Cybersecurity Saturday

David Ermer

I am an attorney who practices law in Washington DC. My practice has involved the Federal Employees Health Benefits Program since 1983.

Cybersecurity Saturday

David ErmerCybersecurity

From the cybersecurity policy front,

  • The Federal Employees Health Benefits Program has two sets of regulations — OPM’s rules found at 5 CFR Part 890 and because federal procurement contracts create FEHB plans, the Federal Acquisition Regulation (FAR) at 48 CFR Chap. 1 and OPM’s implementing FEHB Acquisition Regulation (FEHBAR)found at 48 CFR Chap. 16. It’s worth noting that the FAR was first issued forty years ago.
  • The Holland and Knight law firm discusses two proposed FAR cybersecurity rules published on October 3, 2023. The first one (FAR Case No. 2021-17) captioned “Cyber Threat and Incident Reporting and Information Sharing will apply to the FEHB Program as it generally imposes obligations on federal contractors. The other rule (FAR Case No. 2021-19 captioned “Standardizing Cybersecurity Requirements for Unclassified Federal Information Systems” will not apply to the FEHB because carrier systems are not federal information systems. The public comment deadline for the two proposed rules is December 4, 2023.  
  • The National Security Agency announced on October 5, 2023,
    • “The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing a joint Cybersecurity Advisory (CSA) highlighting the top ten most common cybersecurity misconfigurations found in large organizations’ networks. The CSA details tactics, techniques, and procedures (TTPs) that cyber actors could use to compromise these networks, as well as mitigations to defend against this threat. * * *
    • “As indicated in the CSA, these most common misconfigurations illustrate a trend of systemic weaknesses in several large organizations and the importance of software manufacturers embracing secure-by-design principles to reduce the risk of compromise.
    • “Some of the misconfigurations mentioned in the CSA include default configurations of software and applications, weak or misconfigured multifactor authentication (MFA) methods, and unrestricted code execution.
    • “NSA and CISA encourage network defenders and software manufacturers to implement the recommendations found within the Mitigations section of this advisory to reduce the risk of compromise. The agencies also recommend network owners and operators examine their networks for similar misconfigurations even when running other software not specifically mentioned in the advisory.”
  • The Cybersecurity and Infrastructure Security Agency (CISA) announced on October 4, 2023,
    • “CISA and the National Security Agency (NSA) published Identity and Access Management: Developer and Vendor Challenges, authored by the Enduring Security Framework (ESF), a CISA- and NSA-led working panel that includes a public-private cross-sector partnership. ESF aims to address risks that threaten critical infrastructure and national security systems.
    • “This publication, which follows ESF’s Identity and Access Management Recommended Best Practices Guide for Administrators, assesses and addresses challenges developers and technology manufacturers face in identity and access management (IAM). The guidance specifically addresses technology gaps that limit the adoption and secure employment of multifactor authentication (MFA) and single sign-on (SSO) technologies within organizations.
    • “Although the publication primarily addresses challenges facing large organizations, it also provides recommendations applicable to smaller organizations. CISA encourages cybersecurity defenders to review this guidance and to speak to their software vendors about implementing its recommendations.”
  • The Health Sector Cybersecurity Coordination Center (HC3) released on October 4, 2023, a sector alert about securing remote access and management software.
    • “Cybersecurity and law enforcement agencies such as CISA, MS-ISAC, CIS, and the FBI have been reporting on increased misuse of remote access software to target organizations and critical infrastructure sectors.
    • “For implications to the Healthcare and Public Health (HPH) sector, remote access solutions keep healthcare professionals connected while also providing increased flexibility and convenience. But the same solutions used to operate, maintain, and secure healthcare systems and networks can also be turned against their own infrastructure. Mitigating the risk associated with them is not as simple as deploying a patch or reconfiguring an application.”
  • The Health Sector Council released an updated Health Industry Cybersecurity Supply Chain Risk Management Guide – Version 2023 (HIC-SCRiM-v2)
    • The HIC-SCRiM is a toolkit for small to mid-sized healthcare institutions to better ensure the security of the products and services they procure through an enterprise supply chain cybersecurity risk management program.

From the cybersecurity breaches and vulnerabilities front,

  • HC3 announced on October 6, 2023,
    • “Cisco recently released an update that fixes a critical vulnerability in their Emergency Responder communications platform, a system that is utilized in the health sector. The exploitation of this vulnerability allows for a cyberattacker to completely compromise a vulnerable system and then utilize it for further cyberattacks across an enterprise network. HC3 recommends healthcare organizations identify vulnerable systems in their infrastructure and prioritize the implementation of this update.”
  • HC3 posted its report on September vulnerabilities of interest to the health sector on October 5, 2023.
    • In September 2023, vulnerabilities to the health sector have been released that require attention. This includes the monthly Patch Tuesday vulnerabilities released by several vendors on the second Tuesday of each month, along with mitigation steps and patches. Vulnerabilities for September are from Microsoft, Google/Android, Cisco, Apple, Mozilla, SAP, Fortinet, VMWare, Progress Software, and Adobe.
    • A vulnerability is given the classification as a zero-day when it is actively exploited with no fix available or if it is publicly disclosed.
    • HC3 recommends patching all vulnerabilities with special consideration to the risk management posture of the organization.
  • CISA added one known exploited vulnerability to its catalog on October 2, another one on October 3, two more on October 4 (and deleted five catalog entries) and three more on October 5, 2023.

From the cybersecurity defenses front,

  • Cybersecurity Dive discusses what to consider when choosing cybersecurity providers.
  • Dark Reading proposes “five steps [by which] organizations can develop stronger security practices and make the inevitable breaches inconsequential.
  • An ISACA expert explains how to comply with multiple security standards and frameworks.
  • Another ISACA expert discusses common privacy dark patterns and ways to improve digital trust.

Friday Factoids

David ErmerCongress, COVID-19 vaccine, Federal employment benefits, Medical / Rx research, Mental health care, No Surprises Act, OPM, U.S. Healthcare
Photo by Sincerely Media on Unsplash

From Washington, DC,

  • The American Hospital Association News tells us,
    • “The Centers for Medicare & Medicaid Services Oct. 6 reopened the No Surprises Act’s Independent Dispute Resolution [IDR] portal to out-of-network providers and group health plans initiating new single payment disputes under the No Surprises Act’s independent dispute resolution process, including single disputes involving bundled payment arrangements. The agency also released new guidance for processing these disputes.
    • “New and in-progress batched disputes and new air ambulance disputes remain temporarily suspended while the Departments of Health and Human Services, Labor and the Treasury update their guidance and operations to align with recent court orders, including an Aug. 24 ruling that set aside certain regulations implementing the IDR process and an Aug. 3 ruling that vacated nationwide a federal fee increase and batching rule for the process.”
  • In that regard, the federal regulators issued ACA FAQ 62 today, which focuses on No Surprises Act issues.
  • What’s more, a No Surprises Act IDR operations proposed rule is still undergoing review at OMB’s Office of Information and Regulatory Affairs.
  • BioPharma Dive informs us,
    • “The National Institutes of Health on Thursday said it will provide funding for three clinical trials of experimental ALS drugs, part of a broader push by the federal government to support the development of treatments for rare neurodegenerative diseases. * * *
    • “Until recently, the FDA had approved just two main medicines for the disease. Clinical testing had shown the drugs respectively offered modest benefits on function and survival.
    • “But in the last year or so, two more treatment options received nods from the FDA. Amylyx Pharmaceuticals’ Relyvrio is now cleared for the broad ALS population, while Biogen’s Qalsody is specifically for the small portion of patients who have mutations in a gene called SOD1.”
  • Per Pharmaceutical Technology,
    • “The US Food and Drug Administration (FDA) has issued a draft guidance to aid sponsors in developing biologics and drugs for stimulant use disorders. * * *
    • “FDA Center for Drug Evaluation and Research Substance Use and Behavioral Health deputy center director Marta Sokolowska said: “Currently there is no FDA-approved medication for stimulant use disorder. When finalized, we hope that the guidance will support the development of novel therapies that are critically needed to address treatment gaps. 
    • “The guidance is one of the actions within the agency’s Overdose Prevention Framework, which includes appropriate prescribing of prescription stimulants as well as the development of evidence-based treatments for stimulant use disorder.”
  • Federal News Network points out,
    • “The Office of Personnel Management’s retirement claims backlog saw some improvement in September. OPM cut its backlog by 2,111 claims, hitting a new six-year low point in its overall inventory. OPM received 6,768 claims in September, and managed to process 8,879, shrinking the backlog to the lowest it has been in six years: 15,852.”
  • The Wall Street Journal reports,
    • “The U.S. Postal Service wants to raise the price of a stamp in what would be the third increase in a year.
    • “The postal service proposed a price of 68 cents, up 3% from the current price of 66 cents. If approved by the Postal Regulatory Commission, the price increase would go into effect on Jan. 21. 
    • “The agency raised stamp prices to 63 cents from 60 cents in January 2023. Six months later, the price of a stamp went up again, by 3 cents.”

From the public health and research front,

  • Medscape notes,
    • “Around 4 million Americans received the updated COVID-19 shots in September, according to the U.S. Department of Health and Human Services (HHS), even as some people have found it difficult to book vaccination appointments or find the vaccines at no cost.”
  • NBC News reports,
    • “People who take popular drugs for weight loss, such as Ozempic or Wegovy, may be at an increased risk of severe stomach problems, research published Thursday in the Journal of the American Medical Association finds.
    • “The brief report is the first study of its kind, the researchers say, to establish a link between the use of such drugs, called GLP-1 agonists, for weight loss and the risk of such gastrointestinal conditions. GLP-1 agonists include semaglutide — the drug found in Ozempic and Wegovy — and liraglutide, the drug used in Saxenda. Both drugs are made by Novo Nordisk. 
    • “Although rare, the incidence of these adverse events can happen. I’ve seen it happen,” said lead author Mohit Sodhi, a medical student at the University of British Columbia Faculty of Medicine in Vancouver. “People should know what they’re getting into.” 
  • Get a load of this good news. Per ALM Benefits Pro,
    • “World Mental Health Day is right around the corner and this year, there’s good news to share. The mental health of U.S. employees is finally on the rise nearly three years after the pandemic. A new study shared by Leapsome, a people enablement platform based in Germany, found that 88% of U.S. employees rate their mental health as being good or very good. 
    • “The massive improvements in mental health took place largely over the past year, with 47% of U.S. workers reporting that their mental health had improved within the last 12 months, according to the study.”
  • STAT News notes,
    • “The grand plan for Moderna’s future in respiratory viruses is to market a single shot that would protect against Covid-19, influenza, and RSV, using the scalability of mRNA to craft a first-of-its-kind product. And the first step — establishing the promise of its combination flu and Covid vaccine — is moving on as planned.
    • “Yesterday Moderna said its combo shot measured up to established flu and Covid vaccines in generating immune responses against each virus. The next step is to take that combination to Phase 3, which could lead to approval by 2025. At the same time, Moderna is awaiting FDA approval for its RSV vaccine and testing a combination that would protect against all three viruses.”

From the U.S. healthcare business front,

  • BioPharma Dive reports,
    • “Amgen on Friday closed its $27.8 billion acquisition of Horizon Therapeutics, about one month after securing clearance from U.S. antitrust regulators who had challenged the deal.
    • “With the acquisition’s completion, Amgen gains access to 12 drugs that had combined sales of $1.8 billion over the first six months of 2023. The company said it will update its sales guidance for the rest of the year when it reports third-quarter earnings.
    • “The deal is the largest in Amgen’s history, surpassing in dollar terms the 2001 buyout of Immunex. That acquisition gave Amgen Enbrel, a long-lasting blockbuster that, like several of its other major drugs, could lose market exclusivity in the coming years. That looming patent cliff has pushed the company to restock its pipeline via dealmaking.”
  • Per Fierce Healthcare,
    • “UnitedHealthcare’s Surest, which axes deductibles and provides upfront pricing data to members, is the fastest growing product among its commercial plan lineup. And a new analysis offers a look as to why.
    • “The insurance giant released Thursday an Impact Study examining some of the results Surest has seen to date and notes that members enrolled in these plans had 6% fewer emergency department visits and 13% fewer inpatient hospital admissions compared to those who were not enrolled in a Surest plan at the same employer.
    • “In addition, members enrolled in Surest plans had a 20% increase in visits to a physician and a 9% jump in preventive physical exams compared to those in other commercial plans.”
  • and
    • “Cigna’s Evernorth is launching a new, value-based care management program for its behavioral health network.
    • “The company said in an announcement that this marks a key step in collaboration with providers as the industry pushes for standardized benchmarks in behavioral health. About 44,000 providers will participate in the program at launch, according to Evernorth.
    • “Ultimately, if payers and providers align on how to measure success in treatment, it will drive better care, lower costs, and lead to improvements in collaboration. It should also ease administrative burdens for providers, according to the announcement, as at present they use a wide array of measures across multiple payers.”

Thursday Miscellany

David ErmerACA, OPM, U.S. Healthcare
Photo by Josh Mills on Unsplash

From Washington, DC,

  • STAT News reports
    • The shortage of cancer drugs is not going away, but it may be easing slightly, a new national survey suggests. Based on questions posed to 29 of its 33 member hospitals, the National Comprehensive Cancer Network said Thursday that 86% of those cancer centers are experiencing a shortage of at least one type of generic chemotherapy drug, down from 90% in May.
  • and adds
    • One of the top health care committees in the Senate is assembling ideas for bipartisan legislation to address drug shortages, three Senate aides and three lobbyists told STAT.
    • The talks, led by Senate Finance Chair Ron Wyden (D-Ore.) and ranking member Mike Crapo (R-Idaho) are in the early days, but they could move the debate over drug shortage reforms into a new phase. The committee has jurisdiction over Medicare and Medicaid payment policies for hospitals. Other committees that have tried tackling the issue have jurisdiction mostly over the Food and Drug Administration.
  • Two law firms dive into regulatory issues that have puzzled the FEHBlog recently:
  • Miller and Chevalier makes the following observation about the recent federal court decision vacating an HHS rule permitting health plans to use manufacturer copay assistance accumulators. These accumulators prevent the manufacturer coupons from being counted toward out-of-pocket maximums.
    • “Following this ruling, it is unclear what rules will govern the use of co-pay accumulator programs. The prior agency rule, under which plans and issuers were allowed to exclude manufacturer co-pay assistance payments from deductible and out-of-pocket maximum calculations only if a generic drug was available and only to the extent permitted by state law, may be reinstated, but it suffers from the same issues that led the court to vacate the 2020 rule. The government may move for reconsideration of the court’s ruling or for a stay of the ruling, pending an appeal, and an appeal is expected. Further guidance from HHS and CMS is likely forthcoming in the interim. It should be noted that state laws prohibiting co-pay accumulator programs could be susceptible to ERISA pre-emption challenges, and the related guidance may spawn collateral litigation.” 
  • Proskauer explains how the ACA regulators used FAQ 61 to “press play” on the Transparency in Coverage Rule’s Prescription Drug Machine-Readable File Requirement.
    • “Prescription drug machine-readable file: Having concluded that the prescription drug machine-readable file requirement is sufficiently different from the separate CAA prescription drug reporting obligation, the Departments rescinded their prior delayed enforcement policy. The Departments state they intend to release future technical guidance with an implementation timeline that “sufficiently accounts” for prior reliance by plan sponsors on the deferred enforcement policy, suggesting that plan sponsors may have some lead time to gather the necessary information to post the file.
    • “In-network rate machine-readable file: Going forward, the Departments state they intend to exercise enforcement discretion on a case-by-case basis with respect to the requirement that in-network rates be expressed as dollar amounts for items and services covered by arrangements that make it difficult to express the cost as a dollar amount prior to receipt of the item or service.  Because the Departments do not mention future guidance or an implementation guideline, it appears that the revocation of this enforcement safe harbor is immediate.”
  • The Congressional Budget Office issued a call for new research in the area of obesity. In this regard, the Wall Street Journal observes
    • “Big food companies and investors are watching as Ozempic and other similar weight-loss drugs flow to millions of people, upending America’s diet industry and raising new questions about how consumers will eat. 
    • “Executives at food manufacturers from  Campbell Soup to Conagra Brands said they are fielding questions from investors about the drugs’ potential impact as internal teams start to assess consumer behavior and brainstorm ways to respond.
    • “The drugs, which suppress patients’ appetites, have exploded in popularity in the U.S., straining manufacturing capacity. 
    • Morgan Stanley has projected that 24 million people, or nearly 7% of the U.S. population, will be taking such medications in 2035. 
    • “Those people could cut their daily calorie consumption by as much as 30%, according to the firm, which surveyed over 300 patients. For a person on a 2,000-calorie diet, that could mean eliminating a one-ounce bag of salted potato chips, a bottle of soda and more each day.”
  • Govexec points out,
    • “The Office of Personnel Management on Wednesday reminded federal agencies of recent changes to how to monitor and collect data on the usage of workplace flexibilities like telework and remote work, as the Biden administration prepares to increase in-person work across the federal government this fall.”

From the public health and research front,

  • NBC News tells us,
    • “So-called “good” HDL cholesterol may not be as healthy as experts once thought, a new study suggests. 
    • “The new study, published Wednesday in Neurology, found that having either high or low levels of high-density lipoprotein, or HDL, cholesterol, may increase the risk of dementia in older adults. It’s more evidence showing that keeping HDL cholesterol within a certain range is important for cardiovascular and brain health.  
    • “The relationship between HDL cholesterol and dementia is more complex than we previously thought,” said the study’s lead author, Erin Ferguson, a doctoral student studying epidemiology at the University of California San Francisco. “While the magnitude of this relationship is relatively small, it’s important,”
    • “The results show a correlation between HDL cholesterol and dementia, but do not prove that low or high levels of the lipid directly caused dementia.”
  • The Washington Post reports
    • “Using a host of high-tech tools to simulate brain development in a lab dish, Stanford University researchers have discovered several dozen genes that interfere with crucial steps in the process and may lead to autism, a spectrum of disorders that affects about one in every 36 Americans, impairing their ability to communicate and interact with others.
    • “The results of a decade of work, the findings published in the journal Nature may one day pave the way for scientists to design treatments that allow these phases of brain development to proceed unimpaired.”
  • Health Payer Intelligence points out
    • “Mortality rates among women and children grew between 2018 and 2021, emphasizing the importance of prioritizing preventive care and public health interventions, a report from the United Health Foundation shared.
    • “The America’s Health Rankings 2023 Women and Children Report analyzed data on 122 healthcare measures from 34 data sources. The findings reflect outcomes among women between 18 and 44 and children across the United States.”

From the U.S. healthcare business front,

  • Per Healthcare Dive,
    • “Froedtert Health plans to acquire full ownership of insurer Network Health from Ascension Wisconsin, the Milwaukee-based health system announced Tuesday. 
    • “The system agreed to buy the remaining 50% stake in the payer, which offers commercial and Medicare plans in 23 counties throughout the state, from Ascension Wisconsin. Froedtert originally acquired its stake in the company in 2014.
    • “Terms of the deal weren’t disclosed, and the health systems said a closing date will be determined after regulatory review and approval.”
  • and
    • “U.S.-based digital health startups raised $2.5 billion across 119 deals in the third quarter this year, marking the second-lowest quarter of funding since the fourth quarter in 2019, according to a report by consultancy and venture capital firm Rock Health.                    “Digital health startups have raised $8.6 billion in 365 deals so far this year, a little more than half of 2022’s total. The results cement a move toward decreased funding compared with pandemic boom years, the report found.                                                                                       “While funding and deal count has fallen significantly, trends have now stabilized for several quarters in a new normal for the digital health sector

Midweek update

David ErmerCongress, Medical / Rx research, Mental health care, OPM, Rx coverage, U.S. Healthcare

From Washington, DC,

  • The Wall Street Journal reports,
    • “Several prominent Republicans jumped into the race for House speaker and pledged to unite their splintered party, a day after Kevin McCarthy was ousted in a vote orchestrated by hard-line conservatives, setting up a crowded race for the gavel.
    • “House Majority Leader Steve Scalise, the No. 2 House Republican, announced his candidacy, as did Ohio Rep. Jim Jordan, chairman of the House Judiciary Committee and a founding member of the conservative House Freedom Caucus. A third member, Oklahoma Rep. Kevin Hern, told the Texas delegation that he planned to run as well as he laid the groundwork for a campaign.
    • “The House is effectively paralyzed until it picks a new speaker, raising the stakes for a successful vote next week. Members are hoping to avoid a replay of the 15 rounds of ballots in January to elect McCarthy. Major legislative fights, including Ukraine aid and border security, remain unresolved, and the next speaker will control the floor on both of those hot-button issues as well as a spending showdown with Democrats in mid-November.”
  • The Assistant Secretary of Labor for Employee Benefits Security created a blog post on mental health parity.
    • “We’re proposing new regulations, committing unprecedented resources to bringing plans into compliance with the law, and reaching out to communities across the United States to ensure that more of America’s workers and families understand their rights and are better able to exercise them, including by contacting us for help when they need it.
    • “We are determined to make sure these workers and beneficiaries get their due. For example, our enforcement program has required plans to address discriminatory practices by:
      • “eliminating blanket pre-authorization requirements for mental health benefits;
      • “ensuring comparable coverage of nutrition counseling for people with eating disorders applied behavioral analysis therapy to treat autism, and medication-assisted treatment for opioid use disorders, and
      • “eliminating special gatekeepers for mental health and substance use disorder treatment.
  • The FEHBlog is on board with mental health parity. However, he would prefer a proposed rule that sets forth clear requirements like the ones stated above rather than a convoluted process for confirming parity status.
  • Federal News Network informs us,
    • “In an effort to expand new personnel vetting procedures well beyond national security positions, agencies will soon have to begin implementing “continuous vetting” requirements for a larger subset of the federal workforce.
    • “The Office of Personnel Management is now directing agencies to ramp up preparations to start continuous vetting (CV) procedures for employees in “non-sensitive public trust positions,” beginning in fiscal 2024.
    • “OPM defines this section of the workforce as positions in both high and moderate risk levels. These include jobs involving, for instance, policymaking, public safety and health, law enforcement, fiduciary responsibilities or “other duties demanding a significant degree of public trust,” OPM said.”

From the FEHB front,

  • Govexec offers a closer look at 2024 FEHB premiums.

From the public health and research front,

  • BioPharma Dive tells us,
    • “Moderna on Wednesday announced what it described as positive data from an early-stage study of its experimental messenger RNA-based combination vaccine for COVID-19 and influenza.
    • “Moderna said the vaccine spurred similar or stronger immune responses against all four influenza strains compared to one of two flu vaccines and to its Spikevax COVID booster in older adults. Most side effects were mild in severity, the company said.
    • “The company plans to begin a Phase 3 study of the vaccine candidate later this year, and is targeting regulatory approval in 2025.”
  • STAT News lets us know
    • “The Hermitage, Pennsylvania resident has vasculitis, a genetic disease that inflames the blood vessels and stops blood from flowing to the legs. She had already lost her left leg below the knee after a sunburn on the tip of her toe got progressively worse. She was determined to keep her right one. * * *
    • “She went to Mehdi Shishehbor, an interventional cardiologist at University Hospitals in Cleveland, for help. Traditional surgical methods had failed to save her left leg, so he offered her an investigational treatment from a company called LimFlow. The device employed an old surgical technique: using a stent to connect the blocked artery to an open vein, thus allowing blood to flow through and heal injuries. Previously, that type of surgery was risky and invasive, as it involved cutting a patient’s leg open. LimFlow allows doctors to perform the surgery percutaneously via a catheter inserted in the bottom of the foot.
    • “The procedure, performed around three years ago, ultimately saved Elford’s leg. LimFlow hopes to save many more after the Food and Drug Administration approved its device last month. * * *
    • “It’s a tool in the fight to end the amputation epidemic, which disproportionately impacts Black patients — though experts cautioned to STAT that this is limited to a small subset of people with PAD and that expanding screenings to catch the disease early is the most important measure. It’s also unclear whether the most vulnerable patients will be able to access this procedure and whether it will be able to help patients retain legs in the long-term.”

From the U.S. healthcare business front,

  • BioPharma Dive reports,
    • “Eli Lilly’s diabetes division head, Mike Mason, will retire at the end of 2023 after four years in the position. The company veteran will be replaced by immunology chief Patrik Jonsson in one of several executive changes the Indianapolis-based drugmaker announced Wednesday.
    • “The shake-ups, which also affect leadership in research, corporate affairs and customer service, come as Lilly’s newest diabetes drug, Mounjaro, is set for rapid growth with an expected Food and Drug Administration approval as a weight loss treatment.”
  • Per the American Hospital Association News,
    • “Median operating margins for nonprofit hospitals declined to 0.2% in fiscal year 2022 as labor costs and staffing shortages drive a “labordemic” expected to persist into 2024, according to the latest Fitch Ratings report, adding to a growing body of evidence that describes hospitals’ rocky recovery.”

Tuesday’s Tidbits

David ErmerCongress, COVID-19, COVID-19 vaccine, Medicare, NIH, U.S. Healthcare
Photo by Michele Orallo on Unsplash

From Washington, DC, comes an outcome that the FEHBlog didn’t expect.

  • The Washington Post reports,
    • “Rep. Kevin McCarthy (R-Calif.), after being removed as House speaker Tuesday, told fellow Republican lawmakers that he won’t seek the position again. The vote to remove him was the first such action in congressional history. McCarthy’s ouster was sought by hard-right members of his own party. McCarthy was removed by a 216-210 vote, with eight Republicans joining all Democrats in favor of the removal. The move puts the House in uncharted territory as it searches for a leader.
    • “Following McCarthy’s ouster, Rep. Patrick T. McHenry (R-N.C.) was designated as speaker pro tempore. He presided over the chamber briefly before calling a recess to allow Republicans and Democrats to meet privately.
    • “The House will take no further votes this week. Republicans are expected to hold a speaker candidate forum Tuesday, according to sources familiar with the plans who spoke on the condition of anonymity to discuss private deliberations.
  • The Wall Street Journal informs us
    • “Americans will soon be able to choose a third option in the updated Covid-19 booster-shot campaign.
    • “The Food and Drug Administration on Tuesday authorized the use of Novavax‘s Covid-19 shot in people age 12 and older. The shot has been updated to target a strain of the coronavirus that was circulating earlier this year, which health authorities say could help protect people through the fall and winter.
    • “The Centers for Disease Control and Prevention’s recommendation last month that most people receive updated booster shots applies to all updated boosters cleared by the FDA, now including Novavax’s, a CDC spokesman said. 
    • The recommendation clears the way for the vaccine to become available in pharmacies and other vaccination sites.
    • “Novavax said it priced the updated vaccine at $130 a dose, but most people are expected to be able to get it with no out-of-pocket cost.
    • “The company said it has millions of doses that will start to become available in the coming days. The shots will be offered at more than 13,000 sites around the U.S., including retail pharmacies and physician offices.”

From the public health front,

  • On Saturday, the FEHBlog made an appointment with a local chain pharmacy to get the new Covid booster. Later that day, he received a message from the pharmacy canceling the appointment because the booster was no longer available. Medscape points out that the FEHBlog’s experience was not unusual. The following posts put the FEHBlog’s problem in perspective though. There is good news if you can get to the end of this section.
  • The Washington Post has bad news about American life expectancy.
    • “Sickness and death are scarring entire communities in much of the country. The geographical footprint of early death is vast: In a quarter of the nation’s counties, mostly in the South and Midwest, working-age people are dying at a higher rate than 40 years ago, The Post found. The trail of death is so prevalent that a person could go from Virginia to Louisiana, and then up to Kansas, by traveling entirely within counties where death rates are higher than they were when Jimmy Carter was president.”
    • The FEHBlog thinks you don’t need a moonshot to address this problem. Connect people with primary care physicians early in their adult lives.
  • AHRQ’s Medical Expenditure Panel Survey lets us know,
    • “In 2020, about 1 of every 12 adults aged 18 and older received any heart disease treatment. The percentage of adults who received any heart disease treatment was highest among those aged 65 and older, higher among non-Hispanic Whites than among other racial/ethnic groups, and also higher among those in poor/low-income families than those in middle- or high-income families.
    • “Annual healthcare expenditures for the treatment of heart disease for adults in the civilian noninstitutionalized population totaled $114.9 billion in 2020 (a mean of $5,540 per adult treated for heart disease).
    • “Inpatient hospital care accounted for the largest proportion of annual medical spending for heart disease.
    • “Medicare and private health insurance combined paid about four-fifths of the medical spending for heart disease.”
  • Per Fierce Healthcare,
    • “About 8 in 10 women say they are delaying care until their symptoms worsen or affect their daily lives, and 43% have recently missed a day or more of work due to health issues.”About 8 in 10 women say they are delaying care until their symptoms worsen or affect their daily lives, and 43% have recently missed a day or more of work due to health issues.
    • “These health trends are bad for women and also for their employers.
    • “Primary care provider Parsley Health commissioned a survey of 1,200 full-time employed, insured women ages 18 to 60 to uncover their top health concerns and care challenges. The biggest takeaway? For many women, their healthcare needs have been left behind by a system that has largely ignored the broad, intersecting and complex health needs women experience across their lifetimes, Robin Berzin, M.D., founder and CEO of Parsley Health, said during an exclusive interview to review the survey results.”
  • The National Institutes of Health Directors notes,
    • “Chronic pain is an often-debilitating health condition and serious public health concern, affecting more than 50 million Americans. The opioid and overdose crisis, which stems from inadequate pain treatment, continues to have a devastating impact on families and communities across the country. To combat both challenges, we urgently need new ways to treat acute and chronic pain effectively without the many downsides of opioids.
    • “While there are already multiple classes of non-opioid pain medications and other approaches to manage pain, unfortunately none have proved as effective as opioids when it comes to pain relief. So, I’m encouraged to see that an NIH-funded team now has preclinical evidence of a promising alternative target for pain-relieving medicines in the brain.
    • “Rather than activating opioid receptors, the new approach targets receptors for a nerve messenger known as acetylcholine in a portion of the brain involved in pain control. Based on findings from animal models, it appears that treatments targeting acetylcholine could offer pain relief even in people who have reduced responsiveness to opioids. Their findings suggest that the treatment approach has the potential to remain effective in combatting pain long-term and with limited risk for withdrawal symptoms or addiction. * * *
    • “Finding treatments to modify acetylcholine levels or target acetylcholine receptors may therefore offer a means to treat pain and prevent it from becoming chronic. Encouragingly, drugs acting on these receptors already have been tested for use in people for treating other health conditions. It will now be important to learn whether these existing therapeutics or others like them may act as highly effective, non-addictive painkillers, with important implications for alleviating chronic pain.”

From the U.S. healthcare business front,

  • BioPharma Dive reports,
    • “Eli Lilly is making a bet on radiopharmaceutical drugs for cancer, announcing Tuesday a deal to buy Point Biopharma and its pipeline of experimental therapies for approximately $1.4 billion.
    • “Per acquisition terms, Lilly will pay $12.50 per Point share, a premium of about 87% to what the biotechnology company’s stock closed at Monday. The companies expect their deal to close “near the end” of this year.
    • “Based in Lilly’s home base of Indianapolis, Point specializes in radiopharmaceuticals, which pair a radioisotope with a targeting compound that delivers radiation directly into tumor cells. Recent improvements in manufacturing and supplying the complex treatments have boosted investment in the field, drawing interest from large pharma companies like Lilly as well as new drug startups.”
  • Healthcare Dive informs us,
    • “Growing expenses outpaced operating revenue at Trinity Health during its 2023 fiscal year ended June 30. The hospital system reported operating revenue of $21.6 billion on total expenses of $21.9 billion.
    • “Acquisitions for the Livonia, Michigan-based healthcare system added both $1.6 billion in revenue and $1.7 billion in operational expenses, according to the results released on Friday. The revenue gains were partially offset by the divestiture of St. Francis Medical Center in December 2022.
    • “Labor expenses continue to plague the hospital operator, which called contract rates “unprecedented” last year. Labor costs rose approximately 7.7% this year to $12 billion compared with $11.1 billion in the year prior. Contract labor accounted for $933 million compared with $626 million in 2022.”

Monday Roundup

David ErmerCDC, Congress, COVID-19, COVID-19 vaccine, FDA, Mental health care, U.S. Healthcare
Photo by Sven Read on Unsplash

From Washington, DC

  • The New York Times reports,
    • “After days of warnings, [Rep. Matt] Gaetz [(R FL)] rose Monday evening [on the floor of the House of Representatives] to bring up a resolution declaring the speakership vacant. That started a process that would force a vote within days on whether to keep Mr. McCarthy in his post. * * *
    • “Under House rules, Mr. McCarthy and his leadership team will need to address the motion within two legislative days — though they could do so sooner.”
  • Roll Call adds,
    • “The Senate will adjourn earlier than planned this week, with no session on Thursday, to allow members to travel to California and pay their respects to the late Sen. Dianne Feinstein. * * *
    • “On Sunday, California Gov. Gavin Newsom appointed Laphonza Butler to fill the remainder of Feinstein’s term. Butler recently led the abortion rights campaign group EMILY’s List and spent 20 years as president of SEIU Local 2015, a home care workers union in California.
    • “Butler will serve until a replacement is elected in a still-unscheduled special election. Three House Democrats — Barbara Lee, Katie Porter and Adam B. Schiff — are running in the March primary for the full, six-year term and can also run in the special election.
    • “Butler is scheduled to be sworn in by Harris on Tuesday. She will become the first openly gay Black woman to serve in the Senate.”
  • Last Thursday, U.S. District Judge John Bates vacated a Trump-era Affordable Care Act rule permitting health plans, including FEHB plans, to use copay assistance accumulators. These accumulators prevent manufacturer assistance used to pay cost-sharing for expensive drugs from counting towards out-of-pocket maximums. While that outcome seems reasonable to the FEHBlog, Judge Bates takes the opposite view in his opinion. The federal government, which is the defendant in the case, has the right to appeal this final judgment.
  • The Institute for Clinical and Economic Research published a “Special Report on Eliquis and Xarelto Submitted to CMS as Part of Public Comment Process on Medicare Drug Price Negotiations.” The report “evaluate[es] the evidence on apixaban (Eliquis®, Bristol-Myers Squibb) and rivaroxaban (Xarelto®, Bayer) for the treatment of nonvalvular atrial fibrillation (NVAF).”
  • BioPharma Dive identifies five Food and Drug Administration to watch for in the fourth quarter of 2023. “By the end of the year, the regulator will decide on new genetic treatments for sickle cell, expanded use of Alnylam’s Onpattro and an inflammatory disease drug from Pfizer.”

From the public health front,

  • MedPage Today informs us
    • “Maternal COVID vaccination in pregnancy protected young infants against Omicron-associated hospitalization, but few women actually receive the vaccine during pregnancy, according to new data from the CDC.
    • “At least one maternal vaccine dose had an effectiveness of 54% (95% CI 32-68) against COVID-related hospitalization among infants younger than 3 months of age, and an effectiveness of 35% (95% CI 15-51) for infants younger than 6 months, reported researchers led by Regina Simeone, Ph.D., of CDC’s National Center for Immunization and Respiratory Diseases in Atlanta, in the Morbidity and Mortality Weekly Report. * * *
    • “Looking at the COVID shot specifically, women were nine times more likely to receive a bivalent booster if a provider recommended it (63.2% vs 6.8% when a provider did not).”
  • The American Medical Association offers “What doctors wish patients knew about managing anxiety disorders.”
  • STAT News points out,
    • “In a guidance document published Monday in the Federal Register, the CDC is seeking input on its proposal that health providers offer gay and bisexual men who have sex with men, as well as transgendered women, access to a common antibiotic, doxycycline, that they could take after having had unprotected sex to lower their risk of acquiring chlamydia, gonorrhea, or syphilis. Doxycycline is in the tetracycline family of antibiotics.
    • “Studies have show the so-called “doxy PEP” regime — a single, 200-milligram dose taken no later than 72 hours after unprotected sex — can reduce acquisition of chlamydia and syphilis by nearly 80%, and gonorrhea by about 50%. PEP is short for post-exposure prophylaxis.
    • “Doxy PEP is moving STI prevention efforts into the 21st century,” Jonathan Mermin, director of CDC’s National Center for HIV, Viral Hepatitis, STD, and TB Prevention, said in a statement. “We need game-changing innovations to turn the STI epidemic around, and this is a major step in the right direction.”

From the awards front,

  • The Wall Street Journal reports
    • “Katalin Karikó and Drew Weissman won the Nobel Prize in medicine on Monday for an idea that pushed them to the fringes of the scientific establishment before it saved millions of lives during the pandemic. 
    • “Karikó, a molecular biologist, and Weissman, an immunologist, realized during a chance encounter at a University of Pennsylvania a photocopy machine in the 1990s that they could combine their work exploring messenger RNA’s potential in drugs or vaccines
    • “Their collaboration was met with skepticism by their colleagues and indifference in the scientific community. Karikó struggled to secure funding for her work. Penn demoted her and sent her to work in an office on the outskirts of campus. 
    • “People wondered, ‘What the hell is wrong with her,’ there must be some reason she’s not on the faculty,” Karikó has said.
    • “Years later, as drugmakers raced to develop vaccines against COVID-19, it was mRNA technology that powered widely used shots from PfizerBioNTech and Moderna. The Nobel committee credited Karikó’s and Weissman’s work with saving millions of lives.
    • “The laureates contributed to the unprecedented rate of vaccine development during one of the greatest threats to human health in modern times,” the committee said in awarding Karikó, 68, and Weissman, 64, the annual prize in physiology or medicine. Karikó is the 13th woman among 227 people to win the prize.”
    • Bravo.
  • Fierce Healthcare announced its Fierce 50.
    • “The Fierce 50 goes beyond surface-level accolades to delve deep into the monumental impact 50 exceptional individuals and organizations have on the lives of patients. It shines a spotlight on the visionaries and trailblazers who have pioneered groundbreaking therapies, overhauled patient care models, and spearheaded innovative approaches to address the most pressing challenges in biopharma and healthcare.”

From the U.S. healthcare business front,

  • Beckers Hospital CFO Report tells us,
    • “Hospital margins are moving in the right direction, as the median year-to-date operating margin improved in August to 1.1 percent, according to Kaufman Hall. 
    • “August’s median of 1.1 percent marked an upswing from the 0.9 percent median margin recorded in July, according to Kaufman Hall’s latest “National Hospital Flash Report” — based on data from more than 1,300 hospitals.
    • “Increased revenue offset hospitals’ increased supply and drug expenses in August. Decreased reliance on contract labor helped labor expenses decline on a volume-adjusted basis, while average lengths of stay also fell, by 4 percent month over month.”

Weekend Update

David ErmerCongress, SCOTUS, U.S. Healthcare

From Washington, DC

  • Roll Call reports
    • “President Joe Biden signed a short-term spending bill to avert a partial government shutdown starting Sunday after a dramatic turn of events Saturday that saw the House quickly pivot to bipartisanship.
    • “Hours before the midnight deadline, the Senate voted 88-9 to clear the House-passed, 48-day funding patch, which generally mirrors the Senate version except for one major omission: There’s no military or economic aid for Ukraine, unlike the Senate bill, which had $6 billion.
    • “Democrats grumbled about that and called on the House to bring a separate Ukraine aid bill to the floor. But ultimately, there was no stomach to allow a government shutdown over the lack of Ukraine money, which lawmakers on both sides of the aisle said would be forthcoming in a separate package.”
  • The new deadline is November 17, the Friday before Thanksgiving. Bear in mind that the debt ceiling act incentivizes passing all twelve appropriations bills by the end of the calendar year.
  • Axios adds
    • Rep. Matt Gaetz (R-Fla.) wants to remove House Speaker Kevin McCarthy (R-Calif.) for working across the aisle to stop a government shutdown — but some Democrats are not on board.
    • Why it matters: As Axios has previously reported, Gaetz will likely need the vast majority of Democrats to vote with him, barring an unprecedented GOP uprising against McCarthy.
    • Driving the news: Gaetz said during an appearance on CNN’s “State of the Union” on Sunday that he planned to file a motion to vacate against McCarthy this week.
    • McCarthy responded in a CBS News interview that he will “survive,” calling Gaetz’s effort “personal.”
    • What they’re saying: “I’m not going to follow Matt Gaetz to Peter Luger’s Steakhouse,” said Rep. Steve Cohen (D-Tenn.), a member of the Progressive Caucus.
      • Cohen said McCarthy “shouldn’t be put out” for putting a bipartisan stopgap funding bill on the floor: “He did the right thing … and I’ll definitely vote not to vacate. I expect a good number of Democrats will as well.”
      • “Every time we work together, he loses his mind,” Rep. Greg Landsman (D-Ohio) said of Gaetz in a statement, adding: “This is all about TV appearances for him … just let us govern.”
      • “I see almost no way that Matt gets most of the Dems,” said one senior House Democrat, speaking on the condition of anonymity. “Many will vote present if they don’t vote No on [House Minority Leader Hakeem Jeffries’] recommendation.”
  • The U.S. Supreme Court begins its new October 2023 term tomorrow. The SCOTUS blog tells about the cases the Court will consider in the next two weeks.

In health news,

  • The Wall Street Journal reports,
    • “Hundreds of children die or are left severely injured around the country each year after they are rushed to hospital emergency rooms that are poorly prepared to treat them.
    • “Only about 14% of emergency departments nationwide have been certified as ready to treat kids, or are children’s hospitals specializing in treating young patients, The Wall Street Journal found.
    • “Many emergency doctors don’t treat enough children to be able to spot life-threatening illnesses obscured by run-of-the-mill symptoms, or conditions more common in kids. Some E.R. staff default to drug doses and protocols meant for adults and either don’t have or don’t know where to find child-size gear in a crisis.
    • “Doctors, health authorities and policy makers have known—and warned—of these failures for decades. Research in recent years has quantified the lack of readiness and number of child deaths that could have been avoided, and pointed to basic steps for solving the problem.
    • “Yet most hospitals haven’t taken action, according to the Journal’s investigation of certification levels in all 50 states, reviews of medical records and interviews with doctors, health officials and researchers.”
  • The Journal helpfully “put together the first comprehensive list of hospitals nationwide that have received state certification of some level of readiness for pediatric emergencies. The tally also includes certain children’s hospitals and certain pediatric trauma centers, which specialize in caring for kids.” 

Cybersecurity Saturday

David ErmerCybersecurity

From the cybersecurity policy front,

  • The Cybersecurity and Infrastructure Security Agency announced
    • “[T]he kickoff of the 20th Cybersecurity Awareness Month. Throughout October, CISA and the National Cybersecurity Alliance (NCA) will focus on ways to “Secure Our World” by educating the public on how to stay safe online. “Secure Our World” will also be the enduring theme for throughout the year as we work to drive behavioral change around core cybersecurity habits by providing everyone with the knowledge and tools they need. 
    • “As cyber threats become more sophisticated, individuals and families, small and medium businesses, and large companies all have an important role to play to in keeping our digital world safe and secure,” said CISA Director Jen Easterly. “This Cybersecurity Awareness Month we are asking everyone to do their part to ‘Secure Our World’ by adopting key behaviors that promote online safety and security.” * * *
    • “CISA encourages everyone to explore the resources on our Cybersecurity Awareness Month website, which includes a toolkittip sheets, and animated videos.”
  • Cyberscoop also reports on CISA’s campaign.
  • The National Institutes of Standards and Technology tells us
    • “The Human-Centered Cybersecurity program (formerly Usable Cybersecurity) is part of the Visualization and Usability Group at NIST. It was created in 2008, but we’ve known for quite some time that we needed to rename our program to better represent the broader scope of work we provide for the cybersecurity practitioner and IT professional communities. We made the decision to update the name to Human-Centered Cybersecurity to better reflect our new (but long-time practiced) mission statement, “championing the human in cybersecurity.” With our new name, we hope to highlight that usability still (and always) will be a very important focus for us, but it is just one component within the broader arena of work in which we specialize.   
    • “Our multi-disciplinary team conducts research at the intersection of cybersecurity, human factors, cognitive science, and psychology. We seek to better understand and improve people’s interactions with cybersecurity systems, products, and services. 
    • “To learn more about our latest projects, watch our latest videos, meet the team, or to view our publications, visit our revamped website https://csrc.nist.gov/projects/human-centered-cybersecurity.” 

From the cybersecurity vulnerabilities and breaches front,

  • Cybersecurity Dive reports,
    • “Progress Software quietly alerted customers to eight vulnerabilities in WS_FTP Server, another file-transfer service from the company behind MOVEit.
    • “The company shared the news the day after its fiscal third-quarter earnings call.
    • “Two of the eight vulnerabilities are critical, with CVSS scores of 10 and 9.9 out of 10, CVE-2023-40044 and CVE-2023-42657, respectively. All versions of the file-transfer service, which allows customers to remotely manage their service from any internet connection, are impacted, the company said Wednesday. Thousands of IT teams use WS_FTP Server, according to a product page.
    • “There’s no indication any of the vulnerabilities in WS_FTP Server have been exploited, a Progress Software spokesperson told Cybersecurity Dive.”
  • Yesterday, the Health Sector Cybersecurity Coordination Center (HC3) issued a related Sector Alert.
    • “Progress Software, the maker of the MOVEit file transfer software, which was widely exploited by the CL0P ransomware-as-a-service (Raas) group, has released a new advisory regarding multiple vulnerabilities in the WS_FTP Server, a file transfer product. Two of the vulnerabilities were rated as critical and are being tracked as CVE-2023-40044, which can allow an attacker to execute remote commands, and as CVE- 2023-4265, which is a directory traversal vulnerability. Due to the recent and malicious targeting of Progress Software’s products to compromise Healthcare and Public Health (HPH) sector entities, HC3 strongly encourages patching and upgrading these devices to prevent serious damage to the HPH sector.”
  • Dark Reading also discusses this development.
  • Also on Friday, HC3 issued an Analyst Note on LokiBot malware.
    • “Active since 2015 and among the most prevalent and persistent strains of malware families since 2018, LokiBot has matured to target multi-sector industries. Despite its apolitical targeting of critical infrastructure, the malware’s adverse effect on the Healthcare and Public Health (HPH) sector shows its reach.
    • “In March 2020, a multi-threat actor spearphishing campaign to spread LokiBot malware with a false World Health Organization trademark image solidified its threat to the HPH sector. In addition to other malware analyses, HC3 reported this specific cyberattack in a 2020 HC3 Sector Note on LokiBot. The malware has been widely used for years, and it takes a lot of effort to monitor because of behavior changes. However, some best practices exist for protecting against LokiBot and managing its impact.
    • “What follows [in the analyst note] is an update to the previous HC3 analysis of LokiBot, a timeline of multi-sector targeted applications, detection strategies, sample MITRE ATT&CK techniques, indicators of compromise, and recommended defenses and mitigations against the malware.”
  • According to a post on Wednesday,
    • “[T]he U.S. National Security Agency (NSA), Federal Bureau of Investigation (FBI), and Cybersecurity and Infrastructure Security Agency (CISA), along with the Japan National Police Agency (NPA) and the Japan National Center of Incident Readiness and Strategy for Cybersecurity (NISC) released joint Cybersecurity Advisory (CSA) People’s Republic of China-Linked Cyber Actors Hide in Router Firmware. The CSA details activity by cyber actors, known as BlackTech, linked to the People’s Republic of China (PRC). The advisory provides BlackTech tactics, techniques, and procedures (TTPs) and urges multinational corporations to review all subsidiary connections, verify access, and consider implementing zero trust models to limit the extent of a potential BlackTech compromise.
    • “BlackTech has demonstrated capabilities in modifying router firmware without detection and exploiting routers’ domain-trust relationships to pivot from international subsidiaries to headquarters in Japan and the United States, which are the primary targets.
    • “CISA strongly recommends organizations review the advisory and implement the detection and mitigation techniques described to protect devices and networks. For additional guidance, see People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices and visit CISA’s China Cyber Threat Overview and Advisories page.”
  • Cyberscoop lets us know,
    • North Korean cyberespionage operation targeted employees of an aerospace company in Spain using a previously unreported backdoor and a creative phishing campaign featuring a phony Silicon Valley recruiter, demonstrating a “significant advancement in malicious capabilities,” researchers with the cybersecurity firm ESET said Friday
    • Hackers linked with North Korea’s Lazarus Group — an umbrella term for a collection of North Korean cyber units — posed as a recruiter for Meta and contacted employees of the unnamed company via LinkedIn and sent two coding challenges supposedly part of the hiring process but which were in fact laced with malware, Peter Kálnai, an ESET researcher, wrote in a report published Friday.
    • The operation, carried out some time last year, is just the latest example of North Korean-linked cyber operations using phony job opportunities to target various professionals, including journalists, security researchers and software developers, among others. 
  • Over the past week, CISA added three known exploited vulnerabilities to its catalog on Monday and another on Thursday.
  • Per Health IT Security,
    • Advanced email attacks remain a top threat to organizations around the world, including those in the healthcare sector, Abnormal Security observed in its latest blog post. Abnormal saw a 167 percent increase in advanced email attacks in 2023, which included business email compromise (BEC), malware, credential phishing, and extortion.

From the ransomware front,

  • BitDefender reported on Thursday,
    • “Johnson Controls, a multinational conglomerate that secures industrial control systems, security equipment, fire safety and air conditioning systems, has been hit by a massive cyber attack.
    • “The company, which employs over 100,000 people around the world, suffered a ransomware attack over the weekend which left data encrypted and caused it to shut down sections of its IT infrastructure.
    • “The Dark Angels ransomware group has claimed responsibility for the attack and claims to have exfiltrated over 25 TB of data from the organization.  The threat?  If a whopping $51 million ransom is not paid, Dark Angels say that the stolen data will be published on the “Dunghill Leaks” site.

From the cybersecurity defenses front,

  • An ISACA expert discusses lessons learned from Microsoft’s “massive” data exposure incident.
  • CIO explores the changing face of cybersecurity threats this year.
  • The Wall Street Journal looks into why employees ignore workplace cybersecurity rules.
    • “People are able to justify their bad behavior with rationalizations. Companies need to tackle the lies we tell ourselves head on.”
  • The GAO issued
    • “A Cybersecurity Program Audit Guide (CPAG) to be used in conducting cybersecurity performance audits. The intent of the guide is to arm cyber analysts and auditors with a set of methodologies, techniques, and audit procedures to evaluate components of agency cybersecurity programs and systems. GAO welcomes federal and other governmental organizations to use this guide to assess their cybersecurity programs.”
  • The Wall Street Journal reports,
    • “It’s telling that, in a year that was pretty economically challenging, security didn’t plummet in terms of spending,” said Nick Kakolowski, director of research at IANS Research, a cybersecurity advisory group.
    • “Cyber budgets grew this year for the most part, but modestly, IANS found in a study with recruiting company Artico Search. After double-digit increases in 2020 and 2021, the average growth in cybersecurity budgets for 2023 was 6%, according to the survey of 550 security executives. As a portion of overall technology budgets, cyber accounted for 11.6%, the study found. Around 37% of respondents to the survey said their cyber budgets were flat or reduced, the survey found.”

   

Friday Factoids

David ErmerCongress, FDA, Federal employment benefits, Medical / Rx research, Medicare, OPM
Photo by Sincerely Media on Unsplash

From Washington, DC

  • Roll Call reports,
    • “Efforts to pass a stopgap funding measure before Saturday night’s deadline were sputtering in both chambers Friday, with lawmakers openly predicting a partial government shutdown was inevitable. The only question appeared to be how long the funding lapse would last.”Efforts to pass a stopgap funding measure before Saturday night’s deadline were sputtering in both chambers Friday, with lawmakers openly predicting a partial government shutdown was inevitable. The only question appeared to be how long the funding lapse would last.
    • “Border security talks in the Senate stalled Friday ahead of a key procedural vote Saturday, casting doubt on whether there would be the required 60 votes to end debate on a seven-week stopgap bill.
    • “Meanwhile, House Republicans huddled to discuss remaining options after their last shot at a 31-day continuing resolution chock full of spending cuts and restrictive border policies fell flat on the floor earlier Friday.
    • “None of the options — taking up a Senate bill that hasn’t even passed yet, or a “clean” CR extending current funding levels for a week or two, appeared to be gaining much steam, at least yet.”
  • The Washington Post adds
    • “After a two-hour meeting with the Republican caucus, House Speaker Kevin McCarthy (R-Calif.) said he would support a clean continuing resolution without major funding cuts if it did not include either the $12 billion in Ukraine and disaster relief funding that has bipartisan Senate support or the border security legislation that House Republicans have demanded.”
  • Today, OPM issued a press release about 2024 FEHB premiums and a white paper with 2024 Open Season highlights. The highlights include a list of the plans terminating their participation in the FEHB for 2024. The Compass Rose Benefits Group added a standard option. The FEHBlog noticed that Blue Cross FEP and Kaiser Permanente have unveiled their 2024 FEHB benefits on their websites.
  • FedWeek informs us
    • “OPM has said it will soon administer its Federal Employee Benefits Survey to some 100,000 federal employees who will be notified by email and will have up to six weeks to respond.
    • “The purpose of the FEBS is to measure the importance, adequacy and value of employee benefits to assess if employees believe the available benefits meet their needs. The FEBS will also help us to evaluate whether federal employees understand the flexibilities and benefits available to them,” OPM said in a memo to agencies on chcoc.gov.”
  • Per MedTech Dive,
    • “A proposed rule issued on Friday by the Food and Drug Administration would bring laboratory-developed tests under the agency’s purview, closing a regulatory loophole.
    • “Laboratory-developed tests are designed, manufactured and used within a single clinical laboratory. The FDA has exempted these tests from some regulatory requirements, such as premarket review, but it now seeks to bring all tests under one regulatory framework.
    • “The agency said the changes should better protect public health by ensuring the safety and effectiveness of tests. But it is “unclear if and when the FDA will finalize the rule as it will likely face opposition,” analysts with TD Cowen wrote in a research note on Friday.”
  • Healthcare Dive tells us
    • “The Center for Medicare and Medicaid Innovation, which aims to reduce spending or improve quality of care, increased net federal spending during its first 10 years of operation, and it will likely continue to boost spending over its next decade, according to a report by the Congressional Budget Office. 
    • “The CBO estimated that CMMI’s activities increased direct spending by $5.4 billion, or about 0.1% of the net spending on Medicare, between 2011 and 2020. 
    • “CMMI’s work is projected to increase net federal spending by $1.3 billion, or 0.01% of net spending on Medicare from 2021 to 2030, according to the report.” 
  • The IRS posted draft instructions and forms of 1095-B and 1095-C forms for 2023
  • HHS requests comments on mandating health plan coverage with no-cost sharing and no prescription requirements for low-cost preventive supplies, most of which OPM already mandates for FEHBP. The public comment period will likely expand the list.  The public comment deadline will be in early December. 

From the public health and medical research fronts,

  • The Food and Drug Administration announced,
    • “granting de novo marketing authorization for the Invitae Common Hereditary Cancers Panel, an in vitro diagnostic test that can help detect hundreds of genetic variants associated with an elevated risk of developing certain cancers. The test can also help identify potentially cancer-associated hereditary variants in individuals with already-diagnosed cancer. The test, which is the first of its kind to be granted FDA marketing authorization, evaluates DNA extracted from a blood sample to identify variants in 47 genes known to be associated with an elevated risk of developing certain types of cancer.”  
  • Biopharma Dive lets us know
    • “Shares in Structure Therapeutics jumped Friday after the San Francisco-based biotechnology company released results from a small study of an experimental weight loss drug that appear competitive to rival programs from Eli Lilly and Pfizer.
    • “Over the 28-day Phase 1 trial, people taking the highest doses of Structure’s drug lost about 5% of their weight compared to the study’s start, up to around 10 pounds. There were side effects, most commonly mild nausea and vomiting, but no participants stopped treatment as a result, the company said.
    • “Dubbed GSBR-1290, Structure’s drug is a GLP-1 agonist, similar to the much in-demand diabetes and obesity medicines Ozempic and Wegovy. Unlike those, however, GSBR-1290 is taken orally rather than by injection, potentially meaning greater convenience.”
  • and
    • “A cancer drug combination developed by Johnson & Johnson succeeded in an important late-stage trial testing the new regimen against a widely used medicine from AstraZeneca.
    • “According to J&J, treatment with its approved drug Rybrevant and an experimental therapy called lazertinib kept a common type of metastatic lung tumor at bay for longer than AstraZeneca’s Tagrisso alone. The results were from an interim analysis of the study, which is continuing to study patient survival.
    • “J&J’s trial, called Mariposa, has been followed closely by analysts as it could offer J&J a chance to compete with AstraZeneca in a large cancer drug market. J&J didn’t share any specific data in its statement Thursday, but said it plans to submit the study results for presentation at an upcoming medical conference.”
  • Beckers Clinical Leadership points out,
    • “Transport accidents are the leading cause of death for most children while opioids and major cardiovascular disease are the most common leading cause of death for adults, according to a report from USA Facts, a nonprofit organization that conducts data analysis.
    • “The “America in Facts 2023″ report, published in September, used CDC data to calculate the leading causes of death by age for the time periods 2001 to 2002 and 2020 to 2021.”
  • From the Econtalk Podcast
    • “We spend too much of our health care focus on lifespan and not enough on healthspan–the quality of our life as we get older. So argues Dr. Peter Attia, author of Outlive: The Science and Art of Longevity. Attia speaks with EconTalk’s Russ Roberts about what kills us, what slows us down as we age, and the weapons we have to allow us to live better and longer.”
    • Check it out at this link.

In judicial news,

  • Politico reports
    • “A federal judge on Friday denied business groups’ move to halt Medicare’s new drug price negotiation program while multiple lawsuits challenging its constitutionality wind through the courts.
    • “The decision by Judge Michael J. Newman, a Trump appointee, in Ohio’s Southern District preserves the Biden administration’s power to begin haggling with drug companies over the prices of 10 medications. Manufacturers of products that CMS chose for the first tranche of negotiations have until Oct. 1 to agree to the talks.
    • “The Court is not convinced that granting Plaintiffs preliminary injunctive relief will protect them from imminent and irreparable harm,” Newman wrote in his opinion. “Any economic harm — which, on its own, is insufficient to satisfy this prong of a preliminary injunction analysis — will not occur for years in the future.” * * *
    • “Newman denied DOJ’s motion to dismiss to give the chambers the chance to address his concerns, though the government can refile.”

Thursday Miscellany

David ErmerCongress, COVID-19, COVID-19 vaccine, Medicare, Mental health care, OPM, Patient safety, Rx coverage, Telehealth, U.S. Healthcare
Photo by Josh Mills on Unsplash

From Washington, DC

  • The Wall Street Journal reports,
    • “House Speaker Kevin McCarthy (R., Calif.) embraced border security as a possible way to break a congressional impasse over funding the government, saying it could be a key ingredient in any last-ditch push to avert a partial shutdown this weekend.  * * *
    • Speaking to reporters on Thursday morning, McCarthy said concerns among both Democrats and Republicans about the pace of migrants crossing the U.S.-Mexican border could provide enough common ground for them to work out a short-term deal to keep the government open past Sept. 30, when the fiscal year ends.
    • He said he had spoken with some Democratic senators about border enforcement as recently as Thursday morning.“They want something on the border. They’re working on it,” he said of Democrat senators. “And so I think there’s an opportunity here. We know we have to keep the government funded. We know we have a concern about the border—both sides.” Asked directly by a reporter if he expects a shutdown, McCarthy said: “No, I’m saying we work through this and get it done.”
  • Per Fierce Healthcare,
    • Following a Senate Finance Committee markup hearing in July, where members voted 26-1 in favor of the Modernizing and Ensuring PBM Accountability (MEPA) Act, Senators Ron Wyden, D-Oregon, and Mike Crapo, R-Idaho, formally introduced the bill on Thursday.
    • Designed to curb the power of pharmacy benefit managers, the bill would prohibit PBM compensation in Medicare from being tied to the price, increase audit and enforcement measures and aid independent community pharmacies that have struggled because of PBM practices, according to a news release.
  • AHIP announced that yesterday
    • Following reports of some patients having difficulties accessing new COVID-19 boosters without cost sharing, Alliance of Community Health Plans, Association for Community Affiliated Plans, AHIP, and Blue Cross Blue Shield Association came together in a letter to Xavier Becerra, Secretary of the Department of Health & Human Services, to reiterate their commitment to providing access, swiftly addressing any challenges, and continuing to partner with HHS and others across the health care system.”
    • Good to hear.
  • STAT News offers six approaches to resolving the drug shortages confronting our country.
  • STAT News also informs us
    • “A panel of independent advisers to the Food and Drug Administration voted overwhelmingly against a polarizing potential treatment for ALS on Wednesday, concluding that the medicine’s messy supporting data did not meet the standard for approval.
    • “After a day-long meeting that included impassioned testimony from ALS patients, the agency’s expert advisers voted 17-1 with one abstention that the case for NurOwn, a treatment from BrainStorm Cell Therapeutics, was based too heavily on convoluted clinical trial results and compelling but unreliable anecdotal evidence.”
  • Per Beckers Hospital Review,
    • “The label for Novo Nordisk’s weight loss drug Ozempic now acknowledges some users’ reports of ileus or intestinal blockage. 
    • “In its update, however, the FDA said it’s difficult to confirm a causal relationship between the side effect and the drug. 
    • “Because these reactions are reported voluntarily from a population of uncertain size, it is not always possible to reliably estimate their frequency or establish a causal relationship to drug exposure,” the label says. 
    • “Wegovy and Mounjaro, also GLP-1 agonist medications, already acknowledge reports of ileus on their labels. Novo Nordisk is the maker of both Ozempic and Wegovy, which both use an injection of semaglutide.” 
  • The Affordable Care Act regulators released ACA FAQ 61, which updates interested parties on transparency in coverage and RxDc reporting issues.
  • The U.S. Office of Personnel Management announcedissuing an interim final rule today to extend the eligibility date for noncompetitive appointment of military spouses married to a member of the armed forces on active duty through December 31, 2028, as called for by enactment of the Fiscal Year (FY) 2023 National Defense Authorization Act (NDAA) (P.L. 117-263).” 

From the public health front,

  • STAT News tells us
    • “[A 36-year-old woman living in San Francisco was told her kidneys would heal. But they didn’t; dialysis became a regular routine. She moved to UCSF Medical Center, seeking better care and a place that would allow her parents to visit. There, she met Chi-yuan Hsu, UCSF’s chief of nephrology, who was looking to study patients who might be successfully weaned from dialysis. He believed many patients with acute kidney injury like Lawson stayed on dialysis for longer than they needed.
    • “The results of a new study by Hsu, published Thursday in the Journal of the American Society of Nephrology, validate his suspicions. The study of nearly 8,000 patients, nearly 2,000 with acute kidney injury, found 40% of patients with acute kidney injury recovered their kidney function. But of these patients, just 18% were weaned from dialysis through having fewer sessions, and 9% by having shorter sessions.
    • “More than 70% of these patients ended up eventually stopping dialysis without any weaning — “cold turkey” as Hsu puts it — suggesting they could have been having fewer, or shorter treatments earlier. This is important, he said, because dialysis not only impacts quality of life, as it did for Lawson, it can also lead to infection and heart damage, and possibly — this is still under debate — to additional kidney injury that could inhibit recovery and lead to a need for permanent dialysis.”
  • Health Leaders Media explains how to address the relationship between patient safety and health equity.
  • Employee Benefit News points out the need for mental health benefits to cover suicide prevention.

From the U.S. healthcare business front,

  • Forbes reports that CVS, Walgreens And Rite Aid are closing nearly 1,500 stores across the U.S.
    • “All three drug chains have different reasons for closing stores, but the downsizing prescription is the same. Chain drugstores cost a lot to operate, and they don’t have sufficient differentiation to attract customers feeling the economic pinch.”
  • STAT News says,
    • Ophthalmologists who accepted payments from drug companies were less likely to prescribe a cheaper medicine to treat an eye disease that causes blindness in older people, rather than a pair of more expensive alternatives, according to a new study. This led Medicare to spend an additional $643 million during a recent six-year period.
    • Specifically, physicians who received money prescribed Avastin, an older cancer medicine, 28% of the time for combating age-related macular degeneration. And they prescribed two costlier treatments, which have approved specifically to treat the eye disease, 72% of the time. Physicians who did not accept payments prescribed Avastin 46% of the time, nearly twice as often as those who accepted payments.
    • “As a result, Medicare shelled out an estimated $642.8 million from 2013 to 2019, presumably due to the company payments, according to the study, which was published in JAMA Health Forum. The researchers examined Medicare Part B data that encompassed nearly 21,600 ophthalmologists who accepted money from Roche and Regeneron Pharmaceuticals, which sell the pricier eye treatments.”
  • Per Healthcare Dive,
    • “Satisfaction with telehealth is significantly higher among younger patients, according to a study by consumer data company JD Power. 
    • “Members of Generation Y, who were born between 1977 and 1994, and Generation Z, born between 1995 and 2004, report a satisfaction score of 714 out of 1,000. But Baby Boomers, born between 1946 and and 1964, and people born earlier had a significantly lower score of 671.
    • “The satisfaction gap between older and younger generations is widest when it comes to digital channels and appointment scheduling, which could mean older users are struggling to use telehealth providers’ digital interfaces, the study argues.” 
  • Beckers Hospital Review lets us know
    • “Medicare Advantage provides health coverage to more than half of the nation’s seniors, but a growing number of hospitals and health systems nationwide are pushing back and dropping the private plans altogether.
    • “Among the most commonly cited reasons are excessive prior authorization denial rates and slow payments from insurers. Some systems have noted that most MA carriers have faced allegations of billing fraud from the federal government and are being probed by lawmakers over their high denial rates.
    • “It’s become a game of delay, deny and not pay,” Chris Van Gorder, president and CEO of San Diego-based Scripps Health, told Becker’s. “Providers are going to have to get out of full-risk capitation because it just doesn’t work — we’re the bottom of the food chain, and the food chain is not being fed.” 
    • “In late September, Scripps began notifying patients that it is terminating Medicare Advantage contracts for its integrated medical groups, a move that will affect more than 30,000 seniors in the region. The medical groups, Scripps Clinic and Scripps Coastal, employ more than 1,000 physicians, including advanced practitioners.”
  • and
    •  interviews an Aetna executive about successful value based care.
  • The Wall Street Journal reports about employer groups that are successfully advocating for lower hospital prices in their states. The flagbearer is Gloria Sachdev, who is chief executive officer of the Employers’ Forum of Indiana. Good luck.