In FEHB news, Federal News Network interviews Kevin Moss, editor of Consumers’ Checkbook Guide to Health Plans for Federal Employees, about OPM’s approving the use of Medicare Part D EGWPs in FEHB plans for 2024. Mr. Moss shares the FEHBlog’s excitement about this cost-saving development. Two nifty features of Medicare Part D EGWPs in contrast to Medicare Advantage Prescription Drug plans are that Medicare Part A only annuitants can enroll in them and the Plan’s prescription drug benefits can gap fill them. However, Mr. Moss indicates for 2024 and beyond, the gaps in Part D coverage are fewer. In addition, the OPM AHIP carrier conference, which begins tomorrow, will feature a session on Medicare Part EGWPs.
The carrier conference also provides a session on Social Determinants of Health. In addition, the Agency for Healthcare Quality and Research reminded us today about the availability of its October 2022 National Healthcare Quality and Disparities Report.
“Good news and bad news on the long COVID front: Certain groups of people – like women, smokers, and those who had severe COVID-19 infections – are at a higher risk of long COVID, a review of more than 800,000 patients has found.
“That’s the bad news. Yet, researchers also found that patients who had at least two doses of the COVID vaccine had a significantly lower risk of getting long COVID down the line.”
The NIH Directors Blog discusses using a whole-person approach to lifting the burden of chronic pain from service members and veterans. This approach is currently in use at VA facilities.
Healio tells us about a retrospective atrial fibrillation (AF) diagnosis study.
“In a retrospective study, Turakhia and colleagues analyzed patient information from five U.S. medical claims data sets from 2012 to 2017. Researchers estimated undiagnosed AF based on the observed incidence of ischemic stroke, systemic embolism and AF incidence after a stroke or systemic embolism.
“The estimated U.S. prevalence of AF (diagnosed and undiagnosed) in the third quarter of 2015 was 5,628,000 cases, of which 11% were undiagnosed.
“The assumed 2‐year undiagnosed AF prevalence was 23% of the total prevalent patients with AF. Compared with diagnosed patients, those who remained undiagnosed tended to be women, to be older, to have more comorbidities and to have higher CHA2DS2‐VASc scores.”
“Together with the known burden of AF, this expanding unmet need underscores the critical importance of early detection. Our data can support both disease surveillance and future research and policy initiatives aimed at addressing this diagnostic gap.”
From the U.S. healthcare business front —
The American Hospital Association reports
“Hospital operating margins dipped again in February to -1.1% and continue to remain negative, though with less month-to-month variation, according to the latest report on hospital finances from Kaufman Hall. Costs of goods and services are now increasing faster than labor, with both labor and non-labor expenses per adjusted discharge 21% higher than in February 2020.
“Due to external economic factors, relatively flat margins are likely to continue in the near term,” the report states.”
“The tech-forward insurer Oscar Health has tapped former Aetna CEO Mark Bertolini to be its new chief executive, a move to jump-start the business as it seeks to win new customers and become profitable.
“Bertolini, 66, is a progressive thinker in the use of technology to deliver health services and has already been advising Oscar for the past 18 months. His appointment gives him an opportunity to put a stamp on the future of digital services and analytics in the industry he has served for four decades.
“I’m returning to the health care industry because I believe there is still work to be done,” Bertolini said during a conference call to announce his appointment on Tuesday. He said Oscar presents a unique opportunity to challenge the status quo in the industry and accelerate the shift toward a more “consumer-oriented” business model.”
Fierce Healthcare is covering the 2023 ViVE conference currently being held in Nashville, TN, here and here. “Focused on digital health innovation, the conference, sponsored by HLTH and the College of Healthcare Information Management Executives (CHIME), had 5,000 attendees in 2022,” its inaugural year, and 7,500 attendees this year.
“On Monday morning, a heavily armed attacker entered a Christian school in Nashville and fatally shot three 9-year-old children and three adults.
In a joint statement from conference co-organizers CHIME and HLTH, the organizations said they have committed to a combined $50,000 donation “on behalf of ViVE for the victims and their families of today’s tragic Covenant School shooting.”
STAT News offers a special report on the wisdom of using artificial intelligence to replace medical transcription.
In a noteworthy legal development, the American Hospital Association informs us
The AHA and AHIP today filed a [joint] friend-of-the-court brief in a False Claims Act case before the U.S. Supreme Court, arguing that the federal government’s erroneous construction and expansion of the FCA threatens the legitimate business activities of every government contractor, hospital, health care provider, health insurance provider and grant recipient in the nation.
In a separate statement, the organizations said, “While AHA and AHIP may not always share the same opinion on matters of litigation and policy, we agree that the current regulatory landscape and construction of the False Claims Act (FCA) creates an untenable situation for health care providers and health insurance providers. “If the government’s argument is accepted, our members will be forced to spend more on litigation and less on patient care.”
“We urge the Supreme Court to adopt an interpretation of the FCA that does not undermine the ability of our members to ensure that Americans have access to high-quality, affordable health care.”
The Senate Finance Committee will hold a hearing Thursday on the impact PBMs — the pharmaceutical middlemen that negotiate drug discounts with drugmakers and design prescription drug benefits for health plans — have on the health system.
The House Energy and Commerce Health Subcommittee is also expected to look into how much value PBMs add as part of a broader discussion about fairness in the healthcare market, according to a memo shared with [Politico].
In related news, CMS “released several Prescription Drug Data Collection (RxDC) resources on the Registration for Technical Assistance Portal (REGTAP). To view the documents, click on the link next to each document title. You may already have the links in your bookmarks.”
This guidance applies to the 2022 RxDC report that health plans must submit by June 1, 2022. Health plans submitted the first RxDc report for the 2021 reporting year last January. The No Surprises Act calls for a standard June 1 submission date for the RxDC report for the previous reporting year.
CMS also announced that the public has sixty days (to May 26) to comment on the revised Reporting Instructions.
The FEHBlog recently discovered this CMS REGTAP portal. As you can see, this portal is not just for Medicare and Medicaid. The portal includes a link to get an email announcement when REGTAP changes. REGTAPs emails are handy and not overwhelming.
From the Rx coverage front —
STAT News adds an interesting perspective on last week’s Senate hearing on Moderna Covid vaccine pricing
What, [Chairman Bernie] Sanders asked [Moderna CEO Stephane Bancel], if instead of purchasing medicines after they had been developed at high prices, the government instead paid for companies’ research, enough to ensure they make a reasonable profit? Then, Sanders said, the medicines could be made available inexpensively to anyone who needed them.
Bancel, clearly baffled by what sounded a lot like the government seizing the means of pharmaceutical production, simply said it was impossible to evaluate such a plan without details.
As much as the plan sounds like socialism, in a world where substantial quantities of new medicines are purchased by government programs, Sanders’ idea is pretty close to the way defense companies work: The government pays them substantial amounts of money to develop jet fighters, satellites, and aircraft carriers. This system is certainly not cheap, but it represents an alternative to the way medicines are developed. * * *
Whether this is a good idea or not, it probably won’t happen. Because not only is Congress unlikely to fund a $200 billion-a-year effort to replace industry research on new medicines, it won’t fund a $20 billion effort to get the government in the game, either.
Walgreens and Village Medical have launched a new pilot program that helps patients manage new medications prescribed during their hospital stay.
The program, launched as a pilot in Florida and Texas, helps Walgreens and Village Medical patients manage their new prescriptions and existing ones after they are discharged from a hospital, according to a March 23 release from Walgreens.
The aim of the program is to improve patient outcomes and decrease costs associated with hospital readmissions.
From the substance use disorder front, STAT News reports
Public health workers will soon have a new tool at their disposal to thwart a spreading danger to users of illicit drugs: xylazine test strips.
The new testing kits will allow health departments, grassroots harm-reduction groups, and individual drug users to test substances for the presence of xylazine, a sedative often referred to as “tranq.”
The toxin is increasingly common in the U.S. illicit-drug supply — especially in the Philadelphia area, but increasingly in other cities, too. Xylazine, which is typically used as a sedative in veterinary settings, can cause people to stop breathing, and also often causes severe skin wounds when injected.
While helpful for public health workers, will drug users take the time to do both tests when the two potentially fatal drugs usually are combined? FEHBlog expects that a fentanyl and xylazine test strip will be on the market soon.
From the U.S. healthcare business front —
Hospitals strongly oppose MEDPAC’s recommendation that Medicare Part A make a low reimbursement increase for the new federal government fiscal year, while some healthcare economists support MEDPAC’s proposal.
Healthcare Dive tells us
“CVS plans to close its acquisition of home healthcare provider Signify Health on or around Wednesday, subject to certain conditions, the company announced Monday.
“CVS agreed to acquire Signify for $30.50 a share in cash in September in a transaction worth roughly $8 billion.
“That deal will close this week as long as CVS and Signify can meet or waive the remaining conditions in their merger agreement, according to CVS. A CVS spokesperson declined to share details on the remaining conditions.
Beckers Hospital Review notes that another well know CEO has ripped a page out of the Mark Cuban playbook.
“Love.Life, a health and wellness company co-founded and run by former Whole Foods CEO John Mackey, acquired Plant Based TeleHealth, a telehealth service focusing on the prevention and reversal of chronic conditions.
“The company will rebrand as Love.Life Telehealth. The company offers virtual visits to patients with chronic conditions and promotes healthy behaviors, according to a March 21 Love.Life news release.
“Patients can sign up for half-hour appointments for $175 or hourlong appointments for $350.”
“Love.Life is about making lasting health and vitality achievable, and acquiring Plant Based TeleHealth accelerates our ability to help more people without geographic limitations,” Mr. Mackey said. “Appointments are available now, and we’re excited to offer telehealth services as part of the comprehensive medical offering available in our physical locations, which will begin opening in 2024.”
Last Friday, OPM released to FEHB carriers its technical guidance supporting its call letter for 2024 benefit and rate proposals.
Federal News Network offers a long look at OPM’s process to implement the Postal Service Health Benefits Program.
OPM and AHIP will hold their annual conference for FEHB carriers on Wednesday and Thursday this week. The agenda can be found here. The 2024 call letter and PSHBP implementation are agenda topics.
Millions of diabetes cases may be missed under the current U.S. screening guidelines, especially among Asian Americans, according to a new study. A better way to test for the condition would be to leave body weight out of it, the researchers suggest.
Current guidelines from the U.S. Preventive Services Task Force recommend screening adults ages 35-70 who are considered overweight or obese (having a body mass index over 25).
However, racial and ethnic minority groups, especially Asian people, tend to develop diabetes at lower BMIs, so to identify more people with the condition across groups, all adults ages 35-70 regardless of their weight should be screened, researchers said in a study Friday in the American Journal of Preventive Medicine.
NPR Shots also invites us to meet the amazing “glass-half-full girl” whose brain was rewired as an infant after losing the left hemisphere.
In most people, speech and language live in the brain’s left hemisphere. Mora Leeb is not most people.
When she was 9 months old, surgeons removed the left side of her brain. Yet at 15, Mora plays soccer, tells jokes, gets her nails done, and, in many ways, lives the life of a typical teenager.
“I can be described as a glass-half-full girl,” she says, pronouncing each word carefully and without inflection. Her slow, cadence-free speech is one sign of a brain that has had to reorganize its language circuits.
Yet to a remarkable degree, Mora’s right hemisphere has taken on jobs usually done on the left side. It’s an extreme version of brain plasticity, the process that allows a brain to modify its connections to adapt to new circumstances.
Because it’s Sunday, here are two opinion pieces
The New York Times shares expert opinions on preparedness for the next pandemic.
Three professors of surgery at the University of California Medical Center defend the current United Network for Organ Sharing (UNOS).
As a private, nonprofit organization under contract with the federal government to manage the national organ transplant system, UNOS spearheads the complex, multidisciplinary organ procurement, matching, and delivery processes. With its contract up for renewal this spring, UNOS has come under heavy scrutiny, including in a recent guest column published in the New York Times, in which UNOS and other system organizations’ performances were blamed for the death of a kidney transplant candidate. This is just one example in a series of accusations made across news media, social media, and even in Congress.
Painting with such a broad and biased stroke creates an unfair representation of our highly nuanced organ transplant system and the people who run it. As transplant surgeons with a long history of involvement with the system — including one of us (Roberts) serving as a past Board President of UNOS/Organ Procurement and Transplantation Network (OPTN) — we have intimate knowledge of both its successes and its shortcomings. While UNOS has room to improve operationally — and is working to do so — we clearly see the organization’s life-changing results in our operating rooms and offices. More work lies ahead, however, such as addressing the fact that a rising number of organs are recovered but not transplanted.
U.S. corporate leaders need to embrace cybersecurity as an issue of central importance to the success of their businesses, Cybersecurity and Infrastructure Security Agency Director Jen Easterly said.
Easterly, in a Thursday appearance before the Economic Club of New York, told attendees that top corporate executives, including CEOs and corporate board members, need to understand the risks posed by cybersecurity and take an active role in.
Speaking just weeks after the Biden administration unveiled the national cybersecurity strategy, Easterly said this is not an issue the government can fix on its own, but businesses will need to play an important role in solving.
[T]he House Committee of Oversight and Accountability heard testimony from Acting National Cyber Director Kemba Walden on how to implement the National Cybersecurity Strategy.
In opening statements, Walden outlined several pillars the national strategy plans to rely on when incorporating stronger defenses into U.S. digital networks. These include forming international partnerships, investing in a workforce, incentivizing stronger cybersecurity requirements, disrupting threat actors, and implementing stronger security measures.
The paramount principle guiding the strategy, however, iealth s imparting more responsibility on the federal government and Big Tech players to safeguard U.S. networks.
“The biggest, most capable and best positioned actors in our digital ecosystem can and should shoulder a greater share of the burden for managing cyber risk and keeping us all safe––and that includes the federal government,” Walden said.
The Cybersecurity and Infrastructure Security Agency (CISA) released an updated version of its Cybersecurity Performance Goals (CPGs), a set of voluntary practices that critical infrastructure organizations may adopt to mitigate cyber risk.
The CPGs are now more closely aligned with the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) functions (Identify, Protect, Detect, Respond, and Recover) to help organizations more easily navigate the CPGs and prioritize investments accordingly.
The Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) issued its 2022 Internet Crime Report, which revealed key trends that emerged in the cyber threat landscape last year. The IC3 received 800,944 complaints in 2022, signifying a 5 percent decrease from 2021.
Despite this decrease, the potential total loss grew from $6.9 billion in 2021 to more than $10.2 billion in 2022. Ransomware alone racked up $34.3 million in losses in 2022.
“While the number of reported ransomware incidents has decreased, we know not everyone who has experienced a ransomware incident has reported to the IC3,” the report noted.
“As such, we assess ransomware remains a serious threat to the public and to our economy, and the FBI and our partners will remain focused on disrupting ransomware actors and increasing the risks of engaging in this activity.”
The healthcare sector reported the most ransomware attacks to IC3 in 2022 compared to any other critical infrastructure, accounting for 210 of the 870 complaints tied to critical infrastructure. IC3 data shows that 14 of the 16 critical infrastructures had at least one member that fell victim to a ransomware attack last year.
CBS News brings us up to date on the recent DC Health Link breach.
Exploits of zero-day vulnerabilities fell by almost a third in 2022, but it was still the second highest year on record, according to Mandiant research released Monday.
Mandiant tracked 55 zero-day vulnerabilities that were exploited in 2022, including three instances linked to financially motivated ransomware threat actors.
Products from the three largest vendors — Microsoft, Google and Apple — were the most commonly exploited for the third year in a row, according to Mandiant.
Microsoft has observed an increase in distributed denial of service (DDoS) attacks against healthcare organizations in recent months, a blog post by the Azure Network Security Team explained. Microsoft observed an increase from 10-20 DDoS attacks against healthcare applications hosted in Azure in November 2022 to 40-60 attacks daily in February 2023.
As previously reported, HHS warned the healthcare sector earlier this year about pro-Russian hacktivist group KillNet, a threat group known to target the sector with DDoS attacks.
“While KillNet’s DDoS attacks usually do not cause major damage, they can cause service outages lasting several hours or even days,” HHS stated at the time.
From the ransomware / data retrieval and extortion front
Ransomware groups are pulling no punches in their attempts to force compromised organizations to pay up. A report released Tuesday by Unit 42, a Palo Alto Networks threat intelligence team, found that attackers are increasingly harassing victims and associated parties to make sure their ransom demands are met.
For its new 2023 Ransomware and Extortion Threat Report, Unit 42 analyzed approximately 1,000 incidents that the team investigated between May 2021 and October 2022. Around 100 cases were analyzed for insight into ransomware and extortion negotiations. Most of the cases were based in the U.S., but the observed cybercriminals conducted attacks against businesses and organizations around the world.
By the end of 2022, harassment was a factor in 20% of the ransomware cases investigated by Unit 42, a significant jump from less than 1% in mid 2021.
This week’s news has been dominated by the Clop ransomware gang extorting companies whose GoAnywhere services were breached using a zero-day vulnerability.
Over the past month, one hundred new companies have been added to Clop’s data leak site, with the extortion gang threatening to leak data if a ransom is not paid.
From the cybersecurity defenses front —
The Healthcare Cybersecurity Coordination Center released a mobile device security checklist.
Mobile devices are prevalent in the health sector, and due to their storage and processing of private health information (PHI) as well as other sensitive data, these devices can be a critical part of healthcare operations. As such, their data and functionality must be protected. This document represents a basic checklist of recommended items for health sector mobile devices to maintain security, including data in motion and at rest, as well as the capabilities of the device itself.\
CISA “released the Untitled Goose Tool to help network defenders detect potentially malicious activity in Microsoft Azure, Azure Active Directory (AAD), and Microsoft 365 (M365) environments. The Untitled Goose Tool offers novel authentication and data gathering methods for network defenders to use as they interrogate and analyze their Microsoft cloud services.”
In today’s blog post, Associate Director of the Joint Cyber Defense Collaborative (JCDC) Clayton Romans highlighted recent successes of pre-ransomware notification and its impact in reducing harm from ransomware intrusions. With pre-ransomware notifications, organizations can receive early warning and potentially evict threat actors before they can encrypt and hold critical data and systems for ransom. Using this proactive cyber defense capability, CISA has notified more than 60 entities of early-stage ransomware intrusions since January 2023, including critical infrastructure organizations in the Energy, Healthcare and Public Health, Water and Wastewater Systems sectors, as well as the education community.
The pre-ransomware notification was cultivated with the help of the cybersecurity research community and through CISA’s relationships with infrastructure providers and cyber threat intelligence companies.
Cyberscoop explains how “the FBI Breachforum’s bust is causing chaos in the cybercrime underground. The dramatic fall of one of the preeminent cybercrime communities on the web will have major implications for the cybercrime markets.”
From the public health report, here are the CDC’s Covid Data Tracker and the CDC’s FluView this week. Covid cases and hospitalizations continue to trend down, while Covid deaths leveled off after reaching a pandemic low last week. FluView notes, “CDC estimates that, so far this season [which runs from October through April], there have been at least 26 million illnesses, 290,000 hospitalizations, and 18,000 deaths from flu.”
The American Hospital Association adds
The Food and Drug Administration today released final guidance for transitioning medical device enforcement policies and emergency use authorizations established during the COVID-19 public health emergency to normal operations. The Biden Administration plans to end the COVID-19 PHE declaration on May 11. The COVID-19 EUA declaration for COVID-19 diagnostics, personal protective equipment, other medical devices, and drug and biological products will remain in effect until there is no longer a “significant potential” for a COVID-19 PHE or the authorized devices or products have been approved.
From the Covid vaccine mandate front, per Fierce Healthcare, the U.S. Court of Appeals for the 5th Circuit held en banc (all of the active judges not a three judge panel), held that Feds for Medical Freedom have standing to challenge the Covid vaccine mandate on federal employees. This means that the nationwide preliminary injunction that has blocked enforcement of the mandate remains in force.
As you may recall, earlier this week, a panel of the U.S. Court of Appeals for the D.C. Circuit reached the opposite result. Such a split in decisions from different circuits is grounds for the Supreme Court to review the case, if requested (cert petition). It remains to be seen whether the end of the public health emergency also will bring down the curtain on the various Covid vaccine mandate challenges.
In other litigation news, Beckers Hospital Reviews brings us up to date on Cigna’s efforts to prevent a former executive from joining CVS Health.
From the opioids PHE front, the Wall Street Journal reports that the U.S. government has begun deploying X-ray scanners for trucks crossing the border from Mexico, first in Brownsville, Texas:
The scanners in Brownsville beam energy at a truck in varying levels of intensity. Beaming less energy at the cab allows drivers to stay inside, speeding the process. Directing more energy at the trailer produces an image of the truck that officials can use to spot suspect material within. Sometimes the payload is illicit drugs including fentanyl. * * *
The U.S. aims to deploy 123 large-scale scanners along the border by fiscal 2026, growing its ability to perform nonintrusive scans to 70% of cargo vehicles and 40% of passenger vehicles, according to the White House Office of National Drug Control Policy. Historically, the U.S. has only performed such scans on 17% of cargo vehicles and 2% of passenger vehicles, the office said.
Adding more scanning technology has to be part of an effort that includes trying to reduce drug demand and the odds overdoses will prove fatal, said David Luckey, a senior Rand Corp. researcher. He co-led a team that produced a report last year for a commission on synthetic opioids that includes members of Congress and law-enforcement agencies.
“There’s no silver bullet,” he said.
From the No Surprises Act front, HHS Secretary Xavier Becerra told the Senate Budget Committee on March 22
Becerra said the agency has received more than 10 times as many No Surprises Act claims than it expected when the law was first implemented. Many of these claims are frivolous, he said, because there is no cost to payers or providers to file a claim.
“Everyone’s just filing all sorts of claims, and these arbitrators are trying to figure out what cases to handle,” Mr. Becerra said. “That’s what’s bogging down the system.
The agency is staying true to Congress’ intent with the law, Mr. Becerra said, but more legislative action is needed to deal with the high number of claims.
“What we’re trying to do is have a system that works. I plead with you to help us make sure that we get to the legitimate cases, so a provider that’s looking for real payment, or an insurer that’s saying, You’re asking for too much,’ we can adjudicate that,” Mr. Becerra said.
The FEHBlog is metaphysically certain that providers are submitting 99.4% of the faulty arbitration claims. While the law is working for patients, Congress should tweak that law as the good Secretary requests.
From the U.S. healthcare business front, Fierce Healthcare informs us
Average physician pay fell by 2.4% from 2021 to 2022, and that decline in physician compensation comes at a time when U.S. healthcare workers are facing significant challenges, including economic strains, a growing physician shortage issue and high rates of work-related burnout, according to the sixth annual Physician Compensation Report from professional medical network Doximity.
Fierce Healthcare’s report is chock-a-block full of summary data from this report.
The prevalence of autism spectrum disorder in American children rose between 2018 and 2020, continuing a long-running trend, according to a study released by the Centers for Disease Control and Prevention on Thursday. In 2020, an estimated one in 36 8-year-olds had autism, up from one in 44 in 2018. The prevalence was roughly 4 percent in boys and 1 percent in girls.
The rise does not necessarily mean that autism has become more common among children, and it could stem from other factors, such as increased awareness and screening.
“I have a feeling that this is just more discovery,” said Catherine Lord, a professor of psychiatry at the University of California, Los Angeles medical school, who was not involved in the research. “The question is what’s happening next to these kids, and are they getting services?”
HR Dive discusses a recent survey on employee use of employer-sponsored mental health benefits.
Drugmakers Sanofi and Regeneron * * * released data on a jointly developed drug that shows promise in treating COPD.
The drug is already approved for asthma and some skin conditions, such as eczema, but it could become the first new treatment in over a decade for COPD.
The results are a win for Dupixent, as competing COPD drugs from drugmakers such as AstraZeneca and GSK struggle to make successful strides toward approval.
Fedweek reports on Postal Services Health Benefit Program developments. The headline is that OPM expects “lots of questions” about the new program, which will launch in 2025. The good news for OPM and everyone effect affected is that the law requires the Postal Service to stand up a PSHBP education program this summer, which includes PSHBP navigators similar to the approach taken with the ACA marketplace.
FedWeek also tells us that the U.S. Court of Appeals for the D.C. Circuit rejected on procedural grounds a federal employee challenge to the Biden Administration’s Covid vaccine mandate for federal employees. The mandate has been blocked by a preliminary injunction in another federal judicial circuit. In any event, the vaccine mandates will end on May 12, the day after the Covid public health emergencies end.
A key Senate committee advanced legislation to ban pharmacy benefit manager tactics, such as spread pricing and clawback fees, and heighten transparency of the industry.
The Senate Commerce Committee passed the PBM Transparency Act of 2023 by a vote of 18 to 9 on Wednesday, advancing the reform legislation to the full Senate. Lawmakers said the legislation is meant to address a source of unfair and deceptive practices that increase drug prices.
Senators Chuck Grassley (R Iowa) and Maggie Hanson (D NH) have “introduced the Healthy Moms and Babies Act to improve maternal and child health care. The United States has a maternal health crisis that particularly affects women of color and those living in rural America. The Healthy Moms and Babies Act would achieve its goal by
Coordinating and providing “whole-person” care, supporting outcome-focused and community-based prevention, and supporting stillbirth prevention activities and expanding the maternal health workforce.
Modernizing maternal health care through telehealth to support women of color and women living in rural America.
Reducing maternal mortality and high-risk pregnancies including C-section births, and improving our understanding of social determinants of health in pregnant and postpartum women.
The future of Alzheimer’s treatments and coverage hung heavily over lawmakers’ Wednesday [March 22 Senate Finance Committee] hearing with Health and Human Services Secretary Xavier Becerra.
Dotted throughout the hearing room for Becerra’s testimony on the president’s proposed health care budget for 2024 were purple-clad advocates for Alzheimer’s disease treatments, who Democrats and Republicans alike acknowledged repeatedly throughout the hearing. But while senators from both parties pushed for speedy approvals and Medicare coverage of new drugs for the disease, they unsurprisingly diverged on how to manage the costs.
At the center of discussions was a controversial Medicare decision, last year, not to cover Biogen’s Aduhelm except through clinical trials, a decision later extended to Eisai’s Leqembi. The Food and Drug Administration approved both via the accelerated pathway, with limited data on either drug’s effectiveness. The drugmakers are required to follow up with more extensive data proving each medicine’s benefit.
CMS expects to revisit this Medicare decision publicly this summer.
For about an hour and a half on March 22, four pharmaceutical supply experts outlined ideas to lawmakers to reform the nation’s slippery access to critical drugs.
The FDA reports 130 drugs are currently in shortage; the American Society of Health-System Pharmacists says there are 302. Recently, the availability of vital drugs for cancer patients and emergencies has shrunk, and the closure of a U.S. drugmaker could put more out of stock.
The hearing waded through causes of shortages — including manufacturing delays and opaque supply data. Some members on the Senate Committee on Homeland Security and Governmental Affairs pushed back on some pitched solutions, such as changing FDA practices and working to control drug prices.
In 2022, the number of new drug shortages increased by 30 percent, according to a report released by the Senate Committee on Homeland Security and Governmental Affairs hours before the hearing began.
“Colleagues and other hospitals have asked me to respond to the never-ending game of drug shortage Whac-A-Mole,” Andrew Shuman, MD, chief of the clinical ethics service center for bioethics and social sciences in medicine for the University of Michigan Medical School in Ann Arbor, said during the hearing.
The House Ways and Means Committee’s Health subcommittee held a hearing yesterday on healthcare costs. The American Hospital Association submitted a letter to the subcommittee that “shared how rising labor and other costs for hospitals and health systems are exacerbating workforce shortages and delaying patient access to care.”
Looking forward, Mercer Consulting identifies innovation in cancer treatment and prevention as the next frontier and McKinsey and Co. explores the pharmacy of the future.
“Use of nirmatrelvir-ritonavir (Paxlovid) in older adults with risk factors for severe disease was associated with a roughly 25% lower risk of a post-COVID condition (PCC), a retrospective study of Veterans Affairs data showed.
“In the cohort of over 280,000 patients with a confirmed COVID case, 13% of those prescribed nirmatrelvir-ritonavir went on to develop a PCC over the following 6 months compared with 18% of those who were not prescribed the antiviral (relative risk [RR] 0.74, 95% CI 0.72-0.77), Ziyad Al-Aly, MD, of the VA St. Louis Health Care System in St. Louis, and colleagues reported.” Fehblog observation: Go Paxlovid!
42% of adults in the U.S. are living with obesity, meaning they have a body mass index of 30 or higher, according to an analysis from NORC at the University of Chicago.
Researchers used 2013 to 2021 data from the CDC’s Behavioral Risk Factor Surveillance System to estimate obesity rates at the national and state level. To account for any reporting biases in the BMI measure, NORC adjusted BMI distribution to that of the National Health and Nutrition Examination Survey for corresponding time periods. NORC also created an interactive map to present its findings.
The article lists estimated state obesity rates for 2019 to 2021, ranked from highest (Mississippi – 51%) to lowest (Colorado 34%). FEHBlog observation At least one-third of every state’s population is morbidly obese, and yet we wonder why the life expectancy of Americans is dropping.
For women who are overdue for cervical cancer screening, mailing self-sampling kits for high-risk human papillomavirus (HPV) is a cost-effective means of increasing screening uptake, reveals an analysis of a large US trial.
The finding comes from a randomized trial in almost 20,000 women, which compared women who received a mailed HPV testing kit with those who did not. The results show that mailing was most cost-effective in women aged 50-64 years and in those who were only recently overdue for cervical screening.
The study was published by JAMA Network Open on March 22.
“These results support mailing HPV kits as an efficient outreach strategy for increasing screening rates in US health care systems,” say the authors, led by Rachel L. Winer, PhD, MPH, Department of Epidemiology, University of Washington School of Public Health, Seattle, Washington. (FEHBlog observation: Good idea.)
Roll Call reports on the state of the debt ceiling negotiations and Senator Bernie Sanders’s encounter today with the Moderna CEO Stéphane Bancel at a Senate hearing that Senate Sanders chaired. The FEHBlog can’t understand why Senator Sanders and his majority colleagues are flipping their lids over a $100 price per vial increase on a low-cost vaccine.
The Medicare Payment Advisory Commission’s recent breakdown of the hospital sector’s financial viability largely struck a different tone from the doom and gloom industry groups have voiced as of late.
The independent commission advises Congress on year-to-year Medicare policy adjustments, which are largely based on data from 2020 and 2021, preliminary data for 2022 and trend projections for upcoming years. It released its annual report to Congress last week.
With the exception of additional support for safety-net providers—which industry group America’s Essential Hospitals (AEH) has already criticizedfor “overlooking” uncompensated care delivered to non-Medicare patients—the group largely told Congress that most hospitals will manage their finances and recommended that lawmakers stay the course with 2024’s inpatient prospective payment system (IPPS) and outpatient prospective payment system (OPPS) rules.
“The Commission anticipates that a 2024 update to hospital payment rates of current law plus 1% would generally be adequate to maintain FFS beneficiaries’ access to hospital inpatient and outpatient care and keep IPPS and OPPS payment rates close to the cost of delivering high-quality care efficiently,” the group wrote in its report (PDF).
This decision must have the American Hospital Association flipping its lid.
The Department of Health and Human Services announced an organ procurement and transplantation network modernization initiative that “includes the release of new organ donor and transplant data; prioritization of modernization of the OPTN IT system; and call for Congress to make specific reforms in the National Organ Transplant Act.” More background on his announcement is available at Roll Call.
An independent panel of advisors to the Food and Drug Administration on Wednesday concluded that a treatment developed by Biogen for a rare, genetic form of ALS should be approved, despite unanswered questions about its benefit to patients.
By a 9-0 vote, the FDA advisory panel said the “totality of the evidence” was sufficient to support conditional approval of the Biogen drug, called tofersen. By a 3-5 vote (with one abstention) the same experts concluded that the tofersen data, including from a failed clinical trial, were not sufficiently convincing to support full approval.
The FDA is not required to follow the recommendation of its outside advisors, but often does. The mixed votes suggest the FDA will likely grant Biogen accelerated approval for tofersen based on preliminary evidence. This would allow the company to market the drug while it collects additional data to confirm its benefit.
Benefits Pro offers guidance on employer-sponsored health plan coverage of the new weight loss drugs, Mounjaro, Saxenda, and Wegovy. OPM has already decided that FEHB carriers will oprovidecoverage of one or more of these drugs in their 2024 formularies. Currently, carriers are developing their 2024 benefit and rate proposals.
The FEHBlog has flipped his lid because he discovered that OPM hhadrefreshed its FEHB carrier website. This merits further investigation.
Federal health regulators are nearing a decision on whether to authorize a second round of the Omicron-targeted booster shots for the elderly and other people at high-risk of severe Covid-19, people familiar with the agency’s deliberations said.
Food and Drug Administration officials could make the decision within a few weeks, the people said.
The officials are moving toward authorizing the second jabs of the Omicron-targeted shots for people who are 65 years and older or who have weakened immune systems, though the officials haven’t reached a final decision and could change their mind, one of the people said.
The Centers for Disease Control and Prevention would then have to recommend the shots for them to become widely available.
From the primary care front, Healthcare Finance informs us
People are shifting away from traditional primary care providers, with about three in 10 foregoing primary care altogether between 2016 and 2022, according to FAIR Health’s new analysis of private claims data.
That number, though, ranged from a high of 43% in Tennessee to a low of 16% in Massachusetts, suggesting significant regional variations. Of the providers who performed primary care services in that time, 56% were physicians, while 44% were nonphysicians. * * *
The analysis pointed to evidence showing that primary care improves health regardless of age, sex, race, ethnicity, education, employment, income, health insurance and smoking status. It has also been reported that a gain of 10 additional primary care physicians per 100,000 people is associated with an increase in life expectancy by 51.5 days.
Guiding members to primary care providers is a vital health plan task, in the FEHBlog’s opinion.
From the miscellany department —
Health IT Analytics highlights, “Researchers from Utica University recently leveraged socioeconomic data to gain insights into generational poverty and other health equity barriers that impact patients’ ability to prioritize their health to improve clinical outcomes.”Hela
Health Payer Intelligence relates, “The National Alliance of Healthcare Purchaser Coalitions (National Alliance) has announced the publication of its playbook which aims to encourage biosimilar adoption among employers.”
EHR Intelligence informs us, “Nuance Communications, a Microsoft company, has announced Dragon Ambient eXperience (DAX) Express, the first clinical documentation application to combine conversational and ambient artificial intelligence (AI) with OpenAI’s newest model, ChatGPT-4.:
From the U.S. healthcare business front, the Justice Department and the other state government appellants have voluntarily dismissed their appeal of an October 2022 district court decision permitting United Healthcare’s acquisition of Change Healthcare to proceed. That acquisition closed within days after that. The appellants had challenged the merger as an antitrust violation.
Globally, the number of COVID-19 deaths reported to the World Health Organization in the past four weeks was lower than when the organization first called COVID-19 a pandemic three years ago. The trends are leading experts to be hopeful that the coronavirus pandemic will end in 2023.
“I’m confident that this year we will be able to say that COVID-19 is over as a public health emergency of international concern,” WHO Director-General Tedros Adhanom Ghebreyesus said at a Friday press briefing.
But as attention shifts away from COVID-19, data collecting and sharing is suffering. Many of the trackers people came to rely on during the worst days of the pandemic have shut down, with the CDC announcing last week that it’s “COVID Data Tracker Weekly Review” will end on May 12 – one day after the Biden administration plans to let the COVID-19 emergency declarations expire.
Medscape adds expert U.S. opinions on the endemic status of the disease in the U.S.
U.S. President Joe Biden on Monday signed a bill that requires declassification of information related to the origins of the coronavirus that causes COVID-19, the White House said.
Biden said he shared Congress’ goal of releasing as much information as possible about the origin of COVID-19.
“In implementing this legislation, my administration will declassify and share as much of that information as possible, consistent with my constitutional authority to protect against the disclosure of information that would harm national security,” Biden said in a statement.
The bill sailed through the Senate and House of Representatives without opposition before being sent to the White House.
From the opioid epidemic front, the Drug Enforcement Administration issued the following public warning about
A sharp increase in the trafficking of fentanyl mixed with xylazine. Xylazine, also known as “Tranq,” is a powerful sedative that the U.S. Food and Drug Administration has approved for veterinary use.
“Xylazine is making the deadliest drug threat our country has ever faced, fentanyl, even deadlier,” said Administrator Milgram. “DEA has seized xylazine and fentanyl mixtures in 48 of 50 States. The DEA Laboratory System is reporting that in 2022 approximately 23% of fentanyl powder and 7% of fentanyl pills seized by the DEA contained xylazine.”
Xylazine and fentanyl drug mixtures place users at a higher risk of suffering a fatal drug poisoning. Because xylazine is not an opioid, naloxone (Narcan) does not reverse its effects. Still, experts always recommend administering naloxone if someone might be suffering a drug poisoning. People who inject drug mixtures containing xylazine also can develop severe wounds, including necrosis—the rotting of human tissue—that may lead to amputation.
According to the CDC, 107,735 Americans died between August 2021 and August 2022 from drug poisonings, with 66 percent of those deaths involving synthetic opioids like fentanyl. The Sinaloa Cartel and Jalisco Cartel in Mexico, using chemicals largely sourced from China, are primarily responsible for the vast majority of the fentanyl that is being trafficked in communities across the United States.
Novo Nordisk’s best-selling diabetes treatment drug Ozempic is back on the shelves in the United States after months of shortage, the U.S. Food and Drug Administration (FDA) website showed on Friday.
The main active ingredient in Ozempic is semaglutide, also the key ingredient in Novo’s obesity drug Wegovy, which has been seeing supply shortage due to high demand.
The company said the 0.25 mg, 0.5 mg and the 1 mg doses of Ozempic are available for patients. The 2 mg dose, however, has limited availability until the end of this month, largely due to the demand coupled with overall global supply constraints.
The U.S. Department of Labor has sent its annual report on self-funded group health plans to Congress.
From the Omicron and siblings front, the Washington Post reports
Americans infected with the coronavirus’s omicron variant are less likely to develop symptoms typical of long covid than those who had covid-19 earlier in the pandemic, according to the largest-ever study of who is most vulnerable to being sickened — or debilitated — by the virus’s lingering effects.
The analysis of nearly 5 million U.S. patients who had covid, a study based on a collaboration between The Washington Post and research partners, shows that 1 in 16 people with omicron received medical care for symptoms associated with long covid within several months of being infected. Patients exposed to the coronavirus during the first wave of pandemic illness — from early 2020 to late spring 2021 — were most prone to develop long covid, with 1 in 12suffering persistent symptoms.
In other public health news, the Wall Street Journal reports
A rare and often deadly fungus is spreading rapidly across the U.S., federal researchers said, raising pressure to find new treatments for severe fungal disease.
Candida auris, a fungus discovered about 15 years ago in Japan, infected at least 2,377 people in the U.S. in 2022, up from 53 in 2016, the Centers for Disease Control and Prevention said. Its swift spread into most states and more than 40 countries has prompted the CDC and World Health Organization to label it a growing threat to public health. Candida auris has a mortality rate of up to 60% and is particularly risky for people who are older or have compromised immune systems, the CDC said.
“To see a new species arrive on the scene and then suddenly emerge as a global pathogen less than 15 years later—that’s really remarkable,” said Dr. Peter Pappas, an infectious-disease specialist at the University of Alabama at Birmingham.
From the obesity treatment front
NBC News informs us that Americans are turning to local compounding pharmacies for lower-cost versions of Ozempic and Wegovy, the new wave of semaglutide-base obesity drugs, which is a patient safety issue.
STAT News, as part of its continuing series on these new drugs, tells us
When, in January 2023, the American Academy of Pediatrics released its first formal clinical practice guidelines centered on the screening and treatment of young patients with obesity, many eyes turned to the document.
Unlike earlier, more general guidance that recommended a progression of treatment through various stages, the new guidelines say there shouldn’t be “watchful waiting.” They call for early diagnosis, intense counseling, and two new aggressive options for children with obesity: weight loss drugs for children as young as 12 who are in the 95th weight percentile, and consultation for weight loss surgery for teenagers who have severe obesity (120% of the 95th percentile or a body mass index of 35 or more).
Now that experts have had a couple of months to comb through the 100-page document, from executive summary to supporting material, one thing is clear: There is still no consensus on how best to approach obesity in children.
Beckers Hospital Review identifies the ten most overweight cities in the country. All of them are located in the southeast. McAllen, Texas, is number one.
In other relevant survey/study news —
Per Kaiser Family Foundation News, “Young adults in the United States continue to be more likely than their older counterparts to be experiencing symptoms of anxiety or depression, according to the latest federal data analyzed by KFF researchers.”
The Kaiser Family Foundation / Peterson Health System Tracker evaluates preventive services utilization.
The AP reports “A Pentagon study has found high rates of cancer among military pilots and for the first time has shown that ground crews who fuel, maintain and launch those aircraft are also getting sick.”
Health Affairs offers plan design guidance intended to help resolve the maternal health crisis.
The FEHBlog’s Friday Insights did not publish as scheduled on Saturday morning. To get the email distribution back on schedule the FEHBlog is combining the Weekend Update and the Cybersecurity Saturday posts below.
Recently, the Centers for Medicare and Medicaid Services confirmed that the No Surprises Act air ambulance reporting will not occur in 2023.
Under section 106 of the No Surprises Act, air ambulance providers, insurance companies, and employer-based health plans must submit to federal regulators information about air ambulance services provided to consumers. The Centers for Medicare & Medicaid Services (CMS) in the Department of Health & Human Services (HHS) is conducting this Air Ambulance data collection (AADC), which will be used to develop a public report on air ambulance services. The proposed rules describing the proposed form and manner of the data collection can be found at this link. The final rules will specify the final reporting requirements, including the data elements and the deadlines for the data collection. The data collection will not begin until after the final rules are published. This page will be updated when the rules are finalized and more information on data collection is available.
From the value added care front, Behavioral Health Business discusses how Aetna and Optum are collaborating with a large mental health provider, Universal Health Services, to develop reliable outcome measurements for mental health services.
When the FDA approved bempedoic acid, marketed under the brand name Nexletol, back in 2020, it was clear that the drug helped lower LDL — “bad”cholesterol. The drug was intended for people who can’t tolerate statin medications due to muscle pain, which is a side effect reported by up to 29% of people who take statins.
What was unknown until now, is whether bempedoic acid also reduced the risk of cardiovascular events. Now, the results of a randomized, controlled trial published in TheNew England Journal of Medicine point to significant benefit. The study included about 14,000 people, all of whom were statin intolerant.
“The big effect was on heart attacks,” says study author Dr. Steven Nissen of Cleveland Clinic.
People who took daily doses of bempedoic acid for more than three years had about a 23% lower risk of having a heart attack, in that period, compared to those taking a placebo.There was also a 19% reduction in coronary revascularizations, which are procedures that restore blood flow to the heart, such as a bypass operation or stenting to open arteries.
A common chemical that is used in correction fluid, paint removers, gun cleaners, aerosol cleaning products, and dry cleaning may be the key culprit behind the dramatic increase in Parkinson’s disease (PD), researchers say.
An international team of researchers reviewed previous research and cited data that suggest the chemical trichloroethylene (TCE) is associated with as much as a 500% increased risk for Parkinson’s disease (PD).
Lead investigator Ray Dorsey, MD, professor of neurology, University of Rochester, New York, called PD “the world’s fastest-growing brain disease,” and told Medscape Medical News that it “may be largely preventable.”
“Countless people have died over generations from cancer and other disease linked to TCE [and] Parkinson’s may be the latest,” he said. “Banning these chemicals, containing contaminated sites, and protecting homes, schools, and buildings at risk may all create a world where Parkinson’s is increasingly rare, not common.”
The paper was published online March 14 in the Journal of Parkinson’s Disease.
The FEHBlog has several friends with Parkinson’s Disease.
From the Medicare front, Health Payer Intelligence relates
Beneficiaries with end-stage renal disease (ESRD) are increasingly shifting from Medicare fee-for-service (FFS) to Medicare Advantage, leading more Medicare Advantage plans to form value-based arrangements with kidney care management companies, according to Avalere.
Beneficiaries with ESRD have typically received coverage through Medicare FFS because only those already enrolled in a Medicare Advantage plan before initiating dialysis were eligible for the private program through 2020.
A provision under the 21st Century Cures Act that went into effect on January 1, 2021, made all Medicare beneficiaries with ESRD eligible to enroll in Medicare Advantage plans.
Although patient safety awareness week is over, the Wall Street Journal makes us aware that
Black boxes on airplanes record detailed information about flights. Now, a technology that goes by the same name and captures just about everything that goes on in an operating room during a surgery is making its way into hospitals.
The OR Black Box, a system of sensors and software, is being used in operating rooms in 24 hospitals in the U.S., Canada and Western Europe. Video, audio, patient vital signs and data from surgical devices are among the information being captured.
The technology is being used primarily to analyze operating-room practices in hopes of reducing medical errors, improving patient safety and making operating rooms more efficient. It can also help hospitals figure out what happened if an operation goes wrong. * * *
Duke University Hospital, where two operating rooms are equipped with black boxes, is using the technology to study and improve on patient positioning for surgery to reduce the possibility of skin-tissue and nerve injuries. It is also studying and using the technology to improve communication among nursing personnel throughout a surgical procedure to ensure that key tasks—such as confirming that surgical instruments and medical devices are available for a procedure—are being completed promptly, effectively and efficiently.
Cybersecurity Saturday
From the cybersecurity policy front, the American Hospital Association informs us that
The Senate Homeland Security and Governmental Affairs Committee held a full Committee hearing examining cybersecurity risks to the healthcare sector on March 16. Witnesses included Scott Dresen, chief information security officer for Corewell Health, a large integrated health system in Michigan.
“The increasing frequency of attack from nation state actors and organized crime has created a sense of urgency within the healthcare sector and we need help from the United States government to respond to these threats more effectively,” Dresen said.
Specifically, he called for enhancing existing partnerships with and between federal agencies, expanding the sharing of actionable threat intelligence, incentivizing access to affordable technology to defend against advanced threats, ensuring there is an adequate cyber workforce, and reforming legislation to encourage the adoption of best practices while not penalizing the victims of cyberattacks.
STAT News reveals why an HHS rule amending the HIPAA Privacy Rule will wreak financial havoc on health systems. The proposed rule was issued in January 2021, so the final rule has been pending for a long time.
The Cybersecurity and Infrastructure Security Agency (CISA) is looking to position a new “Cyber Analytics and Data System” at the center of national cyber defenses, as the agency’s post-EINSTEIN plans come into focus in its fiscal 2024 budget request.
CISA is seeking $424.9 million in the 2024 budget for “CADS.” The program is envisioned as a “system of systems,” budget documents explain, that provides “a robust and scalable analytic environment capable of integrating mission visibility data sets and providing visualization tools and advanced analytic capabilities to CISA cyber operators.”
The new program is part of the “restructuring” of the National Cybersecurity Protection System, according to the documents. More commonly known as “EINSTEIN,” the NCPS has been in place to defend federal agency networks since the Department of Homeland Security’s inception in 2003.
From the cyber breaches front, Tech Target brings us up to date on the DC Health Link breach.
An additional wrinkle to the breach came Monday [March 13] when another user on the same dark web forum using the alias Denfur, who had previously published sample data from the breach, created a thread supposedly aiming to clear up misinformation surrounding the breach.
Claiming to be a friend of IntelBroker, Denfur said the attack vector for the breach was an exposed, insecure database belonging to DC Health Link. Moreover, the poster said the database was likely exposed “for over a year and a half” before the breach occurred. TechTarget Editorial contacted DC Health Link in order to verify Denfur’s claims, but a spokesperson declined to comment.
At least two hacking groups were able to gain access to at least one federal agency’s servers through an old vulnerability in a software development and design product, according to a cybersecurity advisory issued Wednesday.
According to an alert issued by the Cybersecurity and Infrastructure Security Agency, or CISA, hackers were able to gain access to and run unauthorized code on a federal agency’s server, though they were not able to gain privileged access or move deeper into the network. The malicious activity was observed between November 2022 and early January, though the initial compromise goes as far back as August 2021.
Hackers used a vulnerability in old versions of Telerik UI, a software developer kit for designing apps, which, when exploited, allows hackers with access to execute code. The vulnerability was discovered in 2019 and builds on previous vulnerabilities discovered in 2017 that allow bad actors to gain privileged access and “successfully execute remote code on the vulnerable web server.”
The National Vulnerability Database—managed by the National Institute of Standards and Technology—rates this a critical vulnerability, with a score of 9.8 out of 10.
From the cyber vulnerabilities front, HHS’s Healthcare Cybersecurity Coordination Center (HC3) released its February 2023 list of vulnerabilities of interest to the health sector.
In February 2023, vulnerabilities to the health sector have been released that require attention. This includes the monthly Patch Tuesday vulnerabilities released by several vendors on the second Tuesday of each month, along with mitigation steps and patches. Vulnerabilities for this month are from Microsoft, Google/Android, Apple, Mozilla, SAP, Citrix, Intel, Cisco, VMWare, Fortinet, and Adobe. A vulnerability is given the classification as a zero-day if it is actively exploited with no fix available or is publicly disclosed. HC3 recommends patching all vulnerabilities with special consideration to the risk management posture of the organization.
Researchers are warning that state-linked and financially motivated threat actors may try to exploit a critical zero-day vulnerability in Microsoft Outlook to launch new attacks against unpatched systems.
Microsoft urged customers to patch their systems against CVE-2023-23397 to address the critical escalation of privilege vulnerability in Microsoft Outlook for Windows, the company said Tuesday. Microsoft Threat Intelligence warned that a Russia-based threat actor launched attacks against targeted victims in several European countries.
Mandiant researchers warned that other criminal and cyber-espionage actors will race to find new victims vulnerable to the zero day before organizations can apply patches.
CISA added three and then one more known exploited vulnerability to its catalog this week.
Security Week highlights that “Deepfakes are becoming increasingly popular with cybercriminals, and as these technologies become even easier to use, organizations must become even more vigilant.”
Deepfakes are part of the ongoing trend of weaponized AI. They’re extremely effective in the context of social engineering because they use AI to mimic human communications so well. With tools like these, malicious actors can easily hoodwink people into giving them credentials or other sensitive information, or even transfer money for instant financial gain. Deepfakes represent the next generation of fraud, by enabling bad actors to impersonate people more accurately and thus trick employees, friends, customers, etc., into doing things like turning over sensitive credentials or wiring money.
Here’s one real-world example: Bad actors used deepfake voice technology to defraud a company by using AI to mimic the voice of a CEO to persuade an employee to transfer nearly $250,000 to a Hungarian supplier. Earlier this year, the FBI also warned of an uptick in the use of deepfakes and stolen PII to apply for remote work jobs – especially for positions with access to a lot of sensitive customer data.
The Security Week article also discusses defenses to deepfake tactics.
From the ransomware date infiltration front –
The Federal Bureau of Investigation (FBI), CISA, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) has released a joint cybersecurity advisory (CSA), #StopRansomware: LockBit 3.0. This joint advisory details known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) that FBI investigations correlatedwith LockBit 3.0 ransomware as recently as March 2023. LockBit 3.0 functions as an affiliate-based ransomware variant and is a continuation of LockBit 2.0 and LockBit. CISA encourages network defenders to review and apply the recommendations in the Mitigations section of this CSA.
“Black Basta was initially spotted in early 2022, known for its double extortion attack, the Russian-speaking group not only executes ransomware but also exfiltrates sensitive data, operating a cybercrime marketplace to publicly release it, should a victim fail to pay a ransom. The threat group’s prolific targeting of at least 20 victims in its first two weeks of operation indicates that it is experienced in ransomware and has a steady source of initial access. The level of sophistication by its proficient ransomware operators, and reluctance to recruit or advertise on Dark Web forums, supports why many suspect the nascent Black Basta may even be a rebrand of the Russian-speaking RaaS threat group Conti, or also linked to other Russian-speaking cyber threat groups. Previous HC3 Analyst Notes on Conti and BlackMatter even reinforce the similar tactics, techniques, and procedures (TTPs) shared with Black Basta. Nevertheless, as ransomware attacks continue to increase, this Threat Profile highlights the emerging group and its seasoned cybercriminals and provides best practices to lower risks of being victimized.”
Here is a link to the always interesting Bleeping Computer Week in Ransomware.
the creation of the Ransomware Vulnerability Warning Pilot (RVWP). Through the RVWP, CISA:
Proactively identifies information systems—belonging to critical infrastructure entities—that contain vulnerabilities commonly associated with ransomware intrusions.
Notifies the owners of the affected information systems, which enables the owners to mitigate the vulnerabilities before damaging intrusions occur.
Review the RVWP webpage for details, including information on the authorities and services CISA leverages to enable RVWP notifications.
HelpNetSecurity tells us how to use ChatGPT to improve cyber defenses.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
