FEHBlog

Happy Martin Luther King, Jr., Day

The National Part Service reminds us, “Dr. Martin Luther King Jr. was a tireless advocate for racial equality, working classes, and the oppressed around the world. Commonly called Martin Luther King, Jr. Day or MLK Day, the third Monday of January is a federal holiday to honor his life and legacy.”  RIP

Donald J. Trump was sworn into office as the 47th President of the United States at noon today.

The Wall Street Journal reports, “President Trump signed an executive order creating the Elon Musk-led Department of Government Efficiency. “That’s a big one,” he exclaimed. Trump said Musk would get an office for about 20 staffers.” * * *

“Trump’s executive order calls on agencies to set up DOGE teams of at least four employees, which will include a team leader, an engineer, a human resources specialist and an attorney. Under the new structure, the United States Digital Service, which provides information technology services to federal agencies, will be renamed the United States DOGE Service with an administrator who will report to the White House chief of staff, Susie Wiles.”

President Trump also signed the following additional executive orders of relevance to federal employment and the FEHB Program —

The President formally nominated Scott Kupor of California to be OPM Director.

Rescission of the January 3 memorandum is understandable because the President named an OPM IT executive Charles Ezell to be acting OPM Director. Here is a link to Director Ezell’s first formal action in that role.

The House of Representatives and the Senate are in session this week for Committee business and floor voting. The Senate unanimously confirmed now former Senator Marco Rubio to be Secretary of State this evening.

The Senate committees will be holding confirmation hearings and meetings while committees in both Houses will be engaged in organizational activities. The Senate Homeland Security and Governmental Affairs held a business meeting this evening on whether to confirm the President’s nominee to Director of the Office of Management and Budget, Russell Vought. The Senate Budget Committee will hold a hearing on Mr. Vought’s nomination tomorrow. In the meantime, OMB Assistant Directors for Legislative Reference Matthew Vaeth is the acting OMB Director.

STAT News reports,

  • “A next-generation form of chemotherapy from AstraZeneca and Daiichi Sankyo has won Food and Drug Administration authorization for a form of breast cancer, the first U.S. approval for a drug for which the companies have high expectations. 
  • “The FDA on Friday announced it had approved the drug, to be marketed as Datroway, for certain advanced breast cancer patients. Datroway, also called datopotamab deruxtecan, or Dato-DXd, was approved in Japan for a form of breast cancer last month, its first regulatory green light.
  • “The U.S. list price for Datroway is roughly $4,900 per 100 milligram vial and the recommended dose of the drug is 6 milligrams per kilogram of patient weight every three weeks. 
  • “Datroway is what’s known as an antibody-drug conjugate, an emerging type of therapy that aims to deliver the powerful cancer-killing ability of chemotherapy directly to tumor cells, staving off the toxic side effects of standard chemo. AstraZeneca and Daiichi are also partnered on a top-selling ADC called Enhertu.”

MedPage Today lets us know

  • An observational study of 175 health outcomes using Veterans Affairs (VA) data for nearly 2 million individuals uncovered new insights about possible risks and benefits of GLP-1 receptor agonists.
  • “Over a median of 3.68 years, adults with type 2 diabetes who added a GLP-1 agent to their treatment plan had significantly decreased risks for 42 diverse outcomes, increased risks for 19 outcomes, and no association with 114 outcomes compared with usual care, reported Ziyad Al-Aly, MD, of Washington University in St. Louis, and colleagues.
  • “The results may be useful for informing clinical care, enhancing pharmacovigilance, and guiding the development of mechanistic and clinical research to evaluate the broad pleiotropic effects of GLP-1 receptor agonists,” the researchers wrote in Nature Medicine.
  • “GLP-1 agents “have an intricate web of various effects,” Al-Aly said in a press briefing. For example, the analysis showed that use of GLP-1 agonists was associated with a 5% risk reduction in neurocognitive disorders, driven by an 8% decreased risk of dementia and 12% lower risk for Alzheimer’s disease.
  • “It’s weak, but it’s not null,” Al-Aly said about the Alzheimer’s relationship, adding that this finding “is still welcome” given the limited number of treatments for the disease.”

Cybersecurity Saturday

From the cybersecurity policy and law enforcement front,

  • Federal News Network tells us,
    • “President-elect Donald Trump’s pick to lead the Department of Homeland Security is signaling potential changes at the Cybersecurity and Infrastructure Security Agency.
    • “South Dakota Gov. Kristi Noem, nominated by Trump to serve as homeland security secretary, testified before the Senate Homeland Security and Governmental Affairs Committee on Friday. She fielded a range of questions, largely on border security and immigration enforcement.
    • “On the cybersecurity front, Noem in her opening statement said she would prioritize a “comprehensive, whole-of-government approach to cybersecurity,” without offering further specifics.
    • “I fully acknowledge that people in Washington, DC do not have all of the answers, and therefore I will leverage private, public partnerships,” Noem added as part of her opening statement. “I will advance cutting edge state of the art technologies to protect our nation’s digital landscape.”
  • Cybersecurity Dive lets us know,
    • “The White House rolled out a highly anticipated executive order on Thursday [January 16, 2025] to combat a rising level of sophisticated attacks targeting U.S. government agencies, critical infrastructure providers and high-profile individuals by state-linked threat groups and other malign actors. 
    • “The executive order will give the U.S. more authority to level sanctions against malicious actors that have disrupted hospitals and other critical providers. 
    • “Federal authorities also plan to leverage the government’s $100 billion in annual IT spending to make sure technology companies develop more secure software.” * * *
    • To help increase security in the public and private sector, the executive order aims to: 
      • Give the U.S. more authority to level sanctions against hackers that have critical providers, including hospitals. 
      • Require software vendors doing business with the federal government to prove they are using secure development practices. The federal government plans to validate that evidence and publish the information to help private sector buyers make informed decisions on secure software. 
      • The National Institute for Standards and Technology will develop guidance on how to deploy software updates in a secure and reliable manner. 
      • The General Services Administration will develop guidance on how cloud customers can securely use these products.  
      • Identify minimum cybersecurity standards for companies working with the federal government. Bureaucracy and cybersecurity requirements for using federal information systems will be streamlined for three years. 
      • Federal authorities will begin research into AI-based tools to search for software vulnerabilities, manage patching and detect threats. A public-private partnership will be developed to use AI to protect critical infrastructure in the energy sector. 
      • The U.S. will only buy internet-connected devices that meet Cyber Trust Mark standards starting in 2027.   
  • Cyberscoop adds,
    • “A sweeping executive order on cybersecurity released Thursday won largely positive reviews, with the main question being its timing — and what will come of it with the executive branch set to be handed over from president to president.”
  • NextGov/FCW informs us,
    • The Office of Personnel Management did not take long nor have to look too far to find its next chief information officer.
    • Melvin Brown II, who previously served as OPM’s deputy chief information officer, was named OPM’s chief information officer this week, according to a LinkedIn post he published Sunday January 12, 2025.
  • Cyberscoop relates,
    • “The Department of the Treasury has sanctioned a Chinese national and a cybersecurity company based in Sichuan, China, for taking part in the Salt Typhoon hacking campaign that has swept up data from at least nine U.S. telecommunications companies.
    • “The department’s Office of Foreign Assets Control (OFAC) named Yin Kecheng of Shanghai and the Sichuan Juxinhe Network Technology Co. Ltd., as entities that had “direct involvement” in the Salt Typhoon campaign. Kecheng is described as an affiliate of the Chinese Ministry of State Security with over a decade of hacking experience.
    • “Kecheng is also alleged to have been involved in a recent hack of the Treasury Department.”
  • Per HHS news releases,
    • “[On January 14, 2025,] the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a settlement with Solara Medical Supplies, LLC (Solara), a supplier and direct-to-patient distributor of continuous glucose monitors, insulin pumps, and other supplies to patients with diabetes, concerning potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule and Breach Notification Rule following a [2019] breach of electronic protected health information (ePHI) caused by a phishing incident.” * * *
    • “In November 2019, OCR received a breach report concerning a phishing attack in which an unauthorized third party gained access to eight of Solara’s employees’ email accounts between April and June 2019, resulting in the breach of 114,007 individuals’ ePHI. In January 2020, OCR received notification of a second breach, when Solara reported that it had sent 1,531 breach notification letters to the wrong mailing addresses. OCR’s investigation determined that Solara failed to conduct a compliant risk analysis to identify the potential risks and vulnerabilities to ePHI in Solara’s systems; failed to implement security measures sufficient to reduce the risks and vulnerabilities to ePHI to a reasonable and appropriate level; and failed to provide timely breach notification to individuals, HHS, and the media.
    • “Under the terms of the resolution agreement, Solara agreed to implement a corrective action plan that will be monitored by OCR for two years and pay $3,000,000 to OCR.” * * *
    • “The resolution agreement and corrective action plan may be found here.”
  • and
    • “[On January 15, 2025,] the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a settlement with Northeast Surgical Group, P.C. (NESG), a provider of surgical services in Michigan, for a potential violation under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule.” * * *
    • “In March 2023, OCR received a breach report concerning a ransomware incident that had affected NESG’s information system. NESG concluded that the protected health information of 15,298 patients had been encrypted and exfiltrated from its network. OCR’s investigation determined that NESG had failed to conduct a compliant risk analysis to determine the potential risks and vulnerabilities to ePHI in NESG’s systems.
    • “Under the terms of the resolution agreement, NESG agreed to implement a corrective action plan that OCR will monitor for two years and paid $10,000 to OCR.: * * *
    • “The resolution agreement and corrective action plan may be found here.”

From the cybersecurity vulnerabilities and breaches front,

  • Per Cybersecurity Dive,
    • “The Cybersecurity and Infrastructure Security Agency spotted Salt Typhoon on federal networks before defenders discovered the China-sponsored threat group intruded into U.S. telecom systems, Director Jen Easterly said Wednesday.
    • “CISA’s sleuthing “enabled law enforcement to unravel and ask for process on virtual private servers,” Easterly said during an onstage interview at the Foundation for Defense of Democracies. Details gathered from that investigation and response allowed CISA to discover Salt Typhoon and its activities, Easterly said.” * * *
    • “CISA’s observations didn’t prevent Salt Typhoon from attacking the telecom networks en masse, but Easterly presented the agency’s threat hunting and intelligence gathering capabilities as an example of intra-government and public-private collaboration improvements made under her stewardship of the agency.
    • “Easterly is scheduled to step down as CISA director when the President-elect Donald Trump takes office next week.”
  • and
    • Threat hunters are scrambling to determine the scope of damage and potential impact from a critical zero-day vulnerability that impacts a trio of Ivanti products, including Ivanti Connect Secure VPN appliances.
    • Shadowserver scans identified more than 900 unpatched Ivanti Connect Secure instances on Sunday [January 12, 2025] and said the devices are likely vulnerable to exploitation. The amount of unpatched and vulnerable instances found by Shadowserver scans is down from more than 2,000 on Thursday [January 9, 2025].
    • The nonprofit, which analyzes and shares malicious activity with more than 200 national computer security incident response teams covering 175 countries, was asked not to disclose how it knows these instances are unpatched, but has yet to receive any false positive feedback, Shadowserver CEO Piotr Kijewski told Cybersecurity Dive via email on Friday.
    • Researchers are especially concerned about widespread exploitation of the zero-day because of previous cyberattacks linked to software defects in Ivanti products.
  • CISA added seven more known exploited vulnerabilities to its catalog this week.
  • More details from
  • Cybersecurity Dive
    • “The Cybersecurity and Infrastructure Security Agency added a command injection vulnerability in BeyondTrust Remote Support and Privileged Access Products to its catalog of known exploited vulnerabilities on Monday [January 13, 2025]. 
    • “The medium-severity flaw, listed as CVE-2024-12686, allows an attacker with administrative privileges to inject commands into a computer network and run as if they are a site user. The vulnerability has a CVSS score of 6.6. 
    • “The CVE is the second vulnerability disclosed by BeyondTrust during its investigation into an attack spree in December. The attacker reset the passwords of numerous accounts after compromising a Remote Support SaaS API key. A limited number of RemoteSupport SaaS customers were impacted by the attacks.” 
  • CSO Online
    • Fortinet has confirmed the existence of a critical authentication bypass vulnerability in specific versions of FortiOS firewalls and FortiProxy secure web gateways. The flaw has been exploited in the wild since early December in what appears to be an indiscriminate and widespread campaign, according to cybersecurity firm Arctic Wolf.
    • The fix for this zero-day is part of a bigger patch cycle by Fortinet, which released updates for 29 vulnerabilities across multiple products, 14 of which impact FortiOS, the operating system used in Fortinet’s FortiGate firewalls. Some of the flaws impact multiple products that share the same code, which is the case for the zero-day now tracked as CVE-2024-55591.
    • Although Fortinet does not credit Arctic Wolf with discovering the vulnerability, the indicators of compromise listed in the advisory match the analysis of the attack campaign Arctic Wolf warned about in December and documented in more detail on Friday.
  • Security Week
    • “The software giant [Microsoft] on Tuesday called urgent attention to three separate flaws in the Windows Hyper-V NT Kernel Integration Virtualization Service Provider (VSP) and warned that malicious attackers are already launching privilege escalation exploits.
    • “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” Microsoft said in a series of barebones advisories.
    • “As is customary, the company did not release technical details or IOCs (indicators of compromise) to help defenders hunt for signs of compromise.
    • “The three exploited zero-days — CVE-2025-21334CVE-2025-21333 and CVE-2025-21335 — affect the Windows Hyper-V NT Kernel Integration Virtualization Service Provider (VSP) that handles efficient resource management and communication between the host system and guest virtual machines (VMs).” 
  • and
    • Threat actors are exploiting a critical-severity remote code execution (RCE) vulnerability in Aviatrix Controller to deploy malware, cybersecurity firm Wiz reports.
    • The issue, tracked as CVE-2024-50603 (CVSS score of 10/10), exists because user-supplied input is not properly neutralized, allowing unauthenticated, remote attackers to inject arbitrary code that is executed with high privileges on the Aviatrix cloud networking platform.
    • The solution is designed to help organizations manage and secure their cloud infrastructure across multiple providers from a single place.
    • Impacting certain endpoints within the Aviatrix Controller’s API, which is implemented in PHP, the vulnerability was patched in December, but technical information on it was only published last week.

From the ransomware front,

  • Cybersecurity Dive reports on January 17, 2025,
    • Blue Yonder said it is investigating a threat after Clop listed the supply chain management company among nearly 60 companies the ransomware group claims it hacked. The attacks were linked to exploited vulnerabilities in Cleo file-transfer software, according to researchers from Zscaler and Huntress. 
    • A spokesperson for Blue Yonder on Friday confirmed the company uses Cleo to manage certain file transfers. Once the zero-day was confirmed, Blue Yonder said it immediately took steps to mitigate the threat.
    • “Like many Cleo Harmony customers across the globe, we are currently investigating any potential impact of this matter on our business and we continue to update our customers as we have additional information,” the spokesperson told Cybersecurity Dive via email.”
  • CISO Online alerts us on January 13, 2025,
    • CISOs are being warned to make sure employees take extra steps to protect their AWS access keys after word that a threat actor is using stolen login passwords for ransomware attacks.
    • The target is Amazon S3 buckets and the attack uses AWS’ own encryption to make data virtually unrecoverable without paying the attackers for a decryption key, said a report by researchers at Halcyon Tech.
    • “Unlike traditional ransomware that encrypts files locally or in transit, this attack integrates directly with AWS’s secure encryption infrastructure,” the report notes. “Once encrypted, recovery is impossible without the attacker’s key.” * * *
    • “There are, however, a few things AWS customers’ IT administrators can do:
      • “use the Condition element in IAM (identity and access management) policies to prevent the application of SSE-C to S3 buckets. Policies can be configured to restrict this feature to only authorized data and users;
      • “enable detailed logging for S3 operations to detect unusual activity, such as bulk encryption or lifecycle policy changes;
      • “regularly review permissions for all AWS keys to ensure they have the minimum required access;
      • ‘disable unused keys and rotate active ones frequently.
    • “In a statement accompanying the Halcyon report, AWS referred customers to this web page with information for administrators on how to deal with suspected unauthorized activity on their accounts.”
  • Per Industrial Cyber,
    • “The U.S. National Institute of Science and Technology (NIST) through its National Cybersecurity Center of Excellence (NCCoE) division published Monday draft Ransomware Community Profile reflects changes made to the Cybersecurity Framework (CSF) from CSF 1.1 to CSF 2.0 which identifies security objectives that support managing, detecting, responding to, and recovering from ransomware events. The NIST IR 8374 Rev. 1 (draft) comes as the agency is currently considering a more comprehensive revision to the profile to reflect recent ransomware policy developments and incorporate the results of collaborative activities in the ransomware prevention and response space. 
    • “NIST is seeking feedback by March 14, 2025, on the revised draft of the risk management framework, which will guide the future of its ransomware prevention guidance. General comments on the draft are also encouraged. The agency is also looking for input on which elements of the Ransomware Community Profile have been beneficial. Suggestions for improvements to the Community Profile are also welcome.”

From the cybersecurity defense front,

  • Here are CISA news releases from the last week of the Biden administration:
    • “The Cybersecurity and Infrastructure Security Agency (CISA) published today [January 14, 2025] the Joint Cyber Defense Collaborative (JCDC) Artificial Intelligence (AI) Cybersecurity Collaboration Playbook. Developed alongside federal, international, and private-sector partners through JCDC, this playbook provides the AI community—including AI providers, developers, and adopters—with essential guidance on how to voluntarily share actionable incident information and it describes how proactive information sharing can enhance operational collaboration and improve resilience of AI systems.” 
    • “The Cybersecurity and Infrastructure Security Agency (CISA), in close coordination with the Office of Management and Budget (OMB), Office of the National Cyber Director (ONCD) and Microsoft, announces today [January 15, 2025] the release of Microsoft Expanded Cloud Log Implementation Playbook. This guidance helps public and private sector organizations using Microsoft Purview Audit (Standard) to operationalize newly available cloud logs to be an actionable part of their enterprise cybersecurity operations.”
    • CISA Director Jen Easterly’s final CISA blog post concerns “Strengthening America’s Resilience Against the PRC Cyber Threats.”
  • Here is a link to Dark Reading’s CISO Corner.

Friday Report

OPM Headquarters a/k/a the Theodore Roosevelt Building

From Washington, DC,

  • OPM has posted on its website its January 15, 2025, call letter for 2026 FEHB benefit and rate proposals. Oddly enough, the 2018 call letter is dated January 11, 2017, while the 2022 call letter is dated February 17, 2021.
  • The 2026 letter fails to address carrier concerns / initiatives to lower benefit and administrative costs.
  • Govexec tells us,
    • “The Office of Personnel Management is updating the qualifications and characteristics used to select and assess members of the Senior Executive Service for the first time in more than 15 years. 
    • “OPM’s updates to the SES executive core qualifications, announced Wednesday, will take effect on July 1. 
    • “Acting OPM Director Robert Shriver wrote in a memo to agency heads that technological advances influenced the decision to make changes to the performance criteria.” 
  • The American Hospital Association News informs us,
    • “The Centers for Medicare & Medicaid Services Jan. 17 announced a record 24.2 million consumers selected health coverage through the Health Insurance Marketplace for the 2025 enrollment period that ended Jan. 15. The total more than doubled the number of enrollees from 2021, CMS said. Of this year’s total, 3.9 million consumers signed up for the first time.”
  • and
    • “The Department of Health and Human Services Jan. 17 announced 15 Medicare Part D drugs selected for the latest round of price negotiations. Negotiations will occur this year and any resulting prices will become effective in 2027. The drugs selected accounted for nearly $41 billion in total Part D gross covered prescription drug costs, or about 14%, between November 2023 and October 2024. 
    • “Drugmakers have until Feb. 28 to decide whether they will participate in negotiations. Prices for the first 10 drugs selected during the first round of negotiations were announced in August, with discounts ranging from 38% to 79% off list prices.”
  • BioPharma Dive adds,
    • “Semaglutide, the popular drug sold by Novo Nordisk as Ozempic for diabetes and Wegovy for weight loss, is among a group of widely used medicines selected by the U.S. government for the next round of price negotiations under a 2022 law aimed at curtailing pharmaceutical costs within Medicare.” * * *
    • “Also on the list are Xtandi, Ibrance, Calquence and Pomalyst, blockbuster drugs for cancers of the prostate, breast, blood and bone marrow. Trelegy Ellipta, an inhaler used for asthma and chronic obstructive sleep apnea, is included, as are Otezla, a psoriasis medicine, and Vraylar, an antipsychotic.”
  • Eli Liily’s semaglutide drugs sold as Mounjaro for diabetes and Zepbound for obesity are not on this list.
  • Per a Labor Department news release,
  • The Washington Post relates,
    • “National security officials are creating an independent panel to examine the origins of the coronavirus pandemic, as scientists and intelligence experts continue to wrestle over the highly charged issue of how the pandemic began.
    • “Jake Sullivan, the Biden administration’s national security adviser, on Sunday asked the Office of the Director of National Intelligence to assemble an outside panel of experts who would take a fresh look at the existing findings on the coronavirus and examine the government’s conclusions, according to two administration officials.
    • “Biden officials say the panel’s creation, coming days before the incoming Trump administration takes office, was driven by Sullivan’s desire to understand a virus that killed more than 1 million Americans and upended society.
    • “Sullivan also requested on Dec. 17 that intelligence agencies update their own assessments of the pandemic’s origins, according to one official who spoke on the condition of anonymity to describe national security matters.” * * *
    • “Republicans on Friday greeted the news with skepticism, calling it overdue and insufficient. Rep. Mariannette Miller-Meeks (R-Iowa), who sat on the House panel reviewing the nation’s coronavirus response, said Democrats had missed opportunities to investigate the virus’s origins during the past four years.”

From the judicial front,

  • Biopharma Dive reports,
    • “CMS’s selection [of Ozempic and Wegovy for its price negotiation list] triggered a lawsuit from Novo, citing CMS inclusion of multiple products by way of selecting one active ingredient.
    • “That suit could provide an opportunity, albeit a long shot, to exempt Wegovy and Rybelsus from this round of price negotiations. CMS in its guidance said it applies price negotiations across products using the same active ingredient or moiety because it reduces the incentive for companies to engage in “product hopping,” or making small changes in drug formulation to extend patent-protected exclusivity.
    • “Novo claimed the guidance went beyond what the IRA allowed because it interpreted the law’s call for price negotiations on “drug products” and “biological products” to mean all those with the same active moiety or ingredient. By grouping together all of Novo’s insulin products, CMS invoked negotiations on more than the 10 products permitted by the IRA in the initial round, Novo argued.”
  • The Wall Street Journal points out,
    • “A group representing 100 large employers sued the Labor Department over Biden administration rules aimed at ensuring mental-health treatment is covered like conditions such as cancer and heart disease. 
    • “Filed in federal court Friday, just days before Donald Trump’s inauguration, the suit seeks to block the regulations. It argues the Biden-era rules overstep a 2008 law requiring health plans to cover mental-health and addiction care on par with other medical care. 
    • “The lobbying group behind the suit—the Erisa Industry Committee, or ERIC—hopes that stopping enforcement now will give the new Trump administration room to revise or issue new regulations, said Tom Christina, executive director of the ERIC Legal Center. Unlike an executive order, which can be rescinded with the stroke of a pen, agency-issued regulations must go through a lengthy process to be revoked or revised.
    • “ERIC’s lead lawyer in the case is Eugene Scalia, who served as Secretary of Labor in Donald Trump’s first presidential term and is now an attorney with Gibson Dunn. The approximately 100 companies it represents, which include brands such as PepsiCo, Comcast and L’Oréal USA, are subject to the regulations because they sponsor health-insurance plans for their employees.” * * *
    • “ERIC’s members support the goals of 2008 law and recognize America’s mental-health and substance-abuse crises, Christina said. But the group believes the latest rule crosses the line into mandating mental-health benefits. Connie Garner, a former Senate policy director who helped draft the 2008 law, said new efforts to improve upon it should give priority to boosting the quality of care and the size of the mental-health workforce rather than focusing on analysis and compliance requirements.”
  • Good luck ERIC in your challenge to this ridiculously complicated regulation.
  • The Wall Street Journal adds,
    • “The U.S. Justice Department has filed suit against Walgreens, accusing the company of helping to fuel the opioid crisis by filling millions of unlawful prescriptions.
    • “The pharmacy and retail chain since August 2012 filled prescriptions that lacked a legitimate medical purpose, were invalid or weren’t issued in professional practice, the Justice Department said Friday. These prescriptions included excessive quantities and early refills of opioids, as well as the “trinity,” a drug composed of an opioid, a benzodiazepine and a muscle relaxant, according to the complaint.
    • “We are asking the court to clarify the responsibilities of pharmacies and pharmacists and to protect against the government’s attempt to enforce arbitrary ‘rules’ that do not appear in any law or regulation and never went through any official rule-making process,” a Walgreens spokesperson said.
    • “The company added that it stands behind its pharmacists, all of whom it said are “dedicated healthcare professionals who live in the communities they serve, filling legitimate prescriptions for FDA-approved medications written by DEA-licensed prescribers in accordance with all applicable laws and regulations.”
  • Per Fierce Healthcare,
    • “MultiPlan and its partner health insurers are pushing back against antitrust allegations from numerous provider organizations, filing Thursday a motion to dismiss their collective lawsuit against the data company. 
    • “Individual health systems and the American Medical Association (see below) have filed cases against MultiPlan in recent months, leading to multidistrict litigation consolidating dozens of plaintiff complaints. They accuse the company of forming agreements with insurers—UnitedHealth Group, Elevance Health, Aetna and Cigna are listed as “co-conspirators”—to set out-of-network prices using a common collective data set and methodology, as opposed to competing with each other individually.”
    • “MultiPlan and the insurers, in their Thursday filing, argued that the plaintiffs do not plausibly allege antitrust standing, an antitrust conspiracy or the standalone product that could be fixed. The company’s out-of-network reimbursement-recommendation product uses common, publicly available data sources, not competitor data, when making its recommendations to managed care organizations and third-party administrators. 
    • “Legal representation for MultiPlan and the partner insurers also noted that “numerous” similar lawsuits brought against MultiPlan in the past—including by some of the consolidated complaint—have been dismissed for failing to make an antitrust case.”
  • Good luck, Multiplan and partners.
  • Per Healthcare Dive,
    • “The Federal Trade Commission has reached a deal with Welsh, Carson, Anderson and Stowe limiting the private equity firm’s influence in the U.S. anesthesia market.
    • “The settlement released Friday comes after the FTC threatened Welsh Carson with another lawsuit — this time in the agency’s own administrative court — after regulators failed to triumph in federal proceedings last year over the PE firm’s alleged anticompetitive behavior in Texas.
    • “The deal is relatively toothless, including no monetary penalties or admission of wrongdoing for Welsh Carson. However, Welsh Carson will have to limit its involvement with its anesthesia business that’s been accused of suppressing competition and notify the FTC of any acquisitions or investments in anesthesia and other hospital-based physician practices in the future.”
  • and
    • “The Department of Justice recorded over $2.9 billion in settlements and judgments under the False Claims Act in 2024, with the majority of settlements coming from healthcare.
    • “Healthcare settlements totaled $1.67 billion. The money will go toward restoring defrauded federal healthcare programs, including Medicare, Medicaid and the military health program Tricare, according to Wednesday’s release.
    • “The DOJ once again said fraud enforcement in Medicare Advantage is of “critical importance.” Concerns about MA fraud have grown in recent years as the program has increased in popularity.”

From the public health and medical research front,

  • The Center for Disease Control and Prevention announced today,
    • “Seasonal influenza activity remains elevated across the country. COVID-19 activity has increased in most areas of the country. RSV activity has peaked in many areas of the country.
    • “COVID-19
      • “COVID-19 activity has increased in most areas of the country, with high COVID-19 wastewater levels and elevated emergency department visits and laboratory percent positivity. Emergency department visits and hospitalizations are highest in older adults and emergency department visits are also elevated in young children.
      • “There is still time to benefit from getting your recommended immunizations to reduce your risk of illness this season, especially severe illness and hospitalization.
      • “CDC expects the 2024-2025 COVID-19 vaccine to work well for currently circulating variants. There are many effective tools to prevent spreading COVID-19 or becoming seriously ill.
    • “Influenza
      • “Seasonal influenza activity, including outpatient and emergency department visits, hospitalizations, and deaths, remains elevated across the country. Additional information about current influenza activity can be found at: Weekly U.S. Influenza Surveillance Report | CDC
    • “RSV
      • “RSV activity has peaked in many areas of the country. Emergency department visits and hospitalizations are highest in children and hospitalizations are elevated among older adults in some areas.
    • “Vaccination
      • “Vaccination coverage with influenza and COVID-19 vaccines are low among U.S. adults and children. COVID-19 vaccine coverage in older adults has increased compared with the 2023-2024 season. Vaccination coverage with RSV vaccines remains low among U.S. adults. Many children and adults lack protection from respiratory virus infections provided by vaccines.”
  • The Wall Street Journal reports,
    • Moderna secured a $590 million package from the U.S. Health and Human Services Department to accelerate the development of its bird influenza vaccine as concerns grow about a bird flu pandemic in humans.
    • “The financial package will fund the expansion of clinical studies for up to five additional subtypes of bird influenza and provide additional support for late-stage development and licensure of prepandemic mRNA-based vaccines, the biotechnology company said Friday.
    • “Highly pathogenic avian influenza has been rampant in poultry farms in the U.S., and there have been several recent human cases in dairy and poultry workers, according to the Centers for Disease Control and Prevention.
    • “The current public-health risk is low, but the CDC is watching the situation carefully and working with states to monitor people with animal exposure.
    • “The financial support from the federal government comes ahead of President-elect Donald Trump’s inauguration on Monday, and while Moderna is preparing to advance its mRNA-1018 investigational pandemic influenza vaccine into a Phase 3 trial.
    • “The company plans to present the data at a coming medical meeting.”
  • The Washington Post discusses, “What to know about genetic testing for cancer, and when to request it. Genetic testing is recommended for those with personal and family histories of several types of cancer — including pancreatic and breast cancer.”
  • Cardiovascular Business lets us know,
    • “A “vascular fingerprint” located at the back of the eye can help predict a person’s stroke risk, according to new data published in Heart. Researchers noted that this new approach could be just as effective as more traditional risk factors. 
    • “The study focused on an advanced artificial intelligence (AI) algorithm trained to evaluate more than 100 different details about a patient’s retinal blood vessels using high-quality photos of the inside of their eye. The AI model assessed data from more than 45,000 participants with an average age of 55 years old. More than 700 of those participants experienced a stroke over an average follow-up period of 12.5 years. All data came from the large-scale UK Biobank study, which tracks lifestyle and health information about hundreds of thousands of participants.
    • “Overall, 29 different parameters were linked to directly influencing a participant’s stroke risk. Changes in some of those parameters increased the risk of stroke by up to 19%.
    • “The performance of this vascular fingerprint, combined with the participant’s age and sex, was found to be comparable to more traditional risk factors.
    • “Given that age and sex are readily available, and retinal parameters can be obtained through routine fundus photography, this model presents a practical and easily implementable approach for incident stroke risk assessment, particularly for primary healthcare and low-resource settings,” wrote Mayinuer Yusufu, a researcher with the department of surgery at The University of Melbourne in Australia, and colleagues.
    • “The group added that retinal analysis sets the stage for “easier, more accessible stroke risk screening, especially in primary care settings.”
  • Per STAT News,
    • “A high dose of Novo Nordisk’s obesity drug Wegovy led patients to lose substantial weight in a clinical trial, but still less than what’s been seen with competitor Eli Lilly’s Zepbound.
    • “In a 72-week study, a 7.2-milligram dose of Wegovy led patients with obesity to lose 18.7% of their weight, when looking at all participants regardless of how well they adhered to treatment. That compared with 15.6% weight loss among people taking the currently approved 2.4-mg dose, and 3.9% among people taking placebo, Novo said Friday.
    • Zepbound led to 20.9% weight loss over 72 weeks in its pivotal trial.

From the U.S. healthcare business front,

  • Beckers Payer Issues tells us,
    • “The medical cost challenges that have challenged insurers in 2024 will not be going away in 2025, UnitedHealth Group executives said
    • “The nation’s largest insurer reported its fourth-quarter and full-year 2024 earnings Jan. 16. UnitedHealth Group’s medical loss ratio was 85.5% in 2024, up from 83.2% in 2023. * * *
    • “The company said it expects its medical loss ratio to increase to around 86.5%. UnitedHealth also expects to see similar medical costs in 2025 to 2024, Mr. Rex told investors. The Inflation Reduction Act and continued risk adjustment changes in Medicare Advantage will also contribute to the rising expenses, he said. 
    • “The company has cut its operating costs as medical costs rise, Mr. Rex said.
    • “Some of these advances are the result of the very early-stage impacts we are beginning to realize from AI-driven initiatives to help our customer service representatives respond to consumers’ needs more effectively and quickly,” he said. “We see continuing opportunities, both in the near term, with operating costs for ’25 improving further, and well beyond, given the rapidly expanding scope and impact of these initiatives.” 
  • MedTech Dive provides its own “JPM25 recap: Robotics, PFA and OTC glucose sensors in the spotlight. CEOs from Medtronic, Intuitive Surgical, Boston Scientific and Dexcom were on hand this week in San Francisco to discuss the year ahead at the J.P. Morgan Healthcare Conference.”
  • Beckers Hospital Review calls attention to “10 healthcare billing fraud cases that Becker’s has reported since Dec. 27.”

Thursday Report

Photo by Josh Mills on Unsplash

From Washington, DC,

  • The American Hospital Association News tells us,
    • “The Medicare Payment Advisory Commission today voted to recommend that Congress update Medicare payment rates for hospital inpatient and outpatient services by the current law amount plus 1% for 2026 and reiterated its recommendation to distribute an additional $4 billion to safety-net hospitals by transitioning to a Medicare safety-net index policy. The AHA last week urged the committee for higher updates.  
    • “In other action, MedPAC recommended that Congress update 2026 Medicare payments for physicians and other health professional services by the Medicare Economic Index minus one percentage and enact a non-budget-neutral add-on payment under the physician fee schedule to services provided to low-income Medicare beneficiaries. The commission also recommended reducing the 2026 payment rates for home health agencies by 7%, skilled nursing facilities by 3% and inpatient rehabilitation facilities by 7%. 
    • “In addition, MedPAC voted to recommend eliminating the 190-day lifetime limit in freestanding inpatient psychiatric facilities and the reduction of the number of covered inpatient psychiatric days. The commission also presented status reports for the Part D program and ambulatory surgical centers.”  
  • Federal News Network informs us,
    • “If Russell Vought’s confirmation hearing to run the Office of Management and Budget was a boxing match, the judges would’ve given him the win on points. Democrats on the Senate Homeland Security and Governmental Affairs Committee didn’t land any knockout questions and Vought bobbed and weaved enough to avoid any self-inflicted knock downs.
    • “Vought offered some insights around hot management topics like telework and remote work. He stayed away from getting Democrat jabs about Schedule F. And he ducked questions about how he would address the Impoundment Control Act, the 1974 law that restricts presidential authority to impound funds enacted by law. Vought and other incoming Trump administration supporters have said they believe the Impoundment Control Act is illegal and plan to challenge the law.
    • “Nothing in the almost two-hour hearing seems to indicate Vought will not win enough Republican support to get through the committee vote, and likely the full Senate.”
  • OPM has unveiled a new public website.
  • Per an FDA press release,
    • “Today, the U.S. Food and Drug Administration authorized the marketing of 20 ZYN nicotine pouch products through the premarket tobacco product application (PMTA) pathway following an extensive scientific review. This is the first time the agency has authorized products commonly referred to as nicotine pouches, which are small synthetic fiber pouches containing nicotine designed to be placed between a person’s gum and lip.  
    • “The FDA determined that the specific products receiving marketing authorization met the public health standard legally required by the 2009 Family Smoking Prevention and Tobacco Control Act. This standard considers the risks and benefits of products to the population as a whole.” 

From the judicial front,

  • Fierce Healthcare points out,
    • “Teva Pharmaceuticals is suing the Centers for Medicare & Medicaid Services (CMS) for its implementation of the drug price negotiation program under the Inflation Reduction Act (IRA).
    • “Teva claims the program is a “fiction” and “upsets the delicate balance between innovation and affordability,” in its lawsuit (PDF). The company argues CMS guidance contradicts key elements of the IRA, which dictate drugs are only eligible for the program if they’ve been marketed for a specified amount of time or declares they are exempt when non-branded competitors enter the market.
    • “Another source of contention is the agency’s definition of a qualifying single source drug, or a drug eligible for negotiation.
    • “Under CMS’ made-up definition, the agency can decide that two or more drugs approved under distinct FDA applications held by the same entity should be treated as one Qualifying Single Source Drug because they have the same active moiety—that is, the same active molecule,” the lawsuit reads.”

From the public health and medical research front,

  • The Wall Street Journal reports,
    • “The face of cancer in the U.S. is getting younger—and more feminine. 
    • “Cancer rates for women in the U.S. have risen over the past half-century, particularly among women under age 65 diagnosed with breast cancer, the American Cancer Society said Thursday. Men, meanwhile, have experienced a decline in cancer rates compared with prior decades. 
    • “If you’re a woman under the age of 65, you’re now more likely to develop cancer than a man” in that same age group, said Dr. William Dahut, the American Cancer Society’s chief scientific officer.
    • “For decades, the cancer burden in the U.S. was higher for men, who started smoking en masse in the 20th century. Their rates of lung-cancer cases and deaths soared. Lung cancer remains the biggest cancer killer for men in the U.S., but case and death rates have dropped, after smoking rates declined. 
    • “Women started smoking heavily later than men and have been slower to quit, so their lung-cancer decline started later and hasn’t been as steep. 
    • “That has had a significant impact: Lung cancer incidence among women under 65 was greater than among men for the first time in 2021. Women are also more likely to get diagnosed with lung cancer as nonsmokers.” 
  • STAT News lets us know,
    • “The field of Huntington’s disease research has been undergoing a radical reshaping of how the brain-ravaging disease — and what drives it — is understood. After decades focused on the notion that Huntington’s is caused by the slow, lifelong accumulation of toxic proteins produced by a mutant gene, more and more scientists are now turning to the dynamics of the gene itself.  
    • “The HTT gene, which produces a protein called huntingtin, is littered with a sort of genetic stutter — repeats of a sequence of three DNA letters: “C-A-G.” A hallmark of Huntington’s disease is that the number of CAG repeats a person has determines when in life symptoms start, if ever. 
    • “Forty or more generally result in the arrival of Huntington’s symptoms, including involuntary movements, loss of coordination, cognitive decline, irritability, and compulsive behavior, in the person’s mid-to-late 30s. All are due to neuronal death in the movement-controlling striatum as well as the cerebral cortex. More than 60 repeats can bring symptoms as early as adolescence. And the more CAG repeats there are, the more unstable the gene becomes, causing it to continue to grow over time. This “somatic expansion,” as it’s known, is what an increasing number of scientists believe is to blame for the death of brain cells.” * * *
    • “Even more striking, the study, which was published Thursday by a team from Harvard Medical School, the Broad Institute of MIT and Harvard, and McLean Hospital, showed that only once a medium spiny neuron’s DNA expansion reaches a threshold number of CAGs — roughly 150 repeats — does the cell rapidly deteriorate and die. This process is happening at different rates in different neurons. For some, it could take years, for some, decades. But only once enough of them have died do symptoms of Huntington’s disease appear.” 
  • and
    • “Last week, Sana Biotechnology, a once-mysterious and still-buzzy biotech startup, released clinical trial results showing that it had managed to implant insulin-producing cells in the arm muscle of a patient with type 1 diabetes without provoking immune rejection.
    • “Beyond the fact that there were only results available for a single patient, researchers had only one month’s worth of follow-up data at a very low dose. At first blush, the results might have prompted a shrug.
    • “It’s actually very exciting,” said Jay Skyler, an endocrinologist at the University of Miami, even as he acknowledged the caveats. Even if the results hold up, Sana would have to develop a different formulation of the treatment then put it through many stages of safety and efficacy testing before the company could submit it for regulatory approval or consider it — the ultimate goal — a cure fortype 1 diabetes, which typically develops in childhood.
    • “But the results, Skyler said, were a big step forward. “I think it’s much closer today than yesterday. It is an exciting result, a real exciting result,” he said.
    • “The data represent one of those moments in medical science where it is clear a company is moving forward quickly through dense fog — but where the shore cannot be seen and it is not clear exactly how much farther there is to go.”
  • The American Hospital Association News notes,
    • “The Centers for Disease Control and Prevention today released an advisory recommending clinicians expedite subtyping of type A influenza samples from hospitalized patients, particularly individuals in an intensive care unit. The CDC recommends that this subtyping occur as soon as possible following admission — ideally within 24 hours — to determine whether the virus is a seasonal influenza A subtype (i.e. A[H1] and A[H3]) or a novel influenza A virus, such as avian influenza A H5N1. The agency said these efforts can help prevent delays in identifying human H5N1 bird flu infections and support timely infection control and investigation.  
    • “The CDC still considers bird flu a low risk to the public. The agency said while seasonal flu levels are high nationally, nearly all individuals currently hospitalized with type A flu infections are likely experiencing a seasonal strain.” 
  • Medscape relates,
    • “The latest glucagon-like peptide 1 (GLP-1) receptor agonists have been heralded for their potential to not only boost weight loss and glucose control but also improve cardiovascular, gastric, hepatic, and renal values.
    • “Throughout 2024, research has also indicated GLP-1 drugs may reduce risks for obesity-related cancer as well.
    • “In a US study of more than 1.6 million patients with type 2 diabetes, cancer researchers found that patients who took a GLP-1 drug had significant risk reductions for 10 of 13 obesity-associated cancers, as compared with patients who only took insulin.
    • “The research team found a reduction in esophageal, colorectal, endometrial, gallbladder, kidney, liver, ovarian, and pancreatic cancers, as well as meningioma and multiple myeloma. They also saw a declining risk for stomach cancer, though it wasn’t considered statistically significant, but not a reduced risk for postmenopausal breast cancer or thyroid cancer.
    • “The associations make sense, particularly because GLP-1 drugs have unexpected effects on modulating immune functions linked to obesity-associated cancers.”
  • Per an NIH press release,
    • “In a follow up study funded by the National Institutes of Health (NIH), researchers found that children who wore special contact lenses to slow progression of nearsightedness, known as myopia, maintained the treatment benefit after they stopped wearing the contacts as older teens. Controlling myopia progression in childhood can help to potentially decrease the risks of vision-threatening myopia complications later in life, such as retinal detachment and glaucoma. Rates of myopia have been increasing in recent years with some implications that higher use of personal devices plays a role.”
  • Endocrinology Advisor shares an interesting study result — “A layperson-delivered telephone-based empathetic engagement was associated with improved glycemic control among patients with diabetes.”

From the U.S. healthcare business front,

  • Healthcare Dive reports
    • “UnitedHealth brought in a record $400.3 billion in revenue in 2024 despite a string of crises for the nation’s largest healthcare company, including a massive cyberattack, heavy congressional and regulatory scrutiny and the shooting of its top insurance executive.
    • “However, UnitedHealth’s annual net income plummeted to $14.4 billion — its smallest profit since 2019 — as the company spent billions to recover from the cyberattack on claims processing subsidiary Change Healthcare and made less from offering Medicare and Medicaid plans, according to financial results released Thursday morning.
    • Still, when excluding the cyberattack costs (and other factors UnitedHealth believes aren’t representative of its overall business performance in the year), the Minnesota healthcare behemoth reported adjusted profit of $25.7 billion — an all-time record.” * * *
    • “Amid Washington’s focus on PBM reform, Optum Rx plans to phase out all models that allow it to retain savings from negotiations with drugmakers over the next three years, Witty said.
    • “The CEO noted that Optum Rx already passes through 98% of rebate discounts, but the remaining fraction it retains gives critics leverage to argue PBMs are profiteering from their middleman status in the drug supply chain.
    • “We’re committed to fading out those remaining arrangements so that 100% of rebates will go to customers by 2028 at the latest,” Witty said. “This will help make more transparent who is really responsible for drug pricing in this country: the drug companies themselves.”
  • Reuters adds,
    • “UnitedHealth (UNH.N), opens new tab CEO Andrew Witty said on Thursday that healthcare in the U.S. needs to be “less confusing, less complex and less costly” during the company’s first earnings call since the murder of Brian Thompson, the head of its insurance unit.
    • “Thompson’s killing outside a hotel where the company was to hold its investor day meeting was met with shock across the industry as well as a social media outpouring of anger from Americans frustrated over their dealings with health insurers, citing medical care denials and high costs.
    • “Witty said the company would work with policymakers to reduce the frequency of prior authorization approvals required before a patient can access medical treatment in its Medicare business for people aged 65 and older or with disabilities.
    • “Some of this work we can do on our own and we are doing it, but we are encouraged by industry and policymaker interest in solving for this particular friction in the system,” said Witty, who was previously CEO of British drugmaker GlaxoSmithKline.”
  • BioPharma Dive sums up this week’s JP Morgan Healthcare conference, and reports that “A fast-improving pipeline of drugs invented in China is attracting pharma dealmakers, putting pressure on U.S. biotechs and the VC firms that back them.”
  • McKnight’s Long-Term Care News lets us know,
    • “Many older adults use various types of digital health technology, but patient portals top the list, a new survey finds.
    • “Investigators used data from the internet and phone calls conducted in 2021 that were completed through the National Poll on Healthy Aging. A total of 2,110 participants were between 50 and 80 years old at the time of the interview, according to the report published Wednesday in JAMA Network Open.
    • “The team measured older adults’ use of patient portals, telehealth visits and mobile applications on computers, smartphones, smartwatches, tablets and fitness trackers. Among 81.4% of those using technology, 64.5% used patient portals, 49.1% utilized telehealth and 44% used mobile applications.
    • “The data showed that an older adult’s physical and cognitive needs can affect their technology use. Still, older adults tend to follow the same predicting factors as younger folks that drive technology usage (education level, income, etc.)”

Midweek Report

Photo by Manasvita S on Unsplash

From Washington, DC,

  • Per HHS press releases,
  • and
    • “The Substance Abuse and Mental Health Services Administration (SAMHSA), an agency within the U.S. Department of Health and Human Services (HHS), today released updated National Behavioral Health Crisis Care Guidance (National Guidance), comprised of three documents: 2025 National Guidelines for a Behavioral Health Coordinated System of Crisis Care; Model Definitions for Behavioral Health Emergency, Crisis, and Crisis-Related Services; and a draft Mobile Crisis Team Services: An Implementation Toolkit, which is being released today for public comment. The updated National Guidance now reflects the national transition to the 988 Suicide & Crisis Lifeline in 2022 and other progress and emerging needs related to behavioral health crisis care and provides a framework for transforming behavioral health crisis care systems in communities throughout the United States, at a time when the U.S. continues to face record high rates of suicide and overdose.”
  • and
    • “Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a settlement with South Broward Hospital District d/b/a Memorial Healthcare System (Memorial Healthcare System), a Florida health system, concerning a potential violation of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule. The settlement resolves litigation resulting from an investigation about a complaint alleging a lack of timely access to an individual’s protected health information (PHI). The HIPAA Right of Access provisions require that individuals or their personal representatives receive timely access to their health information for a reasonable cost. OCR’s investigation determined that Memorial Healthcare System failed to provide timely access within 30 calendar days. Memorial Healthcare System has agreed to pay $60,000. The agreement marks OCR’s 52nd Right of Access enforcement action.”
  • The American Hospital Association News informs us,
    • “The Department of Health and Human Services and Drug Enforcement Administration published a series of rules Jan. 15 related to telemedicine prescribing of controlled substances, including a special registration proposed rule and a final rule on telemedicine prescribing of buprenorphine
    • “The proposed rule for special registration outlines three types of registration to waive in-person visit requirements prior to virtual prescribing of controlled substances and a state registration for every state in which a patient is treated by the special registrant. Providers would need to apply for the special registrations. The DEA also proposes that providers be required to review nationwide prescription drug monitoring programs after three years. Comments on the proposed rule are due March 15. 
    • “The DEA’s final rule for the telemedicine prescribing of buprenorphine will enable practitioners to prescribe a six-month initial supply of Schedule III-V medications to treat opioid use disorder via audio-only telemedicine interaction without a prior in-person evaluation. Practitioners can then prescribe additional medication via other telemedicine encounters (real-time, two-way audio-visual) or after an in-person encounter. The agency finalized a stipulation that providers will need to complete a review of the PDMP for the state where the patient is located. Requirements for the special registration proposed rule would not apply to clinicians prescribing buprenorphine for OUD.”
  • and
    • “The Centers for Medicare & Medicaid Services announced Jan. 15 that 53.4% of people with Traditional Medicare are in an accountable care relationship with a provider, a 4.3% increase from last year. The agency said it is the largest increase since it began tracking accountable care relationships. 
    • “For 2025, CMS approved 228 applications for the Medicare Shared Savings Program, bringing the total number of accountable care organizations participating in MSSP to 476. Approved applicants included 55 new ACOs and 173 renewing or reentering ACOs, the most in the program’s history.  
    • “CMS said there was also a 16% increase from last year in federally qualified health centers, rural health clinics and critical access hospitals participating in the MSSP. In addition, 103 ACOs are continuing participation in CMS’ ACO Realizing Equity, Access, and Community Health Model, and 78 kidney contracting entities and 15 CMS Kidney Care First Practices are continuing participation in the Kidney Care Choices Model.”  
  • The Census Bureau has partnered with the Department of Defense to track how veterans fare in labor market when they return to civilian life. Check out their report.

From the Food and Drug Administration front,

  • The Wall Street Journal reports
    • Eli Lilly said it received Food and Drug Administration approval for its treatment for moderate to severely active Crohn’s disease, an inflammatory bowel disease that causes chronic abdominal pain.
    • “The treatment, developed by the pharmaceutical company under the brand name Omvoh, is now approved to treat two types of inflammatory bowel disease in the U.S., the Indianapolis company said Wednesday. The drug was previously approved to treat ulcerative colitis in adults in October 2023.
    • “Omvoh’s approval as a treatment for Crohn’s disease was based on results from a study in which 53% of patients treated with the drug achieved clinical remission, and 46% of patients had visible healing of the intestinal lining, at one year.”
  • and
    • The Food and Drug Administration is banning the use of Red No. 3, an artificial dye linked to cancer in animals, from food and ingested drugs.
    • The move will impact thousands of food products on the market in the U.S., including Betty Crocker’s loaded mashed potatoes and MorningStar Farms plant-based bacon strips. It is even in products that aren’t red, such as Brach’s candy corn. 
    • Food manufacturers will have until early 2027 to reformulate products that use Red 3. Consumer advocates pushed the agency to revoke authorization for the additive after two studies linked it to cancer in male laboratory rats. 
  • Roll Call adds,
    • “The Food and Drug Administration unveiled a proposal on Wednesday to limit the amount of nicotine allowed in cigarettes and some other combustible tobacco products, a final step for the agency before the Trump administration takes over next week.
    • The FDA first announced it would pursue regulatory changes to maximum nicotine levels in combustible smoking products in 2022 in an effort to reduce the public health effects related to addiction and minimize youth uptake.
    • “The agency is seeking public comment on the rule, but the proposal’s fate is unclear given the coming change in administration.”
  • STAT News described the last two FDA steps along with Tuesday’s proposal putting nutrition labels on the front of food packages as springing into Making America Healthy Again.

From the judicial front,

  • Beckers Payer Issues lets us know that insurer lawsuits over Medicare Advantage Star ratings are piling up.
  • STAT News relates,
    • “After years of sparring, the Biden administration and Gilead Sciences have settled a contentious lawsuit over patents for a pair of HIV prevention pills in a case that raised questions about the extent to which government-funded research should lead to affordably priced medicines.
    • “At issue was a battle over patents for Truvada and a newer, upgraded version called Descovy — two highly effective and lucrative medications — as well as the role played by the federal government in making it possible to prevent transmission of a highly infectious disease that plagued the American public for decades.
    • “The Centers for Disease Control and Prevention, which had funded academic research into HIV prevention that later formed the basis for the pills, maintained that Gilead infringed its patent rights. The U.S. Department of Health and Human Services also contended that the company had refused to reach a licensing agreement despite several attempts to strike a deal.
    • “Gilead, however, maintained it had invented the pills and that the concept of using Truvada to prevent HIV was well-known by the time the CDC tried to obtain its patents. The company also insisted it negotiated in good faith with the government. After a May 2023 trial, a jury sided with Gilead, finding it did not infringe on patents held by the CDC and, moreover, that those patents were invalid. The Biden administration, which sought $1 billion in royalties, subsequently appealed the decision.
    • “In a statement, the company said Wednesday that it will receive a license to “certain” current and future patents concerning HIV prevention that “will protect Gilead’s freedom to operate for years to come.” Any additional terms were not disclosed, although a Gilead spokeswoman wrote to say the settlement does not contain any payments from Gilead or the federal government.”

From the public health and medical research front,

  • The Hill reports,
    • “Respiratory illnesses are spreading throughout the U.S., causing multiple states to see a spike in hospital visits. The latest data shows another virus, known as HMPV, has also been spiking in some parts of the country. 
    • “The Centers for Disease Control and Prevention previously confirmed it was monitoring a spike in cases of HMPV, or human metapneumovirus, in China’s northern provinces. The agency noted the cases of the virus, which is not new, were not a “cause for concern in the U.S.” and that rates of infection nationwide are at typical “pre-pandemic” levels.
    • “HMPV is considered relatively common, with most infected before age 5, according to Dr. Eileen Schneider, an epidemiologist with the CDC. It often circulates during flu season and causes symptoms similar to the common cold, including coughing, wheezing, congestion and shortness of breath.” * * *
    • “Across Iowa, Kansas, Missouri and Nebraska, more than 5.8% of tests submitted for HMPV tested positive through the first week of the year, data shows. That’s more than double the positivity rate across the next-highest region — Alaska, Washington, Oregon and Idaho — which sits at around 2.7%.” * * *
    • “HMPV is typically diagnosed based on symptoms, the Cleveland Clinic explains, and not testing, unless you have serious symptoms.
    • “There are no vaccines or treatment therapies for HMPV, which makes preventing the spread of HMPV especially important. Health experts recommend washing your hands often and avoiding contact with those who are infected with HMPV if possible.”
  • Becker Hospital Review tells us,
    • “The latest data from the American Society of Health-System Pharmacists reports that the active number of drug shortages in the U.S. has decreased to 271, down from a high of 323 in the first quarter of 2024. However, despite this decline, ongoing challenges continue to burden healthcare providers.” 
  • and
    • “Eli Lilly expects its experimental weight loss pill, orforglipron, to receive approval as early as next year, CEO David Ricks told Bloomberg Jan. 13.
    • “The company is preparing to release key late-stage trial data on the drug by mid-2025. The weight loss pill aims to compete with popular injectable treatments like Eli Lilly’s own Zepbound and Novo Nordisk’s Wegovy, which currently dominate the space. 
    • “If approved, orforglipron would offer a pill alternative to the current injectables, making it easier for patients to use while also addressing manufacturing challenges. 
    • “In mid-stage trials, the drug helped patients lose up to 14.7% of body weight, compared to just 2.3% for those who took a placebo.”
  • The National Cancer Institute points out,
    • “For people with a history of smoking, a diagnosis of lung cancer can cause feelings of guilt and shame due to the stigma that’s often associated with the disease. This stigma can hinder open communication between patients and health care providers and hinder patients’ use of tobacco cessation counseling. Researchers at Memorial Sloan Kettering Cancer Center have developed a training program to help health care providers reduce lung cancer–related stigma. In this interview, the trial’s leaders, Smita Banerjee, Ph.D., a behavioral scientist, and Jamie Ostroff, Ph.D., a psychologist, discuss the impact of stigma on people with lung cancer and an NCI-supported clinical trial that’s evaluating the training program.”

From the U.S. healthcare business front,

  • Fierce Healthcare reports “As deadly fires continue to rage in Los Angeles, healthcare companies far and wide are stepping up to serve those affected. At least 24 people have died from the fires, and dozens remain missing.” Bravo.  
  • STAT News notes,
    • “When Eli Lilly last year started offering lower-priced vials of its blockbuster obesity drug Zepbound, which were previously sold in injectable pens, it framed the move as a way to expand patient access. But some experts weren’t convinced, noting that Lilly was only offering the lowest doses in vials, and the new prices, $399 or $549 a month, are still prohibitive for many patients.
    • “CEO Dave Ricks said Lilly is now considering expanding the vial offering. “We’d like to lower the entry cost, and we’d like to have more doses available. That’s not something we’re announcing today, but we see that as an option,” he said Tuesday at a taping of ”The Readout LOUD,” STAT’s biotech podcast.”
  • Kaufmann Hall shares its “Winter 2025 Kaufman Hall Report: Highlights from the 2024 Healthcare Leadership Conference.”
  • Per Healthcare Dive,
    • “Teladoc Health is joining an Amazon marketplace that aims to connect consumers with health benefits programs, the telehealth vendor said Monday.
    • “Now, eligible users can find and enroll in Teladoc’s diabetes, hypertension, pre-diabetes and weight management programs through Amazon’s Benefits Connector.
    • “The program could help drive enrollment in Teladoc’s chronic care offerings, executives said at the J.P. Morgan Healthcare Conference in San Francisco on Monday. “I wouldn’t count on it bringing revenue for us very quickly, but it is certainly something that we will continue to pursue in terms of growing our chronic care program,” Teladoc CFO Mala Murthy said.”
  • Medical Economics explains why 2024 was a ‘blockbuster year’ for concierge medicine.
  • Fierce Pharma offers news from the third day of JP Morgan healthcare conference.
  • Healthcare Dive discusses top healthcare technology trends in 2025. The shape of AI regulation will be uncertain under the Trump administration this year, while healthcare companies will continue bolstering cyber defenses to withstand increasing attacks, experts say.

Tuesday Report

OPM Headquarters a/k/a the Theodore Roosevelt Building

From Washington, DC

  • Today, the U.S. Office of Personnel Management released a list of its accomplishments during the Biden-Harris administration.
  • Here is a link to Andreessen Horowitz bio of Scott Kupor who is President elect Trump’s designee for OPM Director.
  • The Washington Post is maintaining a website outside its paywall providing comprehensive news on Mr. Trump’s nominations.
  • The Wall Street Journal reports,
    • “Two vaccine skeptics who had been advising Robert F. Kennedy, Jr. as he prepares to become health secretary have been sidelined by Trump transition officials, people familiar with the matter said, underscoring a split over immunizations in the “Make America Healthy Again” movement.
    • “Adviser Stefanie Spear and lawyer Aaron Siri had asked prospective administration hires about their beliefs around vaccines even if they were interviewing for posts that had little to do with immunizations, people familiar with the interviews said. Kennedy, whose hearings to lead the Department of Health and Human Services could start on Capitol Hill as early as next week, also lobbed questions related to inoculation, the people said.
    • “The questions were different from those asked in separate meetings with President-elect Donald Trump’s staff, according to some of the people. Trump’s team asked about topics traditionally important to conservatives, such as the size of government and deregulation.
    • “Siri is no longer advising the presidential transition, a transition spokeswoman confirmed, and people familiar with the matter said his vaccine stances played a role. Spear, who had told others she would be Kennedy’s chief of staff, was passed over for that post in favor of a veteran of the first Trump administration—in part because of her vaccine priorities and in part because of her lack of experience, according to people familiar with the matter.”
  • The No Surprises Act regulators, which group includes OPM, released FAQ 69 which concerns an important opinion from the U.S. Court of Appeals for the Fifth Circuit handed down October 30, 2024. The Court has not issued its mandate in the case while it considers the Texas Medical Association’s motion for rehearing and rehearing en banc. The FAQ also includes compliance advice about the No Surprises Act anti-gag clause.
  • Per a Federal Trade Commission news release,
    • “The Federal Trade Commission today published a second interim staff report on the prescription drug middleman industry, which focuses on pharmacy benefit managers’ (PBMs) influence over specialty generic drugs, including significant price markups by PBMs for cancer, HIV, and a variety of other critical drugs.
    • Staff’s latest report found that the ‘Big 3 PBMs’—Caremark Rx, LLC (CVS), Express Scripts, Inc. (ESI), and OptumRx, Inc. (OptumRx)—marked up numerous specialty generic drugs dispensed at their affiliated pharmacies by thousands of percent, and many others by hundreds of percent. Such significant markups allowed the Big 3 PBMs and their affiliated specialty pharmacies to generate more than $7.3 billion in revenue from dispensing drugs in excess of the drugs’ estimated acquisition costs from 2017-2022. The Big 3 PBMs netted such significant revenues all while patient, employer, and other health care plan sponsor payments for drugs steadily increased annually, according to the staff report.” 
  • STAT News adds,
    • “In response to the latest report, a CVS spokesperson wrote that “any proposed policy regulating PBMs should face a simple test: will this increase or decrease drug costs? Nearly all recently proposed ‘anti-PBM’ policies would ultimately increase U.S. drug costs and serve as a handout to the pharmaceutical industry. Instead of focusing on the impact to consumers and organizations that pay for prescription drugs, the FTC has prioritized comments from the conflicted pharmaceutical and pharmacy industries that would profit from a weakened PBM guardrail.”
    • “The company also argued it is “inappropriate and misleading to draw broad conclusions from cherry-picked” generic drugs. Between 2017-2022, specialty generic products have represented less than 1.5% of total spending on medicines by health plans contracted with CVS. In contrast, branded specialty products represent more than 50% of total spending.
    • “A spokeswoman for Cigna, which owns Express Scripts, wrote to say “this is another set of misleading conclusions based on a subset of medications that represent less than 2% of what our health plans spend on medications in a year — much like their first interim report that the FTC itself has already said is ‘limited’ and ‘tentative’. Nothing in the FTC’s report addresses the underlying cause of increasing drug prices, or helps employers, unions, and municipalities keep prescription benefits affordable for their members. We look forward to continuing to address the blatant inaccuracies in the Commission’s reports.”
    • “One Wall Street analyst maintained the FCC report does not tell the complete PBM story. TD Cowen analyst Charles Rhyee wrote in an investor note that “the fundamental issue with the FTC’s claims… is that they use only data on specialty generics, a small subset of the overall drug market – 0.9% of total drug spending – and is not representative of the value that the PBM industry delivers as a whole.”
  • Per a Food and Drug Administration press release,
    • “Today, the U.S. Food and Drug Administration is announcing an important step to provide nutrition information to consumers by proposing to require a front-of-package (FOP) nutrition label for most packaged foods. This proposal plays a key role in the agency’s nutrition priorities, which are part of a government-wide effort in combatting the nation’s chronic disease crisis. If finalized, the proposal would give consumers readily visible information about a food’s saturated fat, sodium and added sugars content—three nutrients directly linked with chronic diseases when consumed in excess.  
    • “The proposed FOP nutrition label, also referred to as the “Nutrition Info box,” provides information on saturated fat, sodium and added sugars content in a simple format showing whether the food has “Low,” “Med” or “High” levels of these nutrients. It complements the FDA’s iconic Nutrition Facts label, which gives consumers more detailed information about the nutrients in their food.” * * *
    • “Comments on the proposed rule can be submitted electronically to http://www.regulations.gov by May 16, 2025.”
       
  • The Wall Street Journal adds,
    • “It is unclear how the incoming Trump administration will view the rule. Robert F. Kennedy Jr., the prospective next head of U.S. health policy, is a critic of processed foods and has been outspoken about his view that U.S. food companies are partly to blame for sickening Americans.
    • “Consumer advocacy groups and public health organizations cheered the rule, though some said they hoped the Trump administration would consider labels similar to those adopted in other countries that bear more pointed warnings.
    • “Industry groups have warned the FDA that they could sue to challenge mandatory front-of-package labels. Such labels, they said, could threaten First Amendment rights—because companies could consider them a form of forced speech—and only Congress has the authority to require them.” 
  • The New York Times reports,
    • “Among both men and women, drinking just one alcoholic beverage a day increases the risk of liver cirrhosis, esophageal cancer, oral cancer and various types of injuries, according to a federal analysis of alcohol’s health effects issued on Tuesday.
    • “Women face a higher risk of developing liver cancer at this level of drinking, but a lower risk of diabetes. And while one alcoholic drink daily also reduces the likelihood of strokes caused by blood clots among both men and women, the report found, even occasional heavy drinking negates the benefits.
    • “The report, prepared by an outside scientific review panel under the auspices of the Department of Health and Human Services, is one of two competing assessments that will be used to shape the influential U.S. Dietary Guidelines, which are to be updated this year.”
  • Monica M. Bertagnolli, M.D., issued a statement on ending her tenure as NIH director January 17, 2025. The FEHBlog has enjoyed her Director’s blog entries.

From the public health and medical research front,

  • The U.S. Preventive Services Task Force today gave B grades to the following recommended preventive services:
    • “The USPSTF recommends screening for osteoporosis to prevent osteoporotic fractures in women 65 years or older.”
    • “The USPSTF recommends screening for osteoporosis to prevent osteoporotic fractures in postmenopausal women younger than 65 years who are at increased risk for an osteoporotic fracture as estimated by clinical risk assessment.”
  • and an inconclusive grade to the following preventive service
    • “The USPSTF concludes that the current evidence is insufficient to assess the balance of benefits and harms of screening for osteoporosis to prevent osteoporotic fractures in men.”
  • The USPSTF notes,
    • “This recommendation updates the 2018 USPSTF recommendation on screening for osteoporosis. In 2018, the USPSTF recommended screening for osteoporosis with bone measurement testing to prevent osteoporotic fractures in women 65 years or older and in postmenopausal women younger than 65 years who are at increased risk of osteoporosis, as determined by a formal clinical risk assessment tool.45 For the current recommendation, the USPSTF has noted that screening can include DXA BMD, with or without fracture risk assessment. The current recommendation is otherwise generally consistent with the 2018 recommendation.”
  • The Journal of the American Medical Association expands on this USPSTF note in an editorial comment.
    • “At first glance, the updated US Preventive Services Task Force (USPSTF) Recommendation Statement on osteoporosis screening1 appears nearly identical to the previous 2018 statement, especially regarding the recommendation for universal screening in women 65 years or older and insufficient evidence to support a recommendation for or against screening in men. However, subtle revisions to the 2018 recommendation2 may result in substantive changes in screening of younger postmenopausal women in clinical practice. While a B recommendation for higher-risk postmenopausal women younger than 65 years is common to both statements, the 2018 statement recommended assessing risk of osteoporosis in these women using a formal clinical risk assessment tool, whereas the 2024 Recommendation Statement1 recommends screening those at increased risk for an osteoporotic fracture as estimated by clinical risk assessment. Additionally, the screening test for both younger and older postmenopausal women in the 2018 recommendation is specified broadly as bone measurement testing. By contrast, the 2024 statement is more specific and defines screening as central (hip or lumbar spine) dual-energy x-ray absorptiometry (DXA) bone mineral density (BMD) testing with or without fracture risk assessment.
    • “In postmenopausal women younger than 65 years, osteoporosis screening presents several challenges. While time is often limited and resources scarce in the overstretched primary care practice environment, the USPSTF recommends a 2-step process to identify women in this age group who warrant screening. The clinician first determines whether traditional osteoporosis risk factors such as low body weight or tobacco use are present. For women with 1 or more risk factors, the USPSTF then advises risk assessment with a clinical risk assessment tool (eg, the Osteoporosis Self-Assessment Tool [OST], the Osteoporosis Risk Assessment Instrument [ORAI], or the Fracture Risk Assessment Tool [FRAX]) calculated without BMD information to further select women who warrant BMD testing. Primary care clinicians should be aware that the OST and ORAI were designed to identify osteoporosis (BMD T score ≤−2.5), while FRAX was developed to estimate 10-year absolute probabilities of hip and major osteoporotic fracture. Use of the OST or ORAI entails a simple calculation with few inputs (e.g., the OST is based on age and weight alone), whereas use of FRAX requires entering information on 11 clinical risk factors into a web-based algorithm. Table 2 in the Recommendation Statement1 provides “frequently used thresholds for increased osteoporosis risk” for OST (score <2) and ORAI (score ≥9), indicating that these thresholds identify women for whom central DXA BMD testing is suggested. In contrast to the 2011 and 2018 recommendations, the 2024 USPSTF Recommendation Statement1 does not suggest a specific FRAX threshold to define increased osteoporosis risk.
  • Per a National Cancer Institute news release,
    • “Feeding fructose to lab animals with cancer made their tumors grow faster, a new study has shown. But the tumors didn’t directly consume fructose, the researchers found. Instead, the liver converted it into a type of fat that cancer cells gobbled up.
    • “Studies have suggested that diets containing excess fructose—which is found in high-fructose corn syrup and table sugar—can help tumors grow. But how this common dietary sweetener might do so has been a bit of a mystery. The researchers believe their study provides some important answers. 
    • “The NIH-funded study, published December 4 in Nature, showed that several types of cancer cells lacked the enzyme needed to use fructose directly. However, liver cells have the necessary enzyme, called KHK, and used it to convert fructose into fats called lipids
    • “The findings could open up a new avenue for potential cancer treatments, said the study’s senior researcher, Gary Patti, Ph.D., of Washington University in St. Louis. A drug that blocks the KHK enzyme slowed fructose-fueled tumor growth in mice, the scientists showed.”
  • The National Institutes of Health released an NIH research matters bulletin concerning “Cancer prevention and screening | Improving flu vaccines | LDL structure.”
  • AP reports,
    • “A group of global experts is proposing a new way to define and diagnose obesity, reducing the emphasis on the controversial body mass index and hoping to better identify people who need treatment for the disease caused by excess body fat. 
    • “Under recommendations released Tuesday night, obesity would no longer be defined solely by BMI, a calculation of height and weight, but combined with other measurements, such as waist circumference, plus evidence of health problems tied to extra pounds. 
    • “Obesity is estimated to affect more than 1 billion people worldwide. In the U.S., about 40% of adults have obesity, according to the U.S. Centers for Disease Control and Prevention. 
    • “The whole goal of this is to get a more precise definition so that we are targeting the people who actually need the help most,” said Dr. David Cummings, an obesity expert at the University of Washington and one of the 58 authors of the report published in The Lancet Diabetes & Endocrinology journal.”
  • Per MedPage Today,
    • “Integrating smoking cessation into a lung cancer screening program had the biggest benefit for patients who wanted to quit, a randomized trial showed.
    • “Self-reported tobacco abstinence was greater at both 3 and 6 months with higher levels of integration of smoking cessation assistance in the lung cancer screening program, reported Paul Cinciripini, PhD, of the University of Texas MD Anderson Cancer Center in Houston, and colleagues in JAMA Internal Medicine.”
  • and
    • “Antiviral drugs commonly used to treat non-severe influenza appeared to have little or no effect on key clinical outcomes, except for baloxavir (Xofluza), according to a systematic review and meta-analysis of 73 randomized trials.”

From the U.S. public health front,

  • STAT News adds,
    • “Since society rebounded from the pandemic, Teladoc Health has gone from a soaring rocket ship considered an emblem of the potential of health tech to a cautionary tale about overblown hype. Its telehealth services are now viewed by many as an interchangeable commodity in a crowded market.
    • “In his first prominent public appearance as CEO of the virtual care giant, Chuck Divita showed up [at the JPM Conference] and played the part — promising growth and stability and reminding investors of the company’s strong foundation.”
  • Beckers Hospital Review points out,
    • Eli Lilly is leading a push with other pharmaceutical companies to request a pause in the Biden administration’s drug pricing negotiations, even as officials prepare to release a new list of medications to be targeted for price reductions, Bloomberg reported Jan. 13. 
    • Speaking at the JPMorgan HealthCare Conference in San Francisco, Eli Lilly CEO Dave Ricks emphasized the need for changes to the Inflation Reduction Act before additional drugs are included in the program. 
  • MedCity News relates, “Nvidia announced four new partnerships focused on scaling AI models across the healthcare industry. The company is teaming up with Mayo Clinic, Illumina, IQVIA and Arc Institute” at JPM Conference.
  • BioPharma Dive lets us know,
    • “Eli Lilly on Tuesday said the company’s revenue in 2024 totaled about $45 billion, a 32% jump on 2023’s total but less than what it had estimated in October.
    • “Third quarter sales of Mounjaro and Zepbound, its GLP-1 drugs for diabetes and obesity, were below Wall Street analysts’ expectations at $3.5 billion and $1.9 billion, respectively. CEO David Ricks said GLP-1 market growth was slower than the company anticipated.
    • “Shares of the Indianapolis-based company fell by as much as 8% in morning trading, shaving tens of billions of dollars from its market valuation. Since hitting a high of $960 apiece in late August, shares have tumbled in value by about one-fifth as Zepbound sales have fallen short of forecasts.”
  • McKinsey & Company explains “How healthcare entities can use M&A to build and scale new businesses.”

Monday Report

Photo by Sven Read on Unsplash

From Washington, DC,

  • Fierce Healthcare lets us know,
    • “One week before President-elect Donald Trump’s inauguration, the Biden administration is finalizing a rule that sets new standards for the individual market under the Affordable Care Act.
    • “First proposed in October, the rule protects consumers from having their coverage swapped unwittingly. Brokers and agents that violate this policy, and pose other “unacceptable” risks, can be suspended. The rule will go into effect on Wednesday.
    • “The rule also amends the risk adjustment program through user fee rates, new calculations to the Basic Health Program (BHP) and reporting to the ACA Quality Improvement Strategy (QIS), designed to improve member outcomes.”
  • Here is a link to CMS’s fact sheet on the final Affordable Care Act (“ACA”) rule titled “HHS Notice of Benefit and Payment Parameters for 2026” and a link to the rule itself.
  • The ACA regulators today withdrew an October 28, 2024, proposed rule which would have “expand access to coverage of recommended preventive services without cost sharing in the commercial market, with a particular focus on reducing barriers to coverage of contraceptive services, including over the counter (OTC) contraceptives.”
  • FedSmith confirms,
    • “President-elect Donald Trump has nominated Scott Kupor as the Director of the Office of Personnel Management (OPM). 
    • “Kupor would lead an OPM organization that has grown under the Biden administration. It now has a larger budget and workforce. 
    • “For fiscal year 2025, the Biden administration proposed a budget of $465.8 million for OPM, which is an increase of about 21% compared to the enacted budget of $385.7 million in fiscal year 2023.”
  • The U.S. Office of Personnel Management posted on the Federal Register’s Public Inspection List a final rule which, according to Govexec, “will standardize the maps relied upon to determine the locality pay rates for white- and blue-collar federal workers across the U.S.” effective October 1, 2025.
  • Pew Research reports on what the data says about federal and postal workers.
  • Federal News Network notes,
    • “The Postal Service is offering early retirement buyouts to mail handlers who work in the agency’s mail processing facilities, and other USPS employees who work in a variety of support positions.
    • “USPS, in a memo obtained by Federal News Network, is offering lump-sum incentive payments worth up to $15,000 to eligible mail handlers who agree to a voluntary early retirement in the coming months.
    • “The agency reached an agreement with the National Postal Mail Handlers Union, which represents 47,000 mail handlers nationwide, as well as the American Postal Workers Union, which represents 222,000 active and retired postal clerks, mail processors and sorters, as well as other USPS occupations.
    • “Federal News Network reached out to both unions for comment.

From the judicial front,

  • The American Hospital Association News reports,
    • The U.S. Chamber of Commerce Jan. 13 filed a lawsuit against the Federal Trade Commission, saying changes made by the FTC to premerger notification rules under the Hart-Scott-Rodino Act are “unnecessary and unlawful.”
    • In a statement, the Chamber said the FTC “has failed to justify the need to subject every merger filing to its new burden. During the rulemaking process it never contemplated alternative, less burdensome approaches and understates the costs and overstates the benefits of changing the rule as part of its final analysis. Subjecting thousands of routine mergers and acquisitions to these additional burdens will slow down normal business transactions and increase costs, hurting the economy in the process.”
    • The FTC finalized changes to the premerger notification rules, form and instructions under the HSR Act in October. The AHA expressed disappointment with the FTC’s changes, saying that the rule “functions as little more than a tax on mergers… The agency already has more than enough information about hospital transactions, and it has shown no hesitation in challenging them. The final rule will just require hospitals to divert time and resources away from patient care towards needless compliance costs.

From the Food and Drug Administration front,

  • The Washington Post reports,
    • “The long quest for powerful non-opioid drugs that treat pain without risk of addiction is nearing a milestone, in the form of a pill that could soon win approval from the Food and Drug Administration.
    • “If successful, the drug developed by Vertex Pharmaceuticals would offer a possible alternative to potent prescription painkillers such as oxycodone, which was once heavily marketed by drug companies and fueled an epidemic of dependency and death.
    • “Independent experts say it remains too early to know how revolutionary the Vertex drug, suzetrigine, will be. The company’s application that is pending before the FDA, which could be approved by the end of January, is for relatively short-term pain. It is based on successful clinical trials in people recovering from two types of surgeries, as well as a safety study that monitored participants over about six weeks.
    • “Vertex is still exploring whether the drug can be safely and effectively used for chronic, longer-lasting pain.”
  • Cardiovascular Business points out,
    • “The U.S. Food and Drug Administration (FDA) has announced that Philips is recalling the software associated with its Mobile Cardiac Outpatient Telemetry (MCOT) devices after certain high-risk electrocardiogram (ECG) events were never routed to trained cardiology technicians as intended. This is a Class I recall, the FDA’s most serious classification.
    • “This issue, which lasted from July 2022 to July 2024, has been associated with 109 patient injuries and two patient deaths. Some of the health events included suspected cases of atrial fibrillation or pause, supraventricular tachycardia, ventricular tachycardia and second- or third-degree atrioventricular block.
    • “On Dec. 18, 2024, Philips and its subsidiary, Braemar Manufacturing, sent all customers impacted by the failure an Urgent Medical Device Correction and information on how to review which patients may need to have their data reprocessed.”
  • and
    • “The U.S. Food and Drug Administration (FDA) has now cleared more than 1,000 clinical artificial intelligence (AI)algorithms to be used commercially for direct patient care in the United States. Cardiology is No. 2 among all healthcare specialties with 161 FDA clearances; some of those are even approved for multiple specialties.
    • “Radiology is by far the king of AI FDA clearances with 758 algorithms, making up about 76% of all clinical AI in the U.S. Neurology comes in at an extremely distant third place with 35 algorithms. There are 15 other specialities with cleared AI, but they each number less than 20 algorithms.
    • “The FDA updated its AI-enabled device approval list in late December, which showed the agency technically reached the 1,000 mark back in September. The first AI algorithm was cleared in 1996, and the number of submissions to the FDA has accelerated very rapidly in the past few years. The agency is now clearing an average of about 20 AI algorithms per month, and the FDA says that number is expected to rise in the coming years.”
  • Fierce Healthcare adds,
    • “The Peterson Health Technology Institute launched an artificial intelligence task force to puzzle out the value of in-demand AI technologies for healthcare delivery organizations.
    • “The task force has been operational for six months, Caroline Pearson, executive director of the PHTI, said in an interview. It will be led by Prabhjot Singh, M.D., Ph.D., a physician and co-founder of CHW Cares, which sold to Oak Street Health in 2022, and Margaret McKenna, former chief technology officer at Devoted Health. Both Singh and McKenna are advisers to the PHTI.
    • “There are about 60 people on the task force from a dozen healthcare systems, including UC San Diego Health, Intermountain Health, Mass General Brigham, Providence, Ochsner Health and MultiCare. Pearson also said there are many C-suite executives on the task force including CEOs, chief financial officer and chief information officers.
    • “They’re not AI cheerleaders,” Pearson said. “They’re just trying to run effective, efficient healthcare systems.”

From the public health and medical research front,

  • The Center for Disease Control and Prevention announced today,
    • “COVID-19 activity has increased in most areas of the country. Seasonal influenza activity remains elevated across the country. RSV activity is very high in many areas of the country, particularly in young children.
    • “COVID-19
      • “COVID-19 activity has increased in most areas of the country, with high COVID-19 wastewater levels, increasing emergency department visits and elevated laboratory percent positivity. Emergency department visits and hospitalizations are highest in older adults and emergency department visits are also elevated in young children.
      • “There is still time to benefit from getting your recommended immunizations to reduce your risk of illness this season, especially severe illness and hospitalization.
      • “CDC expects the 2024-2025 COVID-19 vaccine to work well for currently circulating variants. There are many effective tools to prevent spreading COVID-19 or becoming seriously ill.
    • “Influenza
    • “RSV
      • “RSV activity is very high in many areas of the country, particularly in young children. Emergency department visits and hospitalizations are highest in children and hospitalizations are elevated among older adults in some areas.”
    • “Vaccination
      • “Vaccination coverage with influenza and COVID-19 vaccines are low among U.S. adults and children. COVID-19 vaccine coverage in older adults has increased compared with the 2023-2024 season. Vaccination coverage with RSV vaccines remains low among U.S. adults. Many children and adults lack protection from respiratory virus infections provided by vaccines.”
  • Speaking of wastewater, the Your Local Epidemiologist newsletter, to which the FEHBlog subscribes, explains,
    • We’re seeing a lot of [H5N1] virus in California’s cows and birds. California is the number one state for dairy cattle, and so far, 703 herds have tested positive for H5N1. That’s more than 2/3 of all the dairy farms in the state. Plus, 93 commercial or backyard poultry flocks, accounting for about 22 million animals, have also been infected.
    • Unfortunately, we don’t have the wastewater testing capabilities yet to differentiate between humans and animals. A recent preprint showed wastewater is picking up viruses from animals (rather than humans) through milk dumping, animal sewage, and bird contamination. We are also relying on epidemiologists’ accounts on the ground to sort through the signals.
  • Per an NIH news release,
    • “New findings from the National Institutes of Health’s (NIH) Researching COVID to Enhance Recovery (RECOVER) Initiative suggest that infection with SARS-CoV-2, the virus that causes COVID-19, may be associated with an increase in the number of myalgic encephalomyelitis/chronic fatigue syndrome (ME/CFS) cases. According to the results, 4.5% post-COVID-19 participants met ME/CFS diagnostic criteria, compared to 0.6% participants that had not been infected by SARS-CoV-2 virus.  RECOVER is NIH’s national program to understand, diagnose, prevent, and treat Long COVID.
    • “The research team, led by Suzanne D. Vernon, Ph.D., from the Bateman Horne Center in Salt Lake City, examined adults participating in the RECOVER adult cohort study to see how many met the IOM clinical diagnostic criteria for ME/CFS at least six months after their infection. Included in the analysis were 11,785 participants who had been infected by SARS-CoV-2 and 1,439 participants who had not been infected by the virus. Findings appear in the Journal of General Internal Medicine.
    • “ME/CFS is a complex, serious, and chronic condition that often occurs following an infection. ME/CFS is characterized by new-onset fatigue that has persisted for at least six months and is accompanied by a reduction in pre-illness activities; post-exertional malaise, which is a worsening of symptoms following physical or mental activity; and unrefreshing sleep plus either cognitive impairment or orthostatic intolerance, which is dizziness when standing. People with Long COVID also experience some or all of these symptoms.
    • “Long COVID is an infection-associated chronic condition that occurs after SARS-CoV-2 infection and is present for at least three months as a continuous, relapsing and remitting, or progressive disease state that affects one or more organ systems. People with Long COVID report a variety of symptoms including fatigue, pain, and cognitive difficulties.
    • “Dr. Vernon and her team determined that new incidence cases of ME/CFS were 15 times higher than pre-pandemic levels.
    • “These findings provide additional evidence that infections, including those caused by SARS-CoV-2, can lead to ME/CFS.”
  • The American Hospital Association News tells us,
    • The San Francisco Department of Public Health Jan. 10 announced a presumptive positive case of H5N1 bird flu in a child after they experienced symptoms of fever and conjunctivitis. The child was not hospitalized and has since fully recovered, the agency said. An initial investigation by SFDPH did not reveal how the child may have contracted the virus, and the department is continuing to investigate.
  • Per Medscape,
    • More than 15 million people, accounting for 4.6% of the US population, were diagnosed with at least one autoimmune disease from January 2011 to June 2022; 34% were diagnosed with more than one autoimmune disease.
    • Sex-stratified analysis revealed that 63% of patients diagnosed with autoimmune disease were women, and only 37% were men, establishing a female-to-male ratio of 1.7:1; age-stratified analysis revealed increasing prevalence of autoimmune conditions with age, peaking in individuals aged ≥ 65 years.
    • Among individuals with autoimmune diseases, 65% of patients had one condition, whereas 24% had two, 8% had three, and 2% had four or more autoimmune diseases (does not add to 100% due to rounding).
    • Rheumatoid arthritis emerged as the most prevalent autoimmune disease, followed by psoriasis, type 1 diabetes, Grave’s disease, and autoimmune thyroiditis; 19 of the top 20 most prevalent autoimmune diseases occurred more frequently in women.
    • Source: https://www.jci.org/articles/view/178722
  • The American Medical Associations shares what doctors wish their patients knew about Parkinson’s Disease.
  • The New York Times reports,
    • “The number of people in the United States who develop dementia each year will double over the next 35 years to about one million annually by 2060, a new study estimates, and the number of new cases per year among Black Americans will triple.
    • “The increase will primarily be due to the growing aging population, as many Americans are living longer than previous generations. By 2060, some of the youngest baby boomers will be in their 90s and many millennials will be in their 70s. Older age is the biggest risk factor for dementia. The study found that the vast majority of dementia risk occurred after age 75, increasing further as people reached age 95.
    • “The study, published Monday in Nature Medicine, found that adults over 55 had a 42 percent lifetime risk of developing dementia. That is considerably higher than previous lifetime risk estimates, a result the authors attributed to updated information about Americans’ health and longevity and the fact that their study population was more diverse than that of previous studies, which have had primarily white participants.
    • “Some experts said the new lifetime risk estimate and projected increase in yearly cases could be overly high, but they agreed that dementia cases would soar in the coming decades.”
  • Health Day considers whether “Doctors Can Estimate Life Expectancy After a Dementia Diagnosis?”
    • “Updated estimates give a better picture of how long a person will live following a dementia diagnosis.
    • “Age plays a factor in how long people have left.
    • “Women tend to have longer life expectancy than men.”

From the U.S. healthcare business front,

  • BioPharma Dive relates,
    • “Johnson & Johnson on Monday said it has agreed to acquire Intra-Cellular Therapies, a developer of drugs for diseases of the brain, for $132 per share, or about $14.6 billion.
    • “The announcement of the deal, which if completed would be the largest acquisition of a biotechnology company since early 2023, came on the first day of the J.P. Morgan Healthcare Conference, an industry meeting that’s known for dealmaking.
    • “The chief prize in buying Intra-Cellular is a medicine known as Caplyta that’s approved in the U.S. to treat schizophrenia and bipolar depression. The biotech recently asked the Food and Drug Administration to expand Caplyta’s clearance to include major depressive disorder, which affects about 10 times as many people as have schizophrenia and a little more than three times as many as have bipolar depression.”
  • and
    • “Eli Lilly has turned to a biotechnology startup for help building its pipeline of cancer drugs, agreeing on Monday to purchase an experimental cancer drug from privately held Scorpion Therapeutics for as much as $2.5 billion.
    • “As part of the deal, Scorpion will spin out a new, independent company that will hold its other assets as well as inherit its employees. Lilly will take a minority stake in the new company, which will be owned by Scorpion’s current shareholders, among them Atlas Venture, Vida Ventures and Omega Funds.
    • “Current Scorpion CEO Adam Friedman will lead the new company along with other members of the startup’s management.”
  • and
    • “Late last week, Biogen made an unsolicited offer to buy one of its partners, brain drug developer Sage Therapeutics.
    • “The two biotechnology companies have worked together over the past four years on a mood-stabilizing medicine known as Zurzuvae. They split research costs and, after the medicine got approved as a treatment for postpartum depression, began sharing profits.
    • B”ut Biogen now wants Zurzuvae all to itself. In a Jan. 10 letter to Sage’s top executive Barry Greene, Biogen CEO Christopher Viehbacher wrote that his company’s experience selling nervous system drugs would “enable more streamlined operations and efficient commercial execution” around Zurzuvae, which, in turn, should improve patient access.” 

Weekend update

From Washington, DC,

  • Govexec tells us,
    • “Rep. Gerry Connolly, D-Va., the new top Democrat on the House Oversight and Accountability Committee, says he’s open to working with Elon Musk and Vivek Ramaswamy’s Department of Government Efficiency in some areas.
    • “That may make for strange bedfellows. But the lawmaker — who recently beat Rep. Alexandria Ocasio-Cortez, D-N.Y., to be the committee’s ranking member — has long focused on the government’s often-aged technology, a shared interest for both Ramaswamy and Musk. In recent months, Musk has posted about federal IT several times, referencing 2023 congressional testimony on legacy tech from the Government Accountability Office.
    • “By the way, that was the GAO report I requested,” Connolly pointed out during an interview with Nextgov/FCW. The report also lists former representatives Elijah Cummings, Mark Meadows, Will Hurd and current Reps. Robin Kelly, D-Ill., and Jim Jordan, R-Ohio, as requesters.”
  • Federal News Network lets us know,
    • “President-elect Donald Trump is preparing more than 100 executive orders starting Day One of the new White House, in what amounts to a shock-and-awe campaign on border security, deportations and a rush of other policy priorities.
    • “Trump told Republican senators about the onslaught ahead during a private meeting on Capitol Hill. Many of the actions are expected to launch on Inauguration Day, Jan. 20, when he takes office. Trump top adviser Stephen Miller outlined for the GOP senators the border security and immigration enforcement measures that are likely to launch soonest. Axios first reported on Trump and his team’s presentation.
    • “There will be a substantial number,” said Sen. John Hoeven, R-N.D.
    • “Allies of the president-elect have been preparing a stack of executive orders that Trump could sign quickly on a wide range of topics – from the U.S.-Mexico border clampdown to energy development to federal Schedule F workforce rules, school gender policies and vaccine mandates, among other day-one promises made during his campaign.”

From the public health and medical research front,

  • MedPage Today tells us,
    • ‘The detection of the first clade I mpox case in the U.S. this November, followed by a subsequent case in Canada, is far more than a fleeting headline. It is a stark reminder of the interconnectedness of global health. Clade I mpox, a public health emergency of international concern concentrated in Central and Eastern Africa, has already caused more than 57,000 suspected cases and more than 1,200 deaths in 2024 alone. Travel-associated cases have now extended to Europe, Asia, and North America, with the first U.S. case linked to travel from an endemic region.
    • “This development underscores the urgent need for sustained, coordinated action to prevent clade I mpox from following the trajectory of clade II. The latter has resulted in the continued global circulation of over 100,000 cases across 122 countries, including 115 nations where mpox was not previously reported.
    • The emerging threat of clade I mpox presents the incoming Trump administration with a unique opportunity to demonstrate leadership, bolster global health, and underscore the value of preparedness. Proactively addressing this challenge can protect the U.S. from future outbreaks while reaffirming its commitment to global health security and collaboration.
  • Per Healio,
    • Researchers developed a computer-based tool [known as TBorNotTB] to evaluate hospitalized patients for suspected tuberculosis that correctly identified 100% of cases, which could help prevent spread to other patients, they said.
    • “Infection prevention and control programs are tasked with implementing appropriate isolation of patients in health care facilities with suspected or confirmed communicable diseases to reduce the risk of health care-associated infections to patients and mitigate occupational risks to health care personnel,” Caitlin Dugdale, MD, MSc, an infectious disease physician at Massachusetts General Hospital, told Healio.
  • Fortune Well informs us,
    • “New research makes a strong case for morning joe, indicating that the timing may impact your longevity. In a study published in the European Heart Journal, researchers looked at two patterns of coffee timing: people who drank their coffee in the morning, and people who were all-day drinkers. After adjusting for other potential factors, researchers found that morning coffee drinkers were 16% less likely to die of any cause during the study period, and 31% less likely to die of cardiovascular disease, compared to people who didn’t drink coffee. However, there was no reduction in risk for all-day coffee drinkers compared to non-coffee drinkers. 
    • “The authors speculate that drinking caffeinated coffee later in the day could disrupt circadian rhythm and melatonin levels, leading to inflammation and sleep disturbances. A second potential explanation is that inflammation is at its highest in the morning, and the natural anti-inflammatory properties of coffee may have a greater impact when consumed earlier in the day.”

From the U.S. healthcare business front,

  • Modern Healthcare reports,
    • “Mercy Health — Toledo plans to acquire 10 urgent care centers in Ohio and Michigan from Greater Midwest Urgent Cares.
    • “The nonprofit, faith-based system, part of Cincinnati-based Bon Secours Mercy Health, said Friday it plans to assume ownership April 1. Financial details of the transaction, which would be through an asset purchase agreement, were not disclosed.
    • “Our intent is to keep those Greater Midwest Urgent Care employees who’ve done an amazing job providing patient centric care,” said Bob Baxter, president of Mercy Health — Toledo.”
  • HR Dive points out “five compensation and benefits trends to buy into in 2025. To attract and retain workers, employers will focus on competitive salaries and flexible benefits, experts say.”

Cybersecurity Saturday

From the cybersecurity policy and law enforcement front,

  • Bloomberg alerts us,
    • “The Biden administration is racing to put out an executive order meant to shore up US cybersecurity in its dwindling days in office, according to four people familiar with the matter.
    • “The executive order, which has cleared some internal hurdles and is close to being published, incorporates lessons from a series of major breaches during the Biden administration, including the most recent Treasury Department hack attributed to China, according to people familiar with the matter who didn’t want to be named to discuss information that hasn’t yet been made public.
    • “Among the measures, it directs the government to implement “strong identity authentication and encryption” across communications, according to an undated draft of the order seen by Bloomberg News. In the December Treasury hack, intruders accessed unclassified documents stored locally on laptops and desktop computers. Encrypting information sent by email and worked on in the cloud could help safeguard it from hackers who successfully access systems but then cannot open specific documents.” * * *
    • “Whether President-elect Donald Trump will leave the executive order in place when he takes office remains unclear, though he’s vowed to pare back federal regulation. Trump has signaled that he intends to repeal another Biden administration order intended to provide guardrails around artificial intelligence.” 
  • Federal News Network provides more details on the draft EO for those interested.
  • Dark Reading reports,
    • “Yesterday [January 7, 2025] the White House introduced a cybersecurity labeling program for wireless Internet-connected devices, intended to help Americans make more informed decisions about the products they buy and their security.
    • “As Americans continue to add Internet of Things (IoT) devices to their home networks — everything from baby monitors to security cameras — there are growing concerns about the safety of these devices and their vulnerability to hackers. The goal of this label is to guide consumers to more secure products as well as encourage vendors in their cyber practices.
    • “Known as the “US Cyber Trust Mark,” the label has been a long time coming, with the Federal Communications Commission gathering input over the past 18 months. In a bipartisan and unanimous vote, the FCC authorized the program and said 11 vendors will act as label administrators while UL Solutions will serve as the lead administrator.
    • “The White House launched this bipartisan effort to educate American consumers and give them an easy way to assess the cybersecurity of such products, as well as incentivize companies to produce more cybersecure devices, much as EnergyStar labels did for energy efficiency,” the White House brief read.”
    • “Though this new system has good intentions for both consumers and vendors, there are concerns and speculation as to how effective this cybersecurity label will be.” Read the article for those details.
  • Here’s a link to the Federal Register version of the recent proposed HIPAA Security Rule amendments which appears in the January 6, 2025, issue. The public comment deadline is March 7, 2025.
  • Fedscoop tells us,
    • “Guy Cavallo, the chief information officer of the Office of Personnel Management since July 2021, will retire from federal service on Jan. 13, he confirmed to FedScoop.
    • “Cavallo leaves federal service having held several top technology roles over the past decade, including as deputy CIO of the Small Business Administration and executive director of IT operations at the Transportation Security Administration. He also served as OPM’s principal deputy CIO and acting CIO before being named permanent CIO.
    • “As the longest-tenured CIO of OPM in recent memory, Cavallo led that charge on a two-year sprint replacing or migrating over 50 applications from legacy on-premises data centers to the cloud and the launch of the new Postal Health Benefits System last year for more than 1.7 million postal workers and retirees. He touted the system as fully operational 100% of the time with no unscheduled downtime throughout the Open Season.
    • “Cavallo also led OPM to winning several Technology Modernization Fund awards in recent years, the most recent of which came in late 2024 to support the use of artificial intelligence to update legacy mainframe programs for OPM’s retirement systems.
  • The National Institute of Standards and Technology announced on January 8,
    • NIST extends the public comment period on the initial public draft (ipd) of NIST Special Publication (SP) 800-172r3 (Revision 3)Enhanced Security Requirements for Protecting Controlled Unclassified Information (CUI) until January 17, 2025. 
    • NIST strongly encourages you to use the comment template and submit comments to 800-171comments@list.nist.gov. Comments received in response to this request will be posted on the Protecting CUI project site after the due date. Submitters’ names and affiliations (when provided) will be included, while contact information will be removed.
    • For more information, see the NIST Protecting CUI Project.
  • Per HHS press releases,
  • and
    • [Also on January 7, 2025], the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a $90,000 settlement with Virtual Private Network Solutions, LLC (VPN Solutions), a Virginia business associate that provides data hosting and cloud services to covered entities (health plans, health care clearinghouses, and most health care providers) and business associates, for a potential violation under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. OCR enforces the HIPAA Privacy, Security, and Breach Notification Rules, which set forth the requirements that covered entities (health plans, health care clearinghouses, and most health care providers), and business associates must follow to protect the privacy and security of protected health information (PHI). The HIPAA Security Rule establishes national standards to protect and secure our health care system by requiring administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of electronic PHI (ePHI). The settlement resolves an investigation concerning a ransomware attack on VPN Solutions’ information system.” * * *
    • “The resolution agreement and corrective action plan may be found at: https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/vpns-ra-cap/index.html
  • Per Cyberscoop,
    • “Microsoft is petitioning a Virginia [federal] court to seize software and shut down internet infrastructure that they allege is being used by a group of foreign cybercriminals to bypass safety guidelines for generative AI systems.
    • “In a filing with the Eastern District Court of Virginia, Microsoft brought a lawsuit against ten individuals for using stolen credentials and custom software to break into computers running Microsoft’s Azure OpenAI services to generate “harmful content.”
    • “In a complaint filed Dec. 19, 2024, the company accuses the group of violating the Computer Fraud and Abuse Act, the Digital Millennium Copyright Act, the Lanham Act and the Racketeer Influence and Corrupt Organizations Act, as well as trespass to chattels and tortious interference under Virginia state law.”

From the cybersecurity reminiscences department,

  • “HHS OCR Director Melanie Fontes Rainer reflects on 2024 as a historic year filled with tremendous activities and accomplishments for OCR on Health Insurance Portability and Accountability Act of 1996 (HIPAA) rulemakings, enforcement actions, and resources for the health care sector on HIPAA privacy and cybersecurity.”
  • In Cyberscoop, “National Cyber Director Harry Coker looks back (and ahead) on the Cyber Director office. It’s made real strides, but there’s a lot more that it could be doing, he said, and more that needs to be done.”
  • In a blog post, Valeria Colman, the Cybersecurity and Infrastructure Security Agency’s (CISA) chief strategy officer, looks back at “CISA Through the Years: Policy and Impact.”

From the cybersecurity vulnerabilities and breaches front,

  • Cybersecurity Dive reports,
    • “AT&T and Verizon, two of the nine U.S. telecom companies attacked by Salt Typhoon, said they evicted the China-government sponsored threat group from their networks. 
    • “We detect no activity by nation-state actors in our networks at this time,” an AT&T spokesperson said in a prepared statement. A Verizon spokesperson made a similar statement, asserting the carrier has “contained the cyber incident brought on by this nation-state threat actor. An independent and highly respected cybersecurity firm has confirmed the Verizon containment.”
    • “AT&T and Verizon did not say when they ejected the nation-state group from their networks, but declared their networks secure last week.”
  • Dark Reading adds,
    • “The Chinese threat actor group known as “Silk Typhoon” has been linked to the December 2024 hack on an agency that’s part of the US Department of the Treasury.
    • “In the breach, the threat actors were able to use a stolen Remote Support SaaS API key through third-party cybersecurity vendor BeyondTrust to steal data from workstations in the Office of Foreign Assets Control (OFAC).
    • “Silk Typhoon, also known as Hafnium, is well known for hitting targets in education, healthcare, defense, and non-governmental organizations.
    • “Using tools such as the China Chopper Web shell, the group’s cyber-espionage campaigns focus mainly on data theft.” * * *
    • “The Cybersecurity and Infrastructure Security Agency (CISA) has since confirmed that these exploits are limited to just the agency, and there is no indication that any other federal agencies have been impacted by the incident.” 
  • Bleeping Computer lets us know,
    • BayMark Health Services, North America’s largest provider of substance use disorder (SUD) treatment and recovery services, is notifying an undisclosed number of patients that attackers stole their personal and health information in a September 2024 breach.
    • The Texas-based organization provides medication-assisted treatment (MAT) services targeting both substance use and mental health disorders to more than 75,000 patients daily in over 400 service sites across 35 U.S. states and three Canadian provinces.
    • In data breach notification letters mailed to affected individuals, BayMark revealed that it learned of the breach on October 11, 2024, following an IT systems disruption. A follow-up investigation revealed that the attackers accessed BayMark’s systems between September 24 and October 14.
  • Per Dark Reading,
    • Cybercriminals have picked up a new tactic, impersonating CrowdStrike recruiters in order to distribute a crypto miner on their victims’ devices.
    • This malicious campaign starts with an email, inviting the victim to schedule an interview with a recruiter for a position as a junior developer.
    • The illegitimate email contains a link, alleging that it will take the recipient to a site so they can schedule their interview, but in reality, takes the victim to a malicious website containing links to download a purported “CRM application.”
  • CISA reminds us,
    • “In an era of increasingly sophisticated cyber threats, securing critical infrastructure has become a cornerstone of national security. CISA’s mission is to drive collaborative, proactive efforts to reduce risk and strengthen resilience for our nation’s critical infrastructure, federal civilian branch assets, and the private sector more broadly. While these efforts are many and varied, I’d like to highlight three particularly transformative initiatives—the Known Exploited Vulnerabilities (KEV) Catalog, Cybersecurity Performance Goals (CPGs), and the Pre-Ransomware Notification Initiative (PRNI)—to illustrate how we can collectively work to reshape the cybersecurity landscape.”
  • SC Media offers details on the January 7, 2025, KVEs while Cybersecurity Dive discusses the January 8, 2025, KVE.

From the ransomware front,

  • Axios gives us a primer on ransomware.
  • Here’s a link to a helpful September 2024 CISA PowerPoint presentation about its available tools such as the Pre-Ransomware Notification Initiative.
  • Security Week discusses “Temple University’s Critical Infrastructure Ransomware Attacks (CIRA)” database.
    • “The Critical Infrastructure Ransomware Attacks (CIRA) database currently covers more than 2,000 attacks documented since 2013 and includes nearly 300 entries for incidents that came to light in 2024. 
    • “It contains information such as name of the victim, date of the incident, country or US state, targeted critical infrastructure sector, name of the attacking threat group, duration of the incident, MITRE ATT&CK mapping, and — if known — the amount of money that was demanded by the attacker and the ransom paid by the victim.” * * * 
    • “The database is available for free upon request. To date it has been requested more than 1,500 times, mainly by researchers and other members of the cybersecurity industry (61%), as well as students, government entities, educators, and reporters.” 

From the cybersecurity defenses front,

  • Cybersecurity Dive identifies four cybersecurity trends to watch this year.
    • Critical industries are up against never before seen challenges to remain secure and operational, while regulatory pressures have completely upended the role of the CISO in corporate America.
  • Dark Reading considers current trends in artificial intelligence and cybersecurity.
  • CISA Director Jen Easterly discusses “Corporate Cyber Governance: Owning Cyber Risk at the Board Level.”
  • CISA also released its “Cybersecurity Performance Goals Adoption Report.”
  • TechTarget shares “Top 15 email security best practices for 2025.”
  • Here is a link to Dark Reading’s CISO Corner.

Friday Report

From Washington, DC.

  • STAT News reports,
    • “The Biden administration’s [last] regulation affecting the Medicare Advantage industry would come with a much lighter touch than the past two years.
    • “President Biden’s Centers for Medicare and Medicaid Services on Friday proposed to increase the average benchmark payment to private Medicare Advantage plans by 2.2% for 2026. That compares to cuts of 0.2% for this year and 1.1% in 2024, although the Biden administration gave the Medicare Advantage industry one of the largest-ever payment hikes in 2023.
    • “The proposed rule was rolled out weeks earlier than normal, as the Trump administration gets ready to take over the White House and federal agencies later this month. It’s unclear what, if any, changes President Trump’s team will make to the proposal. Trump has picked Mehmet Oz to lead CMS, but it’s possible that the Senate won’t confirm him before the final rule is published by the beginning of April.
    • “But the Biden White House at least appears worried Trump will undo the latest proposal, warning that any “pauses” to some of its changes to how Medicare Advantage insurers are paid would result in an extra $10 billion windfall for the industry.”
  • Per HHS press releases,
    • “Today, U.S. Department of Health and Human Services (HHS) Secretary Xavier Becerra declared a Public Health Emergency (PHE) for California to address the health impacts of the ongoing wildfires in Los Angeles County.
    • “The declaration follows President Biden’s major disaster declaration and gives the Centers for Medicare & Medicaid Services’ (CMS) health care providers and suppliers greater flexibility in meeting emergency health needs of Medicare and Medicaid beneficiaries.
    • “We will do all we can to assist California officials with responding to the health impacts of the devastating wildfires going on in Los Angeles County,” said Secretary Becerra. “We are working closely with state and local health authorities, as well as our partners across the federal government, and stand ready to provide public health and medical support. My thoughts and prayers are with the people impacted in my home state.”
  • and
    • “The U.S. Department of Health and Human Services (HHS) has issued its AI Strategic Plan (hereafter referred to as “Strategic Plan” or “Plan”). The Plan establishes both the strategic framework and operational roadmap for responsibly leveraging emerging technologies to enhance HHS’s core mission, while maintaining our commitment to safety, effectiveness, equity, and access. Additionally, the Plan outlines the ways in which HHS will deliver on its goal of being a global leader in innovating and adopting responsible AI that achieves unparalleled advances in the health and well-being of all Americans.
    • “At HHS, we are optimistic about the transformational potential of AI,” said Deputy Secretary Andrea Palm. “These technologies hold unparalleled ability to drive innovation through accelerating scientific breakthroughs, improving medical product safety and effectiveness, improving health outcomes through care delivery, increasing access to human services, and optimizing public health. However, our optimism is tempered with a deep sense of responsibility. We need to ensure that Americans are safeguarded from risks. Deployment and adoption of AI should benefit the American people, and we must hold stakeholders across the ecosystem accountable to achieve this goal.”
  • The Wall Street Journal reports,
    • “New divisions have emerged among U.S. intelligence agencies over whether foreign adversaries have been developing devices that led to the illness known as Havana Syndrome, according to an intelligence report released Friday. 
    • “Most of the U.S. intelligence community still believes it is very unlikely that the wide range of symptoms that have been reported by more than 1,500 U.S. government employees since the first cases emerged in Havana in late 2016 were caused by a foreign power. 
    • “But in a notable shift, two intelligence agencies now say there is a “roughly even chance” U.S. adversaries have been developing a novel weapon that could cause the illness.
    • “One of the dissenting agencies says it might have already been used to harm a small number of American personnel and dependents who have reported Havana Syndrome symptoms, the report said. 
    • “Havana Syndrome is a set of unexplained medical symptoms that include dizziness, headache, fatigue, nausea, anxiety, cognitive difficulties and memory loss of varying severity.”
  • Per Federal News Network,
    • “The Office of Personnel Management’s retirement claims backlog remained basically the same in December as compared to November, but the number of days it took to process those claims ticked up to 57 from 55 days.
    • “OPM also hit a new low in retirement claims received last month with 5,020. This is the lowest amount of claims received since November 2023.”
  • Govexec tells us,
    • “The Office of Personnel Management on Wednesday sent guidance to agency heads outlining transition authorities that President-elect Donald Trump could use to immediately place his nominees in temporary positions at federal agencies and departments. 
    • “Although Trump is pushing Senate Republicans to expeditiously confirm his picks, he will have the authority to appoint individuals, for up to 30 days, to advisory or consultative senior executive service positions while they’re awaiting confirmation. 
    • “Likewise, cabinet-level agencies will be able to make five noncareer SES appointments and other agencies can institute up to three such appointments, which is standard. Such appointments must be made by Feb. 15 and also can only last for 30 days.”

From the judicial front,

  • Bloomberg informs us,
    • “The US Supreme Court agreed [today] to review a lower court ruling that found some Obamacare coverage requirements for preventative services unlawful, but kept them enforceable nationwide.
    • “In an order Friday, the court said it will hear the Biden administration’s appeal of that decision by the US Court of Appeals for the Fifth Circuit holding the structure of the US Preventive Services Task Force unconstitutional under the Appointments Clause.
    • “The task force is charged with recommending some of the medical services health insurers must cover free-of-charge under the Affordable Care Act.
    • “Task force members “are principal officers under Article II of the Constitution who must be—yet have not been—nominated by the President and confirmed by the Senate,” the Fifth Circuit said.”
  • FEHBlog note: It drives the FEHBlog nuts that the Biden Administration or Congress failed to moot the 5th Circuit opinion by making USPSTF recommendations subject to approval by the Centers for Disease Control and Prevention’s director.

From the public health and medical research front,

  • The CDC did not have time to update its weekly respiratory illnesses report due to the unexpected federal holiday for President Carter’s Day of Mourning yesterday. This week’s report will be posted on Monday January 13.
  • The University of Minnesota’s CIDRAP relates, “A first dose of COVID-19 vaccine accelerated relief of long-COVID symptoms such as fatigue and muscle aches in UK adults, but flu vaccination did not, suggests an observational University College London–led study published yesterday in the Journal of Infection.”
  • Per MedPage Today, “Hospitals doing fewer operative vaginal deliveries (OVDs) had higher rates of adverse perinatal outcomes for these cases than higher volume centers did, according to a population-based retrospective cohort study from California.”
  • The NIH Director, Dr Monica Bertagnolli, writes in her blog,
    • “Millions of people in the U.S. have an autoimmune disease, from type 1 diabetes to inflammatory bowel disease, in which the immune system attacks the body’s own organs, tissues, or cells to cause damage. While treatments that tamp down the immune system can help, they can increase risk for infection or cancer due to systemic immune suppression. Similarly, for people who’ve received an organ or tissue transplant, immunosuppressants used to prevent rejection can leave the whole body vulnerable. What if there was a way to suppress the immune system only right where it’s needed, in tissues or organs at risk for immune attack?
    • “An NIH-supported study reported in Science describes a way to do just that by using a cell-based therapy approach. The therapeutic approach involves taking a blood sample from a patient, modifying certain immune cells in the laboratory, and then reintroducing the engineered cells back into the body. Such cell-based therapeutics can be designed to recognize specific molecules to target tissues. This approach is already used to treat many cancers, utilizing a patient’s own engineered immune cells, known as CAR T cells, to attack and kill their cancer. Inspired by the success of the CAR T-cell example, the researchers behind this new work see the technology they’re developing as a potential platform for tackling many types of immune dysfunction.” * * *
    • “While much more study is needed, the researchers suggest that such synthetic suppressor T cells could serve as a readily customizable platform to potentially treat many autoimmune conditions. Engineered immune suppressor cells could also be used to fine-tune CAR T-cell therapies for cancer so that they only attack tumors and not normal tissues, making them less toxic. This paves the way for a future in which there may be many more possibilities for precisely tamping down the immune system in ways that could prove life-changing for transplant recipients and those with type 1 diabetes, as well as many other autoimmune conditions.”
  • Per BioPharma Dive,
    • “Pfizer on Friday said its PD-1 inhibitor sasanlimab, when combined with standard therapy in people with bladder cancer, delayed death and disease complications longer than standard therapy alone. The Phase 3 trial could give Pfizer’s subcutaneous immunotherapy an edge over rival drugs, like Merck & Co.’s Keytruda and Bristol Myers Squibb’s Opdivo, which are approved to treat people with more advanced disease. Pfizer tested sasanlimab with an immunotherapy called Bacillus Calmette-Guérin in people whose cancer hadn’t spread beyond the bladder lining after surgery. If sasanlimab wins Food and Drug Administration approval, it could be the fourth PD-1 or PD-L1 inhibitor cleared as an under-the-skin shot. The FDA has already approved subcutaneous versions of Roche’s Tecentriq and Opdivo, and Merck has positive Phase 3 data in hand for under-the-skin Keytruda” 

From the U.S. healthcare business front,

  • Beckers Hospital Review identifies “100 great neuro and spine programs.”
  • The Wall Street Journal reports,
    • AbbVie on Friday said it will post a $3.5 billion impairment charge related to last year’s $8.7 billion bet on Cerevel Therapeutics following the failure of the deal’s key drug candidate.
    • AbbVie in November said the Cerevel drug, emraclidine, missed the key goal in a pair of mid-stage studies in schizophrenia, prompting the North Chicago, Ill., biopharmaceutical company to begin an evaluation of the emraclidine intangible asset for impairment.
    • AbbVie, in announcing the Cerevel deal in late 2023, said it believed emraclidine had the potential to transform the schizophrenia treatment landscape and represented a multibillion-dollar peak sales opportunity.
  • The American Hospital Association News tells us,
    • “Prices for the top 25 brand-name Medicare Part D drugs have increased by an average of 98% since entering the market, according to a report released Jan. 9 by the AARP Public Policy Institute. That price growth has often exceeded yearly rates of inflation, the organization said. The drugs highlighted in the report have not yet been selected for the Medicare Drug Price Negotiation program. The drugs accounted for nearly $50 billion in total Part D spending in 2022.”
  • Healthcare Dive informs us,
    • “Walgreens’ first quarter earnings were notably better than Wall Street feared, though the retail pharmacy operator continues to suffer heavy losses as it works to right the ship.
    • “On Friday, Walgreens posted financial results that beat analyst expectations with revenue of $39.5 billion, up 7.5% year over year. Still, Walgreens reported a net loss of $265 million, larger than its $67 million loss same time last year, mainly due to costs stemming from ongoing store closures and asset sales.
    • “Walgreens’ market value has plummeting in recent years, leading the company to explore a private equity buyout, according to the Wall Street Journal. Executives didn’t address the speculation on a call with investors Friday morning, but said Walgreens made progress on its $1 billion cost-cutting initiative in the quarter, including a pending sale of beleaguered medical chain VillageMD and closures of 70 underperforming retail stores.”