The Federal Employees Heath Blog (FEH Blog) by Ermer & Suter, PLLC

Monday Report

David Ermer–ACA, CDC, Congress, COVID-19 vaccine, FDA, Medical / Rx research, Rx coverage, U.S. Healthcare–May 12, 2025May 12, 2025

Roll Calls offers a summary of this week’s activities on Capitol Hill.

The Senate Majority Leader filed cloture today on Eric Ueland who is the President’s nominee for OMB Deputy Director. Mr. Ueland shared the stage with Mr. Kupor, the President’s nominee for OPM Director, at their Senate Homeland Security Committee confirmation hearing on April 3.

The American Hospital Association News tells us,
- “The White House May 12 released an executive order to reduce prescription drug costs by allowing consumers to make direct purchases from drug manufacturers at “most favored nation” pricing, the lowest cost paid for the same medications in other countries. The order directs the Secretary of Health and Human Services to propose rules that impose most favored nation pricing and take other measures to reduce prescription drug costs.’

BioPharma Dive adds,
- “In a press briefing on Monday, White House officials revealed key details in the order. HHS will communicate the most-favored-nation prices to drugmakers and establish a mechanism for selling them directly to consumers at that price. If companies don’t use those prices, a new figure would be set through negotiation or federal regulation.
- “The White House will also ask the Food and Drug Administration to expand reimportation from countries with lower drug costs, officials said, though those requests would occur at a time of heightened tensions regarding global trade.
- “The Department of Commerce and U.S. Trade Representative will additionally be instructed to take action against countries that keep their drug prices low, the officials added.”

The Wall Street Journal reports, “The pharmaceutical industry’s reaction to President Trump’s executive order on drug prices? It could have been worse.”

Per Fierce Healthcare,
- “The Trump administration has issued new draft guidance for the third cycle of Medicare drug price negotiations.
- “The proposals seek to boost transparency in the program and put a focus on negotiating for the drugs that come at the highest cost to Medicare. The agency is also aiming to avoid negative impacts from the negotiated prices on U.S.-based pharmaceutical innovation, according to an announcement.
- “Under the guidance, drugs administered under Medicare Part B would be potentially included for the first time. The agency is looking for feedback in comments on how to manage access to the maximum fair price negotiated for Part B drugs.
- “The guidance also outlines that CMS may choose to renegotiate the price for certain drugs already set for 2026 or 2027.”

Modern Healthcare tells us,
- “A record 24.3 million people signed up for health insurance on federal and state-based marketplaces during the exchange open enrollment period for 2025.
- “Fueled by enhanced subsidies enacted in 2021 and extended in 2022, the number blew past the record set a year ago by nearly 2.9 million — a 13% increase, the Centers for Medicare and Medicaid Services reported Monday. The more sizable tax credits will expire at the end of this year, barring a congressional renewal.”

The AHA New informs us,
- “The AHA May 12 responded to the Office of Management and Budget’s April 11 request for information on regulatory relief, making 100 suggestions to the Trump administration to help reduce burden on hospitals and health systems. “The Trump administration has rightly pointed out that the health status of too many Americans does not reflect the greatness or wealth of our nation,” said AHA President and CEO Rick Pollack. “Excessive regulatory and administrative burdens are a key contributor, as they add unnecessary cost to the health care system, reduce patient access to care and stifle innovation.”
- “The AHA’s recommendations fall under four categories: billing, payment and other administrative requirements; quality and patient safety; telehealth; and workforce.”

From the judicial front,

On May 9 (although the FEHBlog did not find it until today), the Justice Department asked the U.S. District Court of the District of Columbia to hold the ERISA Industry Committee’s lawsuit challenging the legality of the 2024 federal mental health parity amendments in abeyance while the governing agencies decide whether to modify or rescind the amendments. Here is a Dropbox link to the motion. The government’s motion states in short:
- “The Departments have informed undersigned counsel that they intend to reconsider the 2024 Rule at issue in this litigation, including whether to issue a notice of proposed rulemaking rescinding or modifying the regulation.” * * *
- “The 2024 Rule has two applicability dates: plan years beginning on or after January 1, 2025, and plan years (in the individual market, policy years) beginning on or after January 1, 2026. On April 25, 2025, the Departments informed undersigned counsel that they intend to (1) issue a non-enforcement policy in the near future covering the portions of the 2024 Rule that are applicable for plan years beginning on or after January 1, 2025, and January 1, 2026, and (2) reexamine the Departments’ current MHPAEA enforcement program more broadly. To confer with Plaintiff about the requested stay, Defendants provided Plaintiff with a copy of the non-enforcement policy that they expect to publicly release memorializing their intention not to enforce the portions of the 2024 Rule that are applicable for plan years beginning on or after January 1, 2025, and January 1, 2026.”
Today, the presiding Judge Timothy J. Kelly granted the motion and ordered the parties to file status reports every 90 days beginning August 7, 2025.

From the public health and medical research front,

STAT News lets us know,
- “Health secretary Robert F. Kennedy Jr. and his lieutenants have sent multiple signals in recent weeks that they envisage a world in which far fewer people are urged to get Covid-19 shots each fall. They aren’t the first ones to suggest it.
- “The Advisory Committee on Immunization Practices — the expert panel that has, until now, guided the nation’s vaccine policies — is already talking about changing policy in ways that would have this exact effect. A presentation from the group’s meeting last month suggests that, if they’re allowed to meet this summer, they’ll recommend annual shots for adults 65 and older, some younger adults with medical conditions that increase their risk of severe illness from Covid infection, including pregnant people, possibly health care workers, and some very young children. Read more from STAT’s Helen Branswell.”
MedPage Today points out,
- [T]he mumps vaccine’s less-than-stellar performance is no secret. Infectious disease experts readily acknowledge that the mumps portion of the vaccine isn’t as good as the measles or rubella portions.
- “We eliminated measles by 2000 and rubella by 2005, but we’ve never eliminated mumps,” Paul Offit, MD, of the Children’s Hospital of Philadelphia, told MedPage Today. “So it’s true that it’s not as good of a vaccine as those two.”
- “Indeed, mumps cases occur every year, and there have been several “outbreak” years in the last two decades — but the CDC isn’t hiding that. It reports mumps cases on its website.
- “And it doesn’t mean the baby should be thrown out with the bath water. In fact, the mumps vaccine “has dramatically reduced the incidence of mumps by about 99%,” since it was introduced in 1967, Offit said, highlighting the accompanying drop in incidence of acquired deafness.
- “Mumps was the most common cause of acquired deafness in the U.S.,” Offit said. “Now, homes for the deaf have closed.”
- “Mumps cases fell from more than 150,000 in 1968 to 357 in 2024, according to CDC data.”
and
- “Ten people in California and Nevada were hospitalized in a listeria outbreak linked to prepared foods, the FDA said.”

Per BioPharma Dive,
- “Safety concerns have spurred the Food and Drug Administration and Centers for Disease Control and Prevention to recommend suspending use of Valneva’s chikungunya vaccine in people at least 60 years of age.
- “The recommendation announced Monday comes days after the European Medicines Agency temporarily suspended use of the vaccine, known as Ixchiq, in those over 65 pending an investigation. A committee advising the CDC previously suggested a precaution for use in a similar age group.
- “The FDA and CDC have upheld recommendations for use in adults between 18 and 60 years of age, while the EMA still endorses the shot for individuals between 12 and 64.”

The American Medical Association lets us know what doctors wish their patient knew about cancer screenings and prevention.

Consumer Reports, writing in the Washington Post, discusses, “how to ease IBS symptoms. Irritable bowel syndrome affects 10 to 15 percent of U.S. adults. Dietary and other changes can help.”

Per Fierce Pharma,
- “The HER2-targeted antibody-drug conjugate that Pfizer gained from its Seagen buyout has delivered positive results in a pivotal study among Chinese patients with newly diagnosed bladder cancer, a readout that bodes well for the New York pharma’s own global phase 3 trial.
- “A combination of the HER2 agent, called disitamab vedotin, and Junshi Biosciences’ PD-1 inhibitor toripalimab outperformed chemotherapy at both delaying tumor progression and extending patients’ lives as a first-line treatment for HER2-expressing locally advanced or metastatic urothelial carcinoma, RemeGen said Monday.
- “The results came from an interim analysis of a Chinese phase 3 trial coded RC48-C016, which has now met its two primary endpoints of progression-free survival and overall survival, according to RemeGen. The company said the improvements were statistically significant and clinically meaningful.”

From the U.S. healthcare business front,

Fierce Healthcare reports,
- “Kaiser Permanente logged a 2.9% operating margin and 16.1% year-over-year jump in first-quarter operating revenues on the back of recent health system acquisitions through its Risant Health subsidiary, the Oakland, California-based integrated health system announced Friday.
- “Year-over-year overall performance reflected a continued focus on affordability for members and customers and the addition of Risant Health revenues,” the system said.
- “The topline results shared ahead of Kaiser’s required filings outline more than $31. 8 billion of operating revenues and $30.9 billion of operating expenses, both well above the $27.4 billion and $26.5 billion of Q1 2024.
- “These translated to an operating income of $932 million for the quarter ended March 31, 2025, a slight decline from the prior year’s $935 million and 3.4% operating margin.”

Per Beckers Payer Issues,
- On average, insurers pay 4.7% higher commercial prices to hospitals that are a part of their Medicare Advantage networks compared to those not in network, according to a study published May 8 in Health Services Research.
- The study analyzed 5,654 insurer-hospital contracts across seven large insurers that offer both commercial (employer-sponsored and ACA) and MA health plans. The researchers used data from Turquoise Health, the American Hospital Association, and Clarivate, focusing on five commonly used services.
- “We compared inpatient negotiated commercial prices between insurers at the same hospital that do not include the hospital in their MA network and those that do,” the researchers wrote. “We used Poisson regression with hospital fixed effects, adjusting for insurer fixed effects and insurer-market covariates.” * * *
- “We find suggestive evidence consistent with this ‘price-shifting’ hypothesis, where prices in the commercial market may be adjusted to secure agreement over MA networks. We find that insurers pay higher commercial prices to hospitals that are in their MA networks,” the researchers concluded.”

MedTech Dive notes,
- “Roche Diagnostics will build a $550 million expansion to produce continuous glucose monitors at an Indianapolis facility. Roche will use the site to make its Accu-Chek Smartguide devices, which launched last year in Europe as the company’s first CGM.
- “Our goal is to initiate production within three years, followed by preparing for future generations of that CGM solution,” Richeal Cline, head of global operations for Roche Diagnostics, said in a Monday press conference.
- “The Indianapolis site is Roche Diagnostics’ North American headquarters. It houses research and development, laboratories, manufacturing and other functions, and produces Roche’s Accu-Chek diabetes test strips. The facility is one of two global distribution hubs for the company.
- “Roche will refurbish an existing building for the manufacturing space and may construct new buildings to meet future demand, Cline said.”

Beckers Hospital Review tells us,
- “Walgreens is expanding its use of robotic micro fulfillment centers to handle prescription volume as part of a renewed push to streamline pharmacy operations and address staffing challenges, CNBC reported May 11.
- “The company told the news outlet it plans to have its 11 automated facilities serve more than 5,000 stores by the end of 2025, up from 4,800 in February.
- ‘The centers, first introduced in 2021, use robots and conveyor systems to fill maintenance prescriptions for chronic conditions such as diabetes and high blood pressure. However, Walgreens had paused the expansion in 2023 to address performance issues and gather feedback from its stores.
- “The new expansion is aimed at reducing routine tasks for in-store pharmacy staff to free them up for more clinical work like vaccinations and health screenings, the report said.”

Weekend Update

David Ermer–Congress, FDA, Medical / Rx research, OPM, Rx coverage, U.S. Healthcare–May 11, 2025May 11, 2025

From Washington, DC,

The Senate and the House of Representatives remain in session this week on Capitol Hill for Committee business and floor voting.

The Senate Executive Calendar informs us that Majority Leader Thune is bringing to the Senate floor nominations that received Committee approval in the same week as OPM Director nominee Scott Kupor (Calendar No. 81).

The Wall Street Journal reports,
- “House Republicans are releasing their plan to cut Medicaid spending, with the program’s defenders in the GOP appearing to win the intraparty clash over how aggressively to change the system that provides health insurance to more than 70 million low-income and disabled people.
- “A section-by-section summary of the bill text, which was viewed by The Wall Street Journal, includes some of the changes Republicans have weighed for Medicaid, including work requirements and more frequent eligibility checks. But it doesn’t lower the minimum share the federal government contributes to Medicaid in each state, cap per-person federal spending in the program or other steps some spending hawks sought.” * * *
- “The bill would require Medicaid recipients to work, volunteer or attend school for 80 hours a month. The requirement would apply to most able-bodied adults through age 64 without dependents and includes exceptions for pregnant women, people with substance-use disorders and others.”

Fierce Healthcare tells us,
- “Senators Shelley Moore Capito, R-W.Va., and Jeanne Shaheen, D-N.H., reintroduced the Access to Prescription Digital Therapeutics (PDT) Act on Thursday to expand access to software-based treatments.
- “Advocates will bring new economic data from Germany to make the case to Congress, Centers for Medicare & Medicaid Services (CMS) Director Mehmet Oz, M.D., and Department of Health and Human Services Secretary Robert F. Kennedy Jr. to create pathways for coverage of the technologies.
- “By leaning into the Make America Healthy Again (MAHA) crowd in Washington, advocates at the American Telemedicine Association’s (ATA’s) lobbying arm think they have an unprecedented chance to pass the bill.
- “The Access to PDT Act would create a reimbursement pathway for software that treats medical conditions, like Cognoa’s early autism diagnosis product and Freespira’s panic attack disorder treatment. The category has broadly struggled with uptake because the Medicare program does not have the authority to cover the technologies under its existing benefit categories.”
Bloomberg Law reports,
- “President Donald Trump said he plans to sign an executive order to cut prescription drug prices by mandating that the US pays the same price for drugs as whichever country pays the lowest price in the world.
- “He said in a social media post that that he would sign the order at 9 am Monday, Washington time. He predicted pharmaceutical prices could drop 30% to 80%.
- “Trump’s Truth Social post didn’t detail how the order would work. He also didn’t specify potential limits on the policy, such as if it would apply only to government programs like Medicare or Medicaid, or if the White House sees a way to apply this more broadly.”
- If true, this would be a policy mistake in the FEHBlog’s opinion. Government price controls usually backfire.

Federal News Network reports,
- “The Office of Personnel Management appears to be walking back the surprise sole-source contract award it made just a week ago for HR information technology services.
- “On Friday, OPM posted a one-sentence notice on SAM.gov saying that the justification and approval it issued a week earlier, explaining its no-bid award to Workday, was being “canceled in its entirety.”
- “Spokespeople for OPM and Workday did not immediately respond to inquiries from Federal News Network, and the reasons for canceling the justification document were not immediately clear. Also unclear was whether the government was canceling the $342,200 award entirely, or merely the approval document that allowed the contract to go forward without a competitive bidding process. However, federal contracting experts said the agency would not be able to proceed with the award without a documented justification and approval.”

Medical Economic informs us,
- “Osteoboost Health Inc. announced Wednesday the nationwide release of Osteoboost, the first and only FDA-cleared prescription medical device for low bone density, offering new hope for the more than 50 million Americans affected by osteopenia and osteoporosis.
- “The wearable device delivers targeted vibration therapy to the spine and hips—areas most vulnerable to osteoporotic fractures. Cleared through the FDA’s De Novo pathway and designated a Breakthrough Device, Osteoboost represents a major innovation in preventative care for bone health.
- “The longevity conversation is everywhere, but people rarely mention bone health even though it is fundamental to aging with confidence,” said Laura Yecies, CEO of Osteoboost Health. “Osteoboost empowers people to lead longer, stronger, and more active lives.”
- “Designed for at-home use, the belt-like device requires 30 minutes a day of therapy and can be worn while performing everyday tasks such as walking or cooking.”

From the judicial front,

Govexec relates,
- “Federal agencies cannot take any action to implement its widespread layoff plans across government after a federal judge ruled the Trump administration has likely acted unlawfully in ordering the staffing reductions.
- “The pause came in the form of a temporary restraining order and will last at least 14 days, Judge Susan Illston for the U.S. Court for the Northern District of California ruled Friday evening, meaning agencies cannot issue any reduction-in-force notices through May 23. The order came as several agencies, such as the Interior Department, Agriculture and others, were expected to begin implementing large-scale layoffs in the coming days.
- “The order prevents agencies from implementing their Agency RIF and Reorganization Plans, previously mandated by the Office of Personnel Management and Office of Management and Budget, and President Trump’s executive order that precipitated them. It applies to OMB and OPM, as well as the departments of Agriculture Commerce, Energy, Health and Human Services, Housing and Urban Development, Interior, Labor, State, Treasury, Transportation and Veterans Affairs. It also applies to AmeriCorps, the Environmental Protection Agency, the General Services Administration, the National Labor Relations Board, the National Science Foundation, the Small Business Administration and the Social Security Administration.”

Here is a Dropbox link to the Judge’s opinion, which the Justice Department has appealed to the U.S. Court of Appeals for the Ninth Circuit.

From the public health and medical research front,

The New York Times fills us in on the hepatitis A outbreak in Los Angele County, California.
- “The first signs of the infection can look a lot like a classic stomach bug: fever, fatigue, nausea and a loss of appetite, followed by vomiting and diarrhea. Over time, people who become infected can also experience yellowed skin and eyes, dark urine and pale stools.
- “One of the challenges to halting a hepatitis A outbreak is that contact tracing can be nearly impossible. The infection can incubate for up to seven weeks before symptoms appear, and a person carrying the virus can spread it for up to two weeks before they feel ill.
- “In addition, a significant proportion of people who become infected don’t experience major symptoms, said Dr. Edward Jones-Lopez, an infectious disease specialist with Keck Medicine of the University of Southern California, so they do not visit their doctor, who in turn does not run a blood test and report the case.”

Per Medscape,
- “Many of the US children not vaccinated with the measles-mumps-rubella (MMR) vaccine in the past decade were also missing other routine vaccinations after 12 months of age, according to data presented at Pediatric Academic Societies (PAS) 2025 Meeting.
- “Efforts to increase MMR vaccination should include outreach to families whose children fall behind on vaccines or may have lost contact with primary care,” Sophia R. Newcomer, PhD, MPH, of the University of Montana in Missoula, Montana, and colleagues reported in a poster.
- “The findings have particular significance in the midst of the current measles outbreaks, which have resulted in three deaths, including two children, in 2025. The Centers for Disease Control and Prevention (CDC) reported 884 total cases in 2025 as of April 25, most of which (93%) are associated with the 11 outbreaks in the country. The cases have spread to 29 states excluding Washington, DC, with 11% of cases involving hospitalization. Most of the cases were in children younger than 5 years (30%) or aged 5-19 years (38%), and 97% of the children were unvaccinated or their vaccination status was unknown.”

The Washington Post discusses new alternatives to knee replacement surgery. “Physicians caution that the treatments aren’t permanent fixes, but they may work well for some.”

Cardiovascular Business points out,
- “Tirzepatide is associated with a much lower all-cause mortality rate than semaglutide when patients present with type 2 diabetes, chronic kidney disease (CKD) and heart failure, according to new data presented at SCAI 2025 Scientific Sessions, the annual meeting of the Society for Cardiovascular Angiography and Interventions (SCAI).
- “Tirzepatide and semaglutide are both popular diabetes drugs being used more and more for weight loss and other benefits.
- “Tirzepatide is a popular dual GIP/GLP-receptor agonist sold by Eli Lilly and Company under the brand names Zepbound and Mounjaro. It has previously been linked to improved outcomes in patients with sleep apnea and heart failure with preserved ejection fraction.
- “Semaglutide, meanwhile, is a GLP-1 receptor agonist sold by Novo Nordisk under the brand names Wegovy and Ozempic. It has been associated with a long list of health benefits, including several associated with improvements in cardiovascular symptoms in patients with and without diabetes.” * * *
- Tirzepatide is associated with a much lower all-cause mortality rate than semaglutide when patients present with type 2 diabetes, chronic kidney disease (CKD) and heart failure, according to new data presented at SCAI 2025 Scientific Sessions, the annual meeting of the Society for Cardiovascular Angiography and Interventions (SCAI).” * * *
- “Lead author Adbul Wali Khan, MD, a resident at the University of Missouri Kansas City, presented the group’s findings. Overall, semaglutide was linked to a higher one-year risk of all-cause mortality, acute myocardial infarction, ischemic stroke and hospital readmission than tirzepatide. The rates of hemorrhagic stroke, atrial fibrillation, atrial flutter and cardiac arrest were comparable between the two drugs.
- “Semaglutide did appear to perform better than tirzepatide in one important way; HbA1c levels were less likely to be under 7% for patients treated with tirzepatide than those treated with semaglutide.”

Medscape considers whether new approaches can turn the tide against U.S. pain problems.

From the U.S. healthcare business front,

Per Fierce Healthcare,
- “Omada Health, a virtual chronic care provider, filed to go public Friday, marking the second digital health company making plans for an initial public offering in 2025.
- “The company has not specified the number of shares to be offered or the price range for the proposed offering.
- “It intends to list on the Nasdaq Global Market under the ticker symbol “OMDA.”

Per Healthcare Dive,
- “New Insulet CEO Ashley McEvoy set out her priorities for the diabetes technology company on Thursday.
- “Insulet is already a standout success story,” McEvoy told investors during her first call after taking on the role, adding that the firm is one of the fastest-growing businesses in medtech. “Now is the time to envision what it will take to expand from a medtech platform with emerging global strength to a durable world leader in diabetes management.”
- “McEvoy was named chief executive in late April, with the goal of helping the insulin pump maker prepare for its next phase of growth. Previously, she led Johnson & Johnson’s medtech business unit and has more than 15 years of leadership experience in the medical device sector.
- “McEvoy said Insulet sits at the intersection of consumer health and medtech.
- “I have a deep appreciation for the consumer’s increasing role in healthcare decisions and understanding that is especially relevant to a wearable technology like Omnipod,” McEvoy said.”

Medical Economics interviews “Heather Bassett, MD, chief medical officer of Xsolis, to find out how technology is affecting the prior authorization process.”

Cybersecurity Saturday

David Ermer–Cybersecurity–May 10, 2025May 10, 2025

From the cybersecurity policy and law enforcement front,

Per a Senate news release,
- “U.S. Senators Mike Rounds (R-S.D.), Chairman of the Senate Armed Services Committee’s Subcommittee on Cybersecurity, and Gary Peters (D-Mich.) introduced a bipartisan bill to extend the Cybersecurity Information Sharing Act (CISA) of 2015 for an additional ten years.
- CISA, signed into law in 2015, incentivizes companies to voluntarily share cybersecurity threat indicators, such as software vulnerabilities, malware or malicious IP addresses, with the Department of Homeland Security (DHS). This protects Americans’ personal information and makes certain that both the federal government and companies can take collaborative steps to prevent data breaches or attacks from cybercriminals and foreign adversaries.
- “The Cybersecurity Information Sharing Act of 2015 has been instrumental in strengthening our nation’s cyber defenses by enabling critical information sharing between the private sector and government,” said Rounds. “Allowing this legislation to lapse would significantly weaken our cybersecurity ecosystem, removing vital liability protections and hampering defensive operations across both the defense industrial base and critical infrastructure sectors.”
- “As cybersecurity threats grow increasingly sophisticated, information sharing is not just valuable—it remains essential for our national security,” said Peters. “For the past ten years, these critical protections have helped to address rapidly evolving cybersecurity threats, and this bipartisan bill will renew them so we can continue this collaborative partnership between the private sector and government to bolster our nation’s cybersecurity defenses against a wide range of adversaries.”
- Click HERE to read full text of the bill.

Cyberscoop reports,
- “A bipartisan Senate bill would formally ban the use of DeepSeek by federal contractors, part of a larger effort to keep the Chinese-made large language model out of government systems and networks, where lawmakers fear it could pose cybersecurity and national security concerns.
- “The bill, introduced by Sens. Bill Cassidy, R-La., and Jacky Rosen, D-Nev., would bar federal contractors from using the model to carry out any activity related to a federal contract. It also blocks contractors from using any successor model developed by High Flyer, the Chinese quantitative firm that made DeepSeek.
- “Cassidy and Rosen cited the potential that the use of DeepSeek — which acknowledges that it sends user data back to China — to carry out contract work may put sensitive federal data in the hands of the Chinese government.
- “AI is a powerful tool which can be used to enhance things like medicine and education,” Cassidy said in a statement. “But in the wrong hands, it can be weaponized. By feeding sensitive data into systems like DeepSeek, we give China another weapon.”
and
- “Authorities in Poland have arrested four people accused of administrating and selling access to distributed denial of service (DDoS) services, according to a press release from Europol.
- “The suspects are believed to have operated six so-called “stresser” or “booter” services that enabled customers across the world to launch thousands of attacks on targets ranging from government offices to businesses and schools. From 2022 to 2025, the platforms — identified as Cfxapi, Cfxsecurity, neostress, jetstress, quickdown, and zapcut — allegedly allowed users to bombard websites and servers with high volumes of junk traffic, often rendering them inaccessible.
- “The services, which offered easy-to-navigate interfaces, required minimal user knowledge: attackers could select a target, choose the attack specifications, and pay as little as 10 euros for each disruption, according to Europol.
- “The arrests in Poland were part of a coordinated law enforcement response spanning four countries and supported by Europol. In addition to the Central Cybercrime Bureau in Poland, the investigation was supported by German Federal Criminal Police Office, the Prosecutor General’s Office in Frankfurt, the Dutch National Police, and multiple U.S. agencies, including the Department of Justice, FBI, Homeland Security Investigations (HSI), and Defense Criminal Investigative Service (DCIS).”

From the cybersecurity breaches and vulnerabilities front,

Bleeping Computer tells us,
- “Ascension, one of the largest private healthcare systems in the United States, has revealed that the personal and healthcare information of over 430,000 patients was exposed in a data breach disclosed last month.
- “As Ascension revealed in breach notification letters sent to affected individuals in April, their information was stolen in a data theft attack that impacted a former business partner in December.
- “Depending on the impacted patient, the attackers could access personal health information related to inpatient visits, including the physician’s name, admission and discharge dates, diagnosis and billing codes, medical record number, and insurance company name. They could also gain access to personal information, including name, address, phone number(s), email address, date of birth, race, gender, and Social Security numbers (SSNs).” * * *
- “Our investigation determined on January 21, 2025, that Ascension inadvertently disclosed information to a former business partner, and some of this information was likely stolen from them due to a vulnerability in third-party software used by the former business partner.” * * *
- “Although Ascension didn’t share any details regarding the breach affecting its former business partner, the timeline of the breach implies that the attack was part of widespread Clop ransomware data theft attacks that exploited a zero-day flaw in Cleo secure file transfer software.
- “Last year, Ascension notified almost 5.6 million patients and employees that their personal, financial, insurance, and health information had been stolen in a May 2024 Black Basta ransomware attack.”
and
- “Cisco has fixed a maximum severity flaw in IOS XE Software for Wireless LAN Controllers by a hard-coded JSON Web Token (JWT) that allows an unauthenticated remote attacker to take over devices.
- “This token is meant to authenticate requests to a feature called ‘Out-of-Band AP Image Download.’ Since it’s hard-coded, anyone can impersonate an authorized user without credentials.
- “The vulnerability is tracked as CVE-2025-20188 and has a maximum 10.0 CVSS score, allowing threat actors to fully compromise devices according to the vendor.”

Cybersecurity Dive informs us,
- “A second wave of cyberattacks is targeting a critical vulnerability in SAP NetWeaver Visual Composer, according to researchers.
- “Following the initial round of threat activity disclosed in April, opportunistic threat actors are leveraging webshells that were previously established through exploitation of CVE-2025-31324. The vulnerability, with a CVSS score of 10, allows unauthenticated attackers to upload arbitrary files and take full control of a system, according to researchers at Onapsis.
- “Onapsis and Mandiant are tracking hundreds of confirmed compromises worldwide, with the cases spanning across multiple industries, including utilities, manufacturing, oil and gas and other critical infrastructure sectors.
- “The Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability to its known exploited vulnerabilities catalog in late April.”

Cyberscoop adds,
- “Vulnerabilities are proliferating in SonicWall devices and software this year, putting the vendor’s customers at risk of intrusion via secure access gateways and firewalls.
- “The year started off on a sour note for the California-based company when it released security advisories for nine vulnerabilities on Jan. 7. The total number of vulnerabilities publicly disclosed by the company so far in 2025 has grown to 20.
- “SonicWall vulnerabilities are also making a consistent appearance on the Cybersecurity and Infrastructure Security Agency’s known exploited vulnerabilities (KEV) catalog. Cyber authorities confirm that attackers exploited four vulnerabilities in SonicWall products so far this year, and 14 total since late 2021.
- “Eight of those vulnerabilities have been exploited in ransomware campaigns, according to CISA.”

Bleeping Computer adds,
- “SonicWall has urged its customers to patch three security vulnerabilities affecting its Secure Mobile Access (SMA) appliances, one of them tagged as exploited in attacks.
- “Discovered and reported by Rapid7 cybersecurity researcher Ryan Emmons, the three security flaws (CVE-2025-32819, CVE-2025-32820, and CVE-2025-32821) can be chained by attackers to gain remote code execution as root and compromise vulnerable instances.
- “The vulnerabilities impact SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v devices and are patched in firmware version 10.2.1.15-81sv and higher.”

CISA added four known exploited vulnerabilities to its catalog this week.
May 5, 2025
- CVE-2025-3248 Langflow Missing Authentication Vulnerability
- Dark Reading discusses this KVE here.
May 6, 2025
- CVE-2025-27363 FreeType Out-of-Bounds Write Vulnerability
- Hacker News discusses this KVE here.
May 7, 2025
- CVE-2024-6047 GeoVision Devices OS Command Injection Vulnerability
- CVE-2024-11120 GeoVision Devices OS Command Injection Vulnerability
- SC Media discusses these KVEs here.

From the ransomware front,

Dark Reading reports,
- “Email-based attacks continued to cost enterprises big bucks in 2024, according to new cyber-insurance claims data.
- “Cyber-insurance carrier Coalition published its “2025 Cyber Claims Report” on May 7, showing that business email compromise (BEC) attacks and fund transfer fraud (FTF) accounted for 60% of all the company’s claims last year. BEC attacks were particularly problematic for customers, according to Coalition; claims severity for such threats increased 23%, with incident’s costing organizations, on average, $35,000.
- “That dollar figure is a far cry from the average loss for ransomware attacks in 2024, which Coalition said was $292,000. However, the claims report, which features data from customers in the US, the UK, Canada, and Australia, offered some encouraging data points, including a 7% drop in ransomware claims severity and a 3% decline in claims frequency.
- “Additionally, Coalition found that FTF claims severity fell dramatically by 46%, to an average loss of $185,000, while claims frequency dropped 2%. Overall, the cyber-insurance carrier said it observed “remarkable year-over-year (YoY) stability” for claims, despite an intensifying threat landscape where financially motivated attackers continue to develop novel techniques and exploit new vulnerabilities.”

The Hacker News relates,
- “Threat actors with ties to the Qilin ransomware family have leveraged malware known as SmokeLoader along with a previously undocumented .NET compiled loader codenamed NETXLOADER as part of a campaign observed in November 2024.
- “NETXLOADER is a new .NET-based loader that plays a critical role in cyber attacks,” Trend Micro researchers Jacob Santos, Raymart Yambot, John Rainier Navato, Sarah Pearl Camiling, and Neljorn Nathaniel Aguas said in a Wednesday analysis.
- “While hidden, it stealthily deploys additional malicious payloads, such as Agenda ransomware and SmokeLoader. Protected by .NET Reactor 6, NETXLOADER is difficult to analyze.”
- “Qilin, also called Agenda, has been an active ransomware threat since it surfaced in the threat landscape in July 2022. Last year, cybersecurity company Halcyon discovered an improved version of the ransomware that it named Qilin.B.”

Per Bleeping Computer,
- “The Play ransomware gang has exploited a high-severity Windows Common Log File System flaw in zero-day attacks to gain SYSTEM privileges and deploy malware on compromised systems.
- “The vulnerability, tracked as CVE-2025-29824, was tagged by Microsoft as exploited in a limited number of attacks and patched during last month’s Patch Tuesday.
- “The targets include organizations in the information technology (IT) and real estate sectors of the United States, the financial sector in Venezuela, a Spanish software company, and the retail sector in Saudi Arabia,” Microsoft said in April.”

The Wall Street Journal reports,
- “The hacking group that once shut down half the Las Vegas Strip has returned and is causing turmoil at U.K. retailers.
- “The hackers call themselves Star Fraud but are more widely known as Scattered Spider, a collective of largely young men and teenagers that have wreaked havoc across industries in recent years.
- “U.K. retailers Harrods, Marks & Spencer MKS -1.05%decrease; red down pointing triangle and Co-op have all reported cyber intrusions in the past two weeks. Scattered Spider hasn’t been publicly named as the culprit of the hacks, but is suspected in at least some of them, according to people familiar with the investigation.
- “The attacks bear all the hallmarks of Scattered Spider attacks, disrupting online sales and certain payments and leading to the theft of customer data. The stores have remained open.
- “The group’s hackers “typically work their way through a sector, so other retailers should take the opportunity to harden their defenses,” said John Hultquist, chief analyst with Google’s Mandiant cybersecurity investigations group.”

Per Cyberscoop,
- “Five months after education software vendor PowerSchool paid an unnamed threat actor a ransom in exchange for the deletion of sensitive stolen data, some of the company’s customers are now receiving extortion demands.
- “A threat actor, who may or not be the same criminal group behind the attack, has contacted four school district customers of PowerSchool in the past few days, CyberScoop has learned, threatening to leak data if they don’t pay.
- “The downstream extortion attacks highlight the ongoing risk organizations confront when a vendor is hit by a cyberattack, exposing not just their data but also that of others in their supply chain. The follow-on extortion attempts also underscore that paying ransoms for data does not guarantee stolen data won’t be leaked.”

Dark Reading reports,
- “The notorious ransomware gang LockBit appeared to suffer another setback this week after its network was compromised by an unknown adversary.
- “On May 7, a range of security researchers observed that LockBit’s Dark Web leak site had been altered. Instead of listing victim organizations, the site now features a simple message: “Don’t do crime CRIME IS BAD xoxo from Prague,” along with a link to a zip archive.
- “The archive, according to analysis from Qualys yesterday, among others, includes a SQL database file from LockBit’s affiliate panel. Coalition researchers, meanwhile, noted the file includes extensive internal data from the ransomware-as-a-service operation, including nearly 60,000 Bitcoin addresses and more than 4,000 chats with victim organizations from between Dec. 19, 2024, and April 29, 2025.
- “The file also contains information on more than 70 LockBit administrators and affiliates, researchers noted, including plaintext passwords, as well individual builds and configurations of the LockBit ransomware code. However, the leaked data did not include decryptors or private keys.”

From the cybersecurity defenses front,

CISA announced,
- “The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Environmental Protection Agency (EPA), and Department of Energy (DOE)—hereafter referred to as “the authoring organizations”—are aware of cyber incidents affecting the operational technology (OT) and industrial control systems (ICS) of critical infrastructure entities in the United States. The authoring organizations urge critical infrastructure entities to review and act now to improve their cybersecurity posture against cyber threat activities specifically and intentionally targeting internet connected OT and ICS.”
- Mitigations and resources are included in the announcement.

Bank Info Security lets us know that “Despite the rise of artificial intelligence and automation, human ingenuity remains a critical asset in defending against cyberthreats, said Kara Sprague, CEO at HackerOne.”
Here is a link to Dark Reading’s CISO Corner.

Friday Report

David Ermer–CDC, Congress, COVID-19, FDA, Medical / Rx research, U.S. Healthcare–May 9, 2025May 10, 2025

From Washington, DC,

Govexec reports,
- “The U.S. Postal Service confirmed on Friday it will name David Steiner, a long-time CEO of Waste Management and FedEx board member, to become the nation’s 76th postmaster general, handing the reins to the executive while the mailing agency continues to reel financially and is in the midst of major political and operational disruption.
- “Steiner will succeed former Postmaster General Louis DeJoy, who resigned amid pressure in March, and Doug Tulino, who is currently the acting USPS chief. The Postal Service’s board of governors hired an outside firm to conduct a search to replace DeJoy and made the selection as required by law, though The Washington Post, which first reported Steiner’s selection, said President Trump and his administration pushed for the hire.
- “Still, the postal board threw its full weight behind Steiner.
- “Dave is the right person to lead the Postal Service at this time to ensure this magnificent and historic organization thrives into the future,” said Amber McReynolds, the board’s chair and a President Biden appointee. “Dave is a highly regarded leader and executive with tremendous vision, experience and skill that can be applied to the long-term mission and business needs of the Postal Service.
- “Steiner, who is expected to take over his new role in July, called it an “incredible honor” to be named as postmaster general. While Trump has floated the possibility of removing the Postal Service’s independent status, Steiner committed to it. He also vowed to work closely with postal unions, industry associations, customers and policymakers.”
The FEHBlog took a peek at reginfo.gov this morning, and he noticed the following:
- “Department of Labor
  “AGENCY: DOL-EBSA RIN: 1210-AC30 Status: Pending Review
  “TITLE:Transparency in Coverage
  “STAGE: Prerule Economically Significant: No
  “RECEIVED DATE: 05/02/2025 LEGAL DEADLINE: None”
- The FEHBlog expects that this prerule ties in with paragraph 12 of the President’s April 15, 2025, executive order on drug costs:
  - “Sec. 12. Improving Transparency into Pharmacy Benefit Manager Fee Disclosure. Within 180 days of the date of this order, the Secretary of Labor shall propose regulations pursuant to section 408(b)(2)(B) of the Employee Retirement Income Security Act of 1974 to improve employer health plan fiduciary transparency into the direct and indirect compensation received by pharmacy benefit managers.”
- Evidently, you can request an EO 12886 meeting at this pre-rule stage. https://www.reginfo.gov/public/do/eoDetails?rrid=937013

On Monday, May 12, the Trump Administration must answer ERIC’s challenge to the legality of the 2024 mental health parity rule changes. The FEHBlog reviewed the PACER docket sheet this morning, and the government has not asked for more time to answer beyond May 12. The Administration could resolve the case by withdrawing the rule making.

Per Radiology Business,
- “Sen. Roger Marshall, MD, R-Kan., introduced legislation on Wednesday to boost Medicare payments for radiologists and other physicians.
- “The lawmaker is proposing the ‘‘Medicare Patient Access and Practice Stabilization Act of 2025.’’ This comes after Rep. Greg Murphy, MD, R-N.C., in January introduced the same bill in the U.S. House, which has now gathered 167 co-sponsors.
- “Marshall—who practiced as an OB-GYN specialist for 25 years before joining Congress—had not issued a statement about the proposal as of late Thursday. His office did not immediately respond to a Radiology Business request for comment.
- “Anders Gilberg, senior VP of government affairs for the Medical Group Management Association, touted the bill on social media May 7. He said the initial proposal is to increase Medicare physician reimbursement by 8.51% starting on June 1.”

In Food and Drug Administration news,

MedCity News reports,
- “On Friday, a San Francisco-based startup received FDA approval for the first-ever at-home cervical cancer test.
- “The company, named Teal Health, was founded in 2020 and has raised $23 million. The startup has developed an at-home cervical cancer screening kit, which seeks to give patients an alternative to the in-office pap smear.
- “Many women don’t get a pap smear, which is the standard screening method for cervical cancer — CDC guidelines say that women should be tested regularly from ages 21-65, yet only 1 in 4 women of screening age get screened. Not only do many women struggle to find access to this exam, but many patients find the pap test to be uncomfortable and invasive.”
- The article explains the at-home testing process.
- “The startup is preparing to launch in California first, and it is already in network with Aetna, Cigna, UnitedHealthcare and Anthem Blue Cross Blue Shield, [CEO and founder Kara] Egan stated.
- “We’re also in conversations with several large national payers to get this covered nationally. For us, the goal is to make sure it’s affordable for women,” she declared.
- “She said Teal plans to start shipping tests to patients’ homes sometime next month.”

Per a National Institutes of Health news release,
- “Today, the U.S. Food and Drug Administration (FDA) and the National Institutes of Health (NIH) announced a new, joint innovative research initiative that will serve as a key element in fulfilling U.S. Department of Health and Human Services Secretary Robert F. Kennedy, Jr.’s commitment to Make America Healthy Again. With diet-related chronic diseases continually rising, it is imperative that the FDA and NIH work in lockstep to invest in gold standard science, prioritize a better understanding of the root causes to end the diet-related chronic disease crisis and safeguard the health of America’s children.
- “Under the new Nutrition Regulatory Science Program, the FDA and NIH will implement and accelerate a comprehensive nutrition research agenda that will provide critical information to inform effective food and nutrition policy actions to help make Americans’ food and diets healthier. The initiative will aim to answer questions such as:
  - “How and why can ultra-processed foods harm people’s health?
  - “How might certain food additives affect metabolic health and possibly contribute to chronic disease?
  - “What is the role of maternal and infant dietary exposures on health outcomes across the lifespan, including autoimmune diseases?
- “Answering these questions and many others will enable effective policy development and help promote the radical transparency Americans deserve about the foods they are eating and how those foods can impact their health.”

To that end, an HHS news release announced that the FDA “granted three new color additive petitions that will expand the palette of available colors from natural sources for manufacturers to safely use in food.”
STAT News tells us,
- “The FDA has granted accelerated approval to Verastem’s combination treatment for ovarian cancer. It licensed and has paired two drugs — avutometinib, an MEK inhibitor first developed by Roche subsidiary Chugai Pharmaceutical, with defactinib, an adhesion kinase blocker developed by Pfizer. The approval is for adults with a recurrent KRAS-mutated form of the disease who have already received systemic therapy.
- “The approval of the treatment, called Avmapki Fakzynja, is based on a study of 57 pre-treated patients who showed a 44% overall response rate, with responses lasting up to 31 months. The company is also testing this combination in Phase 1/2 trial in patients with front-line metastatic pancreatic cancer.”

From the public health and medical research front,

The Centers for Disease Control and Prevention announced today,
- “Seasonal influenza, COVID-19, and RSV activity is low and declining.
- “COVID-19
  - “COVID-19 activity has declined to low levels nationally. Wastewater levels are at low levels, emergency department visits are at very low levels, and laboratory percent positivity is stable.
  - “Additional information about current COVID-19 activity can be found at: CDC COVID Data Tracker: Home
- “Influenza
  - “Seasonal influenza activity is low and declining.
  - “Additional information about current influenza activity can be found at: Weekly U.S. Influenza Surveillance Report | CDC
- “RSV
  - “RSV activity has declined to low levels in most areas of the country.
- “Vaccination
  - “New research finding: In the first RSV season with widespread availability of RSV prevention products (maternal vaccine and nirsevimab), RSV-associated hospitalization rates among infants were lower than in prepandemic seasons. A report released in the May 8, 2025, MMWR demonstrated that in 2024–25, RSV hospitalization rates were 45-52% lower in infants younger than 3 months old and 28-43% lower in infants younger than 8 months old compared to 2018-2020 seasons before product introduction.”

The University of Minnesota’s CIDRAP adds,
- “A 2024-25 flu season that has been classified as high severity has now reached low transmission levels, but 10 new flu-related deaths in children bring the season’s total to 226, the most since 2009-10, when 288 pediatric deaths were recorded, according to the latest FluView update today from the Centers for Disease Control and Prevention (CDC).”
and
- “In a weekly update today, the US Centers for Disease Control and Prevention (CDC) reported 66 more measles cases, pushing the national total to 1,001 and in just over 4 months keeps the nation on track to pass the 2019 total, which marked the nation’s worst year since the disease was declared to be eliminated in 2000.
- “The steady rise in cases is fueled by multiple outbreaks, with two more reported this week. The CDC is tracking 14 outbreaks that are responsible for 93% of cases.
- “The Texas Department of State Health Services (TDSHS) today reported 7 more cases since its last update on May 6, lifting the state’s total to 709 confirmed patients, of whom 679 (96%) were unvaccinated or had an unknown vaccination status. The number of affected counties remained at 29, and most cases are in Gaines County, the outbreak’s epicenter.
- “Five more hospitalizations were reported, putting that total at 92. The number of deaths remained at two.”

BioPharma Dive informs us,
- “Pittsburgh-based pharmaceutical firm Viatris on Thursday said a pain drug it’s been developing succeeded in two large clinical trials, setting the stage for an approval filing later this year.
- “The drug is a reformulated version of an old medication, meloxicam, designed to more quickly treat the sharp, “acute” pain felt after an injury or operation.”

From the U.S. business healthcare front,

Fierce Healthcare reports,
- “The American Medical Association (AMA) has announced John Whyte, M.D., as its new CEO and executive vice president, effective July 1.
- “Whyte, a practitioner and author with experience at government agencies and private sector medical media outlets, will be taking over for James Madara, M.D. The outbound executive had shared plans to end his 14-year run last June.
- “Unlike the physician association’s president and president-elect titles, which are voted on by membership for single-year terms, the CEO position is appointed by the AMA’s board of trustees for an open-ended tenure. They are tasked with overseeing the organization’s day-to-day operations.”
and
- “Artificial intelligence assistants could ease the transition to value-based care for primary care practices, a new report by Phyx Primary Care found.
- “VBC can be administratively burdensome due to its enhanced reporting requirements. Primary care practices report that the transition to VBC is often long and results in a mix of VBC and fee-for-service billing practices.
- “In a study of 120 physicians who had used an AI scribe for 30 days or more, providers reported a 40% reduction in clinical review time for complex patients and a 32% decrease in physician burnout. The study was conducted by Phyx Primary Care, a nonprofit innovation lab that evaluates emerging technologies and evolving payment models.”

Healthcare Dive relates,
- “HCA Healthcare, Tenet Healthcare, Universal Health Services and Community Health Systems all posted financial results that beat Wall Street expectations for the first quarter of 2025.
- “Still, the health systems are maintaining their full-year outlooks as they exit the first quarter, despite most systems growing their revenue.”

Per a press release,
- Blue Cross Blue Shield of Massachusetts (“Blue Cross”) today announced a new virtual-first primary care option designed to support members’ health when and where they need it. CloseKnit, which provides virtual and in-person access to primary care, is now available to most Blue Cross members. This comes at a critical time as Massachusetts continues to face a primary care physician shortage.
- As part of their agreement, CloseKnit is participating in Blue Cross’ value-based payment program and provides members with convenient and timely access to primary care.
- Here is a link to CloseKnit’s website.

Thursday Report

David Ermer–CDC, Congress, COVID-19 vaccine, FDA, Federal employment benefits, Medical / Rx research, NIH, OPM, SDOH, U.S. Healthcare, Uncategorized–May 8, 2025May 8, 2025

From Washington, DC,

The Senate Press Gallery indicates that the Majority Leader John Thune (R SD) plans to file cloture motions on six Presidential nominees (not including Scott Kupor) on Monday. Nevertheless, this action gives the FEHBlog hope that Scott Kupor’s nomination to be OPM Director will be brought to Senate floor this month.

The American Hospital Association News tells us,
- “Reps. Jennifer McClellan, D-Va., and Don Bacon, R-Neb., and Sens. Jeff Merkley, D-Ore., and Cindy Hyde-Smith, R-Miss., today reintroduced AHA-supported legislation addressing mental health and substance use disorder facility shortages. The Mental Health Infrastructure Improvement Act (H.R. 3266) would establish a new federal loan and loan guarantee program within the Department of Health and Human Services to build or renovate mental health or substance use disorder treatment facilities. At least a quarter of the funding would be reserved for pediatric- and adolescent-serving facilities. The bill would also prioritize facilities located in high-need, underserved or rural areas, and those capable of providing integrated care for patients with complex needs.”
Federal News Network informs us,
- “The Office of Personnel Management is hoping the sole-source, one-year contract it just awarded to Workday, a cloud-based HR services company, will help the agency manage what’s turned into a massive influx of HR work.” * * *
- “The contract with Workday will cover services for HR and personnel processing, payroll and benefits systems, time and attendance tracking, talent acquisition and performance management, all while ensuring compliance with federal requirements, according to the contract award notice.” * * *
- “The Workday contract, worth $342,200, will last for one year, at the end of which OPM said it plans to conduct an open competition for the next iteration of the HR IT contract.”

Per an FDA news release,
- “In a historic first for the agency, FDA Commissioner Martin A. Makary, M.D., M.P.H., today announced an aggressive timeline to scale use of artificial intelligence (AI) internally across all FDA centers by June 30, 2025, following the completion of a new generative AI pilot for scientific reviewers.
- “I was blown away by the success of our first AI-assisted scientific review pilot. We need to value our scientists’ time and reduce the amount of non-productive busywork that has historically consumed much of the review process. The agency-wide deployment of these capabilities holds tremendous promise in accelerating the review time for new therapies,” said Dr. Makary.
- “The generative AI tools allow FDA scientists and subject-matter experts to spend less time on tedious, repetitive tasks that often slow down the review process.
- “This is a game-changer technology that has enabled me to perform scientific review tasks in minutes that used to take three days,” said Jinzhong (Jin) Liu, Deputy Director, Office of Drug Evaluation Sciences, Office of New Drugs in FDA’s Center for Drug Evaluation and Research (CDER).”

Tammy Flanagan, writing in Govexec, lets us know how Social Security benefits fit into the federal retirement picture.

From the public health and medical research front,

Medpage Today points out,
- “Detections of H5N1 avian influenza have slowed in both animals and humans, but continued surveillance is warranted, CDC researchers said.
- “In dairy cattle, cases surged over the fall and early winter but eased in January, while cases in poultry flocks fell after February, and came down last month in backyard flocks, according to data on CDC’s website that was shared during a clinician outreach and communication activity (COCA) call on Tuesday.
- “Most of our human cases are known to be associated with animal exposures, so fewer infections in the animals leads to fewer infections in people,” Alicia Budd, MPH, team lead of the national surveillance and outbreak response team at the National Center for Immunization and Respiratory Diseases (NCIRD), said during the call.
- “It’s certainly great to see these declines in both animal and human cases, but it’s also critical that we maintain targeted monitoring and our general surveillance, so that if this situation changes, we’d be able to identify that quickly,” Budd added.”
and
- “The nation’s infant mortality rate dropped last year after 2 years of hovering at a late-pandemic plateau.
- “Some experts think one reason for the drop could be a vaccination campaign against respiratory syncytial virus (RSV)opens in a new tab or window, which is a common cause of cold-like symptoms that can be dangerous for infants.
- “The infant mortality national rate dropped to about 5.5 infant deaths per 1,000 live births in 2024, according to provisional data from the CDC posted Thursday. That’s down from about 5.6 per 1,000 live births, where it had been the previous 2 years.
- “CDC officials believe the findings will not change much when the final numbers come out later this year.”
Per Healio,
- “Tobacco-related ischemic heart disease mortality has increased in the U.S. since 1999.
- “The aging of the population and the introduction of novel nicotine products may be among the drivers.”
and
- “A risk prediction model assesses seven variables to determine the best intervention for lowering type 2 diabetes risk.
- “Intensive lifestyle intervention was the optimal treatment strategy for most adults.”

Per Cardiovascular Business,
- “Cardiovascular risk factors such as obesity and high blood pressure are much more prevalent in some parts of the United States than others—and some of those gaps are only widening as time goes on.
- “That was the biggest takeaway from a new analysis published in The American Journal of Cardiology. The study’s authors reviewed answers to the Behavioral Risk Factor Surveillance System (BRFSS) survey from 2011 to 2021 to track changes in various health inequities over time.
- “Delays in preventive care and screening as well as economic loss, disruptions in insurance coverage and worsening social determinants of health (food insecurity, housing instability) have fallen more heavily on low-income, minority and rural communities since the pandemic,” wrote first author Rachel K. Gardner, MD, a researcher with Beth Israel Deaconess Medical Center and Brigham and Women’s Hospital, and colleagues. “In addition, the spillover effects of the pandemic have disproportionately impacted some U.S. states more than others. Together, these changes could have profound implications for cardiovascular health across the country. However, little is known about how inequities in the burden of cardiometabolic and lifestyle risk factors across U.S. states have changed, especially since the pandemic. Understanding these epidemiological changes in place-based inequities is critically important and could inform targeted public health and policy interventions at the state- and national-level to advance cardiovascular health.”
- “The BRFSS survey is the world’s largest continuous health survey of its kind, collecting data from more than 400,000 adult participants each year. Gardner et al. based their comparison on data from 506,467 adults who participated in the survey in 2011 as well as 438,693 who participated in 2021.” * * *
- Click here for the full study.

Beckers Hospital Review reports,
- “Moderna’s new combination vaccine for seasonal influenza and COVID-19 has outperformed current standard vaccines in a large phase 3 clinical trial, showing stronger immune responses to both viruses in adults 50 years or older.
- “The findings, published May 7 in JAMA Network, come from a randomized study of more than 8,000 participants conducted across 146 U.S. sites. Participants either received the investigational combo vaccine mRNA-1083 or the standard influenza and COVID-19 vaccines recommended for their age group.
- “Among adults ages 50 to 64, mRNA-1083 generated a stronger immune response against all four influenza strains. In adults 65 and older, it outperformed the high-dose flu vaccine in three of the four strains. In both age groups, the vaccine also produced higher immune responses to SARS-CoV-2 compared to standard COVID-19 vaccine.”

The National Institutes of Health announced,
- “Researchers at the National Institutes of Health (NIH) have completed a comprehensive analysis of cancer statistics for different age groups in the United States and found that from 2010 through 2019, the incidence of 14 cancer types increased among people under age 50. Of these cancer types, nine—including several common cancers, such as breast cancer and colorectal cancer—also increased in some groups of people aged 50 and older. However, the incidence of 19 other cancer types—including lung cancer and prostate cancer—decreased among people under age 50, so the total rate of all cancers diagnosed in both younger and older age groups did not increase, nor did the rate of cancer death.
- “This study provides a starting point for understanding which cancers are increasing among individuals under age 50,” said lead investigator Meredith Shiels, Ph.D., of NIH’s National Cancer Institute. “The causes of these increases are likely to be cancer specific, including cancer risk factors becoming more common at younger ages, changes in cancer screening or detection, and updates to clinical diagnosis or coding of cancers.”
- “The study appeared May 8, 2025, in Cancer Discovery“.

The National Cancer Institute adds,
- “Scientists have developed a method of rapidly measuring the levels of certain genetic mutations in brain tissue samples collected from patients during surgery.
- “In a new study, researchers showed that the droplet digital polymerase chain reaction (ddPCR) method they developed could produce results in 15 minutes—the first time ddPCR has generated results so quickly.
- “Their tool accurately measured the levels of tumor cells in dozens of brain tissue samples, they reported. And it detected minute numbers of cancer cells, as few as five cells per square millimeter, according to findings published February 25 in Med.
- “The researchers developed the tool, which they call Ultra-Rapid ddPCR, to provide surgeons with information that could potentially help guide their decision-making during surgery.
- “This new technology could be an additional source of information for a surgeon who is deciding whether to keep removing tissue during an operation,” said study co-leader Daniel Orringer, M.D., a neurosurgeon at NYU Grossman School of Medicine. “If the test detects tumor cells at a surgical margin, then surgeons could decide to keep cutting.”

In Food and Drug Administration News,

Cardiovascular Business reports,
- “The U.S. Food and Drug Administration (FDA) has approved the balloon-expandable Sapien 3 transcatheter aortic valve replacement (TAVR) platform from Edwards Lifesciences for treating asymptomatic severe aortic stenosis (AS).
- “This is the first time the FDA has approved any TAVR technology in asymptomatic patients. The decision covers the Sapien 3, Sapien 3 Ultra and Sapien 3 Ultra Resilia TAVR valves.
- “This approval is a powerful opportunity to streamline patient care and improve the efficiency of the healthcare system,” Larry Wood, Edwards’ corporate vice president and group president of TAVR and surgical technologies, said in a statement announcing the news. “We are proud to partner with leading physicians to advance our knowledge of this deadly disease with high quality science and optimize the treatment pathway for patients.”

Per Medical Economics,
- “BrightHeart, a Paris-based artificial intelligence company for obstetrics and pediatric cardiology, announced it has received FDA 510(k) clearance for an updated version of its BrightHeart platform. The new approval allows clinicians to access the company’s AI-driven analysis in real time using a cart-side tablet during fetal ultrasound exams.
- “The technology aims to address a persistent clinical challenge: detecting congenital heart defects (CHDs) in utero. CHDs are the most common type of birth defect, but up to 70% go undiagnosed during standard prenatal ultrasounds, according to the company.
- “BrightHeart’s AI platform flags potential structural abnormalities in the fetal heart, helping to alert clinicians to possible CHDs during routine exams. The company says the real-time tablet integration streamlines workflows and improves the accuracy of screenings.
- “Our product expansion builds upon the success of our initial pilot experience, bringing real-time feedback directly to the clinicians to streamline the workflow and enhance accuracy,” said Cécile Dupont, CEO of BrightHeart and partner at Sofinnova Partners. “We were thrilled to achieve clearance through our first Special 510(k) submission within just a few months.”

From the U.S. healthcare business front,

Medical Economics reports,
- “Nonphysician providers now make up more than two out of every five health care professionals in the United States, as hospitals and medical groups increasingly rely on advanced practice providers to meet growing patient demand and improve efficiency, according to a new report from Kaufman Hall.
- “The Physician Flash Report, released by the health care consulting firm and its parent company Vizient, found that 40.6% of the nation’s provider workforce is composed of APPs such as nurse practitioners and physician assistants. The report points to continued growth in this segment and predicts that APPs and physicians may soon comprise equal halves of the clinician workforce.
- “Advanced practice providers like physician assistants and nurse practitioners play a vital and increasingly visible role in health care,” said Matthew Bates, managing director and Physician Enterprise Service Line leader with Kaufman Hall. “When deployed correctly, advanced practice providers let physicians practice at the top of their license. They give doctors more time to focus on diagnosis and treatment, which can make physician practices more efficient and address other challenges, including physician burnout.”

Reuters tells us,
- “Another Big Pharma is opening up its wallet to pour billions into its U.S. operations amid political pressure from the Trump administration.
- “This time it’s Gilead coming to the table with a fresh $11 billion in hand to spend across its manufacturing and research centers in the U.S.
- “Gilead broke down the new spending routes in a Wednesday release. The majority, $5 billion, will be funneled into technology, operations, and R&D site activities, while $4 billion will go into capital projects, including labs and equipment. The final $2 billion will be “invested in digital and advanced engineering initiatives,” the pharma said.”

The White House summarized all of these drug manufacturing investments here.

Fierce Healthcare relates,
- “Ayble Health, a virtual GI clinic, has teamed up with Priority Health, a nonprofit health plan in Michigan, to offer commercial members access to the digestive health solution.
- “Ayble relies on a multidisciplinary care team, AI-powered nutrition and psychology programs and wellness tools to manage symptoms. Starting June 1, Ayble will be available as a standard benefit for Priority members who have a MyPriority HMO or employer health plan. More than 500,000 adult members will have access.
- “When it comes to sourcing solutions like Ayble Health, Priority Health looks for approaches that can improve care quality, engage patients effectively and provide cost-efficient services,” Alicia Coronas, vice president of employer solutions product and marketing at Priority, told Fierce Healthcare. “We evaluate solutions to find the best-in-class partner that is aligned to our vision and mission.”

Wednesday Report

David Ermer–COVID-19 vaccine, FDA, Federal employment benefits, Medical / Rx research, Mental health care, U.S. Healthcare, Uncategorized–May 7, 2025May 7, 2025

From Washington, DC,

Federal News Network helpfully answers “common questions: about House Oversight Committee’s budget reconciliation cuts to federal and postal employee retirement benefits.

The Wall Street Journal reports,
- “President Trump said he would nominate Casey Means, a California doctor and wellness influencer, to be the next surgeon general.
- “Means has become more prominent with the rise of Health Secretary Robert F. Kennedy Jr.’s “Make America Healthy Again” movement. She and her brother, Kennedy adviser Calley Means, wrote a book, “Good Energy,” that became popular with Trump campaign staffers and later with Kennedy.
- “Trump’s previous pick for the role, Dr. Janette Nesheiwat, was scheduled to face a Senate confirmation hearing later this week. Trump said she would work with Kennedy at HHS in a different role.”
Beckers Health IT adds,
- “The FDA has appointed Jeremy Walsh as its first chief artificial intelligence officer, marking a step in tech modernization at the agency.
- “Mr. Walsh, who announced the career move in a May 2 LinkedIn post, will also oversee information technology in the role.
- “He joins the FDA after 14 years at government contractor Booz Allen Hamilton as a chief technologist, according to a May 6 report from Politico. In that role, Mr. Walsh developed cloud infrastructure and data analytics systems for agencies like the FDA, CDC, NIH, the Department of Veterans Affairs and military health services.
- “The appointment follows an April 3 directive from the Office of Management and Budget that stated each federal agency must appoint a chief AI officer within 60 days.”

Per BioPharma Dive,
- “A panel of Food and Drug Administration advisers will meet May 22 to discuss updating the formula of COVID-19 vaccines ahead of the fall and winter season, according to a draft notice posted Wednesday.
- “The Vaccines and Related Biological Products Advisory Committee will provide recommendations on selecting the specific coronavirus variant COVID vaccine manufacturers should target with booster shots. Their advice isn’t binding, but the FDA tends to follow it.”

From the public health and medical research front,

Beckers Hospital Review tells us that “U.S. News & World Report released its annual Best States rankings May 6, and Hawaii took the top spot for healthcare.”

The Los Angeles County, California, Department of Public Health “has declared a community-wide outbreak of hepatitis A following a sustained increase in clinical cases and elevated virus levels detected in local wastewater. Public Health confirmed 165 hepatitis A cases in LA County since 2024, which is three times the number of cases reported in 2023. Although unhoused individuals are at higher risk for contracting hepatitis A infection because they often have limited access to handwashing and toileting facilities, of the 29 hepatitis A cases confirmed to date in 2025, most have been among people without travel or housing risk factors. This increase in hepatitis A infections among people without risk factors has corresponded with recent increases in hepatitis A wastewater concentrations. While the risk to the general public remains low, community-wide protection actions are needed to ensure that transmission of hepatitis A is reduced.”
- The County recommended vaccination against the disease for
  - “Any LA County resident who did not previously receive a hepatitis A vaccination and is seeking protection
  - “People experiencing homelessness
  - “People who use drugs (including non-injection).”

The National Cancer Institute lets us know that “A device that measures the “stickiness” of cancer cells in tumor samples may help predict the likelihood of a patient’s cancer metastasizing. Researchers believe the device could eventually help doctors make more informed treatment choices.”

Per Fierce Pharma,
- Johnson & Johnson has generated evidence that the pace of oncology innovation is overwhelming physicians. A recent survey commissioned by the company found oncologists are struggling to keep up with new treatments and guidelines, pointing to a need for additional support to ensure patients get the most appropriate therapy.
- Working with the Harris Poll, J&J surveyed 500 oncologists, urologists and advanced practice providers (APPs) across academic and community settings in the U.S. Three out of four oncologists said they find the pace of new drug development overwhelming. Around 70% of oncologists admitted they struggle to navigate the complexities of cancer treatment guidelines.
- The survey suggests that continuing medical education helps, with 92% of oncologists agreeing it is crucial for providing cutting-edge treatments, but that more support is often needed. Extra support could help close the gap between the availability of new drugs and their successful implementation in clinical practice.

MedPage Today informs us,
- “Fremanezumab (Ajovy) reduced depression symptoms and monthly migraine attacks in people with episodic or chronic migraine and major depressive disorder, the phase IV UNITE trial showed.
- “The mean change from baseline in monthly migraine days during a 12-week double-blind period was -5.1 days (95% CI -6.09 to -4.13) with fremanezumab and -2.9 days (95% CI -3.89 to -1.96) with placebo (P<0.001), reported Richard Lipton, MD, of the Albert Einstein College of Medicine in New York City, and co-authors.”

Per Health Day,
- “Patients with diverticulitis often try to control the digestive condition by cutting nuts, seeds and popcorn out of their daily diet.
- “But that’s not necessary, a new study has found.
- “Nuts and seeds do not increase the risk of diverticulitis, according to findings published May 5 in the Annals of Internal Medicine.
- “Our findings refute the widely held belief that dietary intake of particulate matter [like nuts or seeds] should be avoided to prevent diverticulitis,” wrote the team led by senior researcher Dr. Anne Peery, a gastroenterologist with the University of North Carolina at Chapel Hill.
- “However, people can lower their risk of diverticulitis by adopting one of four common health-focused diets, researchers found.
- “We assessed diet quality and found that multiple healthy diet patterns were associated with a reduced risk for incident diverticulitis in women,” researchers wrote.”

Per Medscape,
- “Lingering fatigue and depression are more common among women than men cancer survivors and often lead to a decrease in recreational physical activities in all patients, new data showed.
- “However, moderate physical activity was linked to an almost 50% lower risk for cancer-related fatigue, and both moderate and vigorous physical activity were associated with a two- to fivefold reduced risk for depression among cancer survivors, according to the analysis presented at the American Association for Cancer Research (AACR) Annual Meeting 2025.
- “The findings “highlight the importance of providing special attention and tailored interventions such as exercise programs, support groups, and mind-body behavioral techniques for vulnerable groups to help effectively manage fatigue and improve participation in recreational activities as they are an essential aspect of quality of life,” Simo Du, MD, a resident at NYC Health + Hospitals and Jacobi Medical Center/Albert Einstein College of Medicine, New York City, said in a news release.”

From the U.S. healthcare business front,

Healthcare Finance reports,
- “Hospitals across the U.S. are seeing both higher revenues and higher expenses, and operating margins have begun to contract slightly, according to March data published by Strata.
- “After holding steady at 1% in both January and February, operating margins for U.S. health systems narrowed slightly to 0.9% in March. Non-labor expenses rose faster than other expenses, due in part to double-digit increases in both drug and supply expenses versus the same month last year.
- “Nationally, patient demand was up, with outpatient visits outpacing inpatient admissions. This compares with decreases in patient demand in February.
- “Gross outpatient revenues led overall hospital revenue increases, jumping 10% year-over-year as hospitals and health systems continued to see care shift from inpatient to outpatient settings.
- “Per-physician expenses rose to $1.2 million in the first quarter, representing an increase of 3% from Q4 2024 and 10.3% from Q1 2024, data showed.”

Beckers Hospital Review adds, “Hospital margins had a slight increase in March despite significant patient volume declines, according to Kaufman Hall’s “National Hospital Flash Report” released May 7.”
Modern Healthcare relates,
- “Cleveland Clinic and Regent Surgical are working together to build ambulatory surgery centers.
- “The nonprofit health system and the ASC developer announced a joint venture Wednesday. Cleveland Clinic is the majority owner of the venture, which will feature the Cleveland, Ohio-based system’s brand, according to a news release. The system did not say how many facilities will be built or when they will open.”

Healthcare Dive points out,
- “Northwell Health has completed its merger with Danbury, Connecticut-based Nuvance Health, the system said in a Wednesday press release.
- “The deal officially closed May 1, after the systems received the final greenlight from Connecticut regulators last month.
- “The merger creates a nearly $23 billion system, with 28 hospitals, 1,050 ambulatory care sites, 73 urgent care centers and more than 104,000 employees, according to the news release.
- “Northwell President and CEO Michael Dowling will remain at the helm of Northwell and lead the combined system, according to a company spokesperson. Meanwhile, Nuvance President and CEO John Murphy will oversee Nuvance operations, reporting to Dowling.”
and
- “One year has passed since Steward Health Care filed for bankruptcy, launching the largest healthcare provider restructuring in decades, including a monthslong effort to sell its 31 hospitals.
- “Five Steward hospitals have permanently closed since its bankruptcy, while two more temporarily paused services. Many of the remaining facilities have landed back in the hands of private equity and investor owners, according to a new report from the Private Equity Stakeholder Project.
- “The outlook for the hospitals is grim, after those that were “lucky enough not to close” were “simply punted from one investor-owned company to another, with little oversight or conditions from regulators to protect patients and community access to critical healthcare services,” the report says.”

Per MedCity News,
- “Amyotrophic lateral sclerosis has been a tough area for drug research, but Eli Lilly has been spreading its bets in this neurodegenerative disease by striking deals with other companies. The pharmaceutical giant is adding to its stable of ALS drug candidates with a licensing agreement that brings a novel antibody on track to begin testing in humans.
- “According to deal terms announced Tuesday, Lilly is licensing Alchemab’s ATLX-1282, an antibody that the companies say brings a first-in-class approach to ALS and other neurodegenerative diseases. Specific financial details were not disclosed, but Lilly is committing up to $415 million to its partner, which includes an upfront payment and milestone payments.”

Tuesday Report

David Ermer–CDC, FDA, Government Contracting, NIH, Patient safety, Rx coverage, U.S. Healthcare, Uncategorized–May 6, 2025May 6, 2025

From Washington, DC,

Yesterday, according to the American Hospital Association News, the President signed an
- “executive order, “Improving the Safety and Security of Biological Research,” orders the Director of the Office of Science and Technology Policy to immediately establish guidance for the heads of relevant agencies to end federal funding of gain-of-function research and other life-sciences research conducted by certain foreign entities. The order also directs OSTP to replace the “United States Government Policy for Oversight of Dual Use Research of Concern and Pathogens with Enhanced Pandemic Potential” within 120 days and replace the “Framework for Nucleic Acid Synthesis Screening” within 90 days. The OSTP is also directed to establish a reporting mechanism for gain-of-function research.”

Science interviewed Dr. “Jay” Bhattacharya, the Director of the National Institutes for Health.

The Washington Post reports,
- “Vinay Prasad, a critic of the Food and Drug Administration, has been tapped as the agency’s top regulator of vaccines, gene therapies and the blood supply.
- “Prasad, a University of California at San Francisco professor and epidemiologist, will replace Peter Marks, whom the Trump administration forced out in late March. Prasad, who is also a hematologist and oncologist, is the latest vocal critic of pandemic-era policies to join the administration.
- “He brings a great set of skills, energy, and competence to the FDA,” Marty Makary, the FDA commissioner, wrote Tuesday in an email to staff obtained by The Washington Post.”
and
- “President Donald Trump and the U.S. Postal Service’s governing board are expected to name FedEx board member and former Waste Management CEO David Steiner as the nation’s next postmaster general, according to two people familiar with the decision, helping solidify the White House’s control over the historically independent mail service.
- “Steiner replaces Louis DeJoy, whom Trump forced out of the role in March amid the mail chief’s clashes with billionaire Elon Musk’s U.S. DOGE Service and congressional dissatisfaction with the agency’s performance and finances, The Washington Post has reported. The people familiar with the decision spoke on the condition of anonymity to describe private conversations and meetings.
Govexec lets us know,
- “The Trump administration is moving quick on its promise to conduct a massive overhaul of the Federal Acquisition Regulation, a project being called Revolutionary FAR Overhaul.
- “FAR is the subject of one of two executive orders President Trump signed in mid-April to reform how the federal government buys goods and services.
- “In documents released Friday, the administration is proposing the elimination of significant portions of the FAR. What would remain are only those provisions required by law or are “essential to sound procurement.” * * *
- “The government is also asking for “informal” feedback on Part 34 ahead of the formal rulemaking process. Follow this link to share your thoughts.”

Per Federal News Network,
- “Just over 7,800 federal employees retired last month, the lowest amount so far in 2025. The Office of Personnel Management said more than 33,500 federal employees retired in the first quarter of 2025 compared to 29,700 during the first three months of 2024. OPM’s retirement backlog dropped to 16,700, almost 4,000 less than March. On average, OPM is processing retirement claims in 54 days, but those applications that took less than 60 days for the agency to get OPM the paperwork were processed in 33 days on average.”

The Government Accountability Office released a WatchBlog post titled “Nonprofit Drug Companies Aim to Curb High Prices and Shortages.”
- “The rising cost of prescription drugs continues to make headlines. This increase has significant implications for people who rely on medications and for taxpayer-funded health care programs. For example, Medicare spending on prescription drugs nearly doubled between 2014 and 2022.
- “At the same time, the country has faced several drug shortages of medications ranging from antibiotics to chemotherapy drugs.
- “Nonprofit drug companies could play a role in helping to address rising prices and drug shortages. Today’s WatchBlog post looks at our new report on nonprofit drug companies.”

From the public health and medical research front,

Your Local Epidemiologist, a Substack to which the FEHBlog subscribes, tells us,
- “As of Sunday, the U.S. had 967 confirmed cases. We are getting closer and closer to reaching the record high (1,200) since we eliminated measles in 2000.
- “Of that, 817 cases are from the Southwest outbreak. The good news is that it may be slowing down in West Texas. We know this from three soft data points:
  - “This is the first week with no hospitalized children in West Texas for measles.
  - “A downward trend in reported weekly cases * * *. Ultimately, we want a bell-shaped curve, which may be starting to take shape.
  - “Fewer new cases are reported anecdotally by clinicians on the ground.”
- “Transmission continues, just at a slower pace. While any case could still spark a new outbreak in communities with low vaccination rates (for example, all eyes are on El Paso right now), big thanks to the public health workers working to contain.”

MedPage Today informs us,
- “During the first respiratory syncytial virus (RSV) season in which a maternal vaccine and a monoclonal antibody for infants were available, most infants were immunized via either intervention, according to an analysis of Vaccine Safety Datalink data.
- “Overall, 72% of 36,949 infants were immunized in the 2023-2024 RSV season with either the bivalent RSV prefusion F protein vaccine (Abrysvo) or nirsevimab (Beyfortus), Stephanie Irving, MHS, of the Kaiser Permanente Center for Health Research in Portland, Oregon, and colleagues reported in Pediatrics.
- “This really is a success story,” Irving told MedPage Today, “but it is important to also point out that more than a quarter of infants were not immunized against RSV.”
- “The researchers also noted that there were disparities in access by race and ethnicity, with lowest uptake among Black (60.5%) and Middle Eastern/North African (60.2%) mothers. Rates were highest among Asian mothers (83.7%).”

CNN reports,
- “Using marijuana during pregnancy is linked to poor fetal development, low infant birth weight, dangerously early deliveries and even death, according to a new meta-analysis of research.
- “The most striking finding is the increased risk of perinatal mortality — death either during the pregnancy or shortly after the pregnancy,” said obstetrician and lead study author Dr. Jamie Lo, an associate professor of obstetrics, gynecology and urology in the School of Medicine at Oregon Health & Science University in Portland.
- “Prior work we’ve done shows prenatal cannabis use impacts fetal lung function and development, reducing the baby’s lung volume,” Lo said. “We’ve also found that there is significantly decreased blood flow and oxygen availability in the placenta. These are the likely underlying mechanisms driving some of our findings.”
- “The placenta is a critical link between the mother and the developing fetus, delivering oxygen, nutrients and hormones necessary for growth. When that link is damaged, both the mother and the fetus are at risk.”

The AP reports,
- “A new salmonella outbreak linked to backyard poultry has sickened at least seven people in six states, health officials said Monday.
- “Two cases were identified in Missouri, and one each in Florida, Illinois, South Dakota, Utah and Wisconsin, the Centers for Disease Control and Prevention said.
- “People got sick in February and March of this year, the CDC said. They all had the same strain of salmonella — a version that has been traced to hatcheries in the past. The investigation is continuing, health officials said.
- “Salmonella bacteria cause about 1.35 million infections in the United States every year, and recent outbreaks have been tied to sources such as cucumbers, eggs, unpasteurized milk, fresh basil, geckos and pet bearded dragons.
- “But one concern is that chickens and other backyard poultry can carry salmonella bacteria even if they look healthy and clean. A backyard poultry-associated outbreak that ended last year was tied to 470 cases spread across 48 states, including one death.”

Beckers Hospital Review offers a list of “455 hospitals in the U.S. have a Clostridioides difficile infection rate of zero, as based on the healthcare-associated infections dataset from CMS.”
NIH Research Matters covers the following topics this week “Youth vaping drug | How nerves sense heat & pain | Non-hallucinogenic LSD analogue.”

Per Beckers Clinical Leadership,
- “In a first-of-its-kind procedure, clinicians at the University of Maryland Medical Center in Baltimore removed a rare spinal tumor through a patient’s eye socket.
- “The patient, Karla Flores of Rosedale, Md., had two slow-growing developmental bone tumors in her spine and wrapped around her brain stem, according to the University of Maryland Medical System. The tumors, called chordomas, are rare and diagnosed only about 300 times annually in the U.S., the system said in a May 5 news release.
- “In two procedures, surgeons removed the tumor around the brain stem with a traditional craniotomy — through the skull — and with an endoscope through her nose. A team of neurosurgeons, radiation oncologists, and skull base and facial plastic surgeons contributed to Ms. Flores’ care.”

Health Day relates,
- “An experimental drug might help people with uncontrolled high blood pressure, according to early clinical trial results.
- “People taking lorundrostat experienced twice the decline in their systolic blood pressure than people taking a placebo, researchers reported recently in the New England Journal of Medicine. Systolic, the top number of a blood pressure reading, refers to the pressure within blood vessels during a heartbeat.
- “While blood pressure readings remained elevated at the end of this Phase II trial in some participants treated with lorundrostat, we find these results promising because almost all participants involved in the study were not able to sufficiently lower their blood pressure with medication before,” principal investigator Dr. Michael Wilkinson, an associate professor with the University of California-San Diego School of Medicine, said in a news release.”

From the U.S. healthcare business front,

Fierce Healthcare informs us that “Each of the six major national insurers turned a profit in the first quarter of 2025, though financial pressures related to government programs—particularly Medicare Advantage (MA)—once again reared their ugly heads.”
Reuters relates,
- “Bristol Myers Squibb (BMY.N), said on Monday it will invest $40 billion in the U.S. over the next five years, as it seeks to expand its research and manufacturing presence in the country amid U.S. President Donald Trump’s tariff threats.
- “The announcement of new investment was first made by CEO Christopher Boerner in an opinion piece published in Stat News on Monday and was later confirmed to Reuters by a company spokesperson.”

STAT News adds,
- “Vertex Pharmaceuticals on Monday reported disappointing first-quarter earnings impacted by weaker-than-expected sales of its drugs for cystic fibrosis, and little or no contributions from a gene therapy for sickle cell disease and a recently launched pain medicine.
- “A “tolerability issue” caused a temporary pause to an early stage study involving a closely watched, inhaled, mRNA-based therapy for cystic fibrosis, the company said.”

Per Healthcare Dive,
- “Rite Aid filed for bankruptcy on Monday, with plans to sell itself, and has already had “meaningful interest” from potential national and regional strategic buyers. Stores will remain open and operating, but plans are to liquidate all locations unless a buyer comes forward, according to court documents.
- ‘The drugstore retailer has secured commitments from some existing lenders to access $1.94 billion in new financing. That plus cash from operations is expected to be sufficient funding during the sale and court-supervised Chapter 11 process.
- “A sale is imminent, with an auction set for May 14 for the pharmacy assets and June 20 for other assets, per court documents. The company just exited a previous bankruptcy in September, after filing less than two years ago, emerging as a private business with about $2 billion less debt plus some $2.5 billion in exit financing.”

Per Healio,
- “The FDA has approved a dihydroergotamine-based nasal powder for the acute treatment of migraine with or without aura in adults, according to the manufacturer.
- “In a press release, Satsuma Pharmaceuticals Inc. said that Atzumi, formerly known as STS101, is a proprietary product that combines an advanced nasal powder formulation of dihydroergotamine (DHE) and a novel nasal delivery device.
- “Oral DHE has poor absorption, so other formulations are important for delivering the medication,” Abby Metzler, MD, associate professor of neurology at the University of Minnesota, told Healio. “This new nasal powder formulation adds another option that may help by providing a non-invasive option that is less likely to drip down the back of the throat into the stomach, increasing absorption of the medication.”

Outside of the U.S. STAT News lets us know,
- “For more than three decades, a charity here has funded research aimed at developing medicines for genetic diseases. Recently, though, it added an unusual new role — as a gene therapy company of sorts.
- “The charity, the Telethon Foundation, took ownership from a small biotech of a drug that has been approved in Europe to treat an ultra-rare immune disorder called ADA-SCID. In taking such a step — something no nonprofit had done anywhere — it hoped to both rescue the gene therapy from disuse, and to come up with a new model for delivering these one-time, cutting-edge medicines in a financially sustainable way.
- “The fact that a charity — and not a biopharma company — now has the rights to the medicine is a reflection of the bleak situation the gene therapy field has found itself in, and how other groups, from nonprofits to academic researchers, are trying to mend the failures of the drug development system.”

Monday Report

David Ermer–Uncategorized–May 5, 2025May 5, 2025

From Washington, DC,

STAT News reports,
- “Amid ongoing anticipation over tariffs on pharmaceuticals, President Trump on Monday signed an executive order designed to lower regulatory hurdles and make it faster for drug companies to manufacture their products in the U.S. The move also includes plans to place more pressure on foreign drugmakers to comply with quality control inspections.
- “At the top of the list is a mandate for the Food and Drug Administration to reduce the amount of time it takes to approve domestic pharmaceutical manufacturing plants. The agency is being directed to eliminate “duplicative and unnecessary requirements,” streamline reviews, and work with “domestic manufacturers to provide support before facilities start functioning.” Goals were not mentioned in the order.”
CMS announced,
- “The Health Insurance Oversight System (HIOS) is now accepting RxDC submissions for the 2024 reference year.
- “At this time, no training webinars have been scheduled. Previously published training materials are available on our website.
- “The deadline for submitting RxDC filings for the 2024 reference year is Sunday, June 1, 2025.

Fierce Healthcare tells us,
- “In June, the Centers for Medicare & Medicaid Services (CMS) will name the participating states for the agency’s new Cell and Gene Therapy (CGT) Access Model.
- “One state has already started participating, the CMS said, and 35 states are agreeing to participating, reported Bloomberg. These states represent about 84% of Medicaid beneficiaries with sickle cell disease.
- “Insurers, however, are wary broadly of the financial costs associated with cell and gene therapies, a report from the Pharmaceutical Strategies Group found. The report surveyed individuals on behalf of employers, health plans and unions.
- “Nearly three-fourths (73%) of respondents said they view the affordability of cell and gene therapies as a moderate or major challenge in the next two to three years. For health plans, that figure rises to 87%. A majority (70%) of people said they were, at best, only somewhat confident they properly understood the financial impact of these therapies.”

Regulatory Focus informs us,
- “Despite the rapid changes happening at the US Food and Drug Administration (FDA), the Michelle Tarver, director of the Center for Devices and Radiological Health (CDRH), said the device center is still meeting its goals and asked stakeholders to be patient as it works to fulfill its mission.
- “Since President Donald Trump took office, FDA has lost thousands of its staffs to a combination of mass layoffs, buyout offers, and early retirements, with the most recent reduction-in-force (RIF) effort heavily affecting the agency’s communications, policy, and other non-review-related offices. Additionally, executive orders have limited the agency’s ability to issue new guidance and regulations without finding cost savings or trimming back other regulations.
- “Tarver made these remarks at the Medical Device Manufacturers Association (MDMA) Annual Meeting on 1 May. She noted that despite these changes, the agency is continuing to meet its expectations.”

The Solicitor General and Braidwood Management submitted their supplemental letter briefs on the legal authority of the Secretary of Health and Human Services to appoint members of the U.S. Preventive Services Task Force on schedule today. The Justices’ next conference is scheduled for May 15.

From the U.S. public health service front,

Health Dialogues points out,
- “Unhealthy lifestyles are rapidly speeding up heart ageing, leading to a global surge in cardiovascular diseases, according to a study led by Indian-origin researchers in the UK. The research team from the University of East Anglia (UEA) used a novel Cardiac Magnetic Resonance (CMR) imaging technique also known as cardiovascular MRI to determine the “true age” of the heart.
- “The scans showed that while healthy individuals had a heart age closely aligned with their actual age, those with conditions like Also Read – Tobacco and Marijuana Use Poised to Increase Heart Disease Deaths by 50% in Five Years diabetes, high blood pressure, obesity, and atrial fibrillation exhibited a significantly older functional heart age.
- “For example, a 50-year-old with high blood pressure might have a heart that works like it’s 55,” said lead researcher Dr Pankaj Garg, from UEA’s Norwich Medical School and a consultant cardiologist at the Norfolk and Norwich University Hospital.
- “People with health issues like diabetes or obesity often have hearts that are ageing faster than they should – sometimes by decades. So, this could help doctors step in early to stop heart disease in its tracks,” he added.”

The American Hospital Association News announced,
- “In this conversation, Aaron Lewandowski, M.D., emergency medicine physician and the emergency medicine stroke representative at Henry Ford West Bloomfield Hospital, and Alex Chebl, M.D., interventional neurologist and director of the Henry Ford Stroke Center and the Division of Vascular Neurology at Henry Ford Health, discuss how artificial intelligence is revolutionizing stroke care. LISTEN NOW “

The American Medical Association lets us know what doctors wish their patients knew about Lyme disease.

Per Managed Healthcare Executive,
- “Universal annual depression screening for young adults during primary care visits is cost-effective and could even save more if health systems improve access to telehealth, reduce treatment costs or enhance treatment effectiveness, according to a new study in JAMA Health Forum.“

The Washington Post reports,
- “Nearly 10 percent of infants were admitted to a neonatal intensive care unit in the United States in 2023, according to a report from the National Center for Health Statistics, a 13 percent increase from admissions in 2016.
- “The report drew on birth certificate data from the National Vital Statistics System, which includes detailed demographic and health information on mothers and infants for all U.S. births each year.”
- Although not mentioned in the article, the FEHBlog expects that the increase is due to increase in the number of NICUs in the country, which is good development.

Consumer Reports, writing in the Washington Post, explains how to self-treat varicose veins.

Per Health Day,
- “Boosting exercise in middle age might help people prevent Alzheimer’s disease, a new study says.
- “People who increased their physical activity to meet recommended guidelines between ages 45 and 65 had less accumulation of amyloid beta, a toxic protein that forms plaques in the brains of Alzheimer’s patients, researchers reported April 30 in the journal Alzheimer’s & Dementia.
- “The link was dose-dependent, researchers added — the more people increased their activity, the greater the reduction in amyloid beta in their brains.
- “Active people also showed less age-related shrinkage in brain regions associated with memory and Alzheimer’s, researchers noted.
- “Even those who did less physical activity than recommended had greater cortical thickness than sedentary people, suggesting that any amount of exercise, no matter how minimal, has health benefits,” lead investigator Müge Akinci, a researcher with the Barcelona Institute for Global Health in Spain, said in a news release.”

From the U.S. healthcare business front,

Modern Healthcare reports,
- “Testing services company Labcorp has entered into an agreement to acquire certain clinical and anatomic pathology assets from Incyte Diagnostics, another testing company, as it seeks to expand its oncology portfolio.
- “Financial terms were not disclosed. Assets involved in the transaction include several Incyte Diagnostics same-day testing laboratories, its main anatomic pathology lab in Spokane, Washington, and additional labs in Tukwila and Richland, Washington, as well as Missoula, Montana.”

The Wall Street Journal notes,
- “Hims & Hers Health HIMS 2.60%increase; green up pointing triangle first-quarter revenue more than doubled as subscribers rose 38%, while its second-quarter sales outlook missed Wall Street’s expectations.
- “The stock fell 5% to $39.75 in after-hours trading on Monday. Shares have risen 73% year-to-date through Monday’s market close.
- “The telehealth-consultation platform on Monday posted a profit of $49.5 million, or 20 cents a share, compared with $11.1 million, or 5 cents a share, a year earlier. Analysts polled by FactSet expected 12 cents a share.
- “Revenue more than doubled to $586 million from $278.2 million a year ago. Analysts polled by FactSet expected $538.6 million.
- “The San Francisco-based company now has almost 2.4 million subscribers, up 38% from the year-ago period. Average monthly online revenue per subscriber rose to $84 from $55.” * * *
- “Hims earlier Monday named a former Amazon.com executive, Nader Kabbani, as its chief operating officer, an appointment that comes as the company is looking to expand access to its offerings, which currently includes treatments for sexual health, hair loss and weight management. While at Amazon, Kabbani led the launch of the online retailer’s pharmacy business and acquisition of PillPack, which presorts medications and ships them to homes.”

Beckers Payer Issues ranks large payers by 1st quarter 2025 profits.

Beckers Hospital Review lists six drugs currently in shortage.

Weekend update

David Ermer–Congress, Obesity, OPM, U.S. Healthcare–May 4, 2025May 5, 2025

From Washington, DC,

The House of Representatives and the Senate will be in session this week on Capitol Hill for Committee business and floor voting.

Roll Call offers a summary of this week’s activities on Capitol Hill.

Bloomberg Law explains that House Oversight Committee “Benefits reductions [approved last Wednesday] will next go before the House Budget Committee, which is tasked with assembling bills into a reconciliation package that will have to be approved by the House and Senate.”

In a Federal News Network commentary, an OPM executive from the Obama and Biden administrations criticizes the Trump Administration for allowing carrier more flexibility in managing GLP-1 drug coverage for obesity. The FEHBlog agrees with OPM’s decision because carriers hold the financial risk for their respective FEHB plans. That is quite an incentive to sensibly manage benefits.

In any case, this criticism is surprising because the Biden administration caused FEHB premiums to explode, in the FEHBlog’s opinion, by mandating coverage of GLP-1 drugs for obesity in January 2023 without allowing carriers to adjust premiums until the following January. While federal government procurement law permits OPM to make unilateral contract amendments, OPM is obligated to provide the contractor with a concurrent equitable price adjustment. All price adjustments in the FEHB are made through the benefit and rate negotiation process. Consequently, all benefit mandates must be run through that process.

HR Dive tells us,
- “Field staff for the U.S. Department of Labor’s Wage and Hour Division will not apply the agency’s 2024 independent contractor rule in their enforcement of the Fair Labor Standards Act, a DOL bulletin announced Thursday.
- “Instead, the department directed staff to apply a 2008 fact sheet as well as a 2019 opinion letter to any matters in which no payments for back pay or civil monetary penalties have been made to either individuals or DOL.
- “The agency said it is still considering rescinding the Biden administration’s rule, which faces ongoing litigation. “Until further action is taken, the 2024 Rule remains in effect for purposes of private litigation and nothing in this Field Assistance Bulletin changes the rights of employees or responsibilities of employers under the FLSA,” DOL noted.”
and
- “U.S. Department of Justice attorneys asked the 5th U.S. Circuit Court of Appeals to temporarily suspend the Labor Department’s appeals in two cases challenging its 2024 Fair Labor Standards Act overtime rule, according to an April 24 court filing.
- “Texas district court judges twice blocked DOL’s final rule, which increased the minimum salary threshold for overtime pay eligibility in two steps. First, a November 2024 decision sided with plaintiffs including the state of Texas and enjoined the rule nationwide. A second judgment set aside and vacated the rule in response to a lawsuit by marketing agency Flint Avenue.
- “The government asked that the 5th Circuit place its appeals in abeyance “pending the agency’s reconsideration of the rule.” It said counsel for the appellees in both cases did not oppose its request.”

From the public health and medical research front,

NPR Shots lets us know,
- “Older Americans want to know if they are in the early stages of Alzheimer’s disease and would happily take a blood test to find out, according to a national survey.
- “The survey of 1,700 people 45 and older, part of a report from the Alzheimer’s Association, found growing interest in testing, diagnosis and treatment for the deadly disease.” * * *
- “The responses show that people are becoming less afraid and more proactive about an Alzheimer’s diagnosis, says Elizabeth Edgerly, a clinical psychologist who directs community programs for the Alzheimer’s Association.”

Per the U.S. healthcare business front,

BioPharma Dive reports,
- “The threat of tariffs on pharmaceuticals imported to the U.S. hasn’t yet pushed drugmakers off course, with many of the largest companies indicating they expect to be able to absorb any impact in the short term.
- “Speaking on earnings calls in recent weeks, pharma executives have, for the most part, told investors their supply chains are flexible enough to mitigate the effects of new levies — for this year, at least. With a few exceptions, the large drugmakers that have reported financials for the first quarter are maintaining their sales and profit guidance for 2025.”

Cybersecurity Saturday

David Ermer–Cybersecurity, Generative AI–May 3, 2025May 3, 2025

From the cybersecurity and law enforcement front,

Cyberscoop reports,
- “Homeland Security Secretary Kristi Noem outlined her plans Tuesday to refocus the Cybersecurity and Infrastructure Security Agency (CISA) on protecting critical infrastructure from increasingly sophisticated threats — particularly from China — while distancing the agency from what she characterized as mission drift under previous leadership.
- “Speaking at the 2025 RSAC Conference, Noem provided the most detailed vision yet of how the current administration is pushing CISA to a “back-to-basics” approach aimed at hardening defenses against adversaries who have demonstrated capabilities to infiltrate critical systems.”
and
- “Threat intelligence sharing is flowing between the private sector and federal government and remains unimpeded thus far by job losses and budget cuts across federal agencies that support the cyber mission, according to executives at major security firms.
- “Top brass at Amazon, CrowdStrike, Google and Palo Alto Networks said there’s been no change to interactions with the federal government since President Donald Trump was inaugurated earlier this year.
- “Across multiple interviews and media briefings during the RSAC 2025 Conference this week, none of the leaders at these top cybersecurity companies conveyed any concern about or experience with communication breakdowns. Each of them dismissed the idea that collaboration has slowed down amid significant workforce reductions and strategic changes across the federal government.”

Earlier this week, the National Institute of Standards and Technology released its FY 2024 Cybersecurity & Privacy Program Annual Report.

Federal News Network tells us,
- “While much of the cybersecurity community’s attention was out west at the annual RSA Conference, the Justice Department announced yet another settlement in its pursuit of contractors who falsely attest to meeting cybersecurity requirements.
- “DoJ announced today that Raytheon Company, RTX Corporation and Nightwing Group have agreed to pay $8.3 million to settle allegations that Raytheon violated the False Claims Act by falling short of contractually mandated cybersecurity standards.
- “RTX sold its cybersecurity, intelligence and services business to Nightwing in 2024. DoJ’s case centered on conduct between 2015 and 2021, prior to the acquisition.
- “The case is another feather in the cap for DoJ’s Civil-Cyber Fraud Initiative. Started under the Biden administration, the goal of the initiative is to enforce cybersecurity requirements that many contractors had been ignoring through the False Claims Act.”

Per the Hacker News,
- “The U.S. Department of Justice (DoJ) on Thursday announced charges against a 36-year-old Yemeni national for allegedly deploying the Black Kingdom ransomware against global targets, including businesses, schools, and hospitals in the United States.
- “Rami Khaled Ahmed of Sana’a, Yemen, has been charged with one count of conspiracy, one count of intentional damage to a protected computer, and one count of threatening damage to a protected computer. Ahmed is assessed to be currently living in Yemen.
- “From March 2021 to June 2023, Ahmed and others infected computer networks of several U.S.-based victims, including a medical billing services company in Encino, a ski resort in Oregon, a school district in Pennsylvania, and a health clinic in Wisconsin,” the DoJ said in a statement.”

Cyberscoop adds,
- “Federal authorities extradited a Ukrainian citizen to the United States on Wednesday to face charges for participating in a series of ransomware cyberattacks on organizations based in the U.S. and multiple European countries.
- “Artem Stryzhak, 35, was arrested in Spain in June 2024 and was scheduled to appear for arraignment Thursday in the U.S. District Court for the Eastern District of New York. Stryzhak is accused of conspiracy to commit fraud and related activity, including extortion.
- “Prosecutors accuse Stryzhak and his co-conspirators of using Nefilim ransomware to encrypt computer networks in the U.S., Canada, France, Germany, Australia, the Netherlands, Norway and Switzerland between late 2018 to late 2021.
- “As alleged, the defendant was part of an international ransomware scheme in which he conspired to target high-revenue companies in the United States, steal data, and hold data hostage in exchange for payment. If victims did not pay, the criminals then leaked the data online,” John Durham, U.S. attorney for the Eastern District of New York, said in a statement.”

From the cybersecurity vulnerabilities and breaches front,

Cybersecurity Dive reports,
- “Hackers are increasingly using AI in their attacks and defenders should follow suit, Check Point Software Technologies said in a report published Wednesday.
- “The company’s AI security report, announced at the 2025 RSAC Conference in San Francisco, also found that one in 13 generative AI prompts contained potentially sensitive information, and one in every 80 prompts posed “a high risk of sensitive data leakage.”
- “Unauthorized AI tools, data loss, and AI platform vulnerabilities topped the list of AI risks for enterprises, according to Check Point.”
and
- “In a report published Tuesday, Google said it saw hackers exploit fewer zero-day vulnerabilities in the wild in 2024 than in 2023.
- “The company attributed the decrease to improvements in secure software development practices.
- “Still, Google said it is seeing a “slow but steady” increase in the rate of zero-day exploitation over time.”

CISA added eight known exploited vulnerabilities to its catalog this week.
“April 28, 2025
- “CVE-2025-1976 Broadcom Brocade Fabric OS Code Injection Vulnerability
- “CVE-2025-42599 Qualitia Active! Mail Stack-Based Buffer Overflow Vulnerability
- “CVE-2025-3928 Commvault Web Server Unspecified Vulnerability”
- Bleeping Computer discusses these KVEs here.
“April 29, 2025
- “CVE-2025-31324 SAP NetWeaver Unrestricted File Upload Vulnerability”
- Cybersecurity Dive discusses this KVE here.
“May 1, 2025
- “CVE-2024-38475 Apache HTTP Server Improper Escaping of Output Vulnerability
- “CVE-2023-44221 SonicWall SMA100 Appliances OS Command Injection Vulnerability
- Cybersecurity News discusses the Apache KVE here.
- Bleeping Computer discusses the SonicWall KVE here.
“May 2, 2025
- “CVE-2025-34028 Commvault Command Center Path Traversal Vulnerability
- “CVE-2024-58136 Yiiframework Yii Improper Protection of Alternate Path Vulnerability”
- Security Affairs discusses these KVEs here.

From the ransomware front,

Techradar points out,
- New research has revealed the scale of recent ransomware revolution, warning it remains a dominant threat to organizations worldwide.
- A Veeam study, which gathered insights from 1,300 CISOs, IT leaders, and security professionals across the Americas, Europe, and Australia, found nearly three-quarters of businesses were impacted by ransomware over the past year.
- Cybersecurity measures seem to be having some effect, with businesses facing ransomware incidents dropping slightly from 75% to 69% – and ransomware payments are also decreasing, as in 2024, 36% of affected businesses chose not to pay, and 60% of those who did paid less than half of the demanded ransom.

Dark Reading adds,
- “Several high-profile retailers based in the UK have suffered cyberattacks in recent weeks, and all signs point to two possible threat actors being behind the campaign.
- “The National Cyber Security Centre (NCSC), the UK’s primary cyber agency, said on May 1 that it was tracking a series of attacks impacting retailers. NCSC CEO Dr. Richard Horne said in an included statement that the agency was working with affected organizations and that “these incidents should act as a wake-up call to all organizations.”
- “Co-Op, Marks & Spencer, and Harrods are among the retailers that have confirmed attacks in recent weeks. In an article published May 2, Bloomberg News reported a spokesperson for the DragonForce ransomware gang — a group that emerged as a ransomware-as-a-service (RaaS) player in 2023 — took credit for the attacks against all three retailers.
- “Last month, researchers from Sophos’ Secureworks reported that DragonForce had an RaaS model where affiliates could create their own “brand,” using DragonForce’s ransomware or using their own tools for extortion attacks.”
and
- “The notorious Scattered Spider threat group continues to attack high-value targets despite landing on the receiving end of multiple global law enforcement operations.
- “Scattered Spider gained notoriety in recent years with high-profile breaches and ransomware attacks against large enterprises, including Las Vegas casino and hotel giants Caesars Entertainment and MGM Resorts in 2023. First emerging in 2022, the group’s members displayed a knack for social engineering schemes that allowed them to steal credentials from targeted organizations and gain privileged access into their networks. * * *
- Bleeping Computer this week reported that the cyberattack against British retail giant Marks & Spencer was perpetrated by members of the group using DragonForce ransomware. Earlier this month, threat intelligence vendor Silent Push said it had observed significant threat activity, specifically phishing campaigns targeting well-known brands this year, from Chick-fil-A to Louis Vuitton.
and
- “RansomHub, an aggressive ransomware-as-a-service (RaaS) operation that gained prominence over the past year in the wake of law enforcement actions against LockBit and ALPHV, appears to have abruptly gone dark earlier this month.
- “In a new report this week that offers an in-depth look at RansomHub’s affiliate recruitment methods, negotiation tactics, and aggressive extortion strategies, researchers at Group-IB described the operation as inactive since April 1.
- “Cybercriminals associated with the operation may have migrated to the Russian-language speaking Qilin RaaS operation and are continuing their attacks under that banner, Group-IB said. The security vendor did not offer any explanation for the rapidly growing RansomHub operation’s seemingly sudden and unexpected demise — if that is indeed what it is.”

TechTarget offers a “look at the [seven] distinct stages of the ransomware lifecycle to better understand how attackers strike — and how defenders might be better able to resist.

From the cybersecurity defense front,

Cyberscoop reports
- “Leaders of various federal research agencies and departments outlined a vision Tuesday for the future of critical infrastructure security, emphasizing the promise of combining formal software development methods with large language models (LLMs).
- “Acting DARPA Director Rob McHenry told an audience at the RSAC 2025 Conference that such a combination could “virtually eliminate software vulnerabilities” across foundational system infrastructures, a departure from the traditionally accepted risks of software flaws.
- “We’ve all been trained in a world where we have to accept that there are vulnerabilities in our software, and bad guys exploit those vulnerabilities,” he said. “We try to mitigate the damage and patch them, and we go round on this merry-go-round. That technologically does not need to be true anymore.”
- “DARPA’s statements came in the context of the AI Cyber Challenge, a public-private collaboration involving industry leaders such as Google, Microsoft, Anthropic and OpenAI. The initiative tests whether advanced AI systems can identify and patch vulnerabilities in open-source software components vital to the electric grid, health care, and transportation.”
and
- “Cryptography experts say the race to fend off future quantum-computer attacks has entered a decisive but measured phase, with companies quietly replacing the internet plumbing that the majority of the industry once considered unbreakable.
- “Speaking at Cloudflare’s Trust Forward Summit on Wednesday, encryption leaders at IBM Research, Amazon Web Services and Cloudflare outlined how organizations are refitting cryptographic tools that safeguard online banking, medical data and government communications. The aim is to stay ahead of quantum machines that, once powerful enough, could decode the math protecting today’s digital traffic.
- “Over the next five to 10 years you’re going to see a Cambrian explosion of different cryptographic systems,” said Wesley Evans, a product manager for Cloudflare’s research team, referring to an evolutionary period with a rapid diversification of animal life that occurred roughly 540 million years ago.”

Dark Reading adds,
- “Each year, top SANS faculty joins the RSAC conference to present what their community of practitioners and researchers see as the most pressing challenges facing the cybersecurity community for the year to come. This year’s list of top-five threats aren’t merely technical, and tackling them will demand coordinated leadership from the very top of the organization and beyond.
- “The attack techniques outlined in the SANS RSAC 2025 keynote underscore a common theme: Cybersecurity is no longer confined to the security operations center — it’s a leadership issue that impacts every layer of the enterprise,” according to a SANS media statement. “The threats of tomorrow demand a strategic, integrated response rooted in visibility, agility, and cross-functional alignment.”

Bleeping Computer notes,
- “Microsoft has announced that all new Microsoft accounts will be “passwordless by default” to secure them against password attacks such as phishing, brute force, and credential stuffing.
- “The announcement comes after the company started rolling out updated sign-in and sign-up user experience (UX) flows for web and mobile apps in March, optimized for passwordless and passkey-first authentication.
- “As part of this simplified UX, we’re changing the default behavior for new accounts. Brand new Microsoft accounts will now be ‘passwordless by default’,” said Joy Chik, Microsoft’s President for Identity & Network Access, and Vasu Jakkal, Corporate Vice President for Microsoft Security.”

Here is a link to Dark Reading’s CISO Corner.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.