Weekend Update

Photo by JOSHUA COLEMAN on Unsplash

The FEHBlog was tied up with family business yesterday so Cybersecurity Saturday appears below the Weekend Update

From Washington, DC,

  • Congress is back to work on Capitol Hill. The Wall Street Journal describes the situation as “Battered Congress Has Two Weeks to Fix Three Big Problems: Talks to stop a government shutdown, fix the border and fund Ukraine converge on Capitol Hill.”
  • The Journal adds this evening,
    • “Congressional leaders reached a bipartisan deal on Sunday setting a roughly $1.6 trillion federal spending level for the year, but the pact drew quick criticism from some conservatives, and it remained unclear whether lawmakers would be able to quickly pass legislation averting a government shutdown.”
  • Congress does not have any hearings scheduled for this week.
  • The Washington Post reports,
    • “The Supreme Court said Friday it will review a case (No. 23-727) challenging Idaho’s strict abortion ban, which the Biden administration says conflicts with a federal law [EMTALA] requiring emergency room doctors to perform the procedure in some circumstances.”
  • Federal News Network provides more background to reduce retirement program overpayments.
    • “For OPM, many of the improper payments that the agency makes through retirement services may stem from limited data, on account of not using enough analytics to identify beneficiaries who have died and therefore are no longer entitled to the benefits, [Linda] Miller, [Audient Group CEO] said.
    • “There is more than one way of identifying people who have passed away — looking at Social Security, obituary data and more accurate information on deaths,” Miller said. “OPM doesn’t use much of that data, so the reports are likely less accurate.”

From the public health and medical research front,

  • Fortune Well offers us four strategies for older folks to get good quality sleep and an approach to adding beneficial thirty-second-long micro-workouts to your day.
  • Govexec tells us,
    • “The Veterans Affairs Department will soon begin funding research into the use of psychedelics such as MDMA and mushrooms to treat PTSD and depression, the first time the agency has done so since the 1960s. 
    • “The announcement answers the call from some veterans and researchers who have long advocated for the potential medical benefits of MDMA and psilocybin, or psychoactive mushrooms. VA on Friday issued a request for applications to its network of researchers, collaborating with academic institutions to solicit proposals to study the impact of using the compounds to treat post-traumatic stress disorder and depression in veterans.” 

From the U.S. healthcare front,

  • STAT News reminds us that the JP Morgan Healthcare Conference will be held this week in San Fransico.
    • “Nonprofit hospitals often get overshadowed at the J.P. Morgan Healthcare Conference, the health care industry’s swankiest investor meeting whose agenda is dominated by drugmakers and biotech companies.
    • “But hospitals are still the largest part of America’s health care economy, commanding nearly a third of the country’s $4.7 billion health care tab. And similar to last year, when hospitals touted their plans for expansion and hiking prices, they will have a rosy picture to sell to financiers as patients flock to their facilities.”
  • The American Medical Association informs us, “What doctors wish patients knew about scope of practice.”
  • Health Payer Intelligence points out,
    • “Despite efforts to reduce drug costs through Medicare negotiation for 10 common medications, the US still pays more for these drugs than almost any other nation, even after factoring in discounts and rebates, according to a Commonwealth Fund chart pack.
    • “The researchers used 2021 data from IQVIA and the Medicare Payment Advisory Commission (MedPAC) to assess how US drug prices differed from international trends. With this information, the researchers compiled 12 charts that situate the drug prices in the United States compared to other countries.”
  • Per Fierce Healthcare,
    • “Duluth, Minnesota-based Essentia Health and Marshfield, Wisconsin-based Marshfield Clinic Health System have scrapped their plan to merge into a 25-hospital Midwest system.
    • “The two nonprofit health systems said in a statement that they have “engaged in meaningful discussion” over the last two years about how the organizations could combine their unique strengths.
    • “We have decided that a combination at this time is not the right path forward for our respective organizations, colleagues and patients,” the health systems said in a statement posted to Essentia Health’s website Friday.”
  • BioPharma Dive reports,
    • “Metagenomi, a biotechnology startup working to identify new CRISPR enzymes for editing genes, has filed to go public.
    • “Backed by healthcare investors and pharmaceutical firms including Novo Nordisk’s parent company and Bayer’s venture arm, Metagenomi most recently raised a $275 million Series B round. The startup is also partnered with Moderna and Ionis Pharmaceuticals.
    • “The Emeryville, California-based biotech is one of at least three life sciences companies to publicly plan for an initial public offering so far this year. Should it successfully price an IPO, its performance could serve as an early barometer for the sector in 2024.”
  • The Society for Human Resource Management notes HR trends for which we should be prepared in 2024

Cybersecurity Saturday

HealthcareIT Today offers a boatload of cybersecurity predictions for 2024.

From the cybersecurity vulnerabilities front,

  • HHS’s Health Sector Cybersecurity Coordination Center (HC3) released its December 2023 monthly vulnerabilities report on January 4:
    • In December 2023, vulnerabilities to the health sector have been released that require attention. This includes the monthly Patch Tuesday vulnerabilities released by several vendors on the second Tuesday of each month, along with mitigation steps and patches. Vulnerabilities for December are from Microsoft, Google/Android, Apple, Mozilla, Cisco, SAP, VMWare, Adobe, Fortinet, and Atlassian. A vulnerability is given the classification of a zero-day when it is actively exploited with no fix available or if it is publicly disclosed. HC3 recommends patching all vulnerabilities with special consideration to the risk management posture of the organization.”
  • The Cybersecurity and Infrastructure Security Agency added two more known exploited vulnerabilities to the catalog on January 2.
  • Cybersecurity Dive reported on January 5,
    • “A critical vulnerability in Apache OFBiz was hit with a surge in exploitation attempts in recent weeks, which could allow attackers to take control of affected systems and launch supply chain attacks, according to researchers from SonicWall
    • “Apache OFBiz is an open source enterprise resource system that is used in a wide range of software, including Atlassian Jira, which is used by more than 120,000 companies. “Jira uses a customized OFBiz Entity Engine that does not implement the vulnerable framework module,” a spokesperson for Atlassian told Cybersecurity Dive via email.
    • “The authentication bypass vulnerability, listed as CVE-2023-51467, has a CVSS score of 9.8 and could expose sensitive data or allow an unauthenticated attacker to execute arbitrary code.”

From the ransomware front,

  • Here’s a link to the Bleeping Computer’s Week in Ransomware.

From the cyber defenses front,

  • The Wall Street Journal offers tips for security computers for personal and small business use.
  • An ISACA expert explains,
    • “As the digital realm continues to expand, it is axiomatic that cybersecurity threats are escalating concurrently. The fight against cybercrime has transformed from an optional frontline battle to a mandatory survival skill for businesses and individuals. Unfortunately, humans have now surpassed machines as the most favored targets for cybercriminals. An effective approach that merges change management methodology with cybersecurity procedures is needed to combat this.”
  • Security Intelligence offers a wholisitc approach to information and operational technology.