percent and 20.1 percent, respectively. * * *
    • “The analysis adds to a growing body of literature about social disparities that affect Black patients’ access to kidney transplantation in the United States. Overall, Black patients are likelier to develop kidney failure than their White counterparts, yet they experience treatment delays and are less likely to get kidneys from live donors.”

From the U.S. healthcare business front,

  • Fierce Healthcare lets us know,
    • “Four in 10 therapists are planning to raise their fees in 2024, a new survey has found.
    • “Heard, a bookkeeping and accounting firm for therapy practices, surveyed more than 2,260 therapists across all 50 states and D.C. The findings were published in a report on the financial state of private practices. It found that half of therapists are somewhat or very concerned about the economy impacting their practice in the coming year.
    • “At the same time, in last year’s report, 64% of therapists said they were planning to raise their fees in 2023. Yet only a third did.
    • “Despite cash pay popularity, three-quarters of therapists still accept some form of insurance. Aetna was the most common payer with which therapists paneled, followed by Cigna, Blue Cross Blue Shield, Anthem and Oxford. Aetna also had the highest average reimbursement rate at $141 per session, while Humana had the lowest at $96.’