Cybersecurity Saturday

Action / Reaction

  • Fierce Healthcare reported on September 13 that

An unsecured database containing over 61 million records related to fitness trackers and wearables exposed Apple and Fitbit users’ data online.

Researchers with WebsitePlanet and security researcher Jeremiah Fowler discovered a non-password-protected database that contained tens of millions of records belonging to fitness tracking and wearable devices and apps. The unsecured database belonged to GetHealth, which offers a unified solution to access health and wellness data from hundreds of wearables, medical devices and apps, according to a WebsitePlanet report posted Monday.

The cybersecurity team discovered the unsecured database June 30, ZDNet reported. Fowler said he immediately sent a disclosure notice to the company of the security findings. GetHealth responded rapidly, and the system was secured within a matter of hours, ZDNet reported.

“It is unclear how long these records were exposed or who else may have had access to the dataset,” Fowler wrote in the report.

“We are not implying any wrongdoing by GetHealth, their customers or partners. Nor, are we implying that any customer or user data was at risk,” he wrote.

  • On Thursday, September 16, Cyberscoop reported

App developers and device operators that collect health data about Americans must alert consumers in the event their personal information is compromised or shared without permission, the Federal Trade Commission ruled Wednesday.

The U.S. consumer protection agency voted 3-2 on a new regulation that is meant to clarify the 2009 Health Notification Rule, which details how companies should tell consumers if their data is improperly shared or breached. The decision Wednesday extends the 2009 rule to cover health apps, fitness trackers and other connected devices that have risen in popularity over the past decade.

From the survey front,

  • Health IT Security informs us that “Google and Microsoft amassed the most vulnerabilities compared to other major tech companies in the first half of 2021, researchfrom Atlas VPN revealed. During the first half of 2021, Google accumulated 547 registered vulnerabilities. Microsoft followed close behind at 432.” Ruh roh.
  • CRN discusses the ten biggest cybersecurity risks that business face this year.

In ransomware news —

  • The Wall Street Journal advised us yesterday that

The Biden administration is preparing an array of actions, including sanctions, to make it harder for hackers to use digital currency to profit from ransomware attacks, according to people familiar with the matter. 

The government hopes to choke off access to a form of payment that has supported a booming criminal industry and a rising national security threat.

The Treasury Department plans to impose the sanctions as soon as next week, the people said, and will issue fresh guidance to businesses on the risks associated with facilitating ransomware payments, including fines and other penalties. Later this year, expected new anti-money-laundering and terror-finance rules will seek to limit the use of cryptocurrency as a payment mechanism in ransomware attacks and other illicit activities.

The actions collectively would represent the most significant attempt yet by the Biden administration to undercut the digital finance ecosystem of traders, exchanges and other elements that cybersecurity experts say has allowed debilitating ransomware attacks to flourish in recent years.

  • Security Week offers a related report on understanding the cryptocurrency – ransomware connection.

Friday Stats and More

Based on data from the Centers for Disease Control’s COVID Data Tracker, here is the FEHBlog’s weekly chart of new COVID cases for 2021:

The CDC observes “After experiencing a brief decline in COVID-19 cases, the United States is once again seeing an increase in cases in most of the country.”

Here’s a link to the CDC’s weekly chart of COVID hospitalizations which shows a drop in the seven day moving average.

Here’s the FEHBlog’s weekly chart of new COVID deaths for 2021:

Finally here is the FEHBlog’s weekly chart of COVID vaccines distributed and administered from the 51st week of 2020 through the 37th week of 2021, ending last Wednesday September 15.

There are 180.6 million fully vaccinated Americans, or 63.6% of the vaccination eligible population (age 12 and older) and 31 million more who are waiting for their second dose.

The Wall Street Journal informs us that

The Covid-19 vaccine made by Moderna Inc. is more effective at keeping people out of the hospital than those from Pfizer Inc. and partner BioNTech SE or Johnson & Johnson, new research indicates.

In a study published by the Centers for Disease Control and Prevention on Friday, researchers studied more than 3,600 adults who were hospitalized in the U.S. between March and August of 2021. They looked at people who were admitted to 21 hospitals who had at least one Covid-19 symptom and a positive PCR or antigen test, as well as patients who were admitted to a hospital who tested negative for Covid-19. They then compared their vaccination status and which vaccine they received.

The researchers found that the Moderna vaccine’s effectiveness against hospitalization was 93%, compared with 88% for Pfizer-BioNTech’s and 71% for J&J’s. The effectiveness of the Moderna and Pfizer-BioNTech vaccines also seemed to stand up better over time than that of J&J’s vaccine. The Moderna vaccine’s effectiveness against hospitalization dropped to 92% after 120 days, while Pfizer-BioNTech’s dropped to 77%. After just 28 days, the J&J vaccine’s effectiveness fell to 68%.

And the administrative suspense is over, STAT News tells us

An advisory panel to the Food and Drug Administration on Friday recommended against a booster dose of a Covid-19 vaccine for most Americans at this time — a major rebuke to the Biden administration — but voted unanimously to recommend one to Americans who are 65 or older.

The FDA is not required to follow the recommendation of its advisory committees but generally does. If the recommendation is adopted by the FDA and Centers for Disease Control and Prevention, it would put the U.S. policy on a par with countries like the United Kingdom.

After seven hours of deliberation, members of the Vaccines and Related Biological Products Advisory Committee voted 16 to 2 against a proposal to administer a third dose of the vaccine developed by Pfizer and BioNTech to individuals 16 years and older. The vote to recommend a booster to people 65 years and older — as well as people who are at risk of severe Covid — was 18 to 0.

It was not immediately clear who would qualify as high risk; fleshing that out will likely fall to the CDC’s advisory committee, the Advisory Committee on Immunization Practices.

You will be able to knock the FEHBlog down with a feather if acting FDA Commissioner Janet Woodcock overrules the advisory committee given the Aduhelm debacle earlier this year. Also the outcome strikes the FEHBlog as a reasonable Goldilocks solution to the thorny problem.

Speaking of the expensive Alzheimer’s Disease drug Aduhelm, Fierce Pharma reports that

Data collected from a survey of 74 neurologists collected at the start of the month found that at least two thirds of respondents anticipate having at least some patients on Aduhelm by March 2022, according to Spherix Global Insights’ newly launched drug report released on Thursday. That could result in “an estimated brand share substantially higher than that projected back in August,” the report found. 

he results indicate increased signs of optimism, according to Spherix, with small increases in the prescriber base and number of new patients compared to the stagnant trends found in the first few months following Aduhelm’s June FDA nod. In Spherix’s mid-July report, only about one fourth (27%) of responding physicians had planned to prescribe Aduhelm in the next few months.

Biogen’s prospects should improve in the coming weeks, Spherix estimates. According to the report, the prescriber base will likely grow by nearly 50% within that time, which could lead to twice the number of new patient initiations when compared with August.

Despite the maelstrom of negative press Biogen’s accelerated FDA nod has garnered, one in seven newly diagnosed patients with the memory-robbing disease are considered potential Aduhelm candidates, Spherix said. 

Therefore, Aduhelm’s long-term success “does not appear to be markedly limited by physician willingness to prescribe” the treatment or “clinical determination of patient eligibility.” 

In HHS News —

  • Today, the Biden-Harris Administration announced a $2.1 billion investment to improve infection prevention and control activities across the U.S. public health and healthcare sectors. The Biden-Harris Administration, working through the Centers for Disease Control and Prevention (CDC), is investing American Rescue Plan funding to strengthen and equip state, local, and territorial public health departments and other partner organizations with the resources needed to better fight infections in U.S. healthcare facilities, including COVID-19 and other known and emerging infectious diseases.”
  • Also today a record breaking third Affordable Care Act notice of benefit and rate parameters notice for 2022 was finalized. Fierce Healthcare tells us that “For 2022, insurers will face an increase in the federally run marketplace user fee rate to 2.75% of their premiums and the state-run exchanges to 2.25%. That is a change from the user fee finalized on Jan. 19 under the Trump administration, which called for a user fee of 2.25% for the federal marketplace and 1.75% for the state-run exchanges. The rule would also extend the open enrollment period by 30 days for ACA signups, with the new deadline on the federally run exchanges being Jan. 15. Open enrollment for the federal exchanges still starts on Nov. 1. * * * CMS is also creating a new special enrollment period that targets low-income individuals through HealthCare.gov. The goal is to target people who could be eligible for boosted subsidies that were included in the American Rescue Plan Act but expire after the 2022 coverage year. Congress is debating whether to extend those subsidies as part of a $3.5 trillion infrastructure package.”

President names an OPM Inspector General nominee

OPM Headquarters a/k/a the Theodore Roosevelt Building

The Washington Post reports that

President Biden on Thursday made a nomination to fill the long-vacant position of inspector general at the Office of Personnel Management, a watchdog office that has at times publicly clashed with top management of the federal agency.

Nominee Krista Boyd is chief counsel for oversight and policy on the House Oversight and Reform Committee, which oversees federal workplace matters. Boyd has worked on Capitol Hill for more than two decades with a focus on issues including whistleblower protection, transparency and strengthening the access to agency information for inspectors general and other watchdogs, an announcement said.

Ms. Boyd’s nomination is subject to Senate confirmation.

On the Delta variant front, Govexec.com informs us that

The Biden administration released new guidance on Thursday about implementing the COVID-19 vaccine mandate for federal employees, which says even those on telework or remote work must get vaccinated. 

The guidance implements an executive order President Biden issued on September 9 requiring federal employees to get vaccinated against the novel coronavirus, unless they request an exemption. The Safer Federal Workforce Task Force said on Monday that November 22 is the deadline for employees to get fully vaccinated or possibly be subject to progressive discipline. * * *

Postal Service employees are not covered by the mandate, but they will be subject to the forthcoming emergency temporary standard from the Occupational Safety and Health Administration (OSHA) that will require vaccines for companies with 100 or more employees, the senior administration official pointed out. That was another coronavirus measure the president unveiled last week. 

“Our workplaces are subject to regulations from the Occupational Safety and Health Administration,” USPS said in a statement on Thursday. “Therefore, we are working closely with our union leadership so that once OSHA’s COVID-19 Vaccination Emergency Temporary Standard is issued we can move quickly to determine its applicability to our employees and how best to implement [it].” * * *

Other topics covered in the update are: who is considered fully vaccinated and the timeline for getting fully vaccinated (depending on which vaccine individuals receive); vaccination dates for those who are starting government service after November 22; what protocols employees should follow before becoming fully vaccinated; and how agencies should collect and maintain documentation of vaccination for employees. Agencies must collection documentation even if employees previously attested to being vaccinated. 

The Society for Human Resource Management discusses what to expect from OSHA on the vaccination screening program it is developing for private employers with more than 100 employees.

In mergers and acquisitions news, the Deseret News reports that

Intermountain Healthcare announced Thursday that the organization is merging with SCL Health, a faith-based, nonprofit health care organization based in Colorado.

The two organizations are located in adjacent areas with no geographic overlap, so together they will employ more than 58,000 caregivers, operate 33 hospitals and run 385 clinics across Utah, Idaho, Nevada, Colorado, Montana and Kansas.

SCL Health is a $2.8 billion health network that provides comprehensive, coordinated care in hospitals, clinics, home health, hospice and mental health services across Colorado, Montana and Kansas. It brings eight hospitals and more than 160 physician clinics into the merger. Their hospitals will retain their names and their Catholic identity, directives and values.

The merger, which is subject to regulatory approval, is expected to close early next year.

From the studies front —

  • The Centers for Disease Control released updated adult obesity prevalence maps for the U.S. yesterday.
  • The Employee Benefits Research Institute is offering an issues brief on trends in health savings account balances, contributions, distributions and investments and the impact of COVID-19 thereon.

From the reminders front, Fedweek explains the “five year rule” for continuing FEHB and FEGLI coverage into a civil service retirement.

As a rule, you can only continue your FEHB and/or FEGLI coverage into retirement if you are 1) currently enrolled, 2) have been enrolled for at least five years or from your earliest opportunity to enroll, and 3) are retiring on an immediate annuity (including disability).

Further, if you are a FERS employee who is retiring on an immediate annuity but postponing its receipt to a later date to reduce or eliminate the 5 percent per year penalty for retiring under the MRA+10 provision (minimum retirement age—currently 57—with at least 10 but less than 30 years of service), you’ll be able to reenroll in the FEHB program when your annuity begins. Note: If you leave government before being eligible to retire and later apply for a deferred annuity when you have the right combination of age and service, you can’t reenroll in either program.

While there is an automatic waiver of the FEHB five-year rule if you are accepting an offer of early retirement from your agency, no waiver is possible for FEGLI. Nor are waivers of the “currently enrolled” or “retiring on an immediate annuity” requirements available under current law for either program.

Midweek update

As we approach the September 17 of the FDA advisory committee meeting on the COVID-19 booster, the Wall Street Journal reports that

The Food and Drug Administration said vaccines cleared in the U.S. currently provide sufficient protection against severe disease and death from Covid-19 without additional doses, potentially complicating the Biden administration’s deliberations over the need for booster shots.

The FDA released the findings Wednesday in a report analyzing data submitted by Pfizer Inc. and BioNTech SE as part of their request for authorization for their vaccine to be given as a booster shot in people 16 years and older. 

An outside panel of scientific advisers will review the FDA report on Friday, along with a companion analysis from Pfizer and other information, as part of a discussion over who needs booster shots and when.

In yesterday’s blog post, National Institutes of Health (NIH) Director Dr. Francis Collins tells us that

There’s no question that vaccines are making a tremendous difference in protecting individuals and whole communities against infection and severe illness from SARS-CoV-2, the coronavirus that causes COVID-19. And now, there’s yet another reason to get the vaccine: in the event of a breakthrough infection, people who are fully vaccinated also are substantially less likely to develop Long COVID Syndrome, which causes brain fog, muscle pain, fatigue, and a constellation of other debilitating symptoms that can last for months after recovery from an initial infection. 

These important findings published in The Lancet Infectious Diseases are the latest from the COVID Symptom Study 

NIH announced today awarding

nearly $470 million to build a national study population of diverse research volunteers and support large-scale studies on the long-term effects of COVID-19. The NIH REsearching COVID to Enhance Recovery (RECOVER) Initiative(link is external) made the parent award to New York University (NYU) Langone Health, New York City, which will make multiple sub-awards to more than 100 researchers at more than 30 institutions and serves as the RECOVER Clinical Science Core. This major new award to NYU Langone supports new studies of COVID-19 survivors and leverages existing long-running large cohort studies with an expansion of their research focus. This combined population of research participants from new and existing cohorts, called a meta-cohort, will comprise the RECOVER Cohort. This funding was supported by the American Rescue Plan.

On a related note STAT News informs us that

A company is launching out of Stanford University on Wednesday to tackle one of the most enduring challenges of digitized medicine: How do you apply data from past patients to inform the care of new ones?

The company, named Atropos Health, is seeking to commercialize a consultation service designed to use mountains of existing data to quickly answer a wide range of pressing questions, such as which drug is most effective for certain kinds of cancer patients, or when antibiotics can be safely discontinued in the treatment of a particular infection.

That may seem ho-hum in a world where search engines enable instantaneous information retrieval in so many domains. But the health care industry has failed to harness that power, hamstrung by a lack of quality digital data and wary of the consequences of applying an answer incorrectly to the care of complicated human beings.

Good luck to Atropos.

In other healthcare news

  • Health Payer Intelligence usefully discusses how payers can cultivate consumer-centered digital innovation. Fierce Health reports on Blue Cross licensee Carefirst’s release of such an innovation. The innovation in this case is “a new virtual primary care practice called CloseKnit. CloseKnit will offer a slew of healthcare services in a virtual-first delivery model, including preventive care, urgent care, behavioral health care, care coordination and insurance navigation. Services are available through an app and are built to be affordable and transparently priced, according to the announcement. In-person care is provided through referrals to local providers.”
  • The Health Affairs Blog offers its insights into the proposed No Surprises Act rule on air ambulance and broker compensation reporting and HHS’s role in enforcing the new law.
  • The Department of Health and Human Services announced today that “more than 2.8 million people newly gained access to affordable health care under the Biden-Harris Administration through the 2021 Special Enrollment Period (SEP) on HealthCare.gov and State-based Marketplaces.. With the gains made during the SEP, there are now a record-breaking 12.2 million people enrolled in the federal and state marketplaces.”
  • Govexec tells us that “The Government Employees Health Association announced last week that federal employees enrolled in their Federal Employees Health Benefits Program insurance plans can receive a $75 credit on their wellness accounts, which are used to pay for health expenses like copays and prescriptions, until Dec. 31. Previously, the deadline to get the first dose of the vaccine was Sept. 6 for the incentive program, although proof of full vaccination was still required by the end of 2021. Now, in order to be eligible for the cash incentive, GEHA enrollees have until Dec. 31 to get their first dose and request the reward.”

Tuesday’s Tidbits

Photo by Patrick Fore on Unsplash

Roll Call discusses the status of the $3.5 trillion budget reconciliation bill as “Senate Democrats begin to tweak the House package.” Federal News Network provides a broader perspective on the varied issues facing Congress this month.

From the Delta variant front

  • The Department of Health and Human Services” (HHS) Vaccination Community Corps has updated its resources list.
  • Yesterday, HHS “transitioned from a direct ordering process to a state/territory-coordinated distribution system * * * for the distribution of monoclonal antibody drugs (“mAbs”) [to treat COVID-19 particularly in unvaccinated people].  State and territorial health departments know best where product is needed in their areas. Transitioning to a state/territory-coordinated distribution system gives health departments maximum flexibility to get these critical drugs where they are needed most.” Makes sense.  
  • Healthcare Dive reports that “Just as patients started returning for care they delayed throughout the COVID-19 pandemic, hospitals are again having to put non-emergency procedures on hold to free up resources for patients hospitalized with the delta variant of the coronavirus. Salt Lake City-based Intermountain Healthcare is the latest system to announce it’s postponing elective procedures starting Wednesday at 13 of its hospitals, and expects the pause to last several weeks, CEO Marc Harrison said during a Friday press conference.”
  • JDSupra offers a useful and in the FEHBlog’s opinion accurate legal analysis of the President’s vaccination programs for federal contractors and private employers. Bloomberg expresses concern that “The U.S. may not have enough tests to keep pace with the Biden administration’s tightened workplace Covid-19 mitigation measures.”

In the tidbits department

  • The Mercer consulting firm announced that ‘[a]s the pandemic continues to unfold, the ability of employers to have a positive impact on employee health and resiliency cannot be understated and is one of the most important findings of the latest Mercer “Health on Demand” survey released today.” Since the onset of COVID-19, when employers stepped up to provide essential support, it made a difference. Employees who say they received good support from their employers are much less likely to view their personal experience of the pandemic as mostly or entirely negative compared to those who received little or no support – 25% vs. 49%. And almost half (45%) of those receiving good support say they are less likely to leave their job as a result.
  • The FEHBlog noticed a Modern Healthcare article discussing how employers are incorporating virtual substance abuse programs in their provider networks. As an example the article pointed to Ria Health which describes itself as an evidence based alcohol additional treatment program.
  • The American Medical Association’s President (appropriately in the FEHBlog’s view) is urging physicians and patients to reengage. “As life takes steps to return to normal, it’s urgent that patients and physicians prioritize health screenings and regular procedures.”

Monday Roundup

Photo by Sven Read on Unsplash

On the OPM front, Govexec informs us that

The Office of Personnel Management on Monday announced that it agrees with the vast majority of recommendations posed by a recent study on the future of the agency and is incorporating much of that report’s findings into its strategic plan and budget requests.

In March, the National Academy of Public Administration released its long-awaited report on how to modernize OPM * * * .

OPM said that many of NAPA’s recommendations have already been incorporated into the agency’s fiscal 2022-2026 strategic plan and will be used as the agency develops its fiscal 2023 budget request, which is due to the Office of Management and Budget in October. The new strategic plan will not be public until February 2023, coinciding with the release of President Biden’s fiscal 2023 budget proposal.

In a statement, OPM Director Kiran Ahuja said she will ensure the agency is focused on implementing policies that reaffirmed OPM as a strong and independent leader in governmental human resources.

Good luck with that effort. It seems like yesterday that OPM released its last five year strategic plan.

On the Delta variant front, The Wall Street Journal reports today that

A surge in Covid-19 deaths caused by the highly contagious Delta variant is hitting working-age people hard while highlighting the risks for people who remain unvaccinated.

Federal data show Covid-19 deaths among people under 55 have roughly matched highs near 1,800 a week set during last winter’s surge. These data show weekly tallies for overall Covid-19 deaths, meanwhile, remain well under half of the pandemic peak near 26,000 reached in January. * * *

Older Americans still account for the most Covid-19 deaths, but their higher vaccination rates have helped hold down the numbers. About 54% of the overall U.S. population and 63% of eligible people ages 12 and above are fully vaccinated, while the average among nursing homes is 84% for their residents, federal data show.

On the COVID vaccination front —

  • David Leonhardt in the New York Times offers helpful information for folks who have received the one dose Johnson & Johnson vaccine.
  • Medscape tells us that “Pfizer’s COVID-19 vaccine could be authorized for ages 5-11 by the end of October, according to Reuters.”

On the Biden Administration’s vaccine mandate front —

Federal News Network reports that

Federal employees have until Nov. 22 to be fully vaccinated in accordance with the president’s new mandate, the Biden administration said Monday.

The Safer Federal Workforce Task Force, led by the White  House COVID-19 Response Team, the Office of Personnel Management and General Services Administration, offered up a few more details on what agencies and employees should expect from the president’s new vaccine executive order.

“Federal executive branch employees must be fully vaccinated, except in limited circumstances where an employee is legally entitled to a reasonable accommodation,” the task force said in a series of updated “model safety principles” released Monday. “Agencies must work expeditiously so that their employees are fully vaccinated as quickly as possible and by no later than Nov. 22, 2021.”

The task force said it’s preparing additional guidance on how agencies should implement the president’s new executive order and will issue it “soon.”

Govexec tells us that “The U.S. Postal Service is not committing to implementing any COVID-19 vaccine mandate—full or partial—for its workforce, with an agency spokesman saying officials will first need to see the fine print of new requirements President Biden has issued.”

On the health equity front —

  • Healthcare Finance News reports that seventeen national healthcare organizations sent a letter “urging Department of Health and Human Services Secretary Xavier Becerra to move forward on alternative payment models as part of its strategy to achieve health equity. [T]he groups [letter] underscored how APMs routinely leverage multidisciplinary approaches to care, assess social risk, partner with community organizations to increase access to nonmedical services and leverage data to improve disparities in patient outcomes.”
  • Health IT Analytics discusses the value including social determinants of health data in artificial intelligence applications. “According to New York University researchers, machine learning can accurately predict cardiovascular disease and guide physicians to select treatment options. However, by factoring social determinants of health into the equation, providers can better serve diverse groups.”

In other healthcare news —

  • HHS’s “Substance Abuse and Mental Health Services Administration (SAMHSA) is awarding more than $123 million in funding through six grant programs to provide multifaceted support to communities and health care providers as the Nation continues to combat the overdose epidemic.”

Policymakers have introduced proposals to combat high and rising hospital prices, but focusing on high-concentration markets likely misses the mark.

The majority of high-price hospitals are active in markets that meet federal definitions of low or moderate concentration, according to a recently published commercial claims review.

As such, price regulation policy proposals that specifically target concentrated hospital markets would only impact a minority of hospitals charging the highest prices for their services, Harvard-affiliated researchers wrote in Health Affairs.

Policymakers would instead be more effective if they focused their interventions directly on limiting high provider prices without regard to a hospital’s surrounding market, researchers wrote.

“Policymakers could start with modest approaches, such as capping the highest prices, tracking outcomes and gradually pushing the caps downward, and monitoring trade-offs between savings and any unintended consequences for access or quality,” they wrote.

Weekend Update

Photo by Dane Deaner on Unsplash

The U.S. House of Representative both will be engaged in committee work through Wednesday this week until Yom Kippur begins on Wednesday evening. The Senate also will be engaged in floor voting for the same period. Committee work principally will focus on the details of the $3.5 trillion budget reconciliation bill and a related Plan B measures including a stopgap extension of federal funding past September 30 and addressing the debt ceiling.

On the Delta variant front

The Wall Street Journal explains that epidemiologists no long think that COVID-19 can be eradicated. We have a good shot at the virus becoming endemic / a routine treatable illness.

When or even whether Covid-19 settles into that status depends on how many more people get vaccinated and how soon, said Adolfo Garcia-Sastre, director of the Global Health and Emerging Pathogens Institute at the Icahn School of Medicine at Mount Sinai in New York.

For Covid-19 to become mild, most people will need some immunity, which studies have shown reduces the severity of the disease. Infections provide some immunity, but at risk of severe illness, death and further spread of the virus, compared with vaccines. People could become vulnerable to SARS-CoV-2 if that immunity erodes or is weak, or if the virus mutates.

“The more people who are vaccinated, the less problems there are going to be,” Dr. Garcia-Sastre said.

The Journal’s Numbers columnist explains why COVID-19 vaccination boosters will be necessary.

“We’re fortunate with tetanus, diphtheria, measles and vaccinia,” Dr. [Mark] Slifka [from the Oregon Health & Science University] said. “We have identified what the threshold of protection is. You track antibody decline over time, and if you know the threshold of protection, you can calculate durability of protection. With Covid, we don’t know.”

Complicating things further, viruses and bacteria that mutate to escape the body’s immune response are harder to control.

Measles, mumps, rubella and chickenpox hardly mutate at all, but at least eight variants of SARS-CoV-2, the virus that causes Covid-19, have been found, according to the British Medical Journal.  

“It does make it more complicated for the vaccine to work,” Dr. Slifka said. “You’re chasing multiple targets over time. Flu also mutates. With flu, we’ve adjusted by making a new flu vaccine each year that as closely as possible matches the new strain of flu.”

The FDA’s Vaccines Advisory Committee meets on the topic of COVID-19 boosters this Friday September 17. The CDC’s Advisory Committee on Immunization Practices has scheduled a complementary meeting for September 29.

The FEHBlog ran across this interesting WebMD article titled “Monoclonal Antibodies vs. Vaccines vs. COVID-19: What to Know.” “‘As hospitalizations go up nationwide, we have a therapy here that can mitigate that,’ says William Fales, MD, medical director of the Michigan Department of Health and Human Services Division of EMS and Trauma. Getting monoclonal antibodies is one of ‘the best things you can do once you’re positive.’” However, the vaccine’s protection against COVID-19 has a much longer duration than this treatment. “There are two authorized uses for monoclonal antibodies: To treat or stop COVID-19’s progression in a high-risk person who tests positive, and to prevent COVID-19 in a high-risk person who’s been exposed.” The treatment is administered while hospitalized or while outpatient at an infusion center.

In RX news, Managed Healthcare Executive reports

The FDA has approved 30 biosimilars and 21 have been launched. But it won’t be till biosimilars for some of the more widely prescribed biologics are on the market before biosimilars really start to have a major impact on American healthcare and its cost, according to a top-ranking executive at OptumRx.

“We’re still a few years away from the point at which the most widely-utilized … products in the U.S. today will be available as biosimilars,” Savitha Vivian, senior vice president of clinical and formulary Services for OptumRx, said in an interview with Managed Healthcare Executive®. “And that’s really what we’re looking for, because that’s going to enable a more sizable and impactful bottom-line savings.”

Ms. Vivian expects Humira to hit the bio-similar market in 2023.

“Another significant biosimilar launch that is still two to three years away from one for Novo Nordisk’s insulin aspart injection (Novolog), a “highly utilized medication, especially in the outpatient setting,” noted Vivian.Biosimilars for Genentech’s Actemra (tocilizumab), a medication for rheumatoid arthritis and other forms of arthritis, and Stelara (ustekinumab), Janssen’s immunosuppressive drug for plaque psoriasis and psoriatic arthritis, are also two or three years away.”

Patient and provider comfort with biosimilars is still a “critical barrier” to the adoption of biosimilars, she said.

Switching therapies in patients who are stable on the biosimilar’s reference product to the biosimilar is not typically recommended, according to Vivian. “So from a clinical perspective, we need to be cautious in implementing strategies that force these types of switching.”Instead, she said, “what we really need is data showing that there’s really no additional risk from switching therapies in these hard-to-treat or hard-to-control chronic diseases. That’s going to really increase the confidence for prescribers to start using biosimilars in … those stable patients.”

Another barrier is a lack of interchangeability in biosimilars, with notable exception of Semglee (insulin glargine-yfgn), which was FDA-approved as biosimilar to, and interchangeable with Lantus (insulin glargine) this summer. In order to demonstrate interchangeability, studies must show there is no additional risk or reduced efficacy if a patient switches back and forth between the interchangeable biosimilar and the reference product.

Cybersecurity Saturday

September 11, 2020

From the ransomware front, Bleeping Computer reports today that “The REvil ransomware gang has fully returned and is once again attacking new victims and publishing stolen files on a data leak site.” REvil was responsible most recently for the JBS meat packing plant and the Kayesa hacks. Following the Kayesa hack, the gang went into virtual hiding.

After their shutdown, researchers and law enforcement believed that REvil would rebrand as a new ransomware operation at some point. However, much to our surprise, the REvil ransomware gang came back to life this week under the same name.

Also here is a link to Bleeping Computer’s the Week in Ransomware.

ZDNet offers an interesting article on ransomware targets.

On Monday, KELA published a report on listings made by ransomware operators in the underground, including access requests — the way to gain an initial foothold into a target system — revealing that many want to buy a way into US companies with a minimum revenue of over $100 million. * * *

Ransomware groups such as Blackmatter and Lockbit may cut out some of the legwork involved in a cyberattack by purchasing access, including working credentials or the knowledge of a vulnerability in a corporate system. 

* * * Roughly half of the ransomware operators will, however, reject offers for access into organizations in the healthcare and education sector, no matter the country. In some cases, government entities and non-profits are also off the table. * * *

[T{here are preferred methods of access. Remote Desktop Protocol (RDP), Virtual Private Network (VPN)-based access prove popular. Specifically, access to products developed by companies including Citrix, Palo Alto Networks, VMWare, Cisco, and Fortinet.  

ZDNet further reports that

All the time spent ticking boxes in cybersecurity training sessions seems to be paying off after all: according to a new report, about a third of emails reported by employees really are malicious or highly suspect, demonstrating the effectiveness of the well-established maxim “Think before you click”.  

IT security company F-Secure analyzed over 200,000 emails that were flagged by employees from organizations across the globe in the first half of 2021, and found that 33% of the reports could be classified as phishing.

On the zero trust front, FCW informs us that “The push to convert federal networks, systems and devices to a zero trust security architecture is accelerating, with the release of three new draft guidance documents as part of the White House administration’s push to improve the nation’s cybersecurity” and the Wall Street Journal provides us with a Deloitte produced guide to zero trust cybersecurity.

For those with a law enforcement orientation, the Wall Street Journal tells us that the secret vulnerability of cybercrime gang is the burnout of their foot soldiers. The reporters had interviewed scores of lower level cybercrime workers, among other investigative techniques. Their conclusions:

[W]hen authorities targeted the support staff—the labor force that the cybercrime industry depends on—with a few arrests and made their jobs even more miserable than usual through coordinated shutdowns of server networks, the effect was much greater. This is not unlike putting pressure on a mafia accountant, as opposed to arresting crime bosses. 

In our research, we saw that when authorities attacked the cybercrime infrastructure this way, the services became unreliable and their customers thought they were being scammed, flooding their chat channels with complaints. When servers went down, so did the business of all the criminals who were renting that infrastructure. Cyberattacks declined.

Conventional wisdom suggests that disrupting the infrastructure of cybercrime services by taking down their servers is merely a game of Whac-A-Mole, with these groups able to set up new systems fairly quickly. But that doesn’t take into account the effect on cybercrime workers: We found that these takedowns were extremely frustrating for the people working behind the scenes. We even began to see people quitting the business, burned out from the stress of having to provide round-the-clock customer service and system administration under increasing scrutiny from the police.

Friday Stats and More

Based on the Centers for Disease Control (CDC) constantly improving COVID data tracker website, here are charts of new weekly COVID-19 cases and deaths using Thursday as the first day of the week. As you can see, new cases trended down last week. Per the CDC, “The current 7-day moving average of daily new cases (136,558) decreased 12.7% compared with the previous 7-day moving average (156,341).” Moreover, “The current 7-day moving average of new deaths (1,077) has decreased 11.3% compared with the previous 7-day moving average (1,214).”

Here are links to the COVID hospitalization statistics and the CDC’s weekly interpretation of its COVID data. Per the CDC, “The current 7-day daily average for September 1–September7, 2021, was 11,754 This is a 4.1% decrease from the prior 7-day average (12,251) from August 25–August 31, 2021.”

Here is chart of weekly COVID vaccines distributed and administered from the time administration began last December through the 36th week of this year (ending September 8, 2021):

New vaccinations have levelled out at a rate of roughly 5 million per week for the past two months. Per the CDC, “As of September 9, 2021, 92.6% of people ages 65 years or older have received at least one dose of vaccine and 82.2% are fully vaccinated. Over three-quarters (75.3%) of people ages 18 years or older have received at least one dose of vaccine and 64.5% are fully vaccinated. For people ages 12 years or older, 73.4% have received at least one dose of vaccine and 62.5% are fully vaccinated.”

The Food and Drug Administration today released this bulletin about the status of making available a COVID vaccine for young children.

The FDA is working around the clock to support the process for making COVID-19 vaccines available for children. As outlined above, this process is complex and relies on robust manufacturer trials and data, and while we cannot offer a specific date or timeline for when it may be completed for the various manufacturers’ vaccine candidates, we can assure the public we are working as expeditiously as possible to meet this critical public health need and we very much hope to have pediatric COVID-19 vaccines available in the coming months.

The New York Times reports

Federal health officials released new data showing that unvaccinated Americans are 11 times as likely as vaccinated people to die of Covid-19.

Three large studies, published on Friday by the Centers for Disease Control and Prevention, also highlighted the effectiveness of the shots at preventing infection and hospitalizations with the virus.

The research underscored a deep conviction among scientists that vaccine hesitancy and refusal have prolonged the pandemic. The administration’s new plan should stem the flood of infections and return the country to some semblance of normalcy in the long term, several experts said in interviews.

With respect to the President’s vaccination mandates, Gov Exec tells us that

The U.S. Postal Service is not committing to implementing any COVID-19 vaccine mandate—full or partial—for its workforce, with an agency spokesman saying officials will first need to see the fine print of new requirements President Biden has issued. 

Biden’s executive order mandating the vaccines for the federal workforce took a somewhat narrow definition of agencies that carved out USPS, which employs more than 640,000 people. The president on Thursday also announced the Labor Department would put forward a rule directing all employers with more than 100 workers to require their staff to either be vaccinated or submit to weekly COVID-19 testing. USPS said on Friday it was still determining whether the rule would apply to the agency.

From the No Surprises Act front, HHS has issued its proposed rule implementing the Consolidated Appropriations Act 2021 Division BB provisions on air ambulance reporting, health insurer / plan broker compensation reporting and HHS enforcement of the law. Here is a link to a fact sheet on the proposal. The public comment deadline is October 18.

HHS also announced today that its “Health Resources and Services Administration (HRSA), is making $25.5 billion in new funding available for health care providers affected by the COVID-19 pandemic. This funding includes $8.5 billion in American Rescue Plan (ARP) resources for providers who serve rural Medicaid, Children’s Health Insurance Program (CHIP), or Medicare patients, and an additional $17 billion for Provider Relief Fund (PRF) Phase 4 for a broad range of providers who can document revenue loss and expenses associated with the pandemic.” The American Hospital Association was pleased with the news.

Federal News Network has interviewed many current and former federal employees about their memories of September 11, 2001. Check it out as the interviews include two OPM officials. Of course, never forget.

Busy Thursday

Earlier today the President announced a comprehensive list of executive measures intended to stem the Delta variant of COVID-19 in our country. Here’s a Medscape article on this action.

One of the new measures replaces the President’s July 28 vaccination screening program for federal employees and federal government contractors with a vaccination mandate program described in this Federal News Network article. Here are links to the Executive Order for the federal employees program and the separate Executive Order for the federal government contractors program.

The Health and Human Secretary Xavier Becerra announced the Administration’s plan to lower prescription drug costs. In the FEHBlog’s view, the proposals build price controls on top of existing price controls. The president of PhRMA, the prescription drug manufacturer’s trade association, commented that

“What was released today is a laundry list of old partisan ideas and not a serious plan to address what patients pay out of pocket for prescription drugs. What it leaves out is any attempt to fix a broken insurance system that discriminates against sick patients and does nothing to hold insurers and middlemen accountable for pocketing savings from our companies that should go to patients to lower their costs.
“It’s hard to ignore the irony that this is being released the same day the White House is unveiling a separate plan meant to regain control of the Covid-19 pandemic. The biopharmaceutical industry is continuing to work around the clock against this pandemic while this same White House is trying to make it more difficult for our industry to continue the fight against this pandemic and plan for future health crises.” 

Alternatively and perhaps even worse for PhRMA, according to STAT News, “[S]everal advocates and lobbyists told STAT this week that lawmakers in the U.S. Senate] were zeroing in on the idea of setting prices based on the maximum price drug makers can charge several military health programs, including the VA’s, known as the Federal Ceiling Price. That price is calculated by reducing the average price paid by non-governmental wholesalers by roughly one-quarter.” This drug cost reduction initiative in its final form would be included in the $3.5 trillion budget reconciliation bill.

Yesterday, the actuarial consulting firm WillisTowersWatson released its 2021 Benefits Trend Survey.

More than two-thirds of respondents (69%) say integrating employee wellbeing into the benefit package will be the top strategic benefit objective over the next two years. Most employers (86%) cite employee emotional wellbeing as their top priority over the next two years, followed by physical wellbeing (68%) and financial wellbeing (67%).

According to the survey, employers are taking steps to support their employees’ health and wellbeing in four main areas:

Physical: Over three in four employers (77%) have added or enhanced online and virtual medical services, and over half (53%) plan to add more or enhance them in the next two years.

Emotional: 73% of employers plan to boost their support for mental health (stress, burnout and depression).

Financial: Nearly half of employers (47%) plan to add or enhance their support for financial wellbeing (savings, budgeting, loans and counseling).

Social: More than a quarter of employers (29%) plan to add or enhance support for social wellbeing (charitable donations, volunteer opportunities and social recognition).

The survey also revealed less than three in 10 employers (28%) believe their benefit programs enhance employee appreciation of the employment deal, and many are taking steps to boost support and communication. Over one-third (34%) are planning or considering the use of digital tools and technology to help employees feel connected and be productive; over half (52%) are planning or considering the use of personalized communication to specific segments of the workforce.

he Wall Street Journal”The coming flu season is on track to be much worse than the last cycle, according to health experts, who fear an influx of cases could further strain hospitals already overwhelmed by the Delta surge. The season could also strike earlier and more severely than usual, doctors and researchers said, because many people haven’t been able to build up their natural immune defenses while working from home and avoiding strangers.”

The Wall Street Journal reports that

The coming flu season is on track to be much worse than the last cycle, according to health experts, who fear an influx of cases could further strain hospitals already overwhelmed by the Delta surge.

The season could also strike earlier and more severely than usual, doctors and researchers said, because many people haven’t been able to build up their natural immune defenses while working from home and avoiding strangers [and children are back in school].

The FEHBlog got his flu shot today.

Today’s WSJ Future of Everything article informs us that

A sports injury or trauma to cartilage around the knee, hip or shoulder joint can lead to osteoarthritis later in life—or, worse yet, the need for a new joint. So can the wear and tear that comes with age. One day, new drugs and stem-cell therapies may stop the degeneration before it starts.

Researchers are developing new techniques to protect, repair and regrow articular cartilage, the layer of connective tissue that covers the ends of bones and enables joints to move smoothly, to stop the progression of osteoarthritis and curb the need for joint replacement surgery.

Now that could reduce healthcare spending.