Weekend Update

David Ermer

I am an attorney who practices law in Washington DC. My practice has involved the Federal Employees Health Benefits Program since 1983.

Weekend Update

David ErmerCDC, Congress, COVID-19, U.S. Healthcare
Thanks to Alexandr Hovhannisyan for sharing their work on Unsplash.

While the House of Representatives starts its August recess / District work break this week, the Senate will remain in session for Committee business and floor voting. The Senate will be focusing on its reconciliation bill spurred by a compromise between Senate Majority Leader Chuck Schumer (D NY) and Sen. Joe Manchin (D WV). The Senate is scheduled for to begin its August recess / State work break next week.

Bloomberg reports that tomorrow the Justice Department’s antitrust case against Optum’s proposed merger with Change Healthcare begins in federal district court in Washington, DC. The Bloomberg article notes

Testing new theories in court is part of the Biden administration’s antitrust push. “Settlements do not move the law forward,” Jonathan Kanter, the Justice Department’s antitrust chief, said in a January speech. “We need new published opinions from courts that apply the law in modern markets in order to provide clarity to businesses.”

Last Friday, the FEHBlog linked to a Health Payer Intelligence article on anticipated premium spikes for 2023.

Fierce Healthcare adds

Executives from some of the country’s largest for-profit health systems say it’s likely their organizations will be able to pass rising cost pressures along to commercial insurers during the next round of contract negotiations. * * *

Looking to the coming year’s commercial negotiations, [Sam] Hazen said HCA has already seen “some early success and recognition by the payers” and that some of its recently renegotiated contracts reflected higher price escalation than those of the past.

“I think it’s reasonable to assume that we were in 3.5% to 4% zone previously with our commercial pricing,” he told investors. “We’re in a competitive positioning as a company globally and that allows us to negotiate based upon the inflationary pressures. … I believe our relationships will allow us to get to a number that makes sense for both organizations, but I do anticipate it being somewhere around the mid-single-digits.”

Universal Health Services Chief Financial Officer Steve Filton said his company is “aggressively” looking to trim under-earning managed care contracts and seek out higher prices in the coming year.

Both its acute and behavioral care hospitals are identifying contracts that “are not even remotely” keeping pace with inflationary and labor pressure and giving those payers notice of terminations “at a pace faster than, quite frankly, I can really remember,” he told investors.

What’s more, the Wall Street Journal catalogs the large array of costly healthcare problems that “have grown in the pandemic’s shadow.”

It’s also worth calling attention to

  • An NPR article reporting on an animal sedative xylazine that is now “is showing up in illegal street drugs up and down the East Coast.” What a mess.
  • A Kaiser Family Foundation article explaining how the CDC is handling a polio case that paralyzed a man in a vaccine-resistant community in Rockland County, NY.

The chances of a major outbreak tied to the Rockland County case are slim. The virus can spread widely only where there is low vaccine coverage and poor surveillance of polio cases, said Dr. David Heymann, a professor of epidemiology at the London School of Hygiene and Tropical Medicine and former director of the world’s polio eradication effort.

Rockland County has ample experience battling vaccine-preventable outbreaks. In 2018 and 2019, the county fought a measles epidemic of 312 cases among followers of anti-vaccine Hasidic rabbis.

“Our people defeated measles, and I’m sure we’ll eliminate the latest health concern as well,” County Executive Ed Daly told a news conference July 21.

Cybersecurity Saturday

David ErmerCybersecurity

From the cyber breaches front, Health IT Security reports

Healthcare data breaches cost an average of $10.1 million per incident last year, IBM Security found in the 2022 edition of its “Cost of a Data Breach Report.” The figure signified a 9.4 percent increase from the 2021 report and a 41.6 percent increase from 2020. For the 12th consecutive year, the healthcare sector suffered the most expensive data breach costs compared to any other industry examined in the report. * * *

The use of stolen or compromised credentials remained the top cause of a data breach in the 2022 report, accounting for 19 percent of all analyzed breaches.

[P]hishing attacks emerged as the second most common cause of a breach, accounting for 16 percent of all analyzed breaches. Additionally, phishing was the most expensive breach type, averaging $4.91 million.

Business email compromise (BEC) averaged $4.89 million in costs, making it nearly as expensive as a phishing attack. Unsurprisingly, incidents that had the longest average times to identify and contain them were also the most expensive.

From the cybervulnerabilities front —

Cybersecurity Dive tells us

Threat actors are increasingly distributing malware via container files, including ISO and RAR, as well as Windows shortcut files (LMK), following prior decisions by Microsoft to block macros by default in Microsoft Office, according to Proofpoint research released Thursday.  

Microsoft previously disclosed plans to block XL4 and VBA macros in Office by default in October 2021 and February, respectively. 

Proofpoint researchers said the use of VBA and XL4 macros fell by 66%  between October 2021 and June of this year. The researchers call the movement one of the “largest email threat landscape shifts in recent history.”

CISA added another known exploited vulnerability to its catalog. Hackers News explains

The vulnerability, tracked as CVE-2022-26138, concerns the use of hard-coded credentials when the Questions For Confluence app is enabled in Confluence Server and Data Center instances. “A remote unauthenticated attacker can use these credentials to log into Confluence and access all content accessible to users in the confluence-users group,” CISA notes in its advisory.

From the ransomware front, while regrettably Bleeping Computer’s The Week in Ransomware is off again this week, Bleeping Computer does report

Ransomware statistics from the second quarter of the year show that the ransoms paid to extortionists have dropped in value, a trend that continues since the last quarter of 2021.

Ransomware remediation firm Coveware has published a report today with ransomware data from the second quarter of 2022 showing that although the average payment increased, the median value recorded a significant drop.

This continues a downward trend since Q4 2021, which represented a peak in ransomware payments both average ($332,168) and median ($117,116).

“This trend reflects the shift of RaaS affiliates and developers towards the mid-market where the risk to reward profile of attack is more consistent and less risky than high profile attacks,” comments Coveware in the report.

“We have also seen an encouraging trend among large organizations refusing to consider negotiations when ransomware groups demand impossibly high ransom amounts.” The median size of the companies targeted this quarter dropped even further, with the actors looking for smaller yet financially healthy organizations to disrupt, the company says.

Security Week adds

Cybersleuths at Microsoft have found a link between the recent ‘Raspberry Robin’ USB-based worm attacks and EvilCorp, a notorious Russian ransomware operation sanctioned by the U.S. government.

According to fresh data from Redmond’s threat intelligence team, a ransomware-as-a-service gang it tracks as DEV-0206 has been caught rigging online ads to trick targets into installing a loader for additional malware previously attributed to EvilCorp.

Even more ominously, Microsoft said its research teams discovered EvilCorp malware distribution tactics and observed behavior all over the ‘Raspberry Robin’ worm seen squirming through corporate networks earlier this week.

The connection suggests the cybercriminals behind the EvilCorp operation are working with other groups to get around the U.S. Justice department sanctions that block ransomware extortion payments.

“The use of a RaaS payload by the ‘EvilCorp’ activity group is likely an attempt by DEV-0243 to avoid attribution to their group, which could discourage payment due to their sanctioned status,” Microsoft said. EvilCorp is allegedly run by Russian nationals Maksim Yakubets and Igor Turashev, who were charged by the United States in 2019. 

Friday Stats and More

David ErmerCDC, COVID-19, Rx coverage, Telehealth, U.S. Healthcare

Based on the Centers for Disease Controls Covid Data Tracker and using Thursday as the first day of the week, here is the FEHBlog’s weekly chart of new Covid cases for 2022:

The CDC’s weekly review of its Covid statistics notes “As of July 27, 2022, the current 7-day moving average of daily new cases (126,272) decreased 0.9% compared with the previous 7-day moving average (127,478).”

Here is the CDC’s chart of daily trends in new Covid hospital admissions:

The CDC’s weekly review notes “The current 7-day daily average for July 20–26, 2022, was 6,340. This is a 1.7% increase from the prior 7-day average (6,231) from July 13–19, 2022.

Also, “CDC Nowcast projections for the week ending July 23, 2022, estimate that the combined national proportion of lineages designated as Omicron will continue to be 100% with the predominant Omicron lineage being BA.5, projected at 81.9% (95% PI 79.9-83.8%).”

STAT News reports

[New Yorker Janet] Handal and the roughly 200,000 other Americans to receive Evusheld have had to recalibrate their hopes. Although the Food and Drug Administration doubled the recommended dose to compensate, and the drug — when given along with the full complement of vaccines — still offers protection against severe disease, gone are hopes that the most vulnerable could ditch masks or return to their pre-Covid lives.

Although the problem is now eight months old, few other prophylactic drugs for people with compromised immune systems are on the horizon. Several companies have announced plans to bring forward new Covid-19 antibodies, but they virtually are all either still in animal studies or are being principally developed as therapeutics.

The absence is particularly notable given the potential size of the market: Although Evusheld has remained vastly underused, a fact some physicians attribute to its hazily defined efficacy, between 7 and 10 million Americans are immunocompromised — a huge market by drug industry standards.

Here’s the FEHBlog’s weekly chart of new Covid deaths for 2022:

The CDC’s weekly review notes “The current 7-day moving average of new deaths (364) has decreased 4.8% compared with the previous 7-day moving average (382).”

Here’s the FEHBlog’s weekly chart of Covid vaccinations distributed and administered from the 50th week of 2020, when the Covid vaccination era began to the 30th week of 2022:

The CDC’s weekly review notes, “About 223.2 million people, or 67.2% of the total U.S. population, have been fully vaccinated.* Of those fully vaccinated, about 107.9 million people have received a booster dose, but 50.1% of the total booster-eligible population has not yet received a booster dose.”

Reuters reports

The U.S. government said on Friday it agreed to a $1.74 billion deal for 66 million doses of a Moderna COVID vaccine updated for the Omicron subvariant for use in a fall and winter booster campaign ***. Combined with 105 million doses the government already agreed to buy from Pfizer Inc and partner BioNTech SE for $3.2 billion, the latest deal puts the U.S. booster dose supply at about 171 million shots. read more

In CDC Communities News

As of July 28, 2022, there are 1,474 (45.8%) counties, districts, or territories with a high COVID-19 Community Level, 1,144 (35.5%) counties with a medium Community Level, and 602 (18.7%) counties with a low Community Level. Compared with last week, this represents a moderate increase (+3.9 percentage points) in the number of high-level counties, and a small decrease (−2.11 percentage points) in the number of medium-level counties and also a small decrease (−1.74 percentage points) in the number of low-level counties. 49 out of 52 jurisdictions* had high- or medium-level counties this week. Rhode Island, New Hampshire, and the District of Columbia are the only jurisdictions to have all counties at low Community Levels.

To check your COVID-19 Community Level, visit COVID Data Tracker. To learn which prevention measures are recommended based on your COVID-19 Community Level, visit COVID-19 Community Level and COVID-19 Prevention.

From the monkeypox front, the FDA provides an update on the agency’s response to this outbreak.

From the mental healthcare front —

MedPage Today brings us encouraging news

Local outpatient mental health providers are doing fine handling the increased demand from the newly launched nationwide “988” Suicide and Crisis Lifeline, despite fears that they wouldn’t be ready, according to a senior administration official.

“The states and call centers across the country absolutely rose to the increased volume that we saw,” the official said Thursday evening during a background briefing on distribution of federal grants to shore up mental health services in schools. “We can see a 45% increase in the volume of calls that came in the week of the launch, compared to the week prior, across the country — an additional 23,000 … calls, texts, and chats that came in across the lifeline.”

Healthcare Dive reports that CVS Health has appointed its first chief psychiatric officer. “Taft Parsons, MD, who has previously worked for Molina Healthcare and Henry Ford Health System, will be tasked with focusing on mental well-being for patients and will lead the Aetna Medical Affairs Behavioral Health organization.” Good luck, Dr. Parsons.

From the medical research front —

  • HealthDay informs us  “Obesity, depression, high blood pressure, asthma: These are just a few of the chronic health conditions that are now affecting almost 40 million Americans between the ages 18 and 34, new federal data shows.”
  • Mhealth Intelligence adds “While discovering new methods of care during the COVID-19 pandemic, Stanford Medicine researchers found that a smartphone app known as SkinIO is highly resourceful when detecting skin cancer among older people.”

From the telehealth front —

  • UPI reports “Using telehealth to supplement or replace in-person maternal care services, such as postpartum depression and diabetes and hypertension monitoring during pregnancy, leads to similar — and sometimes better — clinical outcomes and patient satisfaction compared to in-person care. That’s the gist of a study whose findings were published Monday in Annals of Internal Medicine.”

Finally, Health Payer Intelligence discusses a strategy for communicating relating high health plan premium increases for next year.

There are two key factors that will influence employer-sponsored health plan premiums in 2023, Jim Winkler, chief strategy officer at the Business Group on Health, told HealthPayerIntelligence by email: 

* Market inflation on prices of healthcare services

* Utilization rate of healthcare services

“Heading into 2023, employers face uncertainty in terms of the impact of market inflation on the prices of health care services and potential increases in utilization of those services,” Winkler said. 

“This all comes at a time when employers also have a heightened focus on attracting and retaining key talent while addressing the overall health and well-being needs of the workforce and their families.” * * *

“As employers prepare to communicate with their workforce, they will see that employees tend to be focused on what any cost increase means to them, both in terms of out-of-pocket costs and paycheck deductions. Employers will therefore need to assist employees on understanding how best to manage their own costs,” Winkler recommended.

Omnichannel communication with health plan members can be particularly useful for improving member engagement in employer-sponsored health plans. With omnichannel communication, payers and employers coordinate communication across multiple channels and platforms, improving the timeliness and convenience of member interactions.

Thursday Miscellany

David ErmerACA, Congress, COVID-19, COVID-19 vaccine, Federal employment benefits, HIPAA Privacy and Security Rules, Medicare, OPM, Telehealth, U.S. Healthcare, Uncategorized
Photo by Josh Mills on Unsplash

From Capitol Hill, the Wall Street Journal reports that the Senate majority’s leadership is rallying the caucus to pass the Schumer – Manchin compromise reconciliation bill that would address climate and healthcare concerns while raising taxes. The goal is for the Senate to pass the bill next week which immediately precedes the Senate’s August recess.

The Hill adds that

A day after Sen. Joe Manchin (D-W.Va.) stunned Washington by endorsing hundreds of billions of dollars for President Biden’s domestic agenda, House Democrats are rallying behind the nascent package as a crucial — if incomplete — strategy for tackling the climate crisis and easing working class economic strains.

Both articles discuss the flies remain in the reconciliation ointment.

Govexec informs us

The odds that Congress would increase the average 4.6% pay raise planned for federal employees in 2023 got a little longer Thursday, after Senate appropriators revealed that they would effectively endorse President Biden’s pay increase proposal.” The Senate Appropriations Committee on Thursday revealed all of their initial versions of fiscal 2023 spending bills, including the package governing financial services and general government, which is the vehicle by which Congress weighs in on federal employee compensation. That bill makes no mention of changes to career federal employees’ pay, effectively endorsing the pay raise plan offered by Biden in his fiscal 2023 budget proposal.

Here is a link to the Senate Appropriations Committee’s press release unveiling those bills. What caught the FEHBlog’s eye is the statement in the press release that the Senate appropriations bills, like the House appropriations bills, do not include the Hyde amendments limiting federal funding of abortions to cases of rape, incest, or endangerment of the mother’s life. That tectonic change would draw the FEHBP into the post-Dobbs controversy.

From the Affordable Care Act front, Prof. Katie Keith does her usual outstanding job breaking down the proposed ACA Section 1557 individual non-discrimination rule in Health Affairs Forefront. In the FEHBlog’s view, the rule is unnecessarily complicated. It is the FEHBlog’s understanding that this HHS rule would not apply to FEHBP and that HHS would refer Section 1557 complaints involving FEHB plans to OPM. As the preamble points out, Section 1557 is a law that doesn’t need an implementing rule. Nevertheless, HHS recommends that other agencies with programs covered by Section 1557 adopt their own implementing rule using the HHS rule as a template.

The ACA regulators issued a 13-page long ACA FAQ 54 describing in detail the ACA rule requirements under which health plans must cover contraceptive drugs and services for women without cost sharing.

On a related note, Healthcare Dive tells us

Melanie Fontes Rainer is now acting director of HHS’ Office of Civil Rights. Fontes Rainer will replace Lisa Pino, who oversaw rulemaking related to patient safety, reproductive rights and other healthcare issues and issued policy regarding health equity, long COVID and firearm injury and death prevention, the agency said in an emailed statement.

From the federal employee benefits front, Fedweek explains the circumstances under which survivors of federal employees (as opposed to federal annuitants) are eligible for federal survivor benefits.

If you are an employee who was married when you die and you had at least 18 months of creditable civilian service, your spouse will be entitled to a survivor annuity.  * * * f you were enrolled in either the self plus one or self and family options of the Federal Employees Health Benefits program when you died, the person(s) on your enrollment could continue that coverage. If you weren’t enrolled in the program (or were enrolled but in the self only option), any otherwise eligible survivors would be out of luck.

From the Omicron and siblings front, the American Medical Association offers a helpful Q&A on Covid boosters.

From the monkeypox front, Reuters makes two reports

  • The United States has the capacity to conduct 60,000-80,000 tests for monkeypox virus per week, Health and Human Services Secretary Xavier Becerra said on Thursday. When the monkeypox outbreak began, the U.S. was able to conduct only 6,000 tests per week, Becerra told reporters during a telephone briefing.
  • The U.S. Centers for Disease Control and Prevention (CDC) said on Wednesday it plans to make the rapidly spreading monkeypox disease a nationally notifiable condition. The designation, which is set to take effect on Aug. 1, updates criteria for reporting of data on cases by states to the agency and would allow the agency to monitor and respond to monkeypox even after the current outbreak recedes, the CDC said.

From the U.S. healthcare business front —

The American Hospital Association issued a report attacking the commercial health insurance industry, which in the FEHBlog’s view is akin to strangling the golden goose.

Healthcare Dive reports

Teladoc beat Wall Street expectations for revenue in the second quarter, with a topline of $592 million, up 18% year over year. Chronic care membership came in higher than analysts expected, while member utilization improved year over year.

But “all eyes” are on the vendor’s guidance for the rest of the year, which implies a third-quarter miss and a steep ramp-up for earnings in the fourth quarter, SVB Securities analyst Stephanie Davis wrote in a note on the results.

STAT News chimes in

Telehealth giant Teladoc is bracing for disappointing earnings this year as it faces headwinds that could also thwart competitors struggling to turn a profit — including increasingly frugal employers delaying or dropping contracts for virtual care.

“The challenge that we’re seeing is in these times of economic uncertainty, all purchases are just getting a significantly higher level of scrutiny,” CEO Jason Gorevic said in an earnings call Wednesday.

Gorevic also noted that declining yield on advertising suggests that individual patients may start spending less on direct-to-consumer services like BetterHelp, the company’s mental health care offering. Those hurdles aren’t unique to Teladoc. Competitors like Amwell and Talkspace could also have to grapple with cutbacks.

Healthcare Dive also delves into Amazon’s planned acquisition of One Medical. “The deal fast-tracks Amazon’s ambitions in healthcare, while giving One Medical a cushion in today’s tricky economic environment.”

Yesterday, the FEHB wrote about the hospitals receiving five stars from Medicare. Today Becker’s Hospital Review lists the 192 hospitals receiving a single start from that program.

Finally STAT News lists the 41 best books and podcasts on health and science to check out this Summer.

Midweek Update

David ErmerCongress, COVID-19, COVID-19 vaccine, Medicare, Mental health care, Telehealth, U.S. Healthcare

From Capitol Hill —

The Wall Street Journal reports

Sen. Joe Manchin (D., W.Va.) agreed to back a package aimed at lowering carbon emissions and curbing healthcare costs while raising corporate taxes, marking a stunning revival of core pieces of President Biden’s economic and climate agenda that the West Virginia Democrat had seemingly killed earlier this month

The deal, negotiated privately between Messrs. Manchin and Senate Majority Leader Chuck Schumer (D., N.Y.) since the start of last week, would raise roughly $739 billion, with much of the revenue coming from a 15% corporate minimum tax and enhanced tax enforcement efforts at the Internal Revenue Service, as well as projected savings from allowing Medicare to negotiate some prescription-drug prices.

Of that new revenue, roughly $369 billion would be spent on climate and energy programs, with another $64 billion dedicated to extending healthcare subsidies for three years for some Affordable Care Act users. The bill would dedicate the rest of the new revenue toward reducing the deficit, according to a summary provided by Messrs. Schumer and Manchin. * * *

The deal will still need the support of almost every other Democrat in Congress. Passing the agreement into law will test Mr. Schumer and the ability of House Speaker Nancy Pelosi (D., Calif.) to convince an ideologically diverse group of lawmakers to accept a deal announced by one of the party’s most conservative members. 

The announcement of a deal on Wednesday appeared to catch other Democrats off guard.

The Hill informs us

The House passed a bill Wednesday to expand telehealth services that were first introduced during the COVID-19 pandemic.

The legislation, titled the Advancing Telehealth Beyond COVID–19 Act, passed in a 416-12 vote. Eleven Republicans and one Democrat objected to the measure. Two Republicans did not vote.

The measure seeks to continue a number of telehealth policies established under Medicare that were first implemented at the beginning of the COVID-19 pandemic. If passed by the Senate and signed into law, the provisions would continue through 2024.

Fierce Healthcare adds

A key House panel advanced legislation to create an electronic prior authorization process for Medicare Advantage plans and several other reforms.

The House Ways and Means Committee unanimously advanced on Wednesday the Improving Seniors Timely Access to Care Act of 2022. The legislation has more than 300 co-sponsors and wide support across the healthcare industry.

From the Omicron and siblings front, Medpage Today asks “Can I boost with Novovax?”

While the Novavax shot is not yet authorized by the FDA as a booster, several experts told MedPage Today it could be headed that way.

“Probably the best niche now for Novavax’s purified protein vaccine is as a booster strategy for mRNA vaccines,” Paul Offit, MD, of Children’s Hospital of Philadelphia, who served on the FDA’s Vaccines and Related Biological Products Advisory Committee (VRBPAC) on Novavax, told MedPage Today.

Robert “Chip” Schooley, MD, an infectious disease expert at the University of California San Diego who has served on VRBPAC in the past, said since there “aren’t many people left who have been neither vaccinated nor infected … it will likely be mainly used as a booster.”

NPR Shots tells us

The Biden administration may scrap plans to let more younger adults get second COVID-19 boosters this summer. Instead, officials are trying to speed up availability of the next generation of boosters in the fall, NPR has learned.

The new strategy is aimed at trying to balance protecting people this summer with keeping people safe next winter, when the country will probably get hit by yet another surge.

But the possible shift is being met with mixed reactions. The Food and Drug Administration could make a final decision by the end of the week. 

The dilemma facing the FDA is that the immunity many people have gotten from getting vaccinated or infected has been wearing off. At the same time, the most contagious version of the virus to emerge yet — the omicron subvariant BA.5 — is making people even more vulnerable.

So as COVID is starting to become more serious than a cold or flu again, most people younger than age 50 aren’t eligible for fourth shots — second boosters — to protect themselves. In response, the FDA was considering opening up eligibility for second boosters for all adults.

But letting more people get boosted with the original vaccine now could interfere with plans to boost them with updated, hopefully more protective vaccines in the fall to blunt the toll of the winter surge. 

It’s quite a conundrum for the experts.

From the monkeypox front

  • NPR provides a helpful FAQ on the disease.

The Centers for Disease Control and Prevention (CDC) has expanded access to vaccines, tests, and treatments for monkeypox, agency officials said in a webinar Tuesday.

The CDC expects to release more than 750,000 doses of the JYNNEOS vaccine from its strategic stockpile within days, said panelists at the Clinician Outreach and Communication Activity (COCA) call.

In addition, by working with commercial labs, the agency has expanded US testing capacity and streamlined requirements for administering the antiviral tecovirimat, they said.

Encouraging news from the HIV front. The Wall Street Journal reports

A 66-year-old man in Southern California and a woman in her 70s in Spain are the latest in a small group of people who appear to have beaten their HIV infections, providing researchers new clues to a possible cure at a time when Covid-19and other crises are slowing progress against the spreading virus.

Doctors caring for the man said they haven’t found any human immunodeficiency virus that can replicate in his body since he stopped antiretroviral drug therapy in March 2021 after a transplant of stem cells containing a rare genetic mutation that blocks HIV infection. He was given the transplant for leukemia, for which people with HIV are at increased risk. Details of his case were made public Wednesday and will be presented at a large international AIDS conference in Montreal that opens Friday.

“He saw many of his friends and loved ones become ill and ultimately succumb to the disease and had experienced some stigma associated with having HIV,” she said. His success “opens up the opportunity potentially for older patients to undergo this procedure and go into remission from both their blood cancer and HIV.

Also from the medical research front, STAT News informs us

[F]or several years, a small New Haven, Conn.-based startup has quietly been building technology to move the needle on suicide rates among the people at highest risk: those with a history of attempts or who have suicidal thoughts and have expressed a strong desire to die.

The company, called Oui Therapeutics, has raised roughly $26 million from high-profile investors like CVS Health Ventures and First Round Capital to develop and launch an app designed to train people how to quell their suicidal impulses. It pulls from in-person therapy methods that have shown dramatic reductions in suicide attempts — nearly 60% — in a randomized trial of soldiers at high risk. * * *

If the research bears out and the app secures buy-in from regulators, it could become a powerful tool in curbing suicide, which kills over 45,000 people in the U.S. each year. Oui is part of a broader constellation of efforts — including a new national suicide prevention hotline number and the development of prevention frameworks like Zero Suicide — in recent years that aim to address rates that have risen stubbornly high.

Fingers crossed for both worthy efforts.

From the Medicare front, Beckers Hospital Review reports

CMS updated its Overall Hospital Quality Star Ratings for 2022, giving 429 hospitals a rating of five stars.

CMS assigned star ratings to hospitals nationwide based on their performance across five quality categories. This year:

* 192 hospitals received a one-star rating

* 692 hospitals received a two-star rating

* 890 hospitals received a three-star rating

* 890 received a four-star rating

* 429 received a five-star rating

The article lists all of the five star hospitals by state.

From the U.S. healthcare business front, Healthcare Dive tells us

Humana raised its profit estimates for the full year after reporting lower than expected medical costs during the second quarter.

“The lower utilization trends and lack of COVID headwinds seen to date, give us confidence in raising our full year adjusted [earnings per share] guide,” Humana CFO Susan Diamond said Wednesday on a call with investors.

Humana’s net income increased 18% to $696 million for the second quarter as the Louisville-based insurer recorded increased revenues of $23.6 billion amid enrollment growth in both Medicare and Medicaid.

The insurer noted lower inpatient utilization among Medicare members for Q2.

But the lower-than-anticipated inpatient utilization has been partially offset by higher unit costs, Diamond said. * * *

The company’s total medical membership of 17.1 million was up 0.8% year over year.

As the company continues on its value creation plan to trim $1 billion in costs, Humana said it will restructure its organization into two distinct units as it looks to simplify the company’s overall organization.

Revcycle Intelligence reports on how healthcare spending varies by region and payer type.

There is substantial variation and low correlation in healthcare spending across Medicare, Medicaid, and private insurance plans within different US regions, a study published in JAMA Network Open found.

The US spends around $3.8 trillion per year on healthcare funded by Medicare, Medicaid, and private insurers. However, spending and healthcare utilization are rarely the same for all three payers. * * *

Healthcare spending per beneficiary varied across payers. The mean private insurance spending per beneficiary was $4,441, while the Medicare mean was $10,281, and the Medicaid mean was $6,127 per beneficiary. The overall mean for the three payers was $5,782 per beneficiary.

Medicaid had the most variation in spending per beneficiary across the [241 hospital referral regions] HRRs, with a coefficient of variation of 0.233, according to the study. Private insurance had a coefficient of variation of 0.160 and Medicare had a coefficient of variation of 0.126.

Medicaid and private insurance plans likely saw more variation in spending than Medicare because Medicare relies on regulated payments to hospitals, while Medicaid and privately insured prices are generally determined by the region’s market.

In addition to spending variation among the payers individually, there was low spending correlation within regions across all three payers.

For example, the correlation coefficient between HRR level spending was 0.020 for private insurance and Medicare, 0.213 for private insurance and Medicaid, and 0.162 for Medicare and Medicaid.

Tuesday Tidbits

David ErmerCMS, Congress, COVID-19, U.S. Healthcare

From Capitol Hill, EndPoints News reports

Photo by Patrick Fore on Unsplash

A bill that would cap out-of-pocket insulin costs for the insured at $35 per month remains in limbo as the Congressional Budget Office told the two Senate sponsors of the bill that it will likely increase net prices for insulin, and will increase premiums for commercial health insurance and Medicare Part D.

The comments from the CBO may spell the end for the bill, which is effectively a Band-Aid for a segment of the pharma market that has ballooned in recent years, driving many to ration their life-saving drug.

“Spending for insulin and other pharmaceutical products would increase, CBO estimates, because overall medication use would increase in response to lower cost-sharing requirements,” CBO director Phillip Swagel wrote to Sens. Jeanne Shaheen (D-NH) and Susan Collins (R-ME) on Friday. “Some use of insulin might also shift to newer and more expensive insulin products. Increased spending for pharmaceutical products would result in increased spending for health care overall.”

STAT News adds

Democrats are closer than ever before to finally achieving a goal they’ve been pursuing for nearly two decades — allowing Medicare to negotiate prescription drug prices. Skeptical lawmakers seem to be on board; the bill text is already under review by the Senate’s rules referee. Congressional leadership and the White House have come up with a plan to barrel toward a vote that could come as soon as next week.

Drugmakers, in turn, are intensifying their opposition efforts.

From the Omicron and siblings front

The Wall Street Journal informs us

Charley Ding spent weeks early in the pandemic intubating patients sick with Covid-19. The 42-year-old anesthesiologist in South Barrington, Ill., said he has since watched most of the doctors and nurses he works with get infected at some point.

But he has never gotten Covid-19, he said. “It’s probably a combination of being careful, maybe being blessed with a good immune system,” he said. “But also just luck.”

Dr. Ding is a member of a shrinking club of people who are pretty sure they have never been infected with SARS-CoV-2, the virus that causes Covid-19. Geneticists and immunologists are studying factors that might protect people from infection, and learning why some are predisposed to more severe Covid-19 disease.

For many, the explanation is likely that they have in fact been infected with the virus at some point without realizing it, said Susan Kline, professor of medicine at the University of Minnesota Medical School. About 40% of confirmed Covid-19 cases are asymptomatic, according to a meta-analysis published in December in the Journal of the American Medical Association.

More than two years into the pandemic, most people worldwide have likely been infected with the virus at least once, epidemiologists said. Some 58% of people in the U.S. had contracted Covid-19 through February, the Centers for Disease Control and Prevention has estimated. Since then, a persistent wave driven by offshoots of the infectious Omicron variant thas kept daily known cases in the U.S. above 100,000 for weeks. 

As someone who is a member of Dr. Ding’s shrinking club, the FEHBlog thinks that he may have had Covid at some point and in any event, it’s a matter of time before officially contracts it. Covid is gaining similarity to its cousin the common cold.

The FEHBlog has moved his residence inside the Capital Beltway to Dripping Springs, Texas. His Texas residence has a home office. He has come back to work at his DC law firm this week. When working in DC, he stays at a hotel next to his office building. All of this has cut into his commuting time when he listened to Russ Robert’s Econtalk. This evening he traveled up to have dinner with one of his sons outside Baltimore. This allowed him to listen to the July 18 episode of Econtalk during which Russ Roberts discussed Covid with Dr. Vinay Prasad of the University of California San Francisco. Their conversation is very insightful into the public health aspects of the Covid pandemic. It’s worth a listen or read the transcript on the website.

From the public health front, the Department of Health and Human Services announced

Today, the Centers for Medicare & Medicaid Services (CMS) unveiled its Maternity Care Action Plan to support the implementation of the Biden-Harris Administration’s Blueprint for Addressing the Maternal Health Crisis. The action plan takes a holistic and coordinated approach across CMS to improve health outcomes and reduce inequities for people during pregnancy, childbirth, and the postpartum period. CMS’ implementation of the action plan will support the Biden-Harris Administration’s broad vision and call to action to improve maternal health.

“Strengthening maternal health is key to strengthening the health and wellbeing of communities across America,” said HHS Secretary Xavier Becerra. “At HHS, we are taking unprecedented action to advance the Biden-Harris Administration’s vision to improve maternal health and tackle disparities, and I’m proud of the bold action plan CMS has laid out to contribute to our goals. Today is just the beginning: we will tirelessly work to make sure all mothers get the care and support they need.”

Through the action plan, CMS Administrator Chiquita Brooks-LaSure also encouraged industry stakeholders – including health care facilities, insurance companies, state officials, and providers – to consider key commitments the private sector can make to improve maternal health outcomes. Industry can submit proposed commitments at http://cms.gov/maternalhealthcommitments .

From the U.S. healthcare front, Healthcare Dive tells us

The Mayo Clinic earned the No. 1 spot for a seventh straight year in U.S. News & World Report’s best hospitals ranking published Tuesday. Cedars-Sinai Medical Center, NYU Langone Hospitals and the Cleveland Clinic followed next, with Johns Hopkins Hospital and UCLA Medical Center tied in fifth place.

In the specialty rankings, University of Texas MD Anderson Cancer Center was named best in cancer, Cleveland Clinic was first in cardiology and heart surgery, and NYU Langone Hospitals led in neurology and neurosurgery.

U.S. News added three service areas of evaluation this year, for ovarian, prostate and uterine cancer surgeries. The publication also introduced “home time” as an outcome measure in certain ratings, reflecting patients’ preference for recovering at home.

Becker’s Health IT looks at the Amazon – One Medical deal from the perspective of Amazon v. Optum.

From the U.S. healthcare business front, Fierce Healthcare reports

In its latest earnings results, [health insurer Centene] posted a $172 million loss in the second quarter, still beating the Street and slimming its losses compared to the prior year’s quarter. In the second quarter of 2021, Centene reported a $535 million loss, according to its earnings report released Tuesday morning. * * *

The company added about 200,000 members in the second quarter, reaching 26.4 million in total membership. That’s up by more than one million from the second quarter of 2021, when the insurer reported 24.7 million members.

“Our strong second quarter results reflect the consistency of Centene’s product performance,” Centene CEO Sarah London said in a statement. “The second quarter reflects continued execution on our Value Creation Plan with tangible actions and results, providing an excellent foundation from which we will continue to build over the next couple of years.”

From the reports and studies (tidbits?) department —

Health Leaders Media informs us

It’s payers, not providers, that American turn to when seeking out pricing information for healthcare services, according to a survey on price transparency.

The poll, conducted by YouGov on behalf of AI for healthcare operations company AKASA, highlights the need for both insurers and providers to follow pricing regulations for the sake of the patient experience.

Of the 2,026 adults surveyed nationally in March, just 36% indicate they have researched prices for services, of which 60% say they would look to their insurance company for pricing information.

When seeking out information through a payer, 44% would look on the insurer’s website and 29% would call their insurer.

InsuranceNews Net reports

A majority of those who receive health insurance through their employer-provided plan said they are more satisfied with the coverage they receive through work than they are with the current health insurance system overall.

That was one of the key takeaways from research conducted by Locust Street Group and presented at a webinar by America’s Health Insurance Plans. The research was part of AHIP’s Coverage@Work campaign, which aims to educate policymakers and the public about the value of employer-provided coverage.

The survey showed that although 54% of the 1,000 adults surveyed said they are satisfied with the current health system overall, 67% said they were satisfied with the coverage they receive through their employer.

What makes someone satisfied with their coverage? The top three reasons given were:

* Affordability – 45%

* Comprehensive coverage – 45%

* Choice of providers – 44%

Other factors that rounded out the list of reasons for being satisfied included: free preventive services, consistency, customer service, the ability to receive care locally, wellness incentives and innovation.

Monday Roundup

David ErmerACA, CDC, COVID-19, OPM, Telehealth, U.S. Healthcare
Photo by Sven Read on Unsplash

From the Omicron and siblings front, STAT News reports

The Biden administration is preparing a sweeping initiative to develop a next generation of Covid-19 immunizations that would thwart future coronavirus variants and dramatically reduce rates of coronavirus infection or transmission, building on current shots whose impact has been mainly to prevent serious illness and death, the White House told STAT.

To kick off the effort, the White House is gathering key federal officials, top scientists, and pharmaceutical executives including representatives of Pfizer and Moderna for a Tuesday “summit” to discuss the new technologies and lay out a road map for developing them.

“These are vaccines that are going to be far more durable, that are going to provide far longer-lasting protection, no matter what the virus does or how it evolves,” Ashish Jha, the White House Covid-19 response coordinator, said in an interview. “If we can drive down infections by 90% … Covid really begins to fade into the background, and becomes just one more respiratory illness that we have to deal with.”

Here’s hoping. Curiously, the federal government did not start this effort last year when Delta was raging.

The Centers for Disease Control posted an information sheet on the Novovax vaccine. The FEHBlog was surprised to read “Novavax COVID-19 vaccine is not authorized for use as a booster dose.” The FEHBlog had read months ago that the Novovax vaccine would make a dandy booster to a series of mRNA shots.

Medscape discusses long Covid symptoms.

People who reported sore throats, headaches, and hair loss soon after testing positive for COVID-19 may be more likely to have lingering symptoms months later, according to a recent study published in Scientific Reports.

Researchers have been trying to determine who faces a higher risk for developing long COVID, with symptoms that can last for weeks, months, or years after the initial infection. So far, the condition has been reported in both children and adults, healthy people, those with preexisting conditions, and a range of patients with mild to severe COVID-19.

“These people are not able to do necessarily all the activities they would want to do, not able to fully work and take care of their families,” Eileen Crimmins, PhD, the senior study author and a demographer at the University of Southern California’s Leonard Davis School of Gerontology, told the Los Angeles Times.

“That’s an aspect of this disease that needs to be recognized because it’s not really as benign as some people think,” she said. “Even people who have relatively few symptoms to start with can end up with long COVID.”

From the Affordable Care Act front, the Department of Health and Human Services released today a proposed third version (Obama, Trump, Biden) version of a rule implementing Section 1557, the individual non-discrimination provision of the Affordable Care Act. Here are links to the proposed rule and the Department’s fact sheet. The law needs an implementing rule because its wording is garbled. The FEHBlog didn’t think he would ever see a more complicated rule than the Obama Administration’s 2016 rule, but at least at first glance, it appears that the Biden Administration has cleared that high bar. Later this week, the FEHBlog will offer his take on the extent of the rule’s application to the FEHBP. The public comment period will be 60 days long once the proposed rule is published in the Federal Register.

The Wall Street Journal has launched an investigative journalism campaign against certain large charitable hospitals.

Nonprofit hospitals get billions of dollars in tax breaks in exchange for providing support to their communities. A Wall Street Journal analysis shows they are often not particularly generous.

These charitable organizations, which comprise the majority of hospitals in the U.S., wrote off in aggregate 2.3% of their patient revenue on financial aid for patients’ medical bills. Their for-profit competitors, a category including publicly traded giants such as HCA Healthcare Inc., wrote off 3.4%, the Journal found in an analysis of the most-recent annual reports hospitals file with the federal government.

Among nonprofits with the smallest shares of patient revenue going toward charity care—well under 1%—were high-profile institutions including the biggest hospitals of California’s Stanford Medicine and Louisiana’s Ochsner Health systems. At Avera Health, a major hospital system in South Dakota, charity care was roughly half of 1% of patient revenue across all its 18 hospitals.

You get the gist. These Journal investigations usually attract attention on Capitol Hill.

From the public health front, the Washington Post discusses the meaning of a pre-diabetes diagnosis to the over 65 crowd.

More than 26 million people 65 and older have prediabetes, according to the Centers for Disease Control and Prevention. How concerned should they be about progressing to diabetes?

Not very, some experts say. Prediabetes — a term that refers to above-normal but not extremely high blood sugar levels — isn’t a disease, and it doesn’t imply that older adults who have it will inevitably develop Type 2 diabetes, they say.

“For most older patients, the chance of progressing from prediabetes to diabetes is not that high,” said Robert Lash, the chief medical officer of the Endocrine Society. “Yet labeling people with prediabetes may make them worried and anxious.”

Other experts believe it is important to identify prediabetes, especially if doing so inspires older adults to add more physical activity, lose weight and eat healthier diets to help bring their blood sugar under control.

Based on personal experience, the FEHBlog finds himself supporting “the other experts.”

From the OPM / FEHB front —

  • OPM today issues a fact sheet on the steps being taken to implement the President’s June 2021 Executive Order on increasing diversity, equity, and inclusion in the federal workforce.
  • FedSmith has an article encouraging federal annuitants to take look this Open Season at FEHB plans which offer an integrated Medicare Advantage. The number of those plans has been growing over the past two Open Seasons and the FEHBlog anticipates the number will continue to grow this coming Open Season.

From the telehealth front, mHealth Intelligence points out

The benefits of breastfeeding are well-documented. Breast milk is a comprehensive source of infant nutrition, can help stave off some short-and long-term illnesses, and enables babies to gain valuable antibodies from their mothers, according to the Centers for Disease Control and Prevention. Further, breastfeeding can reduce the mother’s risk of developing several conditions, including breast and ovarian cancer and type 2 diabetes.

Though a majority of babies are breastfed initially, there appears to be a drop-off at the six-month mark, and rates continue to decline from there. In total, about 84 percent of babies were breastfed in 2018, but only 57 percent were breastfed at six months and 35 percent at 12 months, according to CDC data.

To support breastfeeding, the five-hospital Trinity Health of New England system joined forces with Nest Collaborative last month to launch a telehealth program.

The telehealth-enabled breastfeeding support program, launched at the end of June, connects pregnant women and new mothers to a nationwide network of lactation consultants.

Nest Collaborative’s [lactation consultants] help families reach their breastfeeding goals and assist them in making informed decisions about infant feeding options,” said Judith Nowlin, CEO of Nest Collaborative, in an email.

Weekend update

David ErmerACA, Congress, COVID-19, Medicare, U.S. Healthcare
Photo by Dane Deaner on Unsplash

From Capitol Hill, The House of Representatives and the Senate will be in session for Committee business and floor voting this week. This is the last week that the House is in session before the August recess. The Senate has one more week of legislative work before it heads off on its State work period for the eighth month of the year.

The Wall Street Journal adds

Congress nears the close of a packed legislative session this week, aiming to pass legislation providing about $54 billion to boost U.S. semiconductor manufacturing while also juggling a raft of other bills ahead of the monthlong August recess.

Along with the bipartisan bill subsidizing chips, Democrats are hoping to salvage a piece of President Biden’s once-ambitious domestic agenda, looking to advance a measure aimed at lowering some drug and healthcare costs. The party is also weighing whether to hold votes related to social issues and guns that could help rally the party’s base. * * *

In the Senate, Democrats are awaiting guidance from the Senate’s parliamentarian over whether a measure aimed at lowering drug costs by giving Medicare the right to negotiate prices for a narrow set of drugs will comport with the Senate’s procedures for passing bills through a budget-related process known as reconciliation. Democrats in the 50-50 Senate are using the special process because it allows the passage of bills with only a simple majority, instead of the 60 votes required for most legislation. The procedure is only available until Sept. 30, the end of the fiscal year.

Mr. Hoyer said that if Senate Democrats are able to soon pass the drug-pricing bill, which would also extend Affordable Care Act subsidies, then the House would return from its August recess to clear the measure in time for insurance companies to factor in the subsidies when they set prices for their plans.

From the Omicron and siblings front, the New York Times informs us

People with coronavirus infections of the Omicron variant often have significantly different viral levels in their noses, throats and saliva, and testing just a single type of sample is likely to miss a large share of infections, according to two new papers, which analyzed Omicron infections over time in a small number of people.

The papers, which have not yet been published in scientific journals, suggest that coronavirus tests that analyze both nasal and throat swabs would pick up more Omicron infections than those that rely on just a nasal swab. Although these combined tests are common in other countries, including Britain, none are yet authorized in the United States.

“You could get a lot more bang for your buck if you use these mixed specimen types,” said Rustem Ismagilov, a chemist at the California Institute of Technology and the senior author of both papers. But in the United States, he said, “we are stuck with nobody doing it.”

And yet the CDC has recorded nearly 90 million cases in our country.

From the unusual viruses front

STAT News reports

The World Health Organization on Saturday declared the unprecedented monkeypox outbreak that has spread around the world a public health emergency, a decision that will empower the agency to take additional measures to try to curb the virus’s spread.

In an unusual move, WHO Director-General Tedros Adhanom Ghebreyesus made the declaration even though a committee of experts he had convened to study the issue did not advise him to do so, having failed to reach a consensus. The same committee met just one month ago and declined to declare a public health emergency of international concern, or PHEIC [pronounced fake].

Secretary of Health and Human Services expressed his support for this decision.

Bloomberg Prognosis provides a quick take on monkeypox and its spread. Among other takes

The illness is usually mild and most patients will recover within a few weeks; treatment is mainly aimed at relieving symptoms. About 10-to-15% of cases have been hospitalized, mostly for pain and bacterial infections that can occur as a result of monkeypox lesions. The CDC says smallpox vaccine, antivirals, and vaccinia immune globulin can be used to treat monkeypox as well as control it.

The Wall Street Journal adds

Unusual for an emerging disease, there are already vaccines and treatments that can be used to counter monkeypox. That is because some governments have invested in developing defenses against the accidental or deliberate reintroduction of smallpox, a closely related but much more severe virus. Some countries hold these treatments and vaccines in national stockpiles, but they aren’t readily available everywhere.

In some places, including the U.S., U.K. and parts of Canada, broad groups of men who have sex with men are being offered vaccination in an effort to slow the spread, although vaccine supplies have so far been constrained. Public-health authorities also are working to raise awareness among men who have sex with men about the spread of monkeypox.

From the Medicare front, STAT News reports

The federal government is hashing out the details on a new type of rural hospital, and new developments suggest regulators want to make it an attractive option.

So-called Rural Emergency Hospitals (REH) will run emergency rooms, but won’t offer inpatient care. On top of bumped-up Medicare reimbursement, they’ll get facility payments north of $3 million annually, which is nothing to sneeze at for small hospitals. The new details were part of the government’s proposed Medicare payment rates for hospital outpatient services in 2023, released Friday [July 15].

For their part, hospitals aren’t yet sold on the idea.

From the Affordable Care Act front, we have Section 1557 news:

On Monday, July 25, 2022, [at 2:15 pm ET] the U.S. Department of Health and Human Services will announce a proposed rule to strengthen Section 1557 of the Affordable Care Act (ACA), which prohibits discrimination on the basis of race, color, national origin, sex, age, and disability in certain health programs and activities. 

In regard to sex, which includes sexual orientation and gender identity, the proposed rule would solidify protections against discrimination consistent with the U.S. Supreme Court’s holding in Bostock v. Clayton County.  

Strengthening this rule is a significant achievement for the Biden-Harris Administration and promotes gender and health equity and civil rights for communities of color, women, LGBTQI+ individuals, people with disabilities, persons with limited English proficiency (LEP), and seniors.

From the reports and studies department

  • Fortune Well tells us “While two-thirds of Alzheimer’s cases are in women, an overwhelming majority don’t know they are at an increased risk for the disease, a new survey finds. A survey conducted by the Cleveland Clinic last month found that while 71% of women respondents saw a doctor for their health in the last year, 82% of them did not know that they are at increased risk for Alzheimer’s disease and 73% percent had not talked to their doctor about their brain health.”

Early physician follow-up with a comprehensive transitional care strategy and effective chronic disease management after discharge was associated with reduced 90-day readmissions among patients with COPD and other complex conditions.

“This population-based retrospective cohort study found that early follow-up with a [primary care] physician or relevant specialist was associated with fewer readmissions for patients with [congestive heart failure] or COPD, fewer COPD-related readmissions for patients with COPD and lower mortality for patients with [congestive heart failure], all within 90 days of discharge, but that there was no demonstrable benefit at 30 days or for patients with [acute myocardial infarction],” Farah E. Saxena, MPH,researcher at the Canadian Partnership Against Cancer in Toronto, and colleagues wrote in JAMA Network Open.

  • The CDC reports “Adults who receive diabetes education follow more recommended preventive care practices, such as getting regular physical activity.” Many FEHB plans offer diabetes education services.

Cybersecurity Saturday

David ErmerCybersecurity, OPM

From Capitol Hill, Cyberscoop reports

The House Energy and Commerce Committee voted Wednesday [July 20] to advance sweeping privacy legislation with strong bipartisan support.

The American Data and Privacy Protection Act (ADPPA) [H.R. 8152] could see a full floor vote as early as next week, moving forward what would become the nation’s first comprehensive privacy law.

But some lawmakers and privacy experts are now alarmed the legislation may not address some of the most pressing issues related to consumer privacy — reining the massive growth in data brokers that buy and sell the public’s information and curbing potential abuse of commercial data such as reproductive health information. * * *

The American Data Privacy Protection Act isn’t the only potential mechanism for Congress to crack down on data brokers or the abuse of their services. For instance, [Sen. Ron] Wyden’s bipartisan and bicameral The Fourth Amendment Is Not For Sale Act [S. 1265 and H.R. 2738] would prohibit law enforcement from purchasing data that would otherwise require a warrant. House Judiciary leaders called for a markup of the bill at a hearing on Tuesday [July 19].

Several House Energy and Commerce Committee members made clear Wednesday that they would like to see additional discussion before giving the bill their support for a full floor vote. And even if it gets to the Senate, the bill faces strong resistance from Senate Commerce Chair Maria Cantwell, D. Wash., who has previously said she would not bring the bill for markup.

From the cyber breaches front, Health IT Security informs us

Fortified Health Security’s mid-year report on the state of healthcare cybersecurity observed slight shifts in healthcare data breach trends in the first half of 2022. The HHS Office for Civil Rights data breach portal showed that there have been 337 healthcare data breaches impacting more than 500 individuals each in the first half of this year, signifying a slight decrease from 368 at this time last year.

“While the number of healthcare cybersecurity reported breaches has leveled off after meteoric rises over the past several years, hospitals and health systems still cannot breathe a sigh of relief,” the report stated.

“The percentage of healthcare breaches attributed to malicious activity rose more than 5 percentage points in the first six months of 2022 to account for nearly 80 [percent] of all reported incidents.”

Reuters adds

Plaintiffs’ lawyers representing a class of millions of federal employees in a data-breach lawsuit against the U.S. [Office of Personnel Management] asked a Washington, D.C., judge on Thursday to award more than $8.5 million in legal fees for their work securing a $63 million settlement.

The class attorneys at San Francisco-based Girard Sharp, working with 14 other firms, said in a court filing that the “novelty and complexity” of the litigation, which began in 2015, justified the requested fee. * * *

A fairness hearing is scheduled for Oct. 14.

From the cyber vulnerabilities front —

Cybersecurity Dive reports

Threat actors are likely exploiting a critical vulnerability that surfaced in a pair of Confluence support apps after a hardcoded default password was leaked, Atlassian warned customers in an advisory update on Thursday [July 21].

The culprit, a default password for admin control on Atlassian’s Questions for Confluence app, allows attackers to gain access to unpatched servers. Atlassian released a patch for the vulnerability and advised all organizations running affected Confluence systems to update the app, disable or delete the default “disabledsystemuser” admin account.

The Cybersecurity and Infrastructure Security Agency Friday [July 22] issued an advisory to alert customers to the latest vulnerability impacting Confluence. “An attacker could exploit this vulnerability to obtain sensitive information,” the agency said.

HHS’s Healthsector Cybersecurity Coordination Center (HC3) shared a PowerPoint presentation on Web Application Attacks in Healthcare.

From the ransomware front —

Cybersecurity Dive reports

Affiliates of the LockBit ransomware group are infiltrating on-premises servers to spread malware on targeted networks, according to new research from Broadcom’s threat hunting team at Symantec.

Threat analysts observed a threat actor operating on a victim’s enterprise network with remote desktop protocol access for several weeks before it dropped and executed the LockBit ransomware. This type of sustained and undetected access allows attackers to conduct reconnaissance and identify weaknesses on networks before deploying payloads.

Attackers operating LockBit ransomware can leverage group policy management to spread the malware through a network, run commands and encrypt many machines almost simultaneously, Symantec’s researchers said.

Cyberscoop tells us

Typically, when it comes to ransomware, researcher and cybersecurity companies scramble after attacks to understand the origin of the malware that infected systems and locked crucial data. 

But researchers with Censys, a firm that indexes devices connected to the internet, said Thursday they’ve flipped the typical script and found what appears to be a ransomware command and control network capable of launching attacks, including one host located in the U.S.

Matt Lembright, Censys’ director of federal applications and author of the report, told CyberScoop that they came across the network after running a search through the company’s data for the top 1,000 software products currently observable on Russian hosts. After seeing Metasploit — penetration testing software frequently used for legitimate purposes — on just nine hosts out of more than 7.4 million, the team did some additional digging. 

The team eventually found two Russian-based hosts containing a combination of Acunetix, a web vulnerability tester, and DeimosC2, a command and control tool to use on compromised machines after exploitation.

The American Hospital Association reports

The Justice Department has recovered about $500,000 in ransom that a Kansas hospital and Colorado medical provider paid to state-sponsored North Korean hackers, the agency announced yesterday [July 19].

“Thanks to rapid reporting and cooperation from a victim, the FBI and Justice Department prosecutors have disrupted the activities of a North Korean state-sponsored group deploying ransomware known as ‘Maui,’” said Deputy Attorney General Lisa O. Monaco yesterday at the International Conference on Cyber Security. “Not only did this allow us to recover their ransom payment as well as a ransom paid by previously unknown victims, but we were also able to identify a previously unidentified ransomware strain.”

Federal agencies this month recommended U.S. health care organizations take certain actions to protect against the Maui ransomware threat. [See July 9 Cybersecurity Saturday post.]

And, of course, what would we do without Bleeping Computer’s The Week in Ransomware – headlined “Attacks Abound.”

From the cyberdefenses front —

Health IT Security points us to

Drafted by the Health Information Management Working Group, the Cloud Security Alliance (CSA) released new guidance on third-party risk management in healthcare.

Threat actors are increasingly using third-party business associates as easier entry points into customer networks. Once inside the network, the malicious hackers may be able to access sensitive health data, encrypt files, and deploy ransomware on organizations that the associate does business with.

Cybersecurity Dive discusses public-private efforts to build the cybersecurity workforce.

The National Cyber Workforce and Education Summit highlighted an ongoing push to help meet an urgent demand for qualified cybersecurity professionals. 

Cyberseek research shows there are more than 700,000 open cybersecurity jobs in the U.S. and organizations face serious challenges in finding a diverse pool of workers. There is also heightened pressure to defend against a recent surge in malicious cyber activity. 

A range of government agencies, private sector companies and nonprofit organizations have made commitments to recruit, train and encourage potential employees to pursue careers in cybersecurity. 

Organizations are also making an effort to better train students in math, science and related fields to better prepare the workforce of the future. 

In that regard, the article points out five programs to develop cybersecurity talent. What’s more, Govexec reports

Kiran Ahuja, director of the Office of Personnel Management, told lawmakers on Thursday [July 21] that her agency wants “to work with Congress to develop a governmentwide cyber workforce plan that puts agencies on equal footing in competing for cyber talent.”

Special cyber hiring and pay authorities at the Department of Homeland Authority create competition for talent among government agencies – something that needs to be addressed, she said along with Jason Miller, deputy director for management at the Office of Management and Budget.

“Congress passed a particular cyber talent program for DHS that has now become sort of … the king of programs within the federal government and other agencies are having to compete with that,” said Ahuja during a hearing of the House Oversight and Reform Committee’s Government Operations subcommittee.

Finally, Security Boulevard offers “defense against ransomware” tips.

Friday Stats and More

David ErmerCOVID-19

Based on the CDC’s Covid Data tracker and using Thursday as the first day of the week, here is the FEHBlog’s weekly chart of new Covid cases for 2022:

Weeks 1 – 15 reflect the rise and fall of Omicron. The subsequent weeks reflect the ongoing attack of Omicron’s subvariants or siblings as the FEHBlog refers to them. Although the subvariants are more contagious than Omicron, the siblings haven’t come anywhere near the number of infections that Omicron produced in a rather short time.

The CDC’s weekly review of its Covid statistics notes “As of July 20, 2022, the current 7-day moving average of daily new cases (125,827) increased 0.5% compared with the previous 7-day moving average (125,185).”

Here’s the CDC’s Chart of Daily Trends in new Covid hospital admissions

The CDC’s weekly review points out “The current 7-day daily average for July 13–19, 2022, was 6,180. This is a 4.7% increase from the prior 7-day average (5,902) from July 6–12, 2022.”

Here’s the FEHBlog’s weekly chart of new Covid deaths for 2022:

The CDC’s weekly review adds “The current 7-day moving average of new deaths (348) has decreased 9.5% compared with the previous 7-day moving average (384).

Oddly enough, while hospitalizations are rising but deaths aren’t, STAT News reports

For many immunocompromised patients, Evusheld was supposed to offer salvation, a way of protecting people who couldn’t respond to vaccines because their T cells and B cells were impaired  — perhaps by cancer, a genetic condition, or drugs taken for organ transplants. Many saw it as their path back to a pre-Covid life, or at least to seeing family and friends again after a two-year hermitage. 

Yet eight months after the Food and Drug Administration first authorized the treatment, only a tiny fraction of the roughly 7 million patients who might be eligible have received it.  Hundreds of thousands of doses sit on shelves in hospitals and infusion centers across the country, even as a new coronavirus variant rips through the population.

“I think it’s clear throughout the pandemic that lip service has been paid for protecting immunocompromised Americans, but actual policy delivery has failed time and time again,” said Matthew Cortland, a senior fellow at Data for Progress who has been tracking Evusheld distribution.

The manufacturer Astra-Zeneca has launched a direct-to-consumer ad campaign — the first for any Covid treatment.

Here’s the FEHBlog’s chart of Covid vaccinations distributed and administered from the beginning of the vaccination era — the 51st week of 2020 — through the 29th week of 2022:

The CDC’s weekly review comments

Overall, about 261.2 million people, or 78.7% of the total U.S. population, have received at least one dose of vaccine. About 223.0 million people, or 67.2% of the total U.S. population, have been fully vaccinated.* Of those fully vaccinated, about 107.5 million people have received a booster dose,** but 50.2% of the total booster-eligible population has not yet received a booster dose. * * *

According to CDC’s COVID Data Tracker, only about 34% of people who are eligible for a COVID-19 booster and about 29% of people ages 50 years and older who are eligible for a second booster have gotten one. Booster vaccination rates vary widely across the United States. In the Northeast and parts of the Midwest, 50% to 70% of eligible people have gotten a first booster in almost every county. Unfortunately, much of the Southeast and Southwest are in the 30% to 40% range. 

Here’s the CDC’s community level report from the weekly review:

As of July 21, 2022, there are 1,350 (41.9%) counties, districts, or territories with a high COVID-19 Community Level, 1,212 (37.6%) counties with a medium Community Level, and 658 (20.4%) counties with a low Community Level. Compared with last week, this represents an increase (+6.5 percentage points) in the number of high-level counties, a decrease (−2.0) percentage points) in the number of medium-level counties, and a corresponding decrease (−4.5) percentage points) in the number of low-level counties. 50 out of 52 jurisdictions* had high- or medium-level counties this week. Rhode Island and Maine are the only jurisdictions to have all counties at low Community Levels.

To check your COVID-19 Community Level, visit COVID Data Tracker. To learn which prevention measures are recommended based on your COVID-19 Community Level, visit COVID-19 Community Level and COVID-19 Prevention.

Finally, STAT News explores the following conundrum: “‘There’s no one long Covid’: Experts struggle to make sense of the continuing mystery,” and David Leonhardt writing in the New York Times offered his clear eyed view of the Covid situation in yesterday’s column.