FEHBlog

Weekend update

David ErmerCongress, Rx coverage, SCOTUS, U.S. Healthcare

From Washington, DC —

  • The House of Representatives and the Senate are in session this week for floor voting and Committee business.
  • The Supreme Court has over 20 opinions to issue before it can end its October 2022 term.
  • Fierce Healthcare reports,
    • The Federal Trade Commission is building out its deep dive into the pharmacy benefit management industry yet again.
    • The agency said Thursday that it has sent an order to the group purchasing organization Emisar Pharma Services, requiring it to provide information and records pertaining to its business practices. The order follows similar missives sent to two other GPOs, Zinc Health Services and Ascent Health Services, last month.
    • Emisar negotiates rebates with drugmakers on behalf of Optum Rx, a UnitedHealth Group subsidiary and one of the three largest PBMs.
    • The FTC said its order to Emisar is “substantially similar” to those issued to Zinc and Ascent.

Fortune Well offers us advice on the following topics:

McKinsey and Company explains how to improve children’s developmental trajectories.

Washington Post columnist discusses her recent experience taking Ozempic at length.

  • “I cannot claim to have done this for my health — certainly, appearance was my primary motivation — but the health impact has been impressive. My sleep apnea had been so severe that tests showed I was waking up an alarming 54 times every hour; new testing put it in the mild range, and my sleep apnea machine has been stashed in the closet. In November 2020, my LDL cholesterol — the “bad” kind, which raises your risk of heart disease and stroke — was at 146; it was down to 133 by March 2022 and, a year later, to 120. My A1c levels, measuring blood sugar, have fallen from on the cusp of prediabetes to safely in the normal range. My blood pressure is lower, and my C-reactive protein, an indicator of cardiovascular disease, has plummeted. * * *
  • “There are two things that are important for readers to know: My response to the medication has been extraordinary, and my experience with insurance coverage has also been unusually positive. Most insurers do not currently cover medications for obesity alone. But my doctor was able to point to my risk of developing diabetes, and my insurer, thankfully, did not question the need for coverage. “Ozempic, $24.99,” the Walgreens website informs me when I look back at my prescription records. “Insurance saved you: $1,046.10.”

Cybersecurity Dive

David ErmerCybersecurity

From the cybersecurity policy front —

  • A CSO analysis reports, “Federal cyber incidents reveal challenges of implementing US National Cybersecurity Strategy. As federal government cybersecurity incidents continue to mount, the Biden administration’s National Cybersecurity Strategy should help, although experts say implementing it won’t be easy.”
    • “More than any previous administration, the Biden administration has taken a serious step forward to secure federal government infrastructure (and, by extension, the private sector through government contractor requirements) with its expansive National Cybersecurity Strategy, released in March.
    • “The strategy outlines five broad “pillars” of cybersecurity efforts that civilian agencies must meet, including approaches to defending critical infrastructure, disrupting and dismantling threat actors, shaping market forces to drive security and resilience, investing in a resilient future, and enhancing public-private operational collaboration to disrupt adversaries.
    • “But the details of how agencies should start tackling the challenges won’t be fully understood until the administration releases the strategy’s implementation guidance, which officials say could occur over the next month or so.
    • “No matter how the guidance shakes out, government agencies’ challenges in implementing the strategy will undoubtedly be significant. First off is the sheer size and complexity of the federal government.”
  • The Wall Street Journal similarly explains that while “The Biden administration’s proposal to hold software makers accountable offers a starting point, it leaves a lot of questions open.

From the cybersecurity vulnerabilities and breaches front —

  • Health IT Security tells us,
    • “Just like in years past, threat actors are leveraging ransomware, social engineering, denial of service, and basic web application attacks to disrupt operations and compromise data with great success. Verizon’s newly released 2023 Data Breach Investigations Report (DBIR) provided significant evidence of these trends through its analysis of more than 16,300 security incidents that occurred between November 1, 2021, and October 31, 2022.
    • “Of the 16,312 security incidents analyzed, 5,199 of them were confirmed data breaches. What’s more, 74 percent of all breaches involved a human element, such as social engineering, use of stolen credentials, or privilege misuse. * * *
    • “Verizon defines a “breach” as an incident that results in confirmed data disclosures to an unauthorized party, while an “incident” is a security event that compromises the integrity, availability, or confidentiality of information.
    • “Top attack patterns in healthcare included system intrusions, basic web application attacks, and miscellaneous errors, which collectively accounted for 68 percent of all healthcare breaches.
    • “The [h]ealthcare vertical is highly targeted by ransomware gangs, which results in both the loss of use of their systems—potentially with life-threatening consequences—as well as data breaches,” the report stated.”
  • Cybersecurity Dive reports (June 9)
    • “Barracuda’s email security gateway appliances, which were compromised by a zero-day vulnerability disclosed last month, need to be scrapped and replaced immediately, the company said Tuesday in an action notice.
    • “The vulnerability, CVE-2023-2868, has been actively exploited for at least eight months. Despite a series of patches issued to all appliances last month, Barracuda said, regardless of patch version level, its “remediation recommendation at this time is full replacement of the impacted ESG.”
    • “Barracuda’s decision to effectively retire all compromised ESG appliances is akin to an admission the company could not fully remove threat actor access and recover the devices for customers, according to experts.”
  • and (also June 9)
    • “Microsoft is investigating claims by an alleged hacktivist group that it launched a series of DDoS attacks that disrupted the company’s OneDrive and other Microsoft 365 services. 
    • “The company suffered a series of outages this week that impacted a range of services, including Microsoft Teams, SharePoint Online and OneDrive for Business. The OneDrive disruption was still impacting customers as of Thursday. 
    • “The group, known as Anonymous Sudan, has claimed credit for the alleged DDoS attacks and made additional threats against the company. Microsoft officials acknowledged the public claims and are working to fully restore services. 
    • “We are aware of these claims and are investigating,” a Microsoft spokesperson said via email. “We are taking the necessary steps to protect customers and ensure the stability of our services.”
  • HHS’s Health Sector Cybersecurity Coordination Center offers a PowerPoint presentation titled “Types of Cyber Threat Actors That Threaten Healthcare.”
  • Cybersecurity Dive adds
    • “Senior level corporate executives are increasingly being targeted by sophisticated cyberattacks that target their corporate and home office environments and even extend to family members, according to a study released Monday from BlackCloak and Ponemon Institute
    • “About 42% of organizations surveyed had a senior executive or an executive’s family member attacked over the past two years. The study is based on a survey of more than 550 IT security leaders. 
    • “These attacks often lead to the theft of sensitive company data, including financial information, intellectual property or other information. In one-third of these cases, hackers are reaching these executives through insecure home-office networks used during remote work.”

From the ransomware front –

  • Cybersecurity Dive informs us,
    • “Most of Dallas’ network and IT infrastructure has been restored following a ransomware attack in early May that took most of the city’s services offline and disrupted operations, the city said Monday.
    • “Our staff has worked tirelessly to restore and rebuild systems and return all systems to full functionality as quickly and securely as possible,” the city said Monday in a statement. “At this time, we are more than 90% restored, with most public-facing services restored.”
    • “Dallas previously cautioned full functionality would take weeks, and some services are still non-operational. The city’s municipal court reopened on May 30, but trials and jury duty remain canceled until further notice and library staff are still tracking item availability manually.
  • CISA and the FBI released an “Advisory on CL0P Ransomware Gang Exploiting MOVEit Vulnerability” on June 7.
    • Cyberscoop provides background on the advisory.
    • Bleeping Computer’s The Week in Ransomware” focuses on this case.
  • Security Week reports
    • “Cybersecurity firm Obsidian has observed a successful ransomware attack against Sharepoint Online (Microsoft 365) via a Microsoft Global SaaS admin account rather than the more usual route of a compromised endpoint.
    • “The attack was analyzed post-compromise when the victim employed the Obsidian product and research team to determine the finer points of the attack. In its blog account of the incident, Obsidian did not disclose the victim but believes the attacker was the group known as 0mega.”
  • and
    • “Japanese pharmaceutical giant Eisai [a developer of the new Alzheimer’s Disease drug Leqembi] this week announced that it has fallen victim to a ransomware attack that forced it to take certain systems offline.
    • “Headquartered in Tokyo, the company has manufacturing facilities in Asia, Europe, and North America and has subsidiaries on both American continents, in Asia-Pacific, Africa, and Europe. Last year, the company reported more than $5 billion in revenue.
    • “The ransomware attack, the company says in an incident notification on its website, was identified on June 3 and resulted in the encryption of multiple servers.
    • “Eisai says it immediately implemented its incident response plan, which involved taking systems offline to contain the attack, and launched an investigation.”

From the cybersecurity defenses front —

  • On June 6, “CISA, Federal Bureau of Investigation (FBI), the National Security Agency (NSA), Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Israel National Cyber Directorate (INCD) released the Guide to Securing Remote Access Software. This new joint guide is the result of a collaborative effort to provide an overview of legitimate uses of remote access software, as well as common exploitations and associated tactics, techniques, and procedures (TTPs), and how to detect and defend against malicious actors abusing this software.”  
  • ISACA discusses the increasing importance of information technology audits to Boards of Directors.
  • Security Boulevard offers ten “go-to” tips for achieving/maintaining HIPAA Security Rule compliance.
  • Help Net Security suggests twenty cybersecurity projects on GitHub you should check out.

Friday Factoids

David ErmerCMS, FDA, Federal employment benefits, Generative AI, Medicare, SDOH, U.S. Healthcare
Photo by Sincerely Media on Unsplash

From the FDA front —

  • MedPage Today tells us
    • “Lecanemab (Leqembi) showed clinical benefit in early Alzheimer’s disease in its confirmatory trial, paving the way for traditional approval of the drug, an FDA advisory committee said Friday.
    • “In a 6-0 vote, the agency’s Peripheral and Central Nervous System Drugs Advisory Committee fully backed the evidence supporting the anti-amyloid monoclonal antibody. * * *
    • “The agency is expected to make its final decision about lecanemab by July 6.
  • KFF provides a cost perspective in anticipation of FDA approval of this drug, which action is expected to trigger CMS approval for Medicare Part B coverage.

From the FEHB front, Tammy Flanagan writing in Govexec delves into FEHB and Medicare Part B coverage.

From the litigation front —

  • The Wall Street Journal reports
    • “Pharmaceutical industry giants completed a deal to pay $19 billion to states that accused them of fueling the opioid crisis, infusing more money into communities still struggling with how to address the scourge of drug use.”
    • “Most states agreed to the deal to settle agreements with manufacturers Teva and Allergan as well as pharmacy chains CVS and Walgreens. The agreement is in addition to a $26 billion so-called global settlement with drug distributors McKessonCardinal Health and AmerisourceBergen and manufacturer Johnson & Johnson. The latest settlements close lawsuits against most of the major players and brings the total income from opioid litigation that states will have to spend to about $50 billion. 
    • “The legal fight stretches back nearly a decade, when more than 3,000 lawsuits from states, Native American tribes and counties alleged the drugmakers, pharmacies and distributors played down the risk of painkillers and didn’t stem their flow. Misuse of prescription painkillers sparked a health crisis that was supercharged as fentanyl infiltrated the illicit drug supply and now claims more than 100,000 lives in the U.S. each year. 
    • “Money from the recent settlements will begin to flow to states this year. More than $3 billion from the global settlementhas already been dispersed. The funds are distributed to states based on population adjusted to account for the burden of the opioid epidemic based on deaths and people using drugs. The agreements require most of the money to be spent on abating the opioid crisis, but the parameters are broad and officials are using different strategies to spend it.”
  • KFF has created a tracker to follow the distribution of the opioid litigation settlement funds.

From the CMS front —

  • Healthcare Dive informs us,
    • “CMS is exploring programs that would pay social or community health workers to address patients’ social needs in a bid to invest more heavily in food, housing, transportation and other social determinants of health, according to agency officials.
    • “We are looking at that. For example, in maternal health, thinking about the role of doula and community health workers,” Liz Fowler, director of the Center for Medicare and Medicaid Innovation, said on Thursday during the CMS’ inaugural health equity conference.”
  • and
    • “CMS announced a new model that aims to strengthen and improve primary care, including by ensuring small and rural organizations are able to enter into value-based care arrangements. 
    • “The Making Care Primary Model will run for more than 10 years in eight states — in Colorado, Massachusetts, Minnesota, New Jersey, New Mexico, New York, North Carolina and Washington.
    • Research shows primary care is key to improving health outcomes and lowering costs. The CMS noted Medicare and Medicaid patients are often diagnosed with multiple chronic conditions, and primary care providers are charged with prevention, screening and management. But, because many patients will see multiple specialists, coordinating care can be challenging.”
  • Fierce Healthcare relates,
    • “The Department of Health and Human Services (HHS) has released a 43-drug list of the Medicare Part B prescription treatments that must repay the program for raising prices above the rate of inflation.
    • “The second quarterly list takes effect in July and is an expansion over the 20 price-capped drugs from April through June. According to HHS, the rebates could save Medicare beneficiaries taking the treatments anywhere from $1 to $449 per average dose in out-of-pocket costs.
    • “The Medicare Prescription Drug Inflation Rebate Program is a critical way to address long-term price increases by drug companies, and [the Centers for Medicare and Medicaid Services (CMS)] is continuing our work to make prescription drugs more affordable for people with Medicare,” CMS Administrator Chiquita Brooks-LaSure said in a release.
    • “The full list of prescription drugs and biological products with adjusted coinsurance amounts for July 1 to Sept. 30 is available here (PDF).
    • “Of note, CMS said the list could be adjusted before or after July 1 based on public feedback notifying the agency of any potential discrepancies, as was the case during the program’s inaugural quarter when a highly publicized list of 27 drugs was later trimmed down to 20.”

From the U.S. healthcare business front —

  • Beckers Hospital Review reports
    • “In the first quarter of 2023, 17 healthcare companies with more than $10 million in liabilities filed for Chapter 11 bankruptcy, a sharp rise compared to seven bankruptcies in the first quarter of 2022, Bloomberg Law reported June 9.
    • “High-profile bankruptcies from Envision, Invacare Corp. and Sorrento Therapeutics contributed to the numbers. The first three months of 2023 saw a slight slump in bankruptcies but remain higher than the same period a year ago.
    • “Despite the year-over-year increase, the first quarter of 2023 still had fewer healthcare bankruptcies than the fourth quarter of 2022.
    • “Once the government money ran out, once all the stimulus dollars around healthcare ran out, there was essentially going to be this backwash,” Timothy Dragelin, a healthcare director at FTI Consulting, told Bloomberg. “The fact that labor costs increased substantially—you also had the issues with supply chain and supply chain caused some disruptions.”
  • Fierce Healthcare tells us
    • “Walgreens Boots Alliance sold its remaining stake in post-acute care and infusion services company Option Care Health for $330 million.
    • “The drugstore chain announced Thursday it sold 10.8 million shares of Option Care Health and plans to use the proceeds primarily for debt paydown, continued support of the company’s strategic priorities and to help fund its healthcare-focused business initiatives, according to a press release.
    • “The transaction is another decisive action WBA is taking to unlock value and further simplify the company’s portfolio,” the company said.
    • “Back in March, Walgreens cut its stake in Option Care Health when it sold 15.5 million shares at $30.75 per share. The transaction reduced Walgreen’s ownership in the company, formerly known as Walgreens Infusion Services, from 14% to 6%, according to a Walgreens news release. “

From the generative AI front —

  • Beckers Hospital CFO Report points out the steps the Google and Microsoft are taking to integrate generative AI in healthcare systems.
  • HR Dive discusses the impact of generative AI on employers and the workplace.

Thursday Miscellany

David ErmerCMS, Congress, COVID-19 vaccine, FDA, HSA, Medical / Rx research, Medicare, Rx coverage, Telehealth
Photo by Josh Mills on Unsplash

From Washington, DC —

  • The Senate Finance Committee held a hearing today about “Consolidation and Corporate Ownership in Health Care: Trends and Impacts on Access, Quality, and Costs.”
  • Mercer Consulting informs us
    • “Two key House committees voted this week to send a series of health care bills to the House floor, including legislation to make permanent the ability of health savings account-qualifying high-deductible health plans (HSA-qualifying HDHPs) to cover telehealth and other remote care services on a predeductible basis. Originally enacted as part of the 2020 Coronavirus Aid, Relief and Economic Security (CARES) Act, this flexibility was most recently extended as part of the 2023 Consolidated Appropriations Act, and now is set to expire on Dec. 31, 2024, for calendar-year plans (later for noncalendar-year plans).”
  • “The U.S. Department of Health and Human Services (HHS) released the STI Federal Implementation Plan to detail how various agencies and departments across the federal government are taking a comprehensive approach to making meaningful and substantive progress in improving public health. This new plan builds on other key HHS actions to protect the public’s health by addressing the growing threat of sexually transmitted infections (STIs) in America.”
    • Roll Call identifies potential obstacles to implementing this plan.
  • Govexec reports
    • “As smoke from Canadian wildfires moves into the Northeast and Mid-Atlantic regions of the United States, triggering air quality warnings in several cities, the Office of Personnel Management on Thursday reminded agencies to protect the health of federal workers who ordinarily may work or commute to work amid the hazardous haze.”
      • Healthcare Dive discusses health system reactions to this problem.
        • “Hospitals in the northeastern U.S. are keeping an eye on air quality as smoke from Canadian wildfires envelops the region. Most health systems contacted by Healthcare Dive did not report significant spikes in patient volumes yet, but they said they’re continuing to monitor the situation.
        • “Millions of people live in areas currently under air quality alerts, and meteorologists say conditions may not significantly improve for a few more days.
        • “Health systems in the region are urging residents to stay indoors and use masks — particularly snug-fitting N95s — when traveling outside. Though everyone should limit their time outdoors, it’s especially important for older people, children and pregnant women as well as those with conditions like heart or lung disease or asthma, according to Kristin Fless, a pulmonologist at RWJBarnabas Health Medical Group.”
  • The Wall Street Journal relates
    • “Ashish Jha, the White House Covid-19 czar, will be leaving his post next week in the latest sign the Biden administration is confident the country is on stronger footing in its fight against the virus.
    • “Jha plans to leave June 15 and return July 1 to his previous position as dean of Brown University’s School of Public Health. He will be the last of the administration’s rotating Covid-19 czars. Instead, the director of the White House’s nascent Office of Pandemic Preparedness and Response Policy, who hasn’t been named, will advise the president and coordinate federal responses to various biological and pandemic threats.”

From the  public health front —

  • Mercer Consulting tells us
    • Our research over the past few years has tracked the ways employers are working to align employee benefit programs with their organizations’ overarching DEI goals. For Pride month, here’s a round-up of survey results relating to health and well-being benefits of particular importance to the LGBTQ+ community.
    • Here’s a link to the article.
  • The American Hospital Association reports
    • “The first data on the safety of a third mRNA COVID-19 vaccine dose among young children show that a third dose is safe for children ages 6 months to 5 years old, similar to findings for doses one and two, the Centers for Disease Control and Prevention reportedtoday, based on reports to the Vaccine Adverse Event Reporting System and v-safe voluntary smartphone health checker for use after vaccination.
    • “This study’s findings can reassure health care professionals, parents, and caregivers that a third dose of COVID-19 vaccine is safe for children ages 6 months to 5 years and can protect them from severe illness,” CDC said.
    • “While CDC recommends that all children ages 6 months through 5 years old receive at least 1 bivalent mRNA COVID-19 vaccine dose, vaccination rates among this age group have been low.”
  • Health Payer Intelligence informs us
    • “Group health insurance plan members with high healthcare spending often have one or more of the same five chronic diseases, according to a fast facts sheet from the EBRI Center for Research on Health Benefits Innovation (EBRI CRHBI).
    • “The study covered healthcare claims from 8.6 million group insurance health plan members using 2021 data from the Merative MarketScan Commercial Database. Members were 65 years of age or younger and the health plans covered a variety of types.
    • “Five conditions were very common among the group health insurance plan members with the highest healthcare spending: heart disease, respiratory conditions, musculoskeletal conditions, nervous system conditions, and skin disorders. A couple of these are among the most expensive chronic diseases in the US. They are also some of the most common comorbidities.”

From the Rx coverage front —

  • BioPharma Dive notes that tomorrow a Food and Drug Administration advisory committee will consider recommending that the FDA give full marketing approval to the Alzheimer’s drug Leqembi.
    • “A closely watched Alzheimer’s disease medicine appears to be heading toward broader approval, as documents released Wednesday show the Food and Drug Administration appears to have few concerns with it.”
  • BioPharm Dive also tells us that “After years of disappointment, cancer vaccines show new promise. Moderna presented new data at ASCO for its melanoma shot, highlighting progress with a personalized approach that’s also being pursued by BioNTech and Gritstone.”
    • “Moderna is testing its shot, mRNA-4157, together with Merck’s immunotherapy Keytruda in people with melanoma who have had their primary tumors removed. The goal of such “adjuvant” treatment is to prevent cancer from returning.
    • “In December, the company reported the two drugs reduced the relative risk of death or recurrence by 44% over Keytruda alone. The new data came from an analysis of the risk of cancer spreading to distant organs or tissues, or “distant metastasis free survival.”
    • “One-third of patients who receive Keytruda in this setting experience such spread, driving researchers’ work to come up with better options. “We know that patients with distant metastases experience more morbidity and mortality,” said Adnan Khattak, a clinical professor at Edith Cowan University in Australia, who presented the Moderna data at ASCO.
    • “In the combination trial, mRNA-4157 and Keytruda reduced the risk of distant spread or death by 65% compared to Keytruda alone.”
  • The Associated Press reports
    • “A growing shortage of common cancer treatments is forcing doctors to switch medications and delaying some care, prominent U.S. cancer centers say.
    • “The National Comprehensive Cancer Network said Wednesday that nearly all the centers it surveyed late last month were dealing with shortages of carboplatin and cisplatin, a pair of drugs used to treat a range of cancers. Some are no longer able to treat patients receiving carboplatin at the intended dose or schedule. 
    • “Dr. Kari Wisinski has had to turn to other treatments for some patients or switch the order in which people receive their drug combinations. She said she’s done that “hoping that within three months there will be a better carboplatin supply.” * * *
    • “The U.S. Food and Drug Administration has taken some steps to try to ease the chemotherapy shortage. The agency is allowing the temporary importation of some foreign-approved versions of cisplatin from factories registered with the FDA.”
  • Beckers Hospital Review adds “Seventy percent of the 20 most commonly prescribed medications from GoodRx are in shortage, according to databases from the FDA and the American Society of Health-System Pharmacists.” The article goes on to list the drugs subject to shortages.

From the Medicare front —

  • Beckers Payer Issues informs us
    • “The FDA and CMS are discussing how to handle obesity drugs in Medicare, Bloomberg Law reported June 7. 
    • “The two agencies are in talks over “what to do about obesity drugs,” FDA Commissioner Robert Califf said at the Biotechnology Innovation Organization convention in Boston. Mr. Califf’s comments indicate CMS could expand weight loss benefits, according to Bloomberg Law’s report. 
    • “New GLP-1 drugs to treat obesity and diabetes can be expensive, costing upward of $10,000 a year without insurance coverage. GLP-1 drugs, including Ozempic, Trulicity, Victoza and Mounjaro, are used to treat Type 2 diabetes. Wegovy and Saxenda are approved for weight loss.  
    • “Under current law, Medicare is prohibited from covering weight loss drugs. Drug manufacturers are lobbying Congress to require the program to pay for the drugs. Proposed legislation to pay for the drugs has stalled. 
    • “The drugs could have a big effect on Medicare Part D spending. If 10 percent of people with obesity covered by Medicare were prescribed a brand-name semaglutide, a type of GLP-1, the drug would cost Medicare $26.8 billion annually, according to a study published in the New England Journal of Medicine in March.”
  • and
    • “Medicare spending per person grew by an average of 4.6 percent annually between 2000 and 2022, according to a June 6 analysis from KFF
    • “KFF analyzed data from the 2023 Annual Report of the Boards of Trustees of the Federal Hospital Insurance and Federal Supplementary Medical Insurance Trust Funds. 
    • “KFF said the “influx of the Baby Boomer Generation added many relatively younger, healthier people to the Medicare beginning in 2011,” while the share of adults aged 80 and older enrolled in the program also continues to grow. Growth in healthcare spending is attributed to this increased volume and use of services, along with the availability of new technologies and rising prices.”
      • 2018: $13,579
      • 2019: $14,189
      • 2020: $14,373
      • 2021: $15,139
      • 2022: $15,727

Midweek update

David ErmerGenerative AI, Medical / Rx research, Mental health care, Patient safety, SDOH, U.S. Healthcare
Photo by Manasvita S on Unsplash

From Washington DC —

  • STAT News tells us,
    • “Ahead of a major Food and Drug Administration meeting on a new Alzheimer’s treatment this week, several Democratic lawmakers are ratcheting up their criticism of how the Biden administration is planning to handle a potential approval this summer.
    • “Sen. Bernie Sanders (I-Vt.), who leads the Senate’s health committee, wrote to health secretary Xavier Becerra on Wednesday asking him to ”use the full extent” of his authority to ensure Medicare doesn’t pay the list price of $26,500 for Eisai and Biogen’s Leqembi.”

From the U.S. healthcare business front —

  • Healthcare Dive informs us,
    • “The financial performance of the seven largest publicly traded U.S.-based insurers remains stable so far this year, despite “continued challenges” in the healthcare sector, according to a report out Tuesday from credit ratings agency Fitch Ratings.
    • “Though persistent staffing shortages and high inflation has been pressuring healthcare providers, the largest payers, which Fitch estimates to account for about 70% of the privately ensured U.S. population, reported a 7.7% operating EBITDA margin in the first quarter compared with 7.6% during the same period in 2022.
    • “However, the report noted that cost pressures at the provider level could impact payer and provider contract negotiations and cause premium rates to increase over the next few years, contributing to “heightened public discourse around healthcare costs for consumers.”
  • Per the Lown Institute
    • A recent New York Times investigation found that Allina Health System, a nonprofit health system in the Midwest, has been rejecting patients for appointments if they have unpaid medical bills. If patients amass at least $1,500 in medical debt three separate times, they may not be allowed to come back to a clinic or hospital until they pay up. In many cases, Allina’s electronic health record system precludes doctors from making new appointments with patients that have unpaid debt.
    • The policy, which was started in 2006, applies to patients struggling with chronic conditions like diabetes and depression, and is even applied to children. The Times heard from doctors and patients who described being unable to complete medical forms that children needed to enroll in day care or show proof of vaccination for school. Allina’s dominance in the region also means that patients who are rejected for care–especially patients in rural areas–may have trouble finding other providers. 
    • How is a nonprofit system allowed to deny needed care for patients with debt? While nonprofit hospitals are required by federal law to accept any patient for emergency care regardless of ability to pay, the same requirement doesn’t apply to non-emergency care. 
    • Because there aren’t regulations against this practice, Allina is not alone in rejecting patients with debt. According to a 2022 KFF Health News investigation of 528 hospitals sampled nationwide, 55 indicated in their written policy that they do allow deniels of non-emergency care for patients with medical debt, 22 said this is allowed but not current practice, and 85 others had no information in their policy on whether or not they do this. (Allina Health Faribault Medical Center was included in this last group, but no other Allina hospitals were included in the study). Among the hospitals that allow for care denials are within some of the largest nonprofit systems in the country, including Ascension, Indiana University Health, Cedars-Sinai Medical Center, Mayo Clinic, Trinity Health, and more.

From the healthcare research front, BioPharma Dive offers its wrap-up report on the ASCO conference held in Chicago this week.

From the SDOH front —

  • Healthcare Dive points out,
  • “Patients of color, or those on public insurance, are still at increased risk for certain adverse events compared to White patients, regardless of high hospital safety ratings, according to a report out Wednesday from the Leapfrog Group.
  • “Although higher hospital safety ratings generally correspond with fewer adverse safety events, the report found that pattern doesn’t hold true for patients of color or those on Medicare or Medicaid, who were more likely to experience adverse events after surgery, including sepsis, blood clots and respiratory failure.
  • “Rather than suggesting problems with individual hospitals, the data points to a “systemic issue impacting the quality of care for Black and Hispanic patients and those with public insurance plans,” according to the report.”

From the mental healthcare front, Health Payer Intelligence discusses six strategies that payers can use to promote behavioral health prevention, along with a strong provider network.

From the litigation front —

  • Fierce Healthcare reports
    • “A federal appeals court held a brief hearing Tuesday afternoon to hear from attorneys on both sides as it decides whether to lift a nationwide freeze on a lower court’s ruling that struck down preventive care protections in the Affordable Care Act (ACA).
    • “A panel of judges at the Fifth Circuit Court of Appeals, based in New Orleans, issued a stay on the District Court ruling while the appeals process plays out, though it could choose to lift the stay following Tuesday’s hearing. Legal experts expect a decision on the pause in short order.”
  • The FEHBlog is willing to bet the ranch that the panel will uphold the existing stay.

From the generative AI front —

  • Healthcare Dive relates
    • “Google is linking up with longtime collaborator Mayo Clinic to explore generative artificial intelligence’s applications in the hospital, the tech giant announced Wednesday morning.
    • “Mayo will use a Google Cloud tool that lets organizations create chatbots and search applications using generative AI to answer complex questions and produce summaries faster than traditional search functionalities.
    • “Mayo could improve the efficiency of clinical workflows and make it easier for clinicians and researchers to find information, Google said.”

In federal employee benefits news, Federal News Network tells us

  • “The Office of Personnel Management’s backlog of retirement claims dropped by 2,259 in May. OPM received 6,096 claims, just over 2,200 fewer than in April, which saw 8,298. OPM processed 8,355 claims, bringing down the inventory backlog to 18,125, the lowest it has been since June 2020, when it reached 17,432.
  • “OPM still has improvements to make, as the inventory backlog is more than 5,000 claims above the steady state goal of 13,000.”

Tuesday Tidbits

David ErmerMedical / Rx research, Medicare, U.S. Healthcare
Photo by Patrick Fore on Unsplash

From the public health front —

  • STAT News reports,
    • “Ten years ago, clinicians in a handful of hospitals around the United States began sequencing the genomes of apparently healthy babies, seeking to understand how the technology might turn up hidden genetic disorders that aren’t being caught by routine newborn blood testing. New research from one such trial suggests the impact of having that kind of information extends far beyond the baby whose DNA is being decoded.
    • “In a study published Monday in the American Journal of Human Genetics, researchers from Mass General Brigham and Boston Children’s Hospital reported that of the first 159 infants to undergo screening through genomic sequencing, 17 were discovered to have unanticipated mutations in disease-associated genes.
    • “Over the next three to five years, in the majority of the 17 infants’ families, these discoveries prompted parents and other relatives to get additional testing that led to uncovering the cause of diseases running through their family trees. In three cases, mothers who learned they carried a gene that drastically elevated their risks of certain cancers chose to undergo prophylactic surgeries to reduce those risks — a finding that the lead researcher says undercuts ethical objections to informing families of genetic findings even when they aren’t immediately actionable for the newborn.
    • “This is a real-world rebuttal to the prevailing notion that we should not be sharing adult-onset disease-risk variants in children,” said Robert Green, a medical geneticist at Harvard and Brigham and Women’s Hospital who leads the BabySeq study that produced the new research. “There are ethicists who say a child should not be used as a genetic canary in a coal mine — that one member of a family should not be used without their consent as the access point for a whole family, but I’d like to challenge that. Look at these mothers. We arguably saved their lives. Are you really going to put that up against a theoretical loss of autonomy at some point in the child’s future?”
  • Health Day tells us,
    • “Women who consistently adhered to mammography guidelines had better odds for survival if they were then diagnosed with breast cancer, study found.
    • “Delays in screening can contribute to being diagnosed with advanced disease.
    • “The findings were to be presented [last] Sunday at the annual meeting of the American Society of Clinical Oncology in Chicago. Findings presented at medical meetings should be considered preliminary until published in a peer-reviewed journal.
    • “There has been much debate about when to start breast cancer screening, how often screening should occur, and how many screening exams are necessary. “This study suggests that a missed breast cancer screening has consequences,” said Dr. Arif Kamal, chief patient officer for the American Cancer Society.”
  • The NIH Director discusses “Encouraging First-in-Human Results for a Promising [mRNA] HIV Vaccine.”
  • As we enter the summer months, Bloomberg Prognosis provides insights into suncreens.

From the U.S. healthcare business front —

  • STAT News and EndPoints offer fascinating interviews respectively with Susan Galbraith, head of AstraZeneca’s oncology research and development and Emma Walmsley, the Glaxo Smith Kline (GSK) chief executive officer.
  • Beckers Hospital Review ranks health systems by operating margins.
  • The Wall Street Journal examines why “a growing group of physicians are ditching medicine’s traditional career path and hitting the road as temporary doctors-for-hire.”
  • Kaiser Foundation News reports that doctors of osteopathy are filling the growing MD gap in rural areas of the U.S.
  • MedCity News reports that “Doulas — who provide physical, emotional and informational support to expectant mothers — have shown to improve maternal health outcomes, but there’s little insurance coverage of their services. That’s starting to change, however, particularly in Medicaid programs.”
  • Fierce Healthcare tells us,
    • “Evernorth has inked a strategic partnership with CarepathRx Health System Solutions that aims to boost access to specialty pharmacy care.
    • “Through the partnership, the two will provide integrated specialty pharmacy services to CHSS’ growing clientele, which includes more than 600 hospitals, health systems and physicians. This will allow these providers to diversify the ways they can support patients, according to an announcement.
    • “As part of the partnership, Evernorth will make a “significant minority investment” in CHSS that it expects to close late in the second quarter or in the third quarter of 2023.”
  • and
    • “Humana’s primary care arm opened its 250th clinic in Dallas on Tuesday, marking another milestone in the insurer’s growth in the provider space.
    • “The Medicare Advantage giant has established a multiyear effort to continue scaling CenterWell and expects to open between 30 and 50 centers per year through 2025. In addition to the senior-focused primary care clinics, CenterWell also houses Humana’s home health business, another key strategic focus, and is sister to the Conviva Care Center brand.
    • “Collectively, Humana’s Primary Care Organization cares for 266,000 seniors across its markets.
    • “The ongoing expansion cements CenterWell as one of the country’s fastest-growing providers of value-based, senior-focused care. It operates clinics in 12 states: Arizona, Florida, Georgia, Kansas, Kentucky, Louisiana, Missouri, Nevada, North Carolina, South Carolina, Tennessee and Texas.”

From the litigation front —

  • Roll Call tells us,
    • “Drugmaker Merck & Co. Inc. sued the federal government Tuesday, seeking an injunction against parts of last year’s reconciliation law that allow the Health and Human Services Department to negotiate for lower prices on [a certain subset of prescription] drugs.
    • “The lawsuit, filed in the U.S. District Court for the District of Columbia, argues that the negotiation program is “extortion” and violates the Fifth Amendment by not paying the company “just compensation” for its products.
    • “By coercing Merck to provide its drug products at government-set prices, the Program takes property for public use without just compensation in violation of the Fifth Amendment,” Robert Josephson, Merck’s executive director of global media relations, said in a statement.”
  • Beckers Payer Issues relates,
    • “A federal judge in St. Louis issued a preliminary injunction barring former Cigna executive Amy Bricker from working for CVS Health, while a lawsuit over her noncompete clause moves forward. 
    • “In the June 5 order, Judge Ronnie White said that Ms. Bricker is prohibited from providing any services to CVS Pharmacy, CVS Health, any of its entities or any other business that is “engaged in a business similar to, or that competes with, the business of Cigna.” She is also barred from disclosing Cigna trade secrets or confidential information.” 

From the miscellany / tidbits department

  • The Office of National Health Information Technology Coordinator released
    • “the draft USCDI+ Quality data element list for public comment on the eCQI Resource Center website. This release provides an initial, high-level picture of the USCDI+ initiative in action. It is a harmonized set of data elements for quality measurement that could be used to support measurement and reporting across a wide number of quality programs. ONC requests feedback on this draft list by 11:59pm ET on June 30, 2023, particularly its level of completeness, level of specificity, and the usefulness of companion guidance.
    • “The draft USCDI+ Quality is the most recent milestone for the USCDI+ initiative, which supports our federal agency partners to build on the USCDI standard adopted by ONC in 2020 and was first described in this blogfrom October 2021. The draft USCDI+ Quality includes data elements in the USCDI; however, as a core data set, the USCDI standard itself does not include each data element needed for quality measurement use cases. Through USCDI+ Quality, ONC is seeking to extend from the USCDI model to establish a consistent baseline of harmonized data elements for a wide range of CMS and other quality measurement use cases. Once mature, the USCDI+ Quality data element list can inform technical specifications and implementation guidance needed to enable more flexible, modernized, and robust approaches to standardizing and sharing data.”
  • Fierce Healthcare adds,
    • “The roughly half of American smartphone users with iPhones will notice new health and privacy features on their devices starting today.
    • “In addition to iPhones being equipped with new health features, Apple’s update will give iPad and Apple Watch users access to new tools. All three platforms will gain features that encourage healthy behaviors, reduce the risk of myopia, or nearsightedness, and provide ways to assess and address depression, according to the company. The new features were announced as part of Apple’s Worldwide Developers Conference 2023Monday.
    • “By bringing the Health app to the iPad, the tech giant hopes to inspire even more Apple users to take a proactive approach to their health.
    • “Our goal is to empower people to take charge of their own health journey. With these innovative new features, we’re expanding the comprehensive range of health and wellness tools that we offer our users across iPhone, iPad and Apple Watch,” said Sumbul Desai, M.D., Apple’s vice president of Health, in a press release. “Mental health and vision health are important, but often overlooked, and we’re excited to introduce features that offer valuable new insights to provide users with an even better understanding of their health. These insights help support users in their daily decisions and offer more informed conversations with their doctors.”

Monday Roundup

David ErmerHSA, Rx coverage, U.S. Healthcare
Photo by Sven Read on Unsplash

From the public health front —

  • The Wall Street Journal reports
    • “Doctors are coalescing around the ironic idea that for some cancer treatment, less can be better
    • Some patients with cervical and pancreatic cancer can do as well with less invasive surgery, according to research presented at the American Society of Clinical Oncology conference in Chicago over the weekend. Other studies at the annual meeting showed some patients with rectal cancer or Hodgkin lymphoma can safely get less radiation
    • “The findings expand a body of evidence doctors are using to design treatment plans that aim to reduce side effects and costs. They call the strategy de-escalation: cutting back on some therapies to improve a patient’s quality of life without hurting their odds of survival.
    • Newer treatments and tests are extending patients’ lives and moving cancer care away from a blunt, one-size-fits-all approach. On the strength of studies like those presented in Chicago, doctors are getting better at determining who needs the most aggressive care and who can get away with less treatment and less collateral damage.
  • The Journal also reminds readers that
    • “The approach of summer means warmer days, more time outside—and nagging worries about ticks. What to do if you find one on yourself?
    • “Get it off, pronto. To infect you with Lyme disease, a tick must bite and attach to your skin, typically for at least 24 hours. Take care as you remove it. In some cases, you should call your doctor after you take it off.
    • “Lyme disease is especially common in the Northeast and Midwest, transmitted by blacklegged ticks. They can transmit other pathogens that cause different diseases, too. And other types of ticks can transmit other diseases.
    • “This year, parts of the Northeast should expect a particularly bad season for tick-borne diseases, says Richard S. Ostfeld, a senior scientist at the Cary Institute of Ecosystem Studies in Millbrook, N.Y., who has been monitoring local tick populations and their hosts for 30 years.”
  • Fierce Healthcare tells us,
    • “Self-insured employers face myriad challenges in trying to manage growing healthcare costs, and one of those results from recent history, according to a survey by the National Alliance of Healthcare Purchaser Coalitions (NAHPC).
    • “Employers are seeing a rise in high-cost claims for younger plan members, with $1 million+ claims disproportionately weighted toward this demographic,” the NAHPC survey said. “The top conditions for these claims include cancer, prenatal/neonatal care, and treatment for COVID-19/long COVID.”
    • “The NAHPC survey is based on input from the Alabama Employer Health Consortium, the Dallas Fort-Worth Business Group on Health, HealthCareTN and the Nevada Business Group on Health. NAHPC and affiliated organizations represent 45 million Americans who spend over $400 billion annually on healthcare. 
    • “The employers’ concerns come from a pre-survey of 39 firms that was conducted in October and November 2022 and a series of roundtables that NAHPC held with 50 employers conducted in November 2022.

From the Rx coverage front —

  • BioPharma Dive informs us,
    • “Johnson & Johnson expects its cancer cell therapy Carvykti to become a go-to option for treating multiple myeloma earlier, presenting Monday a fuller look at clinical trial results that show the therapy substantially outperformed the current standard.
    • “In the trial, Carvykti reduced the risk of disease progression or death by 74% versus one of two commonly used drug combinations in patients for whom a mainstay medicine called Revlimid no longer works. According to J&J, it’s the largest relative risk reduction to be reported in a Phase 3 study of a treatment for the blood cancer.”
  • Medscape relates,
    • “Patients with a certain type of brain tumor could soon be treated with an oral targeted drug instead of undergoing more toxic chemotherapy and radiation, say researchers reporting new results that could potentially change the treatment landscape.
    • “The investigational drug vorasidenib (Servier) is awaiting approval for use in gliomas bearing mutations in isocitrate dehydrogenase 1 and 2 (IDH1, IDH2).
    • “Results from the pivotal phase 3 INDIGO trial show that the drug was associated with a significant delay in time to disease progression when compared with placebo.  
    • “The median progression-free survival (PFS) was 27.7 months for patients on vorasidenib, compared with 11.1 months for patients assigned to placebo (hazard ratio (HR) for progression or death with vorasidenib of 0.39 (P < .0001).”
  • BioPharma Dive adds,
    • “Wedged into the surface of a tumor cell, the protein called HER2 acts as a homing beacon for some of the most potent cancer medicines developed. Its discovery decades ago, and abnormal abundance in some breast cancers, led to the development of targeted drugs like Herceptin that have greatly improved patient care.
    • “Results from an exploratory clinical trial unveiled Monday suggest targeting HER2 could also be a useful strategy against other cancers that are not as widely associated with the protein.
    • “The findings, which will be presented at the American Society of Clinical Oncology’s annual meeting in Chicago, show that a newer HER2-targeting drug called Enhertu shrank tumors of the uterus, cervix, ovaries, bladder and, to a lesser extent, bile duct. In this way, they’re another data point in a yearslong shift toward describing cancers by their genetics, rather than only by their location in the body.
    • “Developed by AstraZeneca and Daiichi Sankyo, Enhertu is different from drugs like Herceptin, which interfere with how HER2 incites tumor growth. Instead, Enhertu combines a targeting molecule aimed at HER2 with a cell-killing toxin in a biochemical assemblage known as an antibody-drug conjugate.
    • “The reason why this [result] is exciting is that the tumor doesn’t have to be addicted to HER2 to respond to this therapy,” said Angela DeMichele, a medical oncologist at Penn Medicine. “The HER2 in this case is acting as a docking station for delivery of the chemotherapy.”
  • The Institute for Clinical and Economic Research proposed today
    • “a set of changes to its methods and processes for conducting value assessments, beginning in 2024. These proposals are based on ICER’s experience in methods development for health technology assessment (HTA) reports in the US, benchmarking with HTA agencies around the world, and input from stakeholders across the US health system. ICER is accepting public comment on these proposals through June 30, 2023.
    • “Areas with proposed changes include:
      • “Clinical trial diversity ratings and other methods adaptations related to health equity.
      • “Cost-effectiveness scenarios related to potential effects of Medicare drug price negotiation.
      • “New methods to ensure that cost-effectiveness analyses done according to a modified societal perspective have “non-zero” inputs for impacts on productivity for the patient and caregivers, even when direct data are lacking.”

From the U.S. healthcare business front —

  • Fierce Healthcare reports
    • “The home health bidding wars are heating up as UnitedHealth Group’s Optum unit is making a big play for home health and hospice firm Amedisys.
    • “Just one month ago, Amedisys agreed to be bought by another healthcare company, Option Care Health, a provider of post-acute care and infusion services. That deal valued Amedisys at $3.6 billion. That deal was expected to close in the second half of 2023.
    • “Optum has made an all-cash offer of $100 per share to Amedisys’ board of directors, the healthcare behemoth announced Monday morning. The deal represents a “superior proposal for Amedisys shareholders, with price certainty at a 26% premium over most recent share price,” Optum executives said. According to news reports, the deal is valued at $3.26 billion
    • “Option Care Health proposed last month to buy the company for roughly $97.38 per share.
    • “On May 27, 2023, the Board determined that the unsolicited proposal received from Optum could reasonably be expected to result in an ‘Amedisys Superior Proposal’ as defined in Amedisys’ merger agreement with Option Care Health,” Amedisys wrote in a filing with the Securities and Exchange Commission (SEC). “As permitted by the terms of Amedisys’ merger agreement with Option Care Health, Amedisys entered into a confidentiality agreement with Optum on May 30, 2023, and is currently engaging in exploratory discussions with Optum with respect to Optum’s proposal.”

From the plan design front —

  • Govexec encourages federal and postal employees to consider a high deductible health plan with a health savings account for 2024. Although the Govexec headline is directed at federal and postal employees under age 65 also can take advantage of health savings accounts.
    • “Once you turn 55, you’ll be able to contribute an additional $1,000 per year as a “catch-up” contribution on top of the normal contribution maximum.
    • “Once you turn 65, a big change with your HSA takes place: You’re allowed to make non-medical distributions and only pay your regular tax obligations. Prior to age 65, non-medical distributions would create a 20% income-tax penalty on top of your normal taxes. This change gives you more flexibility on how to use your HSA funds, including as supplemental retirement income.
    • “There are other healthcare-related qualified expenses that you can choose to use your HSA for in retirement and pay no taxes on. The premium for long-term care insurance, which pays for nursing homes and assisted living centers, is a qualified expense, as are Medicare Part B and D premiums both for you and a spouse.”

 

Weekend update

David ErmerCongress, SCOTUS, U.S. Healthcare
Photo by Dane Deaner on Unsplash

From Washington, DC —

  • The Wall Street Journal reports
    • “President Biden signed into law bipartisan legislation that suspends the $31.4 trillion debt ceiling, narrowly avoiding an unprecedented U.S. default that could have pushed the economy into a recession and touched off a financial crisis.
    • “The president signed the bill on Saturday afternoon, just two days before the government was set to run out of money to pay all of its bills, according to Treasury Department estimates.
    • “The legislation’s enactment caps weeks of tense negotiations between the White House and House Republicans that were spurred by GOP lawmakers’ demands to cut spending in exchange for raising the nation’s borrowing limit.
    • “The Fiscal Responsibility Act suspends the debt ceiling through Jan. 1, 2025, pushing the issue beyond the 2024 elections, in exchange for cuts in unspecified domestic programs and a 3% cap on increases for military spending in fiscal 2024.
    • “It provides $45 billion for a recently created program expanding coverage for veterans exposed to toxic burn pits, formally ends a three-year freeze on student-loan payments, expedites large-scale energy and infrastructure projects and raises to 54 the age at which able-bodied, low-income adults without dependents must work to receive food aid.”
  • The Supreme Court will continue to issue opinions from its October 2022 term. The Supreme Court now releases opinions on Thursdays, instead of Mondays.

From the miscellany front —

  • NPR Shots reports that “Vaccination and awareness could help keep mpox in check this summer.”
  • Health Payer Intelligence informs us
    • “After engaging in a free program provided by Capital Blue Cross (Capital), type 2 diabetes patients experienced a variety of health improvements along with noticeable financial benefits, according to a press release that HealthPayerIntelligence received by email.
    • “According to the Centers for Disease Control and Prevention (CDC), about 37 million people in the US have diabetes, accounting for 11 percent of the population. The CDC also noted that about 1 in 3 Americans will develop diabetes at some point during life.
    • “However, in 2021, Capital [which serves central Pennsylvania] began providing a program that aimed to lessen the effects of type 2 diabetes. Along with this, the insurer launched a program that aimed to lessen the risk of developing the disease, while helping those with the disease handle its effects.
    • “According to a Capital update released earlier this month, the program has led to various positive effects.”
  • HR Dive tells us
    • “Employees who take Family and Medical Leave Act leave in partial or intermittent increments during a week may not have holidays that fall during the same week counted against their FMLA leave, U.S. Department of Labor Principal Deputy Administrator Jessica Looman wrote in an opinion letter May 30. 
    • “On the other hand, if an employee uses a full workweek of FMLA leave during a week that includes a holiday, that holiday counts against their FMLA leave allotment, she said.
    • “This method of counting holidays is not a change from past provisions, Looman clarified, saying the department has used the same approach since the first publication of its FMLA regulations in 1995.”

Cybersecurity Saturday

David ErmerCybersecurity

From the cybersecurity policy front —

  • The Wall Street Journal reports,
    • “Companies shouldn’t wait for new rules around cybersecurity, privacy and emerging technologies to be finalized before preparing for them, lawyers say, particularly as senior executives with the right experience can be hard to come by.
    • “Proposed cybersecurity rules from the Securities and Exchange Commission would require public companies to disclose which board members have security knowledge or experience, along with details about the board’s approach to cyber oversight. The SEC published draft rules in March 2022 and is expected to finalize them in the coming months.” 
  • Nextgov tells us,
    • A federal council tasked with harmonizing future cyber incident reporting requirements is set to release proposed recommendations on how to develop an incident-reporting framework across key agencies and regulatory bodies, according to the chair of the council.
    • Department of Homeland Security Under Secretary for Policy Robert Silvers said the Cyber Incident Reporting Council is expecting to submit its report to Congress “in the next month or two” during a panel discussion Thursday at the Center for Strategic and International Studies, a nonprofit think tank.
    • The council was established under the Cyber Incident Reporting for Critical Infrastructure Act last year with the goal of minimizing industry burden while ensuring timely awareness of cyber incidents impacting critical infrastructure sectors across all required federal components. 
    • The Cybersecurity and Infrastructure Security Agency is currently developing regulations as required under the law for critical infrastructure owners and operators to report cyber incidents within 72 hours and has led a series of listening sessions with sector-specific industries to aid its rule-making process. 
    • “CISA is considering the inputs received through these consultations as we develop the proposed regulations and look for ways to harmonize CIRCIA’s requirements with other existing cyber incident reporting regulatory requirements,” CISA’s Executive Director Brandon Wales wrote in a March blog post reflecting on his agency’s implementation of the bill a year after it was signed into law. 
    • CISA also issued a request for information from key stakeholders on the proposed regulations and said it was specifically interested in “definitions for and interpretations of the terminology to be used in the proposed regulations, as well as the form, manner, content and procedures for submission of reports required under CIRCIA.”

From the cybersecurity reports front —

  • The OPM Inspector General released its latest semi-annual report to Congress. That report includes a section on cybersecurity audits of FEHB plans.
  • The National Institutes of Standards and Technology issued its Fiscal Year 2022 Cybersecurity and Privacy Annual Report.

From the cybersecurity vulnerabilities front —

  • Cybersecurity Dive reports
    • “A zero-day vulnerability first disclosed by Barracuda last week was actively exploited up to seven months ago, the security vendor said in an updated incident report Tuesday [May 30].
    • “The sizable time gap between the first known active exploitation of CVE-2023-2868 in October and Barracuda’s disclosure increases the potential for widespread compromise for customers using the security vendor’s email security gateway appliances.
    • “Malware was identified on a subset of appliances allowing for persistent backdoor access,” the company said. Data exfiltration was also identified on a subset of impacted appliances.
    • “Barracuda did not respond to questions about how many customers use its ESG appliances nor how many customers are potentially compromised and had data stolen.”
  • On June 2, 2023, HHS’s health sector Cybersecurity Coordination Center issued a sector alert titled “Healthcare Sector Potentially at Risk from Critical Vulnerability in MOVEit Transfer Software.”
    • “On May 31, 2023, Progress Software (formerly IPSwitch) published a notification disclosing that a critical vulnerability exists in their MOVEit Transfer software, which could result in unauthorized access and privilege escalation. The vulnerability is a SQL injection flaw that allows for escalated privileges and potential unauthorized access. As of May 31, 2023, the vulnerability does not have a CVE. File transfer solutions are frequently targeted by multiple threat actors, including ransomware groups. Progress Software has yet to report any attempts of extortion due to exposure to the vulnerability, nor is there any attribution to any specific threat actors. However, the exploitation is very similar to the January 2023 mass exploitation of a GoAnywhere MFT zero-day and the December 2020 zero-day exploitation of Accellion FTA servers. Both of these products are managed on file transfer platforms that were heavily exploited by the Clop ransomware gang to steal data and extort organizations.”
    • The Cybersecurity and Infrastructure Security Agency (CISA) released a corollary alert.
      • “Progress Software has released a security advisory for a SQL injection vulnerability (CVE-2023-34362) in MOVEit Transfer—a Managed File Transfer Software. A cyber threat actor could exploit this vulnerability to take over an affected system.
      • “CISA urges users and organizations to review the MOVEit Transfer Advisory, follow the mitigation steps, apply the necessary updates, and hunt for any malicious activity.”
  • CISA announced on May 31, 2023, adding one more known exploited vulnerability to its catalog and another on June 2, 2023.

From the ransomware front, we have Bleeping Computer’s The Week in Ransomware.

  • “There have been rumors for weeks that Royal ransomware was rebranding to a new ransomware operation called BlackSuit. This week, Trend Micro analyzed encryptors from both operations and said they share very strong similarities.
  • “While this is not a strong enough link, the attack on Dallas may have put the Royal ransomware operation in the crosshairs, scaring them into a rebrand.
  • “Finally, IBM released a report about BlackCat/ALPHV’s new ‘Sphynx’ encryptor and other tools used by the operation that is a worthwhile read.”

From the cybersecurity defenses front —

  • The Wall Street Journal reports
    • “Retail giant Walmart said artificial intelligence is helping it to make sense of the data its security systems generate and to spot patterns that its analysts might miss. Generative AI systems like ChatGPT might enhance that ability further.
    • “Rob Duhart, Walmart’s deputy chief information security officer, said the sheer amount of information the company handles means that some form of automation is essential.
    • “There’s scale, and then there’s Walmart scale,” he said, speaking at the WSJ Pro Cybersecurity Forum held virtually Wednesday.
    • “With around 10,500 stores globally and 2.3 million employees, the company scans around 11 billion lines of code each year, Duhart said. Its cybersecurity tools generate around 6 trillion data points annually, and it blocks 8.5 billion malicious bots a month.
    • “Walmart has developed a number of AI tools in-house, given that off-the-shelf products typically can’t handle the vast body of data it needs to analyze, Duhart said. It’s also a problem for human analysts, who can’t comb through the information they need quickly enough.”
  • Health IT Security adds
    • “With recent economic trends pointing toward a recession, companies are bracing for the downturn and slashing resources in anticipation of financial turmoil.  
    • “Yet, cybersecurity budgets remain resilient. A recent survey revealed that most IT security decision-makers, including those in healthcare, have ramped up their 2023 cybersecurity spending to strengthen programs. 
    • “Nuspire’s Second Annual CISO Research Report on Challenges and Buying Trends surveyed 200 CISOs across various sectors. The results showed that 58 percent had increased their budgets in 2023, with 42 percent planning to pour more even funding into cybersecurity within the following year. 
    • “This uptick in budget allocation speaks volumes as leaders recognize the importance of a strong landscape
    • “As we’ve seen in previous years, the current economic conditions have shown how resilient cybersecurity budgets are in the face of business cost reductions,” said Lewie Dunsworth, CEO of Nuspire.”

Friday Factoids

David ErmerCDC, COVID-19, FDA, Medical / Rx research
Photo by Sincerely Media on Unsplash

From Washington, DC —

  • Healthcare Finance tells us,
    • “On Tuesday, the American Medical Association, the Institute for Healthcare Improvement (IHI) and Race Forward officially launched Rise to Health, a call to action for providers, payers, pharma and professional societies to make health equity a priority.
    • “Rise to Health will have enforcement teeth in the form of establishing a set of measures across numerous participants.
    • “That’s what we are observing as a critical defining difference,” said IHI president and CEO Dr. Kedar Mate. 
    • “Dr. Aletha Maybank, AMA chief health equity officer and senior vice president called it “collective accountability.”
    • “We need data measurement,” Maybank said. “There’s a whole measurement component, with input from different folks.”
    • Rise to Health: A National Coalition for Equity in Health Care has been in the works for about two years. Its ten founders include the AMA, American Hospital Association and AHIP.”
  • The American Hospital Association reports,
    • “The FDA today told AHA that is has worked with Qilu Pharmaceuticals and Apotex Corp. to temporarily import cisplatin, a drug used in chemotherapy, after a national shortage. FDA said it is carefully assessing the overseas product for quality to ensure it is safe for U.S. patients. The agency issued a “Dear Health Care Provider” letter with details and updated its drug shortage database with more information.”

From the public health front —

  • US News and World Report informs us,
    • “Almost all Americans have some level of immunity against COVID-19 through vaccination, previous infection or both, suggests new research from the Centers for Disease Control and Prevention.
    • “The study, which was published Thursday, tested blood donations from people ages 16 years and older for antibodies against the coronavirus from July through September 2022.
    • “It found that 96% of people had antibodies by last fall. About 23% were from infection alone and 26% were from vaccination alone. Nearly 48% had hybrid immunity – a number that’s only expected to grow as the coronavirus continues to circulate.
    • “Hybrid immunity, or the combination of protection from vaccination and infection, is believed to be higher and longer lasting than protection from either source on its own.
    • “This increase in seroprevalence, including hybrid immunity, is likely contributing to lower rates of severe disease and death from COVID-19 in 2022–2023 than during the early pandemic,” the authors wrote.”
  • The American Hospital Association relates,
    • “The Centers for Disease Control and Prevention is following up on a previous alert of an outbreak of suspected fungal meningitis in Texas, which is now significantly expanded to multiple states. A total of 212 residents in 25 U.S. states and jurisdictions have been identified who might be at risk of fungal meningitis because they received epidural anesthesia at clinics in Matamoros, Mexico, during cosmetic procedures.
    • The CDC is urging all patients, including those without symptoms, who underwent medical or surgical procedures under epidural anesthesia at River Side Surgical Center or Clinica K-3 in Matamoros, Mexico, since Jan. 1, 2023, should be evaluated for fungal meningitis as soon as possible. Health care providers should immediately report possible fungal meningitis cases possibly related to this outbreak to their state or local health department.” 
  • Health Day points out,
    • “The number of American women who have diabetes when they become pregnant has increased dramatically over five years, health officials reported Wednesday. 
    • “Between 2016 and 2021, the rate of pregnancy among diabetic women has risen 27%, from about 9 per 1,000 births to 11 per 1,000 births, according to the report from the U.S. Centers for Disease Control and Prevention. 
    • “Primary reasons for this increase are most likely the ongoing obesity epidemic and the fact that more older women are having children.”
  • The Wall Street Journal offers an essay discussing why are our knees are so easy to injure.

From the research front, BioPharma Dive reports,

  • A targeted drug from Novartis reduced the risk of breast cancer returning by 25% versus standard treatment when used after surgery in people vulnerable to a relapse, according to clinical trial data released Friday.
  • The findings, which will be presented at the American Society of Clinical Oncology’s annual meeting in Chicago, give Novartis a chance at Food and Drug Administration approval for its drug in this so-called adjuvant setting. A competing therapy from Eli Lilly won a similar OK a year and a half ago.
  • Novartis announced in March that the trial, called NATALEE, had succeeded, but didn’t disclose details. The full findings now released give breast cancer doctors an opportunity to evaluate how the drug, known as ribociclib and sold as Kisqali, might fit in treatment.