FEHBlog

Weekend Update

David ErmerCDC, CMS, Congress, FDA, Medical / Rx research, OPM, Telehealth
Texas bluebonnets now blooming in central Texas

From Washington, DC,

  • On April 3, 2025, at 10 am, ET, the Senate Homeland Security and Governmental Affairs Committee will hold a confirmation hearing for Scott Kupor, the President’s nominee for the position of OPM Director. The FEHBlog looks forward to Mr. Kupor’s confirmation.
  • Fierce Healthcare reports,
    • “Over three dozen healthcare associations and organizations penned a letter this week calling on House and Senate leaders for action on a bill bolstering foreign-born physician recruitment to underserved regions.
    • “The letters—which include the American Medical Association, the American Hospital Association and the Association of American Medical Colleges as signatories—speak to the Conrad 30 Waiver Program and its role in alleviating the nation’s worsening clinical workforce shortage.
    • “It allows foreign students who come to the U.S. for medical training immediately begin practicing in the U.S. by foregoing visa requirements that would force them to return to their home country for at least two years. In exchange, program participants are required to work full-time for at least three years in a medically underserved community.” * * *
    • “A pair of bills introduced in the House and Senate late last month and referred to their respective judiciary committees would reauthorize and “make necessary updates to strengthen the program,” the groups said.”
  • CMS is holding a virtual town hall meeting on April 30, 2025, from 10 am to 3 pm ET “for clinicians and researchers as well as other interested parties, such as patient advocacy organizations, patients, and caregivers, to share input relevant to the clinical considerations related to drugs selected for the second cycle of negotiations [under the Inflation Reduction Act].”

From the judicial front,

  • Govexec reports,
    • “President Trump can once again fire a key appointee who hears appeals of firings and suspensions of federal employees, putting the board on which she sits at risk of losing its functionality as the administration is pushing out large swaths of the federal workforce. 
    • “Cathy Harris, a Democrat nominated to the Merit Systems Protection Board by President Biden, was fired by Trump last month but quickly won reinstatement from a district judge. On Friday, a panel on the U.S. Court of Appeals for the D.C. Circuit in a 2-1 decision paused the lower court’s decision and said Trump could fire Harris. 
    • “The decision also applied to Gwynne Wilcox, a member of the National Labor Relations Board who Trump had fired, and a district court also reinstated. 
    • “If Harris is removed, MSPB would be left without a quorum. From 2017 to 2022, the board also lacked a quorum, which created a 3,500-case backlog that was only just recently eliminated. Due to an interim final rule established that same year, MSPB can conduct some actions without a quorum, though it cannot issue final decisions appealed to its central board.
    • “Zac Kurz, an MSPB spokesman, confirmed Friday evening that that the central board no longer has a quorum. While regional administrative judges can still issue initial rulings, the central board can no longer hear appeals of those rulings.”  

From the public health and medical research front,

  • The New York Times reports,
    • “As many as one in five people — an estimated 64 million in the United States — have elevated levels of a tiny particle in their blood. It can greatly increase the risk of heart attacks and strokes.
    • “But few know about it, and almost no doctors test for it, because there was not much to be done. Diet does not help. Neither does exercise. There have been no drugs.
    • “But in the near future, that may change.
    • “On Sunday [today], cardiologists announced that an experimental drug made by Eli Lilly, lepodisiran, could lower levels of the particle, Lp(a), by 94 percent with a single injection. The effects lasted for six months and there were no significant side effects.
    • “But it is not yet confirmed that reducing Lp(a) levels also reduces the risk of heart attacks and strokes. That awaits large clinical trials that are now underway.
    • “The Lilly research was presented Sunday at the annual meeting of the American College of Cardiology and simultaneously published in the New England Journal of Medicine. At least four other companies are also testing innovative drugs that block the body’s production of Lp(a), a mix of lipids and a protein.
    • “Dr. David Maron, a preventive cardiologist at Stanford not involved in the Lilly research, said the evidence of profound and long-lasting reduction in lipoprotein levels with lepodisiran was “thrilling.”
    • “Dr. Martha Gulati, a preventive cardiologist at Cedars-Sinai Medical Center also not involved in the trial, said the study was “really elegant.”
  • and
    • “Many people use a smartwatch to monitor their cardiovascular health, often by counting the number of steps they take over the course of their day or recording their average daily heart rate. Now, researchers are proposing an enhanced metric, which combines the two using basic math: Divide your average daily heart rate by your daily average number of steps.
    • “The resulting ratio — the daily heart rate per step, or DHRPS — provides insight into how efficiently the heart is working, according to a study conducted by researchers at the Feinberg School of Medicine at Northwestern University and published today in the Journal of the American Heart Association.
    • “The study found that people whose hearts work less efficiently, by this metric, were more prone to various diseases, including Type II diabetes, hypertension, heart failure, stroke, coronary atherosclerosis and myocardial infarction.
    • “It’s a measure of inefficiency,” said Zhanlin Chen, a third-year medical student at the Feinberg School of Medicine at Northwestern University and lead author of the new study; his coauthors included several Feinberg faculty physicians. “It looks at how badly your heart is doing,” he added. “You’re just going to have to do a tiny bit of math.”
  • NPR Shots tells us,
    • “As a measles outbreak in West Texas and New Mexico continues to grow, and other states report outbreaks of their own, some pediatricians across the U.S. say they are seeing a new trend among concerned parents: vaccine enthusiasm.
    • “Our call center was inundated with calls about the MMR [measles, mumps, rubella] vaccine,” says Dr. Shannon Fox-Levine, a pediatrician in Broward County, Fla. She says parents are asking if their child is up to date on their vaccinations. Or “should they get another vaccine? Should they get an extra one? Can they get it early?” * * *
    • “Interest in vaccinations has ramped up ahead of the spring break travel season, says Dr. Susan Sirota, a primary care pediatrician in the Chicago area.
    • “We have many patients calling us because they are traveling to either Texas or places near Texas, or states where they suspect that vaccination rates are lower than we have in Illinois,” Sirota says. “Many families are requesting early MMR [vaccines].” 
  • MedPage Today lets us know, “Transcatheter aortic valve replacement (TAVR) continued to hold its own against surgery for younger patients at low surgical risk, with the Evolut Low Risk trial now halfway to its goal of 10-year follow-up.”
  • Per Medscape,
    • “GSK said on Tuesday that it is studying a group of more than a million older adults in the UK to examine whether its best-selling shingles vaccine lowers the risk of dementia.
    • “The British drugmaker is using the health data of some 1.4 million people, aged 65 to 66, some of whom received its Shingrix shot and some who did not. 
    • “GSK’s chief scientific officer Tony Wood said the data, from the state-run National Health Service’s (NHS) large database, is a unique set of information because due to a tweak in the UK’s shingles immunization program there is effectively a naturally randomized trial already taking place.”
  • and
    • “High-dose oral cholecalciferol (vitamin D3) supplementation significantly reduced disease activity in patients with clinically isolated syndrome (CIS) suggestive of multiple sclerosis (MS) in the randomized, controlled D-Lay MS trial.
    • “Combined with data from previous studies on vitamin D as an add-on therapy, the results of the D-Lay MS trial, which show a stronger effect of vitamin D in patients with vitamin D deficiency compared to others, strongly suggest that patients with vitamin D deficiency should be supplemented, regardless of whether they are already under disease-modifying therapy,” Eric Thouvenot, MD, PhD, University Hospital of Nimes, Neurology Department, Nîmes, France, told Medscape Medical News.
    • “The study was published online on March 10 in JAMA.” 

From the U.S. healthcare business front,

  • Modern Healthcare reports,
    • “Health Care Service Corp. was limited to selling Blue Cross and Blue Shield policies, including Medicare Advantage plans, in Illinois, Montana, New Mexico, Oklahoma and Texas before the deal.
    • “After the Cigna acquisition, Health Care Service Corp. has a much bigger footprint and can offer Medicare Advantage in 25 more states and the District of Columbia, Part D nationally, and Medigap in 48 states and the District of Columbia. The insurer now counts 830,000 Medicare Advantage members, about four times as many as prior to the Cigna purchase.” * * *
    • “Moving up a weight class means facing dominant for-profit Medicare Advantage carriers such as UnitedHealth Group subsidiary UnitedHealthcare, Humana and CVS Health subsidiary Aetna head on. Those three insurers collectively cover 57% of Medicare Advantage enrollees, according to an analysis of Centers for Medicare and Medicaid Services data the investment bank Stephens published in February.”
  • Beckers Payer Issues adds,
    • “Moody’s has downgraded Health Care Service Corporation’s insurance financial strength rating to A3 from A2 following the company’s acquisition of Cigna’s Medicare business on March 19.
    • “Moody’s cited likely challenges with the integration of the MA business into the company’s primarily commercial insurance operations, along with ongoing headwinds within the MA industry more broadly.  
    • “Another concern is the limited experience the company has with making and integrating major acquisitions in the recent past,” analysts wrote. “The company expects to invest an estimated $1 billion over the next two years into updating systems and for working capital to ensure its success, but this may prove to be insufficient.”
  • Kauffman Hall explains how health systems can create a sustainable approach to corporate shared services.

Cybersecurity Saturday

David ErmerCybersecurity

From the cybersecurity policy and law enforcement front,

  • The American Hospital Association tells us,
    • The Trump Administration March 28 announced that it renewed for one year the public emergency for ongoing malicious cyber-enabled activities against the U.S. The national emergency was first issued in April 2015.”
  • Cyberscoop tells us,
    • “Many cyber experts are panning a new Trump administration executive order that would shift more responsibilities for responding to cyberattacks to state and local governments, saying it will leave states holding the bag for a job they aren’t best equipped to handle.
    • “The executive order, issued last week, is entitled “Achieving Efficiency Through State and Local Preparedness.” Its stated purpose is to improve defenses against cyberattacks and other risks, but many expect it will do the opposite.
    • “Federal policy must rightly recognize that preparedness is most effectively owned and managed at the State, local, and even individual levels, supported by a competent, accessible, and efficient Federal Government,” it reads. “Citizens are the immediate beneficiaries of sound local decisions and investments designed to address risks, including cyber attacks, wildfires, hurricanes, and space weather.”
    • “A number of cyber experts said it was a misguided document, sometimes in harsh terms, especially as it pertains to where they believe responsibilities should be assigned.”
  • Indiana University Professor Scott Shackleford, writing in the Wall Street Journal, offers ideas five federal cybersecurity reforms:
    • “The U.S. is spending more than ever on cybersecurity yet cyberattacks continue to proliferate.
    • “According to McKinsey, global losses to cyberattacks could exceed $10.5 trillion this year, a 300% increase from 2015 and an amount larger than the economies of Germany and Japan combined.
    • “I believe a new approach is needed—one in which the federal government plays a more assertive role.
    • “For at least two decades, U.S. cybersecurity policy has been stuck in a pattern of incremental tweaks focused on the same basic ideas—encouraging voluntary industry cooperation, offering information-sharing partnerships and establishing new bureaucratic offices. It isn’t working. We need bold changes, the most important of which is treating cybersecurity as a public good akin to national security and public safety.” 
  • FCW/NextGov informs us,
    • “The General Services Administration launched FedRAMP 20x Monday, an effort it is pursuing with industry to use more automation and cut red tape around the government’s cloud security assessment and authorization program. 
    • “The Federal Risk and Authorization Management Program, or FedRAMP, is used to ensure services offered by cloud providers meet certain cybersecurity requirements before government agencies can use them.
    • “Our partnership with the commercial cloud industry needs serious improvement. Strengthening this relationship will help us fulfill our commitment to cutting waste and adopting the best available technologies to modernize the government’s aging IT infrastructure,” Stephen Ehikian, acting administrator of the General Services Administration, which runs FedRAMP, said in a statement. “FedRAMP 20x will give agencies access to the latest technology now — not months or years down the road.”
  • Security Boulevard summarizes public comments on the proposed HIPAA Security Rule amendments and discusses next steps. The public comment deadline was March 7.
  • Bleeping Computer points out,
    • “The U.S. Department of Justice (DOJ) has seized over $8.2 million worth of USDT (Tether) cryptocurrency that was stolen via ‘romance baiting’ scams.
    • “Previously referred to as ‘pig butchering,’ in this type of financial fraud victims are manipulated into making investments on fraudulent websites/apps that showcase massive returns.”

From the cybersecurity vulnerabilities and breaches front,

  • Security Week lets us know,
    • “The National Institute of Standards and Technology (NIST) is still struggling to clear the growing backlog of CVEs in the official national vulnerability database and the problem will only get worse this year.
    • “That’s the gist of a fresh NIST update with an admission that the current pace of processing vulnerabilities is simply not enough to keep up with the surge in submissions.
    • “According to the update, while the National Vulnerability Database (NVD) is processing incoming CVEs at the same rate as before the slowdown in spring and early summer 2024, a 32 percent jump in submissions last year means that the backlog continues to grow.
    • “We anticipate that the rate of submissions will continue to increase in 2025,” the institute said, noting that it is exploring the use of AI and machine learning to automate certain processing tasks.”
  • The Cybersecurity and Infrastructure Security Agency added five known vulnerabilities to it catalog this week.
  • March 24, 2025
    • CVE-2025-30154 review dog action-setup GitHub Action Embedded Malicious Code Vulnerability
  • March 26, 2025
    • CVE-2019-9874 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
    • CVE-2019-9875 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
      • Security Affairs discusses the March 24 and 26 KVEs here.
  • March 27, 2025
    • CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
      • Bleeping Computer discusses a fix to this KVE here.
  • Cybersecurity Dive reports yesterday,
    • “Information security firms are taking measures to protect customers and their own networks as they wait for official guidance following claims of a massive attack against Oracle Cloud. 
    • “A threat actor last week claimed to have stolen 6 million data records, including user credentials, from Oracle Cloud, which could affect more than 140,000 customers. After initially releasing strong denials, Oracle has been silent this week, while security researchers have compiled evidence backing claims of an actual attack.” * * *
    • “Orca Security said it was initially skeptical of the reported breach and has not seen any confirmation that the hacker obtained user credentials. However, the firm did not consider Oracle’s initial denials to be fully transparent.
    • “We still believe that the risk outweighs our skepticism and that organizations should take immediate action to rotate credentials and otherwise protect their Oracle Cloud tenants as appropriate,” Neil Carpenter, field CTO at Orca Security, said via email.” 
  • and
    • “Researchers warn that three older vulnerabilities in DrayTek routers have been actively exploited in recent weeks, which coincides with widespread reports of devices automatically rebooting in recent days, according to GreyNoise Intelligence.  
    • “Researchers said exploitation activity has been observed against three vulnerabilities, tracked as CVE-2020-8515CVE-2021-20123 and CVE-2021-20124
    • “GreyNoise researchers said they cannot directly link the exploitation to the reboots. However, in a post on X Wednesday morning, DrayTek said the reboots appear to be linked to vulnerabilities disclosed in early March.”
  • and
    • “A prolific Russian threat actor is exploiting a zero-day flaw in the Microsoft Management Console (MMC) framework to execute malicious code on targeted systems in an ongoing cyberattack campaign that puts unpatched systems at risk.
    • “The attacks, by a group that Trend Micro tracks as Water Gamayun, uses the CVE-2025-26633 vulnerability, also known as MSC Evil Twin, to manipulate .msc files and the MCC console’s Multilingual User Interface Path (MUIPath). From there the attacker, better known as EncryptHub, downloads and executes malicious payloads, maintains persistence and steals sensitive data from infected systems.
    • Microsoft patched MSC Evil Twin as part of its March Patch Tuesday raft of fixes on March 11. The flaw was still a zero-day when EncryptHub exploited it by executing malicious .msc files through a legitimate one, according to Trend Micro. The flaw allows an attacker to bypass a security feature in the MMC after convincing a victim to click on a malicious link or open a malicious file. The weakness stems from the console’s failure to properly sanitize user input.
  • Dark Reading reports,
    • “The rate of severe cloud security incidents affecting customers of Palo Alto Networks rose more than threefold over the course of 2024.
    • “By comparing the beginning and end of 2024, Palo Alto tracked a 388% increase in cloud security alerts affecting organizations. The overwhelming majority of that rise can be attributed to neither threats of a low severity (up 10% through the year) nor even medium-severity (up 21%), but high-severity incidents, which rose by a full 235%.
    • “The implication here is that malicious actors are not only attacking the cloud more often but also doing it more effectively.”
  • and
    • “Bypassing multifactor authentication isn’t hard, if you’re willing to get a little evil.
    • “Sophos researchers this week detailed how Evilginx, a malicious version of the widely used open source NGINX Web server, can be used in adversary-in-the-middle (AitM) attacks to steal credentials and authentication tokens. Perhaps more importantly, the hacking tool can beat MFA protection.
    • “Evilginx has been around for many years as an AitM framework for capturing user credentials, but security researchers have recently deployed the tool for more complex attacks. For example, Accenture security research Yehuda Smirnov last year developed a technique to beat Microsoft’s Windows Hello for Business by downgrading the authentication via an Evilginx attack.
    • “Smirnov demonstrated the technique at Black Hat USA 2024, and Microsoft issued a fix to prevent the attack. However, Sophos researchers say Evilginx can still be used to sweep up credentials and bypass MFA.”
  • Per Bleeping Computer,
    • “A newly discovered phishing-as-a-service (PhaaS) operation that researchers call Morphing Meerkat, has been using the DNS over HTTPS (DoH) protocol to evade detection.
    • “The platform also leverages DNS email exchange (MX) records to identify victims’ email providers and to dynamically serve spoofed login pages for more than 114 brands.
    • “Morphing Meerkat has been active since at least 2020 and it was discovered by security researchers at Infoblox. Although the activity has been partially documented, it went mostly under the radar for years.”

From the ransomware front,

  • Cybersecurity Dive reports,
    • “Ransomware actors are increasingly abusing vulnerable drivers to craft tools known as “EDR killers,” which can disrupt and even delete extended detection and response products in enterprise networks, according to an ESET report published Wednesday.
    • “Threat actors abuse vulnerable drivers because they have kernel access to operating systems, which enables attackers to kill processes for security products like EDR before they can detect malicious activity.
    • “ESET researchers analyzed a custom tool called “EDRKillShifter,” which was developed and maintained by the notorious RansomHub ransomware gang and is now available on the dark web. The researchers observed an increase in the use of EDRKillShifter among other ransomware-as-a-service gangs such as Play, Medusa and BianLian.”
  • Beckers Health IT warns,
    • “The FBI and other federal authorities are warning healthcare organizations to safeguard against a ransomware group targeting the industry.
    • “The Medusa ransomware-as-a-service variant has been used to hack more than 300 victims from a variety of industries, including healthcare, most commonly through phishing campaigns and unpatched software vulnerabilities, according to a March cybersecurity advisory from the FBI, Cybersecurity and Infrastructure Security Agency, and Multi-State Information Sharing and Analysis Center.
    • “Medusa threat actors employ a “double extortion” model, where they both encrypt victims’ data and threaten to publicly release stolen information if their demands aren’t met, per the notice. They typically send ransom notes within 48 hours of an attack, offering to extend the deadline to pay by $10,000 a day.
    • “Healthcare organizations can protect against the threat by taking such steps as implementing a recovery plan, requiring multifactor authentication, and ensuring all operating systems, firmware and software are up to date, the agencies said.”
  • Per the Silicon Alley,
    • A new report out today from cybersecurity company SquareX Inc. is warning of a dangerous new evolution in ransomware: browser-native attacks that bypass traditional defenses and put millions of users at risk.
    • “Browser-based ransomware differs from traditional ransomware that relies on downloaded files to infect systems in that the ransomware operates entirely within the browser and requires no download. Instead, the attack targets the victim’s digital identity, taking advantage of the shift toward cloud-based enterprise storage and the fact that browser-based authentication has become the primary gateway to accessing these resources.
    • “In a case study published by SquareX last week, the attacks leverage AI agents to automate the majority of the attack sequence, requiring minimal social engineering and interference from the attacker.”
  • The Hacker News tells us,
    • “In what’s an instance of hacking the hackers, threat hunters have managed to infiltrate the online infrastructure associated with a ransomware group called BlackLock, uncovering crucial information about their modus operandi in the process. 
    • “Resecurity said it identified a security vulnerability in the data leak site (DLS) operated by the e-crime group that made it possible to extract configuration files, credentials, as well as the history of commands executed on the server.
    • ‘The flaw concerns a “certain misconfiguration in the Data Leak Site (DLS) of BlackLock Ransomware, leading to clearnet IP addresses disclosure related to their network infrastructure behind TOR hidden services (hosting them) and additional service information,” the company said.”
  • Security Week lets us know
    • “Ransomware Shifts Tactics as Payouts Drop: Critical Infrastructure in the Crosshairs
      Threats themselves change very little, but the tactics used are continually revised to maximize the criminals’ return on investment and effort.”

From the cybersecurity defenses front,

  • Cyberscoop reminds us,
    • “Despite glitches and possible funding potholes along the road, experts have nothing but praise and optimism for the CVE program’s future. “It’s not perfect by any means, but it has stood the test of time,” Art Manion, a longtime CVE expert and deputy director of ANALYGENCE Labs, speaking in his personal capacity, told CyberScoop. “A world without CVE in it would get pretty ugly.”
    • “MITRE’S Summers says, “It’s been 25 years of this program, and I don’t know if it’s possible to name another such public-private partnership program that has lasted that long and has continued to be so impactful in an ongoing way. I’m excited about the opportunity to continue evolving in ways that bring value to the community.”
    • “Empirical Security’s Roytman echoes the enthusiasm of his peers when he says, “The fact that we’ve gotten together as an industry and have this public good, and vendors build whole products off of it is wonderful and excellent and should continue to improve.”
  • Dark Reading offers “5 Considerations for a Data Loss Prevention Rollout; Strong DLP can be a game-changer — but it can also become a slow-moving, overcomplicated mess if not executed properly,” while SC Media provides “5 steps to protect against macOS security gaps.”
  • Here is a link to Dark Reading’s CISO Corner.

Friday Report

David ErmerCDC, CMS, Congress, COVID-19, FDA, Generative AI, Medical / Rx research, Medicare, Rx coverage, U.S. Healthcare
Photo by Sincerely Media on Unsplash

From Washington, DC

  • Fierce Healthcare lets us know,
    • Bipartisan lawmakers have introduced a bill that aims to more closely align Medicare insurers’ prior authorization denials with medical need, as determined by board-certified specialist physicians.
    • The Reducing Medically Unnecessary Delays in Care Act of 2025 was introduced in the House Thursday by Rep. Mark Green, M.D., R-Tennessee, and referred to committee. It is a reintroduction of similar bills brought by the lawmaker in 2023 and 2022.
    • Green—along with Reps Greg Murphy, M.D., R-North Carolina, and Kim Schrier, M.D., D-Washington, who also backed the bill—said the legislation will help streamline necessary care and reduce administrative burden and burnout among providers.
  • Roll Call tells us,
    • “President Donald Trump on Friday threw his support behind the funding fix needed to allow the District of Columbia’s government to avoid $1.1 billion in budget cuts squeezed in the remaining half of the fiscal year, all but ensuring House passage of legislation the Senate passed two weeks ago.
    • “The full-year stopgap spending law, drafted by House Republicans, did not include the typical provision that would allow the D.C. government to tap into its fiscal 2025 budget for operating costs. This would force D.C. to go back to the previous year’s funding levels for the remainder of the fiscal year, which runs through Sept. 30, which local officials say would require steep cuts in critical services like law enforcement and education.”
  • STAT News reports,
    • “Peter Marks, the top Food and Drug Administration official who oversaw vaccines, gene therapies, and the blood supply, resigned Friday after being told by Trump administration officials he would be fired if he did not step down, according to people familiar with the situation.”
  • and
    • “President Trump has selected Sara Carter, a conservative journalist and Fox News contributor, as the nation’s next drug czar.” * * *
    • “If confirmed by the Senate, Carter would oversee the White House Office of National Drug Control Policy, an executive office housed across the street from the West Wing that makes policy recommendations and coordinates efforts between various federal agencies focused on substance use, both from a law enforcement and public health perspective.” 
  • Per an HHS news release,
    • “U.S. Department of Health and Human Services (HHS) Secretary Robert F. Kennedy, Jr. today joined West Virginia Governor Patrick Morrisey for a press conference at the St. Joseph School in Martinsburg, WV, to celebrate the signing of new legislation banning seven types of harmful food dyes from school lunches beginning August 2025. Governor Morrisey announced at the event that he intends to request a waiver to restrict taxpayer funds from being used to purchase soda through the SNAP program.”

From the judicial front,

  • Healthcare Dive points out,
    • “The Department of Justice agrees that Claritev, formerly known as MultiPlan, conspired with health insurers to underpay doctors for medical care, according to a statement of interest filed by antitrust regulators on Wednesday in the consolidated lawsuit from providers against the cost management firm.
    • “Lawyers for the providers said the DOJ’s position affirms the validity of their case, while Claritev reiterated that it believes the lawsuits are without merit.
    • “The DOJ’s interest in the case signals antitrust regulators, including in the Trump administration, are still closely scrutinizing exchanges of potentially sensitive information between companies, along with their use of pricing algorithms.”

From the Food and Drug Administration front,

  • Per Fierce Pharma,
    • “After much delay, Novartis has finally won a key FDA go-ahead for Pluvicto, opening up the radioligand therapy to a much broader prostate cancer population.
    • “The new approval, which triples Pluvicto’s eligible patient population, allows the radiopharmaceutical to treat PSMA-positive metastatic castration-resistant prostate cancer (mCRPC) before taxane-based chemotherapy, Novartis said Friday. Patients will have to have been treated with an androgen receptor pathway inhibitor (ARPI) to be considered.
    • “Pre-chemo mCRPC represents the most important indication in Novartis’ plan for Pluvicto to achieve more than $5 billion in peak sales. Initially cleared by the FDA in 2022 in the post-chemo setting, Pluvicto’s revenue is currently annualizing at about $1.5 billion based on its most recent quarterly number.”
  • and
    • Over the last three years, the FDA has approved six new hemophilia drugs, including three gene therapies.
    • Into this crowded treatment landscape comes another new medicine as the FDA has signed off on Sanofi’s Qfitlia (fitusiran), which sets itself apart as the only treatment for all types of hemophilia.
    • Not only is Qfitlia for those with hemophilia A and B, but unlike most treatments for the disorder, it also can be used by patients regardless of their inhibitor status.
  • Per an FDA press release,
    • “Today, the U.S. Food and Drug Administration granted marketing authorization to Visby Medical for the Visby Medical Women’s Sexual Health Test. This is the first diagnostic test for chlamydia, gonorrhea and trichomoniasis that can be purchased without a prescription and performed entirely at home. The test is intended for females with or without symptoms and delivers results in approximately 30 minutes.
    • “Home tests can give people information about their health from the privacy of their home. This can be particularly important for sexual health tests for which patients may experience fear or anxiety, possibly resulting in delayed diagnosis or treatment,” said Courtney Lias, Ph.D., director of the Office of In Vitro Diagnostic Devices in the FDA’s Center for Devices and Radiological Health. “Expanding access to tests for sexually transmitted infections is an important step toward earlier and increased diagnosis, which can result in increased treatment and reduced spread of infection.” * * *
    • “This announcement follows last year’s authorization of the first at-home syphilis test, as well as the authorization of the first diagnostic test for chlamydia and gonorrhea with at-home sample collection in 2023, which was the first FDA-authorized test with at-home sample collection for any sexually transmitted infection other than HIV.”
  • Per Managed Health Executive,
    • “Fresenius announced today [March 27, 2025] that the FDA has approved the biologics licensing applications (BLA) for denosumab biosimilars Conexxence (denosumab-bnht) and Bomyntra (denosumab-bnht), according to a news release. Prolia, the reference product for Conexxence, and Xgeva, the reference product for Bomyntra, were both developed by Amgen. As a result of a global settlement between Fresenius and Amgen, both biosimilars are expected to launch in the United States in mid 2025 and in the second half of 2025 in Europe.
    • “Bomyntra and Conexxence are the fourth pair of denosumab biosimilars. Other Prolia biosimilars include Jubbonti, Ospomyv and Stoboclo. Additional Xgeva biosimilars include Wyost, Xbryk and Osenvelt.
    • “Although the active drug ingredient in Conexxence and and Bomyntra is deosumab, they have different indications.
    • ‘Conexxence is approved for patients at high risk for fractures, including osteoporosis patients and patients undergoing cancer treatments that affect bone density. It comes as a 60 mg/mL single-dose prefilled injection to be administered every six months via subcutaneous injection. Adverse reactions varied by indication.”

From the public health and medical research front,

  • The Center for Disease Control and Prevention announced today,
    • “COVID-19
      • “COVID-19 activity is declining nationally to low levels. Wastewater levels and emergency department visits are at low levels, and laboratory percent positivity is stable. Emergency department visits and hospitalizations are highest in older adults and emergency department visits are also elevated in young children.
      • “There is still time to benefit from getting your recommended immunizations to reduce your risk of illness this season, especially severe illness and hospitalization.
      • “CDC expects the 2024-2025 COVID-19 vaccine to work well for currently circulating variants. There are many effective tools to prevent spreading COVID-19 or becoming seriously ill.
    • “Influenza
      • “Seasonal influenza activity continues to decline; however, CDC expects several more weeks of flu activity.
      • “Additional information about current influenza activity can be found at: Weekly U.S. Influenza Surveillance Report | CDC
    • “RSV
      • “RSV activity is declining in most areas of the country. Emergency department visits and hospitalizations are highest in children and hospitalizations are elevated among older adults in some areas.
    • “Vaccination
      • “Vaccination coverage with influenza and COVID-19 vaccines is low among U.S. adults and children. Vaccination coverage with RSV vaccines remains low among U.S. adults. Many children and adults lack protection from respiratory virus infections provided by vaccines.”
  • The American Hospital Association News adds,
    • “There are 483 confirmed cases of measles in 19 states across the country, according to the latest data from the Centers for Disease Control and Prevention. The agency said 93% of the cases are outbreak-associated. The vaccination status of 97% of cases is classified as “unvaccinated or unknown.”
  • NBC News adds,
    • “We are experiencing an extremely concerning decline in measles vaccination in the very group most vulnerable to the disease,” said Benjamin Rader, a computational epidemiologist at Boston Children’s Hospital, an assistant professor at Harvard Medical School and the author of a recent study that looked at children’s vaccination rates.” * * *
    • “Rader said that the true MMR vaccination rate among young children can be misrepresented by publicly reported numbers, because MMR surveillance is drawn from older children who are already in kindergarten.
    • “Younger children under the age of 5 are not fully captured in surveillance data because they have not reached kindergarten age — although a 2021 estimate from the CDC notes a subset of younger children, namely those who received at least one MMR dose by 24 months, were 90.6% vaccinated for measles.
    • “In Rader’s study, published online in February in the American Journal of Public Health, his team surveyed approximately 20,000 parents of children under 5 from July 2023 through April 2024, finding only 71.8% reported that their children received at least 1 dose of MMR vaccine — much lower than CDC estimates.
    • “The researchers used a digital surveillance platform that the CDC has used to estimate things like at-home Covid testing, he said.  
    • “Rader downplayed the difference in numbers between his findings and the CDC data, emphasizing that, while accurate, the CDC data does not provide a complete picture — despite its best intentions.
    • Dr. Scott Roberts, associate medical director of infection prevention at the Yale School of Medicine in New Haven, Connecticut, who was not part of the research, called the findings “worrisome.”   
  • Health Day relates,
    • “Tobacco control measures like anti-smoking campaigns and cigarette taxes have prevented nearly 4 million lung cancer deaths during the past five decades, a new American Cancer Society study estimates.
    • “More than 3.8 million lung cancer deaths were averted due to substantial reductions in smoking, gaining a little more than 76 million years of extra life among Americans, researchers say in CA: A Cancer Journal for Clinicians.
    • “The substantial estimated numbers of averted lung cancer deaths and person-years of life gained highlight the remarkable effect of progress against smoking on reducing premature mortality from lung cancer,” lead investigator Dr. Farhad Islami, the ACS’ senior scientific director for cancer disparity research, said in a news release. 
    • “In fact, the number of averted lung cancer deaths accounts for roughly one-half of all cancer deaths that were prevented in recent decades, researchers said.
    • “However,” Islami added, “Despite these findings, lung cancer is still the leading cause of cancer death in the United States, and smoking-attributable morbidity and mortality from other cancers or diseases remain high.”
  • Per Healio,
    • “There were 69 nonfatal fentanyl exposures in 2015 and 893 in 2023.
    • “Two-thirds of adolescents who were exposed to fentanyl used it intentionally.” * * *
    • “According to the researchers, nearly 39.4% of all overdoses and 65.7% of those among adolescents involved intentional misuse or abuse. In contrast, 81.7% of overdoses among younger children were reported to be unintentional.
    • “It was surprising that a large portion of adolescents used fentanyl intentionally,” Palamar said. “We often think of pediatric exposures to fentanyl as being unintentional.”

From the AI front,

  • Per an NSF news release,
    • “Powered exoskeletons that enable humans to move faster or lift heavy objects more easily have been envisioned for decades. In science fiction, advanced exoskeletons such as the power loader in the movie “Aliens” or Marvel Comics’ Iron Man’s suit provide the wearer with superhuman capabilities with nearly zero limitations.
    • “There are exoskeletons in use today, but current technology falls short of the vision laid out in science fiction, and widespread use of exoskeletons is hampered because to work properly, a suit must be tested and adapted to work with each user individually, a complicated and lengthy process.
    • “Now, engineering researchers supported by the U.S. National Science Foundation have made a breakthrough, creating a new method that takes advantage of artificial intelligence and computer simulations to improve the process of enabling users and exoskeletons to work together. This framework is compatible with a variety of assistive devices and could improve the lives of millions of able-bodied and mobility-impaired individuals.
    • “This marks a major advance in exoskeleton engineering by eliminating one of its biggest hurdles: individualized calibration,” said Alexander Leonessa, program director for the NSF Mind, Machine and Motor Nexus program. “Using AI and human-robot simulations, the team developed a scalable, adaptable system that assists a wide range of users without lengthy setup. It is a key step toward making exoskeletons practical, versatile and accessible for both industry and mobility-impaired individuals – smart, human-centered engineering at its best.”

From the U.S. healthcare business front,

  • FiercePharma reports,
    • “A rival bidder has emerged to acquire struggling gene therapy specialist bluebird bio.
    • Ayrmid has offered to buy bluebird for $4.5-apiece upfront, plus a one-time contingent value right (CVR) of $6.84 per share tied to a sales milestone, bluebird said Friday.
    • “The upfront tag is 50% higher than the $3-per-share selling price that bluebird has previously penned with Carlyle and SK Capital Partners. That private equity duo’s buyout offer also includes a $6.84-per-share CVR.
    • “For now, bluebird’s board has not changed its mind and the company remains bound by the original merger agreement. But it’s willing to look at the new unsolicited non-binding written proposal.
    • “Consistent with its fiduciary duties, the bluebird Board of Directors is carefully reviewing the Ayrmid proposal in consultation with its legal and financial advisors,” the Massachusetts biopharma said Friday.”
  • Beckers Hospital Review tells us,
    • “Insight Hospital and Medical Center Trumbull and Hillside Rehabilitation Hospital, both in Warren, Ohio, paused all inpatient, outpatient and emergency room services March 27 due to ongoing bankruptcy and financial disruptions from former owner Dallas-based Steward Health Care.
    • “Tom Connelly, local president of the American Federation of State, County and Municipal Employees, told NBC affiliate WFMJ March 28 that the hospitals also laid off the director of nursing, the assistant director of nursing, the administrative secretary and the human resources coordinator.
    • “A spokesperson for Insight Health refuted the claims to Becker’s and denied upper management layoffs.
    • “Existing patients at both Insight hospitals are being transferred, with appointments being canceled to protect patient safety, an Insight Health spokesperson said in a March 27 statement shared with Becker’s.
  • Beckers Payer Issues informs us,
    • “Enrollment in provider-sponsored Medicare Advantage plans declined by nearly 60,000 members for 2025, according to a report from Chartis. 
    • “The healthcare consulting firm published an analysis of CMS Medicare Advantage enrollment data March 25. 
    • “Overall, Medicare Advantage plans gained 1.3 million new enrollees, a smaller growth rate than the program has seen in previous years. 
    • “Kaiser Permanente saw the largest membership growth for 2025 among provider-sponsored plans, gaining 58,000 new members. Trinity Health and UPMC Health Plan each added 11,000 MA members.” 

Thursday Report

David ErmerCDC, CMS, Congress, FDA, Generative AI, Medical / Rx research, NIH, U.S. Healthcare
Photo by Josh Mills on Unsplash

From Washington, DC

  • Roll Call lets us know,
    • “Senate Majority Leader John Thune told GOP senators Wednesday that a compromise budget resolution could hit the floor for a “vote-a-rama” as soon as next week, which would allow the House to adopt it the following week before the two-week April recess.
    • “This accelerated time frame, if both chambers can adhere to it, would let Republicans hit the ground running after the recess to write the “big, beautiful” budget reconciliation bill that President Donald Trump wants.
    • “Speaker Mike Johnson, R-La., has set an informal deadline of Memorial Day to send the measure to Trump, including a massive tax cut package, more money for defense and border security, domestic energy incentives, a debt limit increase and trims to mandatory spending.
    • “As recently as Tuesday, Thune, R-S.D., had been telling colleagues that Senate consideration could slip to the week of April 7, which likely wouldn’t give the House time to act before the recess.
    • “But discussions made a big leap on Wednesday with a new strategy: provide a different, lower set of spending cut targets for Senate committees than their House counterparts. Under this scenario, the final budget resolution adopted by both chambers would “instruct” House and Senate committees differently.” * * *
    • “Both sets of instructions would be in the final budget resolution, and then the two chambers could hammer out differences later on what the actual reconciliation details look like.
    • “What needs to ultimately be reconciled is the final bill. The resolution’s looking different in two chambers, I don’t think anybody’s getting worked up about that,” Sen. Eric Schmitt, R-Mo., said Wednesday. “But eventually everybody does kind of need to unlock the process, which is what the resolution is for.”
    • “The working theory is that eventually what matters for “Byrd rule” enforcement in the Senate is whether that chamber’s reconciliation instructions are adhered to.”
  • and
    • “President Donald Trump on Thursday announced he would withdraw the nomination of New York Rep. Elise Stefanik to be U.S. ambassador to the United Nations, citing a need for Republicans to keep her seat amid narrow margins in the House. 
    • “With a very tight Majority, I don’t want to take a chance on anyone else running for Elise’s seat,” Trump posted on his Truth Social platform. “The people love Elise and, with her, we have nothing to worry about come Election Day. There are others that can do a good job at the United Nations.”
  • The American Hospital Association News tells us,
    • “The AHA March 27 voiced opposition to the Physician Led and Rural Access to Quality Care Act (H.R. 2191), a bill that would lift the ban on the establishment of physician-owned hospitals in certain rural areas and permit the unfettered expansion of POHs nationwide, regardless of location. In place since 2010, current law includes an exceptions process that allows existing POHs to expand if they accept Medicaid patients and are located in areas where beds are needed. 
    • “By performing the highest-paying procedures for the best-insured patients, physician-owners inflate health care costs and drain essential resources from community hospitals, which depend on a balance of services and patients to provide indispensable treatment, such as behavioral health and trauma care,” AHA wrote in comments to Rep. Morgan Griffith, R-Va., the bill’s author. “By increasing the presence of these self-referral arrangements, H.R. 2191 would only further destabilize community care.” 
  • Per a news release,
    • “Today, the U.S. Department of Health and Human Services (HHS) announced a dramatic restructuring in accordance with President Trump’s Executive Order, “Implementing the President’s ‘Department of Government Efficiency’ Workforce Optimization Initiative.”
    • “The restructuring will address this and serve multiple goals without impacting critical services. First, it will save taxpayers $1.8 billion per year through a reduction in workforce of about 10,000 full-time employees who are part of this most recent transformation. When combined with HHS’ other efforts, including early retirement and Fork in the Road, the restructuring results in a total downsizing from 82,000 to 62,000 full-time employees.
    • “Secondly, it will streamline the functions of the Department. Currently, the 28 divisions of the HHS contain many redundant units. The restructuring plan will consolidate them into 15 new divisions, including a new Administration for a Healthy America, or AHA, and will centralize core functions such as Human Resources, Information Technology, Procurement, External Affairs, and Policy. Regional offices will be reduced from 10 to 5.
    • “Third, the overhaul will implement the new HHS priority of ending America’s epidemic of chronic illness by focusing on safe, wholesome food, clean water, and the elimination of environmental toxins. These priorities will be reflected in the reorganization of HHS.
    • “Finally, the restructuring will improve Americans’ experience with HHS by making the agency more responsive and efficient, while ensuring that Medicare, Medicaid, and other essential health services remain intact.” * * *
    • For more detailed information, please visit our fact sheet.
  • The HHS reorganization is worth a shot in view of the thirty yearlong federal budget outlook from the Congressional Budget Office.
  • Tammy Flanagan, writing in Govexec, offers federal retirement advice in these uncertain times.

From the public health and medical research front,

  • Medpage Today informs us,
  • and
    • “A flea-borne disease that was once largely eradicated from the U.S. may be making a resurgence, CDC researchers said during a clinician-focused call on Thursday.
    • Murine typhus became so rare after public health efforts against it in the 1940s that it eventually stopped being a nationally notifiable disease.
    • “But now, cases are on the rise in two states that actively monitor the disease — Texas and California — and the illness may be going undiagnosed, experts said.”
  • Per a National Cancer Institute news release,
    • “Scientists have long been exploring ways to kill cancer cells by starving them of the nutrients they need to survive. A new study suggests that genetically modified fat cells could help researchers realize this goal.
    • “In the study, researchers genetically engineered white fat cells—the most common type of fat in the body—to aggressively consume nutrients such as glucose and fatty acids. When the engineered fat cells were implanted near tumors in mice, the tumors grew more slowly than tumors in mice without the engineered cells.
    • “The approach slowed the growth of cancer in mice even when the engineered fat cells were implanted far from a tumor, the researchers reported in Nature Biotechnology on February 4. 
    •  “We believe the engineered cells are outcompeting tumors for essential nutrients, suppressing the proliferation of cancer cells,” said study leader Nadav Ahituv, Ph.D., director of the University of California, San Francisco (UCSF) Institute for Human Genetics. “The findings suggest that engineered fat cells could be a new form of cellular therapy.”
  • Per Healio,
    • “Survivors [of metastatic breast cancer] who participated in [telephone-delivered] acceptance and commitment therapy reported less fatigue interference with functioning.
    • “Researchers are studying the approach for people with advanced gastrointestinal cancer.”

From the U.S. healthcare business front,

  • Fierce Healthcare tells us,
    • “Nonprofit hospitals’ 2024 financial performances are beating the prior year’s tough numbers, though even the stronger organizations remain “well below pre-pandemic levels,” Fitch Ratings said.
    • “In a Thursday brief describing the financial profiles of its rated nonprofit hospitals, the agency attributed the year-to-year improvements to stronger revenues and volumes as well as slightly mitigated, but still pressured, labor spending.
    • “Fitch said the median operating margin among hospitals with early fiscal year ends (often June 30) was 1.2%, a flip from the prior year’s -0.5%. The agency said it expects the calendar year 2024 median margin for the remainder of its rated hospitals “will at least be in line” with the former group.”
    • “Persistent” labor pressures continue to push base salary and wage expenses upward by a median 6.9% among the rated hospitals, which Fitch said “would have been even higher without the sector’s ongoing efforts to recruit and retain talent, streamline operations and optimize supply chains.”
  • Beckers Hospital Review notes,
    • “Doylestown (Pa.) Health will officially join the University of Pennsylvania Health System on April 1, marking a significant expansion of Penn Medicine’s reach into Philadelphia’s northern suburbs. 
    • “The transaction follows regulatory reviews and approvals from the Pennsylvania Attorney General’s Office and the Federal Trade Commission.
    • “Under the new structure, Doylestown Health and its affiliates will be rebranded as Penn Medicine Doylestown Health. The integration combines one of the country’s leading academic health systems with a regional health system.” 
  • and
    • “Four blockbuster GLP-1 medications are expected to be among the 10 best-selling drugs in 2026, accounting for $66.8 billion in global sales, according to market research company Statista
    • “Statista predicts Ozempic will yield $22.3 billion in 2026, followed by Mounjaro with $19.8 billion, Wegovy with $13.4 billion and Zepbound with $11.3 billion.” 
  • Modern Healthcare reports,
    • “When Florida Blue wanted its call center employees to demonstrate greater emotional intelligence when dealing with customers, the nonprofit health insurance company enlisted a tutor incapable of emotion.
    • “A generative artificial intelligence, or genAI, chatbot instructs 30 Florida Blue customer service representatives on how to behave like human beings when interacting with other human beings. The chatbot guides workers on human behaviors, such as when to slow their speech, when to hasten a call to its conclusion and what to recommend to policyholders. The company plans to expand this pilot program to its entire 1,600-person call center team this year.
    • “A lot of the time, people carry emotion into calls with health insurers. When you’re upset, it just comes out. One of the prompts is to remind the advocate, ‘Hey, this member appears to be stressed. Make sure you’re pausing and listening to them,’” said Anne Hoverson, vice president of digital transformation at Florida Blue, a subsidiary of Guidewell.
    • “Insurance companies already used genAI for processing claimspredicting clinical needs and performing administrative functions, but this latest trend is different, said Josh Streets, a senior consultant at the International Customer Management Institute, which advises business on call centers.”
  • and
    • “GE HealthCare announced Thursday the commercial launch of Flyrcado, its PET imaging agent that assesses blood flow to the heart muscle, in select U.S. markets.
    • “The Centers for Medicare and Medicaid Services granted Flyrcado pass-through status starting April 1, allowing separate payments for the imaging agent and the PET/CT scan in hospital outpatient settings.
    • “In late September, the company announced that Flyrcado received Food and Drug Administration approval to detect coronary artery disease. It provides more accurate diagnostics than SPECT imaging, the current standard in cardiac nuclear medicine imaging, according to GE HealthCare.
    • “Since Flyrcado has a half-life of 109 minutes, which is significantly longer than other similar PET imaging agents, healthcare facilities don’t need to produce it on-site. Instead, it can be manufactured at off-site pharmacies and delivered as needed.”

Midweek Update

David ErmerCMS, Congress, FDA, Generative AI, Medical / Rx research, NIH, SCOTUS, U.S. Healthcare
Photo by Manasvita S on Unsplash

From Washington, DC,

  • It turns out that at yesterday’s markup meeting, the House Oversight and Government Reform Committee did clear HR 2193, the FEHB Protection Act of 2025, for floor consideration, along with the other bills considered during the markup.
  • The Senate confirmed James Bishop to be Deputy Director of the Office of Management and Budget by a 53-43 vote.
  • CMS today released a “Revised Final 2026 Actuarial Value (AV) Calculator Methodology.”
    • “The only changes that are being made to the Final 2026 AV Calculator as part of this Revised Final 2026 AV Calculator are the following:
      • “The de minimis range for bronze, silver, gold and platinum plans was expanded to +2
      • percentage points to -4 percentage points;
      • “The de minimis range for expanded bronze plans was expanded to +5 percentage points
      • to -4 percentage points;
      • “The de minimis range for income-based silver CSR plans was expanded to +1 percentage
      • points to -1 percentage points;
      • “The MOOP limit was updated to $10,600; and
      • “The AV Calculator version number was updated, and the AV Calculator label was
      • updated to “Revised Final 2026 AV Calculator”.
    • “These changes do not affect the AV calculation methodology. All AV calculations are the same
    • in both the Final 2026 AV Calculator and the Revised Final 2026 AV Calculator.”
  • The Congressional Research Service has summarized the federal requirements on private health insurance plans.
  • Per the American Hospital Association (“AHA”) News,
    • “The FBI March 26 advised that, after extensive investigation and intelligence review, they have not identified any specific credible threat targeted against hospitals in any U.S. city. The FBI advised if they receive credible threat information, they will immediately advise any identified potential targets and, if appropriate, alert the broader health care sector through the AHA, the Health-ISAC (Information Sharing and Analysis Center) and other appropriate channels. 
    • “On March 18, the AHA and Health-ISAC received multiple reports from the field regarding a public social media post alleging active planning of a coordinated, multi-city terrorist attack targeting hospitals in the coming weeks. 
    • “Out of an abundance of caution, the AHA and Health-ISAC notified the field of the potential threat, indicating that no further information was available to either corroborate the threat or dismiss it as not credible. The AHA and Health-ISAC today distributed an updated bulletin to members with the latest update from the FBI.” 

From the judicial front,

  • Bloomberg Law informs us,
    • “The US Supreme Court suggested [during an oral argument today] it’s likely to uphold a federal program that uses more than $8 billion in fees imposed on phone bills to subsidize the cost of telecom services for poor people, rural residents, schools and libraries.
    • “Hearing arguments in Washington on the decades-old Universal Service Fund, some conservative justices voiced concern that Congress had unconstitutionally handed off its taxing power to the Federal Communications Commission without imposing sufficient limits [also known as the non-delegation doctrine].”

In Food and Drug Administration news,

  • BioPharma Dive relates,
    • “The Food and Drug Administration on Wednesday approved the first treatment for the insatiable hunger associated with the rare disease Prader-Willi syndrome, a long-awaited decision that follows an unorthodox pitch from the drug’s developer.
    • “The agency on cleared Vykat XR, from biotechnology company Soleno Therapeutics, for this hyperphagia that’s caused by Prader-WilliTreatment has specifically been approved for adults and children at least four years of age. Soleno hasn’t yet disclosed the drug’s list price. 
    • “The approval is a milestone for research into a disease that’s proven difficult to target. Prader-Willi affects an estimated 10,000 to 20,000 people in the U.S. and causes multiple cognitive and behavioral symptoms.”
  • Per a National Cancer Institute (NCI) news release,
    • “The Food and Drug Administration (FDA) has given an accelerated approval to zenocutuzumab (Bizengri), making it the first drug that targets tumors with a very rare genetic alteration called an NRG1 fusion. Under the approval, zenocutuzumab can be used to treat people with pancreatic or non-small cell lung cancer (NSCLC) whose tumors have an NRG1 fusion and whose disease has gotten worse despite standard treatments.
    • “The approval was based on the results of a clinical trial in which one-third of patients treated with zenocutuzumab had sustained tumor shrinkage of at least 30% that lasted a median of 11 months. Most of the patients in the study had either NSCLC or pancreatic cancer.
    • “This is a patient population that has a very high unmet need,” said the study’s lead investigator, Alison Schram, M.D., of the Memorial Sloan Kettering Cancer Center. “This approval gives these patients, who have very few effective therapeutic options, a new treatment option.”
    • “Because it’s an accelerated approval, Partner Therapeutics, which licensed zenocutuzumab from Merus, must conduct additional studies to confirm that the drug helps patients clinically, which can include helping them live longer than with other treatments.’

From the public health and medical research front,

  • The New York Times reports,
    • Measles cases in Kansas more than doubled in the last week, bringing the tally to 20, while another outbreak in Ohio has sickened 10 people, local public health officials reported on Wednesday.
    • There have been several large outbreaks in the United States this year, including one in West Texas that has spread to more than 320 people and hospitalized 40. Health officials have worried that the Texas outbreak may be seeding others.
    • More than 40 measles cases have been reported in New Mexico, and seven have been identified in Oklahoma. In both states, health officials said the infections were connected to the Texas outbreak.
    • In Kansas, the virus has mainly infected unvaccinated children in the southwest corner of the state. Genetic sequencing has suggested a link to the Texas and New Mexico outbreaks, state health officials told The New York Times on Wednesday.
  • Per the AHA News,
    • “A study published March 26 by the National Institutes of Health and the University of Oxford found that individuals who engaged in light and moderate-to-vigorous daily physical activity had a lower cancer risk than those with more a sedentary lifestyle. The study found that higher daily step counts, but not pace, was also associated with a lower cancer risk. In comparison to cancer risk for individuals taking 5,000 steps per day, risk was 11% lower for those taking 7,000 steps per day and 16% lower for those taking 9,000 steps per day. Risk reduction plateaued beyond 9,000 steps.”
  • This week’s Cancer Information Highlights from the NCI discuss “Quit Smoking | Metastatic Prostate Cancer | Kidney Cancer.”
  • The National Institute of Standards and Technology informs us,
    • “A rare but painful disorder can make it difficult for people to swallow food. The symptoms include weight loss and chest pain after eating. Scientists are working to better understand this condition, known as corkscrew esophagus, in hopes of finding more treatment or prevention options.
    • “We are working to contribute to that effort with an approach you may not associate with medical research. It involves math, physics and computer modeling.”
  • Medscape points out,
    • “In a recent final analysis of a phase 3 trial, the bivalent respiratory syncytial virus prefusion F (RSVpreF) vaccine [which are FDA approved] maintained high efficacy and a favorable safety profile against RSV-associated lower respiratory tract illness (RSV-LRTI) over two seasons in people aged ≥ 60 years.”
  • STAT News tells us, “Study suggests mRNA vaccine could make humans resistant to ticks that transmit Lyme bacteria. New tool shows how the human immune system responds to components of ‘tick cement.’”
    • “Ticks, once latched onto a fleshy target with their barbed, needle-like mouths, are ready for almost anything. They glue themselves to the skin using a complex, cement-like substance. And then, like a “little pharmacological company,” they dole out proteins to keep the blood flowing, make it relatively painless, and hamper any immune response that might reveal their parasitic presence, Yale University researcher Erol Fikrig says.
    • “It’s in those days of quiet blood-thirst that ticks pass along bacteria that causes conditions like Lyme disease, a growing problem driven in the U.S. by black-legged ticks (or Ixodes scapularis). Researchers have been trying for decades to understand just how the tiny tick is able to evade the human body’s defenses and pass along pathogens. 
    • “A new study by Fikrig and other researchers, published Wednesday in Science Translational Medicine, uses a powerful monitoring system to reveal how the human immune system is responsive to a litany of tick triggers — some of which might be leveraged to create a protective mRNA vaccine.” 
  • Per Fierce Pharma,
    • “Johnson & Johnson has produced the most convincing data to date that its combination of Rybrevant and Lazcluze could replace AstraZeneca’s Tagrisso as the new standard of care in first-line EGFR-mutated non-small cell lung cancer—proof it could extend patients’ lives.
    • “The Rybrevant-Lazcluze combo significantly reduced the risk of death by 25% versus Tagrisso in patients with newly diagnosed advanced EGFR-mutated NSCLC, according to data from the phase 3 Mariposa trial presented at the European Lung Cancer Congress (ELCC) 2025.
    • “While the median overall survival time was not yet reached for the combo, investigators expect that the J&J regimen could offer at least an extra year of life versus Tagrisso, on which patients have logged a median 36.7 months of survival.”

From the U.S. healthcare business front,

  • Healthcare Dive lets us know,
    • “Fewer physicians are considering leaving the profession in 2025 than in 2024, according to a new survey from the Harris Poll and electronic health record provider Athenahealth.
    • “Part of physicians’ improved job satisfaction was driven by increased adoption of artificial intelligence, the researchers said. Fewer physicians reported the technology was over-hyped this year, and they saw the most promise in transcription services and capabilities.
    • “Still, physicians shared concerns about the fate of the industry long-term and only 3 in 10 physicians were optimistic about the direction of U.S. healthcare generally. Respondents were most concerned about interoperability challenges, their organization’s financial health and meeting regulatory requirements.”
  • Per a press release,
    • “The Institute for Clinical and Economic Review (ICER) today posted its revised Evidence Report assessing the comparative clinical effectiveness and value of sonpiretigene isteparvovec (Nanoscope Therapeutics) for the treatment of advanced retinitis pigmentosa.”
      • Key Clinical Findings
        • “For adults with advanced retinitis pigementosa and severe vision loss, ICER rated the current evidence on sonpiretigene isteparvovec as promising but inconclusive (“P/I”) due to concerns about durability of benefits and unknown short-term and long-term harms.
      • Key Cost-Effectiveness Findings
        • “Sonpiretigene isteparvovec has not yet been approved by the FDA for retinitis pigmentosa, and the manufacturers have not yet announced a US price for the therapy if approved. 
        • “ICER has calculated a health benefit price benchmark (HBPB) to be between $67,400 and $101,300 for treatment in one eye.”
  • The Brown & Brown consulting firm has posted an executive summary of its 2025 Employee Health and Benefits Strategy Survey.
  • Beckers Health IT survey notes,
    • “Amazon is testing a generative AI-powered health assistant, dubbed Health AI, on its website and mobile app, CNBC reported March 25.
    • “The chatbot is designed to answer health and wellness questions, suggest common care options for various medical needs, and recommend products. Some responses are marked with a “clinically verified” badge, indicating that the information has been reviewed by U.S.-based licensed clinicians, according to Amazon.
    • “In addition to providing health guidance, Health AI directs users to Amazon’s online pharmacy and clinical services from One Medical, the primary care provider Amazon acquired for $3.9 billion in 2022.”

Tuesday Report

David ErmerCDC, CMS, Congress, FDA, Medical / Rx research, NIH, Rx coverage, SCOTUS, U.S. Healthcare

From Washington, DC,

  • Bloomberg Law tells us,
    • “The Senate voted to confirm Jay Bhattacharya, a Stanford University health economist and physician, to lead the National Institutes of Health. 
    • “Senators confirmed him Tuesday evening 53-47 on a party line vote.” 
    • “The Senate also confirmed Marty Makary, a surgeon at Johns Hopkins Medicine, to oversee the Food and Drug Administration. Unlike many of President Donald Trump’s nominees for health positions, a few Democrats chose to support Makary as well. The Senate confirmed him by a 56-44 vote.
  • The American Hospital News informs us,
    • “The Senate Finance Committee March 25 advanced Mehmet Oz’s nomination for administrator of the Centers for Medicare & Medicaid Services by a vote of 14-13. Oz, a doctor and former television show host, will soon be considered by the full Senate for confirmation.” 
  • Govexec relates,
    • “[The] House Oversight and Government Reform Committee on Tuesday debated legislation that would set up a process for Congress to approve President Donald Trump’s overhauls of federal agencies. 
    • “The Reorganizing Government Act of 2025 (HR 1295), which is scheduled to receive a panel vote at 6:30 p.m., would resurrect a lapsed authority enabling the president to submit a plan for restructuring agencies that Congress must vote on within 90 days. Such a plan is not subject to the filibuster, meaning the Senate can clear it with a simple majority instead of the usual 60-vote threshold. 
    • “Still, the bill itself would need 60 votes for the Senate to pass it, which is unlikely.” 
  • At this markup session, the Oversight and Reform Committee was poised to approve HR 2193, the FEHB Protection Act of 2025 in a bipartisan fashion, but due to the length of the markup session, the Chairman postponed roll call votes until a later date. HR 2193 would tighten oversight over FEHB family member eligibility.
  • Federal News Network lets us know,
    • “Former Postmaster General Louis DeJoy avoided several third-rail issues, as part of his plans to modernize the Postal Service — including privatizing the agency, closing post offices or cutting the number of delivery days each week.
    • “Leaders of three USPS unions say they aren’t so sure DeJoy’s successor or the Trump administration will agree to the same red lines, as the White House envisions major changes for the independent mail agency.”

From the judicial front,

  • Roll Call points out,
    • “The Supreme Court is set to hear arguments in a pair of cases Wednesday over how much power Congress can give to executive agencies without running afoul of the Constitution, which could end up shaping how legislation is written.
    • “The arguments center on whether Congress handed over too much power to the Federal Communications Commission when it created the Universal Service Fund. The fund collects money from telecommunications companies and distributes funds intended for telecommunications services nationwide.
    • “Several experts said the cases come as a majority of the members of the conservative-controlled Supreme Court have expressed interest in imposing new limits on what’s called the “nondelegation doctrine” — or how much legislative power Congress can cede to other entities. Depending on how the justices handle the complicated case, experts said, it could have wide-ranging impacts on federal agencies.”

From the public health and medical research front,

  • Medscape delves into “Avian Influenza: What Infectious Disease Physicians Need to Know.”
  • FiercePharma reports,
    • “GSK is opening the door to a new era in urinary tract infection (UTI) treatment with its Blujepa, the first in a new class of oral antibiotics for the condition in nearly 30 years.
    • “Blujepa, also known as gepotidacin, has been cleared by the FDA to treat uncomplicated UTIs (uUTIs) that can be tied to E. coli, Klebsiella pneumoniae, Citrobacter freundii complex, Staphylococcus saprophyticus or Enterococcus faecalis in women 12 years of age and older. “These types of UTIs are the most common infection for women, with more than half of all women experiencing one in their lifetime, making the antibiotic a much-needed new option for the up to 16 million U.S. women who are impacted annually. 
    • “GSK tested the antibiotic in the phase 3 Eagle-2 and Eagle-3 trials, pitting its twice-daily option against longtime standard-of-care nitrofurantoin for five days.” 
  • JAMA Online considers
    • Question   Which health conditions, types of care, and counties are associated with the highest levels of spending?
    • Findings   This observational study showed considerable variation in spending across health conditions, types of care, age groups, payers, and counties—with spending being greatest for type 2 diabetes. Across counties, there was more variation in utilization rates rather than price and intensity of care.
    • Meaning   Further investigation into unexplained variation in spending, focusing on the health conditions with the most spending, could help inform health care policies aimed at lowering costs and improving access to care.
  • The NIH Research Matters Bulletin discusses “Norovirus antibodies | Non-opioid pain relief | Tardigrades & cancer care.”
  • Per Cardiovascular Business,
    • “A new drug has shown early potential to slow the progression of aortic stenosis (AS) and potentially limit the number of heart patients who require transcatheter aortic valve replacement (TAVR) or surgical aortic valve replacement (SAVR). 
    • “The team behind this breakthrough, a group of healthcare researchers out of Mayo Clinic, shared its early progress in Circulation.
    • “The drug in question, ataciguat, is able to reactivate oxidized soluble guanylate cyclase, which then limits signals in the body that can lead to fibrocalcific aortic valve stenosis (FCAVS). After observing this phenomenon in action in animal models and in vitro, the Mayo Clinic researchers performed a phase I clinical trial that showed ataciguat is well tolerated in patients with FCAVS. The group then compared ataciguat with a placebo in a phase II clinical trial, finding that six months of treatment with the drug was associated with a significant reduction—nearly 70%—in the progression of aortic valve calcification in patients who presented with moderate FCAVS. Treatment with ataciguat also “tended to slow other changes in valvular and ventricular dysfunction, reflective of disease progression,” in these patients.”

From the U.S. healthcare business front,

  • Healthcare Dive reports,
    • “Demand for GLP-1 drugs is causing spending on traditional drugs to grow at a faster clip than spending on specialty drugs, according to new research. That could put further stress on employers and health plans struggling to contain already sky-high spending on prescription drugs.
    • “Spending growth for traditional drugs — simple-to-administer medications used to treat common health problems — outstripped spending growth for specialty drugs — pricey medications used to treat complex and chronic conditions — for the first time in 2023, according to a report released Tuesday by Evernorth, the health services division of national insurer Cigna.
    • “The trend isn’t expected to revert, at least in the next few years, amid sustained demand for GLP-1s for weight loss and as the drugs become approved for more conditions, Evernorth said.”
  • Fierce Pharma adds,
    • “Novo Nordisk has quickly expanded its discounted Wegovy program, now offering all eligible cash-paying customers its popular weight-loss med at $499 per month.
    • “Novo had only launched the cheaper Wegovy option earlier this month originally through its own NovoCare Pharmacy and at that time indicated an expansion to traditional retail channels “in the near future.”
    • “Now, less than three weeks later, all cash-paying patients can purchase any Wegovy injection doses—from 0.25mg to 2.4mg—at their local pharmacies for $499 for a 28-day supply, Novo said Monday. The new price tag marks a further cut from Novo’s previous policy that offered self-pay patients Wegovy at a cost of $650 per month.”
  • Per STAT News,
    • “The net prices that health plans paid for medicines — after subtracting rebates, discounts, and fees — rose a modest 0.4% in last year’s fourth quarter, but that compared unfavorably with a 3% decline in the same period a year earlier, according to the latest data from SSR Health, a research firm that tracks the pharmaceutical industry and its pricing trends.
    • “A key reason was that net prices rose for so-called protected oncology medicines, one of six classes of drugs for which Medicare Part D generally covers an entire category. Typically, these six classes have smaller and more stable discounts compared with other medicines in the marketplace. As a result, net prices rose faster for protected classes, but it is not clear why this occurred more so with cancer drugs.
    • “Tugging in the other direction was a type of medicine known as disease-modifying antirheumatic drugs, such as Humira, which are used to treat rheumatoid arthritis and other maladies. Ongoing pricing pressure caused by a growing number of biosimilars — nearly identical variants of brand-name biologic medicines that yield the same health outcomes but at a lower cost — stifled further rises in net prices.
    • “Meanwhile, list prices for all drugs grew 1.4% in the first quarter of the year compared with 5.4% a year earlier. Most of the slower growth rate was traced to major insulin makers — Eli Lilly, Novo Nordisk, and Sanofi — that lowered prices for many patients with private insurance, but also to comply with the Inflation Reduction Act, which required capping monthly out-of-pocket costs at $35 for Medicare beneficiaries.”
  • The American Benefits Council has posted a detailed report titled “Destination 2030: A Road Map for the Future of Employer-Provided Benefits.” “This 2030 strategic plan describes the five most pressing challenges facing employer-sponsors today, provides four goals to address each challenge and then offers detailed policy recommendations for meeting those goals.”

Monday Report

David ErmerCDC, CMS, Congress, HIPAA Privacy and Security Rules, Medical / Rx research, Obesity, SCOTUS, U.S. Healthcare
Photo by Sven Read on Unsplash

From Washington, DC,

  • Federal News Network reports,
    • “Postmaster General Louis DeJoy will leave the Postal Service’s top job by the end of the day Monday, after he announced plans to leave the agency last month.
    • “I have today informed the Postal Service Board of Governors that today will be my last day in this role,” DeJoy said in a statement.
    • “DeJoy announced last month he was preparing to step down as postmaster general and urged the USPS Board of Governors to begin the search for his successor.
    • “Deputy Postmaster General Doug Tulino will lead USPS until its Board of Governors selects a new postmaster general.”
  • The Wall Street Journal informs us,
    • “President Trump nominated the acting director of the Centers for Disease Control and Prevention to lead the agency permanently, after dropping his first pick for the job.  
    • “Susan Monarez was named acting director of the CDC early in the Trump administration and has worked closely with Health Secretary Robert F. Kennedy Jr.’s leadership team to fight a measles outbreak in Texas.
    • “Dr. Monarez will work closely with our GREAT Secretary of Health and Human Services, Robert Kennedy Jr. Together, they will prioritize Accountability, High Standards, and Disease Prevention to finally address the Chronic Disease Epidemic and, MAKE AMERICA HEALTHY AGAIN!” Trump wrote Monday on Truth Social.
    • “Monarez has a Ph.D. in microbiology and immunology from the University of Wisconsin-Madison and subsequently studied at Stanford University.
    • “She would be the first CDC director without a medical degree in more than 70 years. She must be confirmed by the Senate.”
  • The Wall Street Journal also seeks to explain how the Medicaid program works in charts.
  • “U.S. Senate Finance Committee Chairman Mike Crapo (R-Idaho) announced the Committee will mark up the nomination of Dr. Mehmet Oz to be Centers for Medicare and Medicaid Services (CMS) Administrator during an executive session on Tuesday, March 25, at 9:30 AM.” 

From the judicial front,

  • The Wall Street Journal lets us know,
    • “The Justice Department asked the Supreme Court on Monday to block a judge’s order requiring it to reinstate more than 16,000 federal employees, as administration officials vow to seek the justices’ intervention in clearing away lower-court rulings that have slowed Trump policies. 
    • “Earlier this month, a federal district judge in San Francisco ordered the government to reinstate probationary employees fired at a half dozen agencies under the Trump administration’s fast-moving plan to shrink the federal government. U.S. District Judge William Alsup found that the administration had failed to comply with legal procedures required for the layoffs. 
    • “Alsup’s order, and a similar one from a federal judge in Maryland, require agencies to offer the employees their jobs back while litigation over the legality of the layoffs proceeds. 
    • “In her Supreme Court brief, acting Solicitor General Sarah Harris argues that the case should have been thrown out of court because it was filed by labor unions and other organizations rather than the terminated employees themselves. Federal law requires government employees to raise complaints through an internal process before going to court, Harris said.” 
  • Bloomberg Law tells us,
    • “A group of former Wells Fargo employees failed to prove the bank neglected its fiduciary duties over its health plan’s prescription drug costs because they could not prove concrete harm, a federal judge in Minnesota ruled Monday.
    • “The workers sued in July in the US District Court for the District of Minnesota, alleging the plan paid excessive administrative fees and prescription drug prices compared to other large employer plans. Wells Fargo & Co. also violated the Employee Retirement Income Security Act by allowing pharmacy benefit manager Express Scripts to keep drug manufacturer rebates instead of passing them back to the plan, the employees argued.
    • “The high-profile case is part of a wave of legal challenges to rising employer health plan costs, with workers suing employers and employers suing their benefit administrators. The lawsuits follow legislative and regulatory changes strengthening transparency and fiduciary requirements for insurers and employers—scrutiny that is expected to continue from lawmakers and the Trump administration.
    • “The court agreed with the plaintiffs “in theory” that they could be injured by Wells Fargo’s PBM contract. But the former employees ultimately failed to prove standing because the plan covers a broad range of drugs beyond those cited in the complaint, and because the plan picks up costs after the plaintiffs hit their deductibles, the court concluded.
    • “There are simply too many variables in how Plan participants’ contribution rates are calculated to make the inferential leaps necessary to elevate Plaintiffs’ allegations from merely speculative to plausible,” Judge David T. Schultz wrote in his order dismissing the case.”
    • FEHBlog note — Judge Laura M. Provinzino wrote the decision, not Judge Schultz.

From the public health and medical research front,

  • The AP relates,
    •  “Tuberculosis continued to rise again in the U.S. last year, reaching its highest levels in more than a dozen years. 
    • “More than 10,300 cases were reported last year, an 8% increase from 2023 and the highest since 2011, according to preliminary data posted this month by the Centers for Disease Control and Prevention. 
    • “Both the number of cases and the rate of infections rose. Rates were up among all age groups, and 34 states reported an increase. 
    • “CDC officials say the rise is the mainly due to international travel and migration. The vast majority of U.S. TB cases are diagnosed in people born in other countries. Other illnesses that weaken the immune system and allow latent TB infections to emerge may also be at play.”
  • NBC News reports,
    • “Cervical cancer is one of the most preventable cancers, although recent research suggests that the United States is backsliding in efforts to detect the disease early, when it is most curable.
    • “A new study shows that the percentage of women screened for cervical cancer fell from 47% in 2019 to 41% in 2023.
    • “Rural women are 25% more likely to be diagnosed and 42% more likely to die from cervical cancer than women who live in cities, a trend that likely reflects lower screening rates in less populated areas, according to the study, published in JAMA Network Open this month.” 
  • Consumer Reports, writing in the Washington Post, explains “How to find a home health aide. Having the right person can make caring for a loved one much easier. Here are tips for finding and affording the help.”
  • Per a National Institutes of Health news release,
    • “Researchers at the National Institutes of Health (NIH) have developed eye drops that extend vision in animal models of a group of inherited diseases that lead to progressive vision loss in humans, known as retinitis pigmentosa. The eye drops contain a small fragment derived from a protein made by the body and found in the eye, known as pigment epithelium-derived factor (PEDF).  PEDF helps preserve cells in the eye’s retina. A report on the study is published in Communications Medicine.
    • “While not a cure, this study shows that PEDF-based eye drops can slow progression of a variety of degenerative retinal diseases in animals, including various types of retinitis pigmentosa and dry age-related macular degeneration (AMD),” said Patricia Becerra, Ph.D., chief of NIH’s Section on Protein Structure and Function at the National Eye Institute and senior author of the study. “Given these results, we’re excited to begin trials of these eye drops in people.”

From the healthcare business front,

  • The Wall Street Journal reports,
    • Novo Nordisk agreed to pay up to $2 billion for the rights to a developmental weight-loss and obesity drug from Chinese pharmaceutical company the United Bio-Technology (Hengqin) Co., as it looks to boost its pipeline of next-generation drugs.
    • “Novo Nordisk, which earlier Monday lost its crown as Europe’s most valuable company, said it signed an exclusive global licensing deal for UBT251, a drug that targets three different hormones to treat obesity, type 2 diabetes, and other diseases.
    • “The Danish pharmaceutical company will pay $200 million up front and potential milestone payments of up to $1.8 billion, as well as tiered royalties.
    • “Novo Nordisk has exclusive rights to develop, manufacture, and commercialize UBT251 globally, excluding the Chinese mainland, Hong Kong, Macau and Taiwan.
    • “UBT251 differs from Novo Nordisk’s current portfolio as it takes a three-pronged approach to weight-loss and blood-sugar control. It combines a GLP-1–the same class of drugs as Novo Nordisk’s blockbuster Wegovy and Ozempic–with GIP to reduce appetite and blood sugar, and glucagon to prevent low blood-sugar levels.”
  • The Wall Street Journal adds,
    • 23andMe has filed for bankruptcy but assures customers that their genetic data will remain protected and managed in accordance with applicable laws.
    • Consumers can delete their 23andMe account data and destroy any stored genetic material by following the instructions provided in the article [and quoted below].
    • In the event of a bankruptcy sale, consumer data may be sold as part of the transaction, but protections may be in place to ensure responsible handling of sensitive information.
      • Log in to your 23andMe account and go to the “Settings” section of your profile. Then scroll to a section labeled “23andMe Data” at the bottom of the page. Click “View” next to “23andMe Data.” You can download your genetic data if you want a copy for personal storage.
      • “After that, scroll to the “Delete Data” section and click “Permanently Delete Data.” You will receive an email from 23andMe. Follow the link in the data to confirm your deletion request. 
      • “Some customers who tried to delete their data Monday said they received error messages. Those trying to resolve the issue reported long customer service wait times. A company spokesman didn’t immediately respond to requests for comment.”
  • Fierce Healthcare fills us in one the latest Match Day for medical school seniors.
    • “Match Day 2025 has come and gone with the largest-ever total of applicants and positions as well as upticks in primary care and emergency medicine.
    • “The 73-year-old National Resident Matching Program’s (NRMP’s) breakdown of the annual event also outlined ongoing interest in obstetrics and gynecology—despite shifting reproductive care policies in the wake of the Dobbs decision—and a jump in participation among non-U.S. citizen international medical graduates.
    • “Applicants learned of their matches at 12:00 p.m. ET on Friday.
    • “All told, there were 52,498 total applicants, up 4.1% over last year, competing for 43,237 positions, up 4.2%.”

  • Beckers Payer Issues ranks payers by 2025 Part D membership
    • “Centene’s Medicare Part D enrollment is nearing 8 million members.
    • “According to CMS enrollment data from March 2025, Centene leads the nation in Medicare Part D membership with 7.92 million enrollees. The company has gained nearly 1 million members since the end of 2024, when its Part D enrollment was 6.93 million.”

Weekend update

David ErmerCDC, Congress, COVID treatment, FDA, Medical / Rx research, Obesity, Telehealth, U.S. Healthcare

From Washington, DC,

  • Roll Call adds,
    • Both the House and Senate come back from recess this week to begin a busy three-week period that’s expected to focus on Republicans’ budget reconciliation agenda, including extending and expanding tax cuts and tightening immigration policy.
    • The top items on the House agenda this week, meanwhile, will include more measures to overturn Biden administration rules. And the Senate will continue to vote on more of President Donald Trump’s nominations. The headliners this week are the nominees to lead the National Institutes of Health and the Food and Drug Administration.
    • With a stopgap spending law now in effect through Sept. 30, the Republican majorities in both the House and Senate can fully turn their attention to their budget reconciliation agenda.
    • This work period on Capitol has just three weeks, followed by the traditional two-week recess that coincides with Easter and Passover. By then, House and Senate Republicans will want to make progress on resolving differences on how to execute the process that allows them to pass legislation without the risk of filibusters in the Senate.
  • Roll Call also gives us the 119th Congress in numbers, mid-March edition.
  • On Tuesday morning at 10 am, the House Oversight and Government Reform Committee will mark up the following batch of bills,
    • H.R. 1295, the Reorganizing Government Act of 2025; 2) H.R. 1210, the Protecting Taxpayers’ Wallet Act; 3) H.R. ___, the Preserving Presidential Management Authority Act; 4) H.R. 2174, the Paycheck Protection Act; 5) H.R. 2193, the FEHB Protection Act of 2025; 6) H.R. ___, the Federal Accountability Committee for Transparency (FACT) Act; 7) H.R. 2056, District of Columbia Federal Immigration Compliance Act; 8) H. Res. 187, Of inquiry requesting the President to transmit certain information to the House of Representatives referring to the termination, removal, placement on administrative leave, moved to another department of Federal employees and Inspectors General of agencies; 9) H. Res. 186, Of inquiry requesting the President to transmit certain documents to the House of Representatives relating to the conflicts of interest of Elon Musk and related information.
  • Healthcare Dive tells us,
    • “A postponed meeting of vaccine advisers to the Centers for Disease Control and Prevention is now scheduled to take place in April, a spokesperson for the Department of Health and Human Services confirmed.
    • “The Advisory Committee on Immunization Practices, or ACIP, had originally been scheduled to meet Feb. 26 to Feb. 28, but was unexpectedly delayed soon after Robert F. Kennedy Jr., a longtime critic of U.S. vaccination policies, took office as health secretary. At that time, an HHS spokesperson said the rescheduling was to allow extra time for public comment.” * * *
    • “ACIP, which includes outside vaccine experts as well as federal health officials, will now convene on April 15 and April 16, Andrew Nixon, HHS’ director of communications, wrote in an email to BioPharma Dive.” 
    • “A notice posted Friday ahead of publication Monday in the federal register indicated that advisers will discuss the current measles outbreak, as well as vaccines for COVID-19, human papillomavirus, monkeypox, respiratory syncytial virus and other pathogens.”
  • The New York Times reports,
    • “Robert F. Kennedy Jr., the nation’s health secretary, on Saturday instructed leaders of the nonprofit he founded to take down a web page that mimicked the design of the Centers for Disease Control and Prevention’s site but laid out a case that vaccines cause autism.
    • “The page had been published on a site apparently registered to the nonprofit, the anti-vaccine group Children’s Health Defense. Mr. Kennedy’s action came after The New York Times inquired about the page and after news of it ricocheted across social media.
    • “The page was taken offline Saturday evening.” 
  • Pharmacy Practice News informs us,
    • “The Drug Enforcement Administration (DEA) recently alerted healthcare providers to a concerning trend: hackers tapping into patient electronic health records (EHRs) to steal doctors’ DEA registration numbers. Armed with those numbers, the thieves have been able to generate tens of thousands of bogus prescriptions and sell them online, the agency explained in a YouTube video.
    • “Electronic prescription fraud is a real emerging trend that we’re seeing all across the country,” said Erin Hager, a DEA diversion investigator in the Phoenix-Tucson Tactical Division Squad. “What’s happening is … bad actors … who have been conducting prescription drug fraud are now utilizing the internet and electronic health record platforms to create electronic prescriptions that they can then send nationwide.”
    • “These activities can result in “a thousand fraudulent prescriptions using an unsuspecting doctor’s DEA number within a 14-hour time frame,” Ms. Hager said.”

From the public health and medical research front,

  • The New York Times reports, “Dementia May Not Always Be the Threat It Is Now. Here’s Why. The number of cases will increase, but the rates seem to be declining with every birth cohort that reaches advanced ages, researchers said.”
    • Eric Stallard, an actuary and co-director of the Biodemography of Aging Research Unit at Duke University, read the [recent dementia] study and thought the team “seemed very competent at their analysis” of individual risk.
    • But when it came to the projection that cases would double, which assumed that the incidence of dementia would remain stable over the next 40 years, “I don’t believe it,” Mr. Stallard said.
    • “The notion that the number of people with dementia will double over the next 25, 30 or 35 years due to the aging of baby boomers is widespread, it’s pervasive — and it’s wrong,” he added.
    • “He and two other Duke researchers recently published a commentary in JAMA pointing out that the age-specific prevalence of dementia in this country had steadily declined for 40 years.
    • “If your risks are lower than your parents’ risks and this trend continues, you won’t see the doubling or tripling of dementia that’s been projected,” said Dr. Murali Doraiswamy, director of the Neurocognitive Disorders Program at Duke and a co-author of the JAMA article.
    • “To be clear, experts agree that the number of people with dementia will climb in coming decades, simply because the disorder rises so steeply with age and the number of older adults in the United States will increase.
    • “But Mr. Stallard estimates that the increase will be more like 10 to 25 percent by 2050. “It will still be a significant challenge for the health system in the U.S.,” he said.”
  • The University of Minnesota CIDRAP lets us know,
    • Another study is raising questions about whether compliance with a federally mandated hospital protocol aimed at improving sepsis care and management is associated with better outcomes.
    • The study, published this week in JAMA Network Open, found that sepsis patients who received care that was noncompliant with the Centers for Medicare and Medicaid Services (CMS) Severe Sepsis and Septic Shock Management Bundle (SEP-1) tended to be older, have more comorbidities, and have more complex clinical presentation than those who received compliant care. When those factors were accounted for, SEP-1 compliance was no longer associated with improved mortality.
    • The study comes on the heels of a systematic review and meta-analysis, published last month in the Annals of Internal Medicine, that found no evidence that SEP-1 compliance was associated with improved mortality.
  • and
    • “People who started taking the antiviral drug ensitrelvir within 72 hours after a household member tested positive for COVID-19 were significantly less likely to be infected, according to results from an international phase 3 clinical trial presented last week at the Conference on Retroviruses and Opportunistic Infections in San Francisco.
    • “Made by Japanese pharmaceutical firm Shionogi, ensitrelvir is approved in Japan for the treatment of mild to moderate COVID-19.  * * *
    • “In addition to vaccination, post-exposure prophylaxis with timely use of an oral antiviral would be a valuable way to help prevent COVID-19 illness in people who have been exposed, especially people at high risk for severe disease,” Frederick Hayden, MD, a University of Virginia School of Medicine professor emeritus who helped design the trial and presented the findings, said in a university news release.
    • “This is the first clinical trial of an oral antiviral drug to show significant protection against COVID-19 [infection],” he added. “If approved by the [US] Food and Drug Administration for this purpose, it would be an important addition to current preventive strategies.”
  • A Wall Street Journal reporter tells us “A Year After I Stopped Taking a [GLP-1} Weight-Loss Drug, I’ve Lost 20 More Pounds. I’m one of the millions of people trying to keep the weight off without taking expensive drugs like Mounjaro or Ozempic for life. It wasn’t easy, but I found ways.”
    • “My first mistake in stopping the medicine [after reaching his target weight in five months] was that I didn’t wean myself off it more slowly. I stopped cold turkey, and my hunger pangs and food noise came back with a vengeance. Some doctors and researchers have begun to recommend stopping more gradually, as well as taking appetite suppressants like phentermine to ease the transition. This has helped reduce weight regain in some patients.
    • “My second mistake was not having a structured nutrition plan at the ready. The medicine had helped winnow my bad habits down to a number I could actually manage, from perhaps 25 or 30 entrenched eating behaviors (really!) down to more like five or six (I still can’t shake my addiction to impulsive runs to the 7-Eleven, for example). But even a few bad habits—when they meet with what feels like insatiable hunger—can do a lot of damage.
    • “After a few months, I found a highly structured nutrition program, one with expert coaching that focused on a low-carb diet. While the transition was difficult, it eventually helped me bring my cravings under control. 
    • Virta Health, a startup I turned to for a few months, has users test their blood daily. The results, which measure glucose levels and another indicator of dietary compliance, are beamed through an app to a nutrition coach. Being aware that someone was watching—and would know if I had cheated—was immensely helpful as I sought to improve my nutrition and manage hunger.
    • “Without wading into the nutrition wars over the keto or Atkins or Mediterranean diet or any other, I’ve found that I have generally been far less hungry when I’ve eaten more protein, fiber and healthy fats. Meanwhile, drastically limiting carbohydrates has had another benefit: forcing me to eat more vegetables. Gobs and gobs of them.” 

From the U.S. healthcare business front,

  • The Wall Street Journal reports,
    • “The Longevity Business Is Booming—and Its Scientists Are Clashing. The antiaging movement has raced ahead amid fierce debates; critics of a grandfather of the field, Leonard Guarente, include former protégés and rivals.”
  • and
    • “Doctors Are Just as Frustrated as You by Our Messed-Up Healthcare System. Trust between doctors and patients is fraying, but there are ways to mend it.”
      • “One of doctors’ biggest gripes: largely corporate institutions that effectively set patient quotas and require extensive documentation. One physician said he and other doctors are allowed 15 minutes with patients; exceeding that leads to poor performance reviews and “being out of compliance.”
      • “These doctors think patients lose trust because they don’t understand who or what is in control. “Physicians have lost autonomy,” says Dr. Corinne Rao, an internal medicine physician and hospitalist. “Their decisions are subject to the financial interests of their employer.” 
      • “Doctors also say that trust—and respect—go both ways. “It’s like a marriage,” says Dr.  James Schouten, a family physician. Each side has to give 100%. Implying that a loss of trust is entirely the doctor’s fault, he says, suggests the patient has no role in establishing or maintaining trust.
      • “They do, he and others say.”

Cybersecurity Dive

David ErmerCybersecurity

From the cybersecurity policy and law enforcement front,

  • NextGov/FCW lets us know,
    • “A cornerstone federal program that certifies the security architecture of private sector cloud services for government use is expected to announce a fundamental overhaul to its processes on Monday [March 24], according to multiple people familiar with the matter.
    • “The moves, in the long term, are expected to automate many of the certification process steps for the Federal Risk and Authorization Management Program, or FedRAMP, which is used to ensure cloud providers meet strict cybersecurity requirements before government agencies can use their services, according to the people, who were granted anonymity to be candid about the forthcoming changes.
    • “FedRAMP has been a mainstay in government procurement for the last decade but has faced repeated complaints about the slow pace of cloud service approvals. FedRAMP has different approval levels that vary based on the sensitivity of the data a cloud service can handle, with higher levels requiring stricter security controls and generally longer review processes.”
  • and
    • “Despite goals set last year by the National Institute of Standards and Technology to process a backlog of unanalyzed cybersecurity vulnerabilities, the agency said it’s not expecting a slowdown anytime soon.
    • “The National Vulnerability Database — NIST’s cornerstone repository for researchers who use its contents and measuring tools to assess the dangers of cyber exploits — has been backed up with unanalyzed vulnerabilities since February last year. The scientific standards agency was projected to clear the logjam this month based on rates observed this past summer, Nextgov/FCW previously reported.
    • “But NIST said Wednesday that vulnerability submissions increased 32% in 2024 and prior processing rates from spring and early summer last year are no longer sufficient to keep up with incoming submissions. The backlog is still growing as a result.
    • “We anticipate that the rate of submissions will continue to increase in 2025. The fact that vulnerabilities are increasing means that the NVD is more important than ever in protecting our nation’s infrastructure. However, it also points to increasing challenges ahead,” an agency spokesperson said. “To address these challenges, we are working to increase efficiency by improving our internal processes, and we are exploring the use of machine learning to automate certain processing tasks.”
  • Per a March 21, 2025, HHS news release,
    • “Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a settlement with Health Fitness Corporation (Health Fitness), located in Illinois, that provides wellness plans to clients across the country, resolving a potential violation under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule.” * * *
    • “The settlement resolves OCR’s investigation of Health Fitness, which OCR initiated after receiving four reports from Health Fitness, over a three-month period (October 15, 2018, to January 25, 2019), of breaches of unsecured protected health information.  Health Fitness filed the breach reports on behalf of multiple covered entities as their business associate.  Health Fitness reported that beginning approximately in August 2015, ePHI became discoverable on the internet and was exposed to automated search devices (web crawlers) resulting from a software misconfiguration on the server housing the ePHI. Health Fitness discovered the breach on June 27, 2018.  Health Fitness initially reported that approximately 4,304 individuals were affected and later estimated that the number of individuals affected may be lower.  OCR’s investigation determined that Health Fitness had failed to conduct an accurate and thorough risk analysis, until January 19, 2024, to determine the potential risks and vulnerabilities to the ePHI held by Health Fitness.
    • “Under the terms of the resolution agreement, Health Fitness agreed to implement a corrective action plan that OCR will monitor for two years and paid $227,816 to OCR.” * * *
    • The resolution agreement and corrective action plan may be found at:  https://www.hhs.gov/sites/default/files/health-fitness-ra-cap.pdf [PDF, 202 KB].

From the cybersecurity breaches and vulnerabilities front,

  • Cyberscoop tells us,
    • “Cybercriminals used information-stealing malware to a devastating effect last year, capturing sensitive data that fueled ransomware, breaches and attacks targeting supply chains and critical infrastructure, according to a new report.
    • “Infostealers were used to steal 2.1 billion credentials last year, accounting for nearly two-thirds of 3.2 billion credentials stolen from all organizations, Flashpoint said in a report released Tuesday. By targeting identity and access, cybercriminals stole 33% more credentials in 2024 compared to the previous year. More than 200 million credentials were already stolen in the first two months of this year.
    • “Infostealers are proving to be incredibly versatile, contributing to account takeover, increasing data breach totals, acting as initial access vectors to ransomware, as well as assisting in exploitation via vulnerabilities,” Ian Gray, vice president of intelligence at Flashpoint, said in an email.”
  • Security Week informs us,
    • “Browser security cannot be ignored. It’s where people spend most of their working day, and it’s where attackers focus most of their attacks.
    • “Statistics come from Menlo Security’s analysis of 750,000 browser-based phishing attacks targeting more than 800 entities detected over the last 12 months. This analysis reveals a 140% increase in browser phishing, including a 130% increase in zero-hour phishing attacks (effectively, a zero-day attack applied to phishing).
    • “The reasons for the growth are multiple: our growing reliance on the browser for much of our daily work, the prevalence of zero-day vulnerabilities, the increasing sophistication of the cybercriminal underworld, and, worryingly, the growing influence of gen-AI. Gen-AI is particularly concerning, both for its use today and its potential use in the future.
    • “Threat actors have advanced in speed and skills. They are using the same tools and infrastructure as professional engineers,” comments Andrew Harding, VP of security strategy at Menlo Security. “We’re seeing a dangerous combination of zero-day attacks, advanced social engineering techniques, sophisticated phishing techniques, and readily available phishing-as-a-service kits, all designed to infiltrate systems and steal valuable data.”
    • “He adds, “This trend is only poised to escalate dramatically in 2025 as attackers adopt AI to increase both scale and effectiveness.”
  • Dark Reading adds,
    • “A nearly decade-long malware campaign known as “DollyWay World Domination” has compromised more than 20,000 WordPress websites over the past eight years.
    • “GoDaddy published a report this week claiming multiple threat campaigns tracked by various security researchers since 2016 are actually one larger operation perpetrated by VexTrio, a massive cybercrime network that leverages traffic distribution systems (TDSs) and lookalike domains to deliver malware and scams.
    • “GoDaddy’s Denis Sinegubko wrote in the company’s research blog that the operation is tracked as DollyWay World Domination due to a string of code found in variations of the DollyWay malware: “define(‘DOLLY_WAY’, ‘World Domination’);”.
  • and
    • “Mobile phone jailbreaks are thriving, exposing users to anywhere between three- and 3,000-times greater risk of cyber compromise.
    • “Organizations already face a significant risk in bring your own device (BYOD) attacks. More than 70% of infected devices are personal, and a good chunk of organizations have watched as malware entered their walls through unmanaged devices belonging to employees.
    • “The risk is supercharged, though, when those devices are cracked. New data from Zimperium shows that rooted and jailbroken Android phones and iPhones are 3.5 times more likely to be infected with malware and 250 times more likely to be totally compromised.
    • “What we’ve seen is that the amount of jailbreaks and roots has decreased slightly in recent years,” says Kern Smith, vice president of global solutions engineering at Zimperium. However, he warns, “The risk of those has increased significantly. These jailbreaks and roots expose these devices to a much, much higher risk profile. And mobile devices in general are being exposed to a much higher risk profile today. So it becomes a multiplier effect.”
  • Per Fedscoop,
    • “The Federal Bureau of Investigation has warned federal employees that cybercriminals are attempting to steal their login credentials in connection to a widely used government financial services platform, according to a notice viewed by FedScoop. 
    • “Hackers are targeting the Employee Personal Page, or MyEPP page, which is operated by the National Finance Center (NFC), a financial and human resources shared service within the Agriculture Department used by 661,000 employees across the federal government for payroll. The site, which is used to manage salary and benefits information, is typically accessed through an online account or with Login.gov credentials. 
    • “According to the FBI, cybercriminals hope to trick federal employees by running advertisements on search engines that impersonate the NFC website. If they click on the ad, employees are brought to a “sophisticated phishing website” that looks similar to the actual MyEPP page that aims to capture their login credentials when users enter them.”
  • Per Bleeping Computer,
    • “Veeam has patched a critical remote code execution vulnerability tracked as CVE-2025-23120 in its Backup & Replication software that impacts domain-joined installations.
    • “The flaw was disclosed yesterday and affects Veeam Backup & Replication version 12.3.0.310 and all earlier version 12 builds. The company fixed it in version 12.3.1 (build 12.3.1.1139), which was released yesterday.
    • “According to a technical writeup by watchTowr Labs, who discovered the bug, CVE-2025-23120 is a deserialization vulnerability in the Veeam.Backup.EsxManager.xmlFrameworkDs and Veeam.Backup.Core.BackupSummary .NET classes.”
  • Cybersecurity Dive tells us,
    • At least 11 state-sponsored threat groups since 2017 have been actively exploiting a Microsoft zero-day flaw allowing for abuse of Windows shortcut files to steal data and commit cyber espionage against organizations in various industries.
    • Researchers from Trend Micro’s Trend Zero Day Initiative (ZDI) have identified nearly 1,000 malicious .lnk files abusing the flaw, tracked as ZDI-CAN-25373, which allows attackers to execute hidden malicious commands on a victim’s machine by leveraging crafted shortcut files.
    • “By exploiting this vulnerability, an attacker can prepare a malicious .lnk file for delivery to a victim,” according to a Trend Micro blog post on Tuesday. “Upon examining the file using the Windows-provided user interface, the victim will not be able to tell that the file contains any malicious content.”
    • “The malicious files delivered by attackers include various payloads, including the Lumma infostealer and Remco’s remote access Trojan (RAT), that expose organizations to risks of data theft and cyber espionage.”
  • CISA added five known exploited vulnerabilities to its catalog this week.
    • March 18, 2025
      • CVE-2025-24472 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
      • CVE-2025-30066 tj-actions/changed-files GitHub Action Embedded Malicious Code Vulnerability
        • Dark Reading discusses the Fortinent KVE here, and Cybersecurity Dive discusses the Github KVE here.
    • March 19, 2025
      • CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection Vulnerability
      • CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
      • CVE-2017-12637 SAP NetWeaver Directory Traversal Vulnerability
        • Hacker News discusses the Edimax KVE here and the NAVIKO KVE here. Cybersecurity News discusses the SAP KVE here.
  • Cybersecurity Dive adds,
    • Johannes Ullrich of the SANS Internet Storm Center reported exploitation attempts this week against two critical Cisco vulnerabilities that were initially disclosed in September. CVE-2024-20439 is a static credential vulnerability in the Cisco Smart Licensing Utility, and CVE-2024-20440 is an information disclosure flaw in the utility. 
    • It’s unclear if the exploitation was successful, but Ullrich noted the static credential for CVE-2024-20439 was previously published by a security researcher and could be used to remotely access affected devices.
    • Ullrich told Cybersecurity Dive the exploitation attempts likely originate from a smaller botnet, with activity spiking over the last week.
  • Fierce Healthcare lets us know,
    • “A new report by Clearwater Security found that incident response and resilience was a major issue for private equity-owned healthcare companies, which need to improve consistency in cybersecurity governance in light of their high-growth business model.
    • “The assessment found systemic gaps in security preparedness, as healthcare organizations need more documented policies for cybersecurity practices from provider practices to digital health companies. Private equity firms need to consider the cybersecurity risk profiles of companies when deciding whether to acquire them or merge them with other businesses, Clearwater writes.
    • “Because private equity firms prioritize rapid growth of their portfolio companies, Clearwater found that health IT infrastructures and cybersecurity practices often fall behind. A cybersecurity incident can devalue a company overnight or rack up regulatory fines, a dangerous prospect for PE firms.
    • “The report looked at consumer health companies, healthcare data and analytics companies and physician practices owned by private equity firms. It also evaluated pharma, biosciences and dental services companies.”

From the ransomware front,

  • Cybersecurity Dive reports,
    • “A Medusa ransomware campaign is using a malicious driver to disrupt and even delete endpoint detection and response (EDR) products on targeted organization networks.
    • “According to new research from Elastic Security Labs, the malicious driver, dubbed ABYSSWORKER, is deployed along with a packer-as-a-service called HeartCrypt to deliver Medusa ransomware. Elastic noted the driver was first documented in a ConnectWise post in January involving a different campaign of IT support scams using Microsoft Teams.
    • “In the Medusa ransomware attacks, Elastic discovered the malicious driver imitates a legitimate CrowdStrike Falcon driver and is using digital certificates from other companies to masquerade as a legitimate program. 
    • “All samples are signed using likely stolen, revoked certificates from Chinese companies,” Cyril François, senior research engineer at Elastic Security Labs, wrote in the blog post. “These certificates are widely known and shared across different malware samples and campaigns but are not specific to this driver.”
  • Per Bleeping Computer,
    • “Two malicious VSCode Marketplace extensions were found deploying in-development ransomware, exposing critical gaps in Microsoft’s review process.
    • “The extensions, named “ahban.shiba” and “ahban.cychelloworld,” were downloaded seven and eight times, respectively, before they were eventually removed from the store.
    • “It is notable that the extensions were uploaded onto the VSCode Marketplace on October 27, 2024 (ahban.cychelloworld) and February 17, 2025 (ahban.shiba), bypassing safety review processes and remaining on Microsoft’s store for an extensive period of time.”
  • Per Trend Research,
    • “Trend Research uncovered new versions of the Albabat ransomware. The development of these versions signifies the ransomware operators’ potential expansion of their targets from Windows to Linux and macOS. Research also reveals the group’s use of GitHub to streamline operations.
    • “Enterprises should remain vigilant against ransomware threats like Albabat as a successful attack can incur reputational damage, operational disruption, and financial losses once threat actors get a hold of and ransom critical data.
    • “To mitigate Albabat ransomware, organizations should have strong access controls for sensitive data, update and patch systems regularly and have proper backups.”
  • Per TechSpot,
    • “Akira, one of the most dangerous ransomware strains floating around the internet, just met its match — an Indonesian programmer armed with cloud computing and sheer determination.
    • As first reported by TechSpot, Yohanes Nugroho successfully cracked Akira, a multiplatform ransomware that has been wreaking havoc since 2023. Used by cyber criminals to target hundreds of businesses, government agencies, and industries, Akira has helped its developers earn millions.
    • “While this isn’t the first time someone has found a way to break Akira’s encryption, what makes this case remarkable is that Nugroho did it alone — and in just over 10 hours.”

From the cybersecurity business and defense front,

  • NextGov/FCW reports,
    • “Google has moved to expand the security aspects of its cloud offering by agreeing to acquire Wiz in a $32 billion all-cash transaction, the global tech giant’s largest-ever.
    • “Wiz generates roughly $1 billion in annual revenue with FedRAMP-authorized cloud security products in areas such as prevention, active detection and response.
    • “Google sees the addition of Wiz as helping it support more agencies as they look to move their systems into multi-cloud and hybrid cloud environments.
    • “At the same time, software and (artificial intelligence) platforms are becoming deeply embedded across products and operations, bringing new and evolving risks for private enterprises, governments, and other public sector organizations,” Google Cloud CEO Thomas Kurian said in a release.”
  • Dark Reading explains why “Cyber Quality Is the Key to Security. The time to secure foundations, empower teams, and make cyber resilience the standard is now — because the cost of waiting is far greater than the investment in proactive security.”
  • TechTarget offers “13 API security best practices to protect your business. APIs are the backbone of most modern applications, and companies must build in API security from the start. Follow these guidelines to design, deploy and protect your APIs.”
  • Here are links to
    • Dark Reading’s CISO Corner
    • A HelpNetSecurity video about “Pay, fight, or stall? The dilemma of ransomware negotiations”
    • A Cyberscoop podcast in which its editor in chief “Greg Otto talks with FTI Consulting’s Allie Bohan exploring the challenges organizations face in maintaining effective communication during cyberattacks.”
    • The FEHBlog watched the seven-minute-long video and listed to the podcast while drafting this post and he found them worthwhile.

Friday Report

David ErmerCDC, COVID-19, FDA, NIH, OPM, U.S. Healthcare
Photo by Sincerely Media on Unsplash

From Washington, DC,

  • Govexec tells us,
    • “President Trump on Thursday issued a presidential memorandum aiming to expand the power of the Office of Personnel Management to fire federal employees, alarming experts and federal employee groups.
    • “The memo, quietly published Thursday night alongside an executive order mandating agencies share data, particularly with Elon Musk’s Department of Government Efficiency, delegates to OPM the authority to fire federal employees based on “post-appointment conduct.”
    • “A federal employee’s appointment occurs at the conclusion of their one-year probationary period, when their full civil service protections kick in. Prior to that point, the Office of Personnel Management has authority to determine whether a federal job applicant or new hire is “suitable” for federal employment, which generally refers to questions of their “character or conduct.”
    • “But once an employee’s probationary period has ended, the authority to discipline or remove an employee rests solely with agency that employs them. Indeed, even if an employee threatens national security, only his or her employing agency may take action to suspend or remove them.
    • “Trump’s memo expands who may remove employees for “conduct and character” reasons to include OPM and tasks the HR agency with writing the regulations governing the agency’s ostensibly new power. Agencies may make referrals to OPM for approval, or the OPM director may reach down and order individual agencies to discipline or fire workers.”
  • Fierce Healthcare informs us,
    • “Former Republican House Representative Michael Burgess, M.D., is a top choice for the White House’s second try at a Centers for Disease Control and Prevention (CDC) director nomination, according to a Reuters report citing three anonymous sources.
    • “One of the sources described Burgess to Reuters as the likely nominee but said that the decision is not yet final. The administration has not yet commented on its next choice for the role.
    • “Burgess, 74, practiced as an obstetrics and gynecology doctor before stepping into Capitol Hill in 2003. He chose not to seek reelection this past year.”
  • Healthcare Finance offers more details on the terrorist threat against hospitals.
    • On March 18, user @AXactual made a post on X with details related to the active planning of a coordinated, multi-city terrorist attack on United States health sector organizations, according to the joint threat bulletin.
    • The terrorist attack on hospitals would reportedly be by ISIS-K, a division of the jihadist group Islamic State, according to The HIPAA Journal. The post was added to the X account of American Kinetix, which claims to be a Christian company in the United States that consists of JSOC (Joint Special OperationsCommand), the CIA and combat veterans, The HIPAA Journal said.
    • American Kinetix said it had received reports of possible pre-attack surveillance at hospitals.” * * *
    • “The primary targets would be mid-tier cities with low-security facilities, the joint threat bulletin said. With the information claiming multiple simultaneous targets, attackers would likely select health sector facilities with visibly weak security and conduct prior planning coordination.” 
  • The American Hospital Association (AHA) News lets us know,
    • “The Drug Enforcement Administration and Department of Health and Human Services yesterday announced that the effective date for the final rule regarding telemedicine prescribing of buprenorphine will be further delayed from March 21 to Dec. 31. The original effective date was Feb. 18 before the first delay to March 21. As outlined in the Jan. 20 White House memorandum announcing the regulatory freeze, the agencies decided to delay the implementation of rules to review any questions of fact, law and policy.
    • “The waiver provisions outlined in the third extension of telemedicine flexibilities for prescribing controlled substances will remain in effect to waive in-person visit requirements through Dec. 31.
    • “Once implemented, the final rule for the telemedicine prescribing of buprenorphine will enable practitioners to prescribe a six-month initial supply of Schedule III-V medications to treat opioid use disorder via audio-only telemedicine interaction without a prior in-person evaluation.”
  • STAT News points out,
    • “The Food and Drug Administration cleared Alnylam Pharmaceuticals’ treatment for a progressive heart condition Thursday, setting it up to compete with therapies from BridgeBio and Pfizer.
    • “Alnylam’s drug, vutrisiran, was approved for patients with transthyretin amyloid cardiomyopathy, or ATTR-CM, to reduce cardiovascular-related death and hospitalizations. This indication was widely expected among investors and is similar to the indications given for competing therapies.
    • “The treatment, which will be sold under the brand name Amvuttra, was additionally approved to reduce urgent heart failure visits.”
  • BioPharma Dive adds,
    • “Alynlam Pharmaceuticals will sell its drug for a life-threatening heart disease at almost double the cost of other treatments available for the condition, company executives said Thursday.
    • “The price of the drug, Amvuttra, was revealed on a Thursday evening conference call discussing the Food and Drug Administration’s decision to clear the treatment in people with transthyretin amyloidosis, or ATTR, cardiomyopathy. Alnylam already markets the medicine for people with a form of the condition that affects the nerves but has long looked to an approval in cardiomyopathy as the kind of revenue driver that can help it turn a consistent profit.
    • Alnylam will begin selling Amvuttra as two other treatments, Pfizer’s tafamidis and BridgeBio Pharma’s Attruby, are already accessible. Both tafamidis and Attruby are taken orally, while Amvuttra is injected. Although none of the drugs have been tested directly against another and cross-trial comparisons come with caveats, Amvuttra’s benefits also don’t appear to be clearly superior to its rivals.

From the public health and medical research front,

  • The Center for Disease Control and Prevention announced today,
    • “Seasonal influenza activity remains elevated nationally but has decreased for five consecutive weeks. COVID-19 activity is declining nationally but elevated in some areas of the country. RSV activity is declining in most areas of the country.
    • “COVID-19
      • “COVID-19 activity is declining nationally but elevated in some areas of the country. Wastewater levels and emergency department visits are at low levels, and laboratory percent positivity is stable. Emergency department visits and hospitalizations are highest in older adults and emergency department visits are also elevated in young children.
      • “There is still time to benefit from getting your recommended immunizations to reduce your risk of illness this season, especially severe illness and hospitalization.
      • “CDC expects the 2024-2025 COVID-19 vaccine to work well for currently circulating variants. There are many effective tools to prevent spreading COVID-19 or becoming seriously ill.
    • “Influenza
      • “Seasonal influenza activity remains elevated nationally but has decreased for five consecutive weeks. Data to date suggest the season has peaked, however, flu-related medical visits, hospitalizations, and deaths remain elevated, and CDC expects several more weeks of flu activity.
      • “Additional information about current influenza activity can be found at: Weekly U.S. Influenza Surveillance Report | CDC
    • “RSV
      • “RSV activity is declining in most areas of the country. Emergency department visits and hospitalizations are highest in children and hospitalizations are elevated among older adults in some areas.
    • “Vaccination
      • “Vaccination coverage with influenza and COVID-19 vaccines is low among U.S. adults and children. Vaccination coverage with RSV vaccines remains low among U.S. adults. Many children and adults lack protection from respiratory virus infections provided by vaccines.”
  • The University of Minnesota CIDRAP reports,
    • “The Texas Department of State Health Services (TDSHS) today reported 30 more cases in a measles outbreak in the western part of the state near the New Mexico border, as the New Mexico Department of health added 4 new cases to its total, pushing the outbreak total to 351.
    • “Meanwhile, as global cases surge, a handful of states reported new cases in people who had connections to international travel. In a weekly update today, the Centers for Disease Control and Prevention (CDC) said it has received reports of 378 cases this year, well past the 285 cases reported for all of 2024. 
    • “The cases are from 18 jurisdictions, and 90% are linked to three outbreaks. The CDC’s update includes the first cases of the year from Kansas, Ohio, and Michigan. Kansas last week reported its first measles infection since 2018, and media reports say at least six cases have been reported in the southwest part of the state in Grant and Stevens counties.”
  • The AP relates,
    • “A common blood test may miss ovarian cancer in some Black and Native American patients, delaying their treatment, a new study finds. It’s the latest example of medical tests that contribute to health care disparities.
    • “Researchers have been working to uncover these kinds of biases in medicine. Recently, the Trump administration’s crackdown on diversity, equity and inclusion has jeopardized such research as universities react to political pressure and federal agencies comb through grants looking for projects that violate the president’s orders.
    • “Native American women have the highest rate of ovarian cancer. Black women with ovarian cancer have lower rates of survival compared to white women. Finding ovarian cancer early can lead to better chances of survival.
    • The new study, supported by grants from the National Cancer Institute and published Thursday in JAMA Network Open, looked at a test called CA-125. The test measures a tumor marker in the blood, and doctors use it to determine if a woman with a suspicious lump should be referred to a cancer specialist.” 
  • Per a National Cancer Institute news release,
    • “When people who smoke are screened for lung cancer, studies have suggested that the screening visit can be an opportune time for health care providers to offer them ways to stop smoking.
    • “Results from a large clinical trial now show that a comprehensive program that integrates intensive counseling and cessation medications may be a particularly effective way of accomplishing that goal.
    • “The study included more than 600 adults who were current smokers. By the end of the 3-month treatment period, nearly 40% of those randomly assigned to participate in an intensive cessation program had quit smoking and had not started up again. In contrast, about 25% of those referred to a tobacco use quitline hit that same benchmark.
    • “The results were published March 1 in JAMA Internal Medicine
    • “According to the study’s lead investigator, Paul Cinciripini, Ph.D., of the University of Texas MD Anderson Cancer Center, the findings confirm that when people who smoke are being screened for lung cancer, it “presents a critical opportunity” to support them in quitting. The type of support, however, appears to be particularly important, Dr. Cinciripini said.
    • “Another important takeaway is “the importance of having [dedicated cessation specialists] be a part of [cessation] treatment,” said Carolyn Reyes-Guzman, Ph.D., of NCI’s Tobacco Control Research Branch, which funded the study.” 
  • Per Healio,
    • “Risk for moderate to severe depressive symptoms during pregnancy varied widely across 20 different racial and ethnic groups, suggesting women from different cultural backgrounds view and report depression symptoms differently, data show.
    • “Our study found differences among racial and ethnic subgroups in several aspects of prenatal depression, including the likelihood of receiving a diagnosis and reporting symptoms when screened in prenatal care,” Kendria Kelly-Taylor, PhD, a research fellow with Kaiser Permanente Northern California Division of Research, told Healio. “We found most of the [racial] groups were less likely to have a diagnosis of prenatal care and more likely to report moderate-to-severe depressive symptoms when screened. Previous research provides some possible reasons for these findings, which include differences in how patients in various racial and ethnic subgroups experience symptoms, view their symptoms, and their comfort in discussing them with a clinician or having a diagnosis in their medical record.”
  • HealthDay reports,
    • “The total injury death rate in the United States increased from 2013 through 2021, then declined through 2023, according to a March data brief published by the National Center for Health Statistics.
    • “Sally C. Curtin, from the National Center for Health Statistics in Hyattsville, Maryland, presents trends in injury death rates overall and by three leading intents (unintentional, suicide, and homicide) for 2003 to 2023.
    • “Curtin found that the total age-adjusted injury death rate increased 21 percent from 2013 to 2019 (58.8 to 71.2 per 100,000 standard U.S. population) after a period of stability from 2003 to 2013; there was an additional 25 percent increase through 2021 (89.0), followed by a 4 percent decline through 2023 (85.3). From 2003 to 2019, there was a threefold increase in unintentional drug overdose death rates, followed by a 58 percent increase through 2022 and a 4 percent decline through 2023. From 2006 to 2018, there was an increase in firearm-involved suicide death rates, followed by a decline in 2019 and an increase through 2021; rates remained stable through 2023. The firearm-involved homicide death rate declined from 2003 to 2014, then increased through 2021, and declined through 2023.”

From the U.S. healthcare business front,

  • The Wall Street Journal reports,
    • Johnson & Johnson JNJ said it is increasing U.S investments to more than $55 billion over the next four years, boosting spending on manufacturing, R&D and technology in a move it says will create jobs and help speed up drug discovery and development.
    • “The healthcare conglomerate said Friday that the investment represents a 25% increase from the previous four-year period.
    • “Part of that will go toward four new manufacturing facilities in the U.S., and the expansion of existing sites, J&J said, adding that it is kick-starting the investment by breaking ground on a North Carolina biologics manufacturing facility on Friday.”
  • Beckers Hospital Review notes,
    • “East Ohio Regional Hospital, a 140-bed healthcare facility in Martins Ferry, has closed, local media outlets reported. 
    • “Signs posted at EORH entrances March 20 said “Hospital closed! Please go to the nearest hospital Trinity, Reynolds or Wheeling!” according to the outlets, including The Intelligencer and NBC and Fox affiliate WTOV.
    • “The closing is the latest chapter for the struggling hospital and comes as workers reported having not received their most recent paychecks. Employees were not paid as scheduled March 7 and said they remained unpaid as of March 20, according to The Intelligencer.”
  • Per Beckers Payer Issues,
    • The healthcare industry needs to have more conversations about patient experience, AI and preventive care, according to payer executives. 
    • Becker’s connected with 25 leaders to learn more about what they say is underdiscussed in healthcare. 
    • The leaders’ observations can be found in the article.