FEHBlog

Happy New Year 2026

David ErmerACA, Congress, Federal employment benefits, No Surprises Act, OPM, U.S. Healthcare

Happy New Year. This year is the 250th anniversary of our Nation’s independence. The FEHBlog resolves to keep posting as the 20th anniversary of the FEHBlog also occurs in 2026.

From Washington, DC,

  • Federal News Network reports,
    • “The Office of Personnel Management is addressing what have become growing concerns in Congress over the significant delays in federal retirement processing this year.
    • “In a letter sent Tuesday [December 30] to a group of House Democrats, OPM Director Scott Kupor touted the benefits of the new online retirement application (ORA) in helping to streamline processing, while at the same time arguing that outdated systems — not staffing levels — are to blame for the current challenges HR employees are facing.
    • “The main issues with federal HR, we have found, are not low staffing levels, but inefficient and outdated technology and antiquated, cumbersome regulations and processes,” Kupor wrote in the Dec. 30 letter, obtained by Federal News Network. “OPM under the Trump administration has done in a matter of months what the government failed to do for multiple generations: modernize the paper-based federal retirement system.”
    • “Kupor’s comments are a response to a Dec. 22 letter from Democrats on the Oversight and Government Reform Committee, which raised concerns about the significant delays retiring federal employees are currently experiencing. Those delays are largely due to a surge of retirement applications from employees who opted into the deferred resignation program (DRP) earlier this year.”
  • FEHBlog Observation: A related solution would be to simplify the highly complex retirement programs.
  • An OPM news release describes the agency’s other accomplishments in 2025.
  • Beckers Payer Issues identifies major federal and state healthcare policies that first take effect in 2026. The FEHB is hoping for significant deregulation of the FEHB and PSHB Programs which is the surest path to lower premiums and better competition.
  • Fedweek tells us,
    • “The 2026 general schedule pay raise as usual will take effect not at the start of the year but rather as of the first full pay period of the year—January 11-24 for most—and its impact won’t be seen in pay distributions until the one covering that pay period, which in most cases will be made about a week to 10 days after its end.
    • “The raise of 1 percent across the board for most, although 3.8 percent for certain law enforcement positions (pending an OPM review), also as usual will have an effect on pay caps and certain benefits.
    • “The GS pay cap is increasing from $195,200 to $197,200. That cap affects employees in the upper steps of GS-15 in about half of the GS localities, and the upper steps of GS-14 in the highest paid, the San Francisco-Oakland locality.”
  • FEHBlog observation — FEHB Open Season changes for annuitants take effect on January 1, 2026, while Open Season changes for employees takes effect on the first day of the first pay period of 2026, which is January 11, 2026. Open Season changes in the Postal Service Health Benefits program for all enrollees take effect on January 1, 2026.

From the judicial front,

  • Beckers Payer Issues reports,
    • “Health Care Service Corp.’s Blue Cross and Blue Shield of Texas filed a lawsuit against medical billing company Zotec Partners Dec. 18, alleging “abuse” of the No Surprises Act’s independent dispute resolution process, according to filings from the Eastern District of Texas’ federal court.
    • “The No Surprises Act aims to limit surprise billing, forming the resolution process to address payment disputes between insurance companies and out-of-network providers.
    • “BCBS of Texas accused Zotec of knowingly instigating “thousands” of disputes that were not eligible for arbitration, such as by submitting false information. The insurer said Zotec sometimes ignored state law, timelines for the IDR process and eligibility parameters for claims. “Batching” — or bundling multiple claims into one IDR process — has been another concern, with BCBS of Texas saying Zotec “overwhelms” the insurer by including 66 unique items or services on average.
    • “The complaint requested compensation and a court order that would block Zotec from launching ineligible cases going forward.”

From the U.S. healthcare business front,

  • Beckers Payer Issues reports,
    • “Alabama insurers issued the highest amount of medical loss ratio rebates to consumers in 2024, according to KFF.
    • “Under the ACA, if an insurer in the individual market spends less than 80% of premium revenues on clinical services and quality improvement, it is required to provide a rebate to customers, based on a 3-year average.”
  • Beckers Hospital Review points out,
    • Cross-market mergers — transactions between health systems operating in separate geographic regions — are becoming a more prominent trend in hospital consolidation as organizations continue to shift toward multiregion operating models.
    • “Over the past year, several large systems have pursued cross-market deals to gain scale, diversify risk and strengthen payer negotiations, often in lieu of same-market mergers that face heightened antitrust scrutiny. 
    • “While these transactions typically do not eliminate local competition for patients, they are reshaping how health systems think about growth, leverage and long-term sustainability.”
  • MedCity News adds,
    • “Workforce pressures remained the dominant financial challenge for hospitals and health systems in 2025, according to data released this month by Kaufman Hall.
    • “Labor is still the largest expense for hospitals, with about 70% of organizations pursuing widespread efforts focused on staffing optimization.
    • “The interesting trend within the workforce setting is that more than half [of hospitals] are looking at the potential outsourcing of non-core activities. This has always been a trend in healthcare, but it seems to be increasing as people look to improve some of the non-core competencies, such as food service, revenue cycle, HR, etc.,” said Lance Robinson, managing director at Kaufman Hall.” * * *
    • “Beyond pay, hospitals are rethinking care models, Robinson added. They are placing more of an emphasis on team-based staffing, as well as investing in technologies like ambient AI to reduce administrative burden and help clinicians work at the top of their license.”

Tuesday report

David ErmerACA, HIPAA Privacy and Security Rules, Medical / Rx research, Rx coverage, U.S. Healthcare

From Washington, DC,

  • Govexec identifies the five biggest stories for federal agencies and employees to watch in 2026.
    • 1.) Renewed shutdown watch
    • 2.) Return of RIFs? 
    • 3.) The implementation of ‘Schedule F’ and other changes to the civil service
    • 4.) Agency reorganizations
    • 5.) Court battles 
  • Beckers Payer Issues informs us,
    • “More than 15.6 million people have enrolled in plans on federally run ACA exchanges so far, down from about 16 million at the same point last year, CMS Administrator Mehmet Oz, MD, said Dec. 23.
    • “Dr. Oz attributed the decline to efforts to address fraudulent enrollments, writing on X: “Notably, this small drop follows several important CMS actions over the past year to combat fraudulent and improper enrollments, which have already removed more than enough people from premium subsidies who are covered elsewhere to account for the modest enrollment change. That said, there is a politically motivated lawsuit that has paused critical actions to make sure Biden-era improper enrollments are fully knocked out.”
    • ‘Earlier in the open enrollment period, ACA enrollment was outpacing last year. CMS data published Dec. 5 showed nearly 5.8 million plan selections through late November, up about 7% year over year, though new consumer enrollment was down 4% as returning consumers drove the gains.”
  • According to a Competitive Enterprise Institute news release,
    • “A new Competitive Enterprise Institute (CEIstudy explores a thriving pharmaceutical delivery system that offers consumers real choice and convenience. Independent pharmacies are doing well and still make up a sizable portion of retail pharmacies. At the same time, new approaches like mail-order pharmacies and combined telehealth and pharmacy offerings are making it easier and cheaper than ever for patients to obtain necessary medications. And these new innovative approaches are providing access to rural areas that lack physical pharmacies.
    • “Invaluable to this well-functioning system is the role of pharmacy benefit managers (PBMs). PBMs own and manage most mail-order pharmacies, negotiating drug prices and running an efficient distribution network. PBMs provide convenient, reliable drug delivery to patients, making it easier for patients to stick to their treatment plan.
    • “But some lawmakers at the state and federal levels fear that PBMs wield too much influence over products and services, and they want to ban PBMs from owning pharmacies, whether mail-order services or retail stores like CVS. Perhaps they have not considered that in some rural counties, the only pharmacy available would be in danger of closing under these laws—potentially leaving residents in those areas with no local options.
    • “There is little evidence to suggest that worries about PBM-owned pharmacies are justified, and consumers are already protected from anticompetitive practices by existing laws.
    • “Banning successful business models doesn’t protect consumers; it protects competitors from competition,” said study author and CEI senior fellow Jeremy Nighohossian. “When it comes to building a system that works better for consumers, the free market is the best medicine.”
  • Modern Healthcare reports,
    • “The Drug Enforcement Administration on Tuesday temporarily extended a rule allowing clinicians to prescribe controlled medications remotely through the end of 2026.
    • “The rule, which will take effect Thursday, gives clinicians the ability to remotely prescribe Schedule II-V controlled medications to patients. This latest extension marks the fourth time the rule has been renewed since it was implemented at the beginning of the COVID-19 pandemic.
    • “Under the rule, clinicians are able to prescribe controlled medications, such as Adderall and Xanax via telemedicine appointments, without an initial in-person examination. The rule was originally set to expire at the end of December.”
  • The Holland and Knight law firm lets us know,
    • “Recent changes to the HIPAA Privacy Rule require that healthcare providers update their Notice of Privacy Practices (“NPP”) by February 16, 2026. The changes are intended to align HIPAA with the revised regulations governing substance use disorder records in 42 CFR part 2 (“Part 2”). A redlined version of 45 CFR 164.520 showing the changes to the rule is available here here.”

From the public health and medical / Rx research front,

  • The Wall Street Journal reports,
    • “Influenza cases are rising sharply, heightening fears that a new strain will fuel a punishing flu season that is already outpacing last year’s.
    • “The flu has sickened an estimated 7.5 million people so far this season, according to weekly data from the Centers for Disease Control and Prevention released Tuesday. About 81,000 people have been hospitalized and 3,100 have died so far this flu season, the agency estimated, including eight children. That reflects a sharp increase from the week prior, in which the CDC estimated about 4.6 million cases, 49,000 hospitalizations and 1,900 deaths. 
    • “Roughly 25% of samples sent to clinical laboratories came back positive for the flu in the week ended Dec. 20, the CDC said. That is up from about 15% the week before. 
    • “The figures raised concerns of a particularly harsh flu season this winter. The contagious respiratory illness typically kills thousands of people in the U.S. each year, though that number can rise significantly in years with troublesome viral variants.” 
  • The University of Minnesota’s CIDRAP tells us,
    • “Measles cases nationwide have reached 2,012, the Centers for Disease Control and Prevention (CDC) reported last week, as outbreaks in Arizona and South Carolina continue to grow and three other states alert the public about airport exposures.
    • “The US total reflects 54 new cases, as the country teeters on the brink of losing its measles elimination status—which it earned in 2000—next month. This year’s total is the nation’s highest since 1992, when officials reported 2,200 cases. Coordinated vaccination efforts led to a precipitous drop in cases in the ensuing decades, but vaccine skepticism in recent years has spawned the disease’s resurgence.”
  • and
    • “Relative to uninfected control patients, those hospitalized with acute respiratory infections (ARIs) due to respiratory syncytial virus (RSV) or influenza were at substantially higher adjusted risk for all-cause death, heart attack, exacerbation of asthma and chronic obstructive pulmonary disease (COPD), and hospitalization for heart failure, researchers from vaccine maker GSK and the Analysis Group report.
    • “The retrospective study, published last week in Clinical Infectious Diseases, used claims data from October 2015 to June 2023 to compare clinical outcomes among US adults aged 50 and older hospitalized for RSV or flu with those of controls without ARI. The average ages in the RSV and flu cohorts were higher than those of controls (76.5 and 75.4 vs 69.5 years, respectively).
    • “Current evidence on longer-term RSV-ARI outcomes among adults aged ≥50 years is limited, with insufficient research comparing the impact of RSV-ARI hospitalization to an appropriate comparator population representing the long-term health outcomes these patients would have experienced without severe RSV disease,” the study authors wrote.”
  • The New York Times relates,
    • “Rarely does a single study change the course of gynecological history. But a clinical trial published this year in The New England Journal of Medicine did just that, seeming to close the door on one of the great enigmas of women’s health.
    • “Bacterial vaginosis, or B.V., is the most common vaginal infection worldwide. If you have a vagina, there’s a one-in-three chance you will have B.V. at some point in your life.
    • “For years, doctors have known that the bacteria associated with the condition could also be found on the penis. Yet on paper B.V. was just a vagina problem — it’s right there in the name, vaginosis. For 50 years, gynecology treated it as if it were solely a women’s issue, with ineffective treatments that left women vulnerable to re-infection.
    • “The New England Journal study changed that. The researchers followed 150 heterosexual couples in which the female partner had bacterial vaginosis. They treated the women with first-line antibiotics, and half the men with both oral and topical antibiotics. Within three months, they found, the partner treatment worked so well that they had to disband the study so all participants could be treated.”
  • Medscape points out,
    • “Rates of gestational diabetes (GD) in the US rose every year from 2016 to 2024, with a total 36% jump in that 9-year period, new data showed.
    • “The data, from nearly all first live singleton births recorded in the National Center for Health Statistics, also showed that GD rose among all racial and ethnic groups, but with significant differences among them.
    • “The dramatic GD rise “likely reflects several factors including increasing prevalence of prepregnancy overweight and obesity, older maternal age at first birth, and higher rates of metabolic risk factors entering pregnancy. The COVID-19 pandemic may have further contributed to these trends through disruptions in routine preventive care, reduced physical activity, increased psychosocial stress, and weight gain during the pandemic period,” study first author Emily L. Lam, medical student at Northwestern University, Chicago, told Medscape Medical News.”

From the U.S. healthcare business and artificial intelligence front,

  • Fierce Healthcare reports,
    • “Brooklyn, New York-based Maimonides Health is merging with New York City’s public health system NYC Health + Hospitals, the organizations announced Dec. 29.
    • “The merger is pending final legal and regulatory approval but is expected to be finalized by April, city officials said.
    • “The partnership is supported by $2.2 billion over five years from New York state to protect safety net healthcare in Brooklyn, officials said.”
    • “Maimonides Health is a Brooklyn healthcare system with three hospitals and more than 80 community-based sites. By partnering with the city, Maimonides will be reimbursed at a higher rate by Medicaid, bolstering its financial position, health system executives said in a press release. 
    • “The merger also allows Maimonides to adopt a new Epic electronic health record platform. Health system executives said the move to Epic would help improve care coordination and the organization’s ability to collect revenue. Maimonides patients will be able to access their health records online and contact their care team digitally through the portal.”
  • Per Beckers Health IT,
    • “Healthcare organizations are increasingly adopting artificial intelligence to improve efficiency and reduce administrative burden, but most remain cautious about deploying AI in high-risk clinical scenarios, a Dec. 29 KLAS Research report found.”

Monday Report

David ErmerCMS, Medical / Rx research, No Surprises Act, OPM, SCOTUS, Telehealth, U.S. Healthcare

From Washington, DC

  • The American Hospital Association News tells us,
    • “The Centers for Medicare & Medicaid Services Dec. 29 announced $50 billion in funds awarded to all 50 states through the Rural Health Transformation Program. Beginning in 2026, states will receive first-year awards averaging $200 million to expand access to care, bolster the rural workforce, modernize facilities and technology, and support innovative payment and care delivery models. 
    • “Funds will be allocated over the next five years, with $10 billion available each year through 2030. Fifty percent of the funding is distributed equally among all approved states, while the additional 50% is allocated based on rural health needs and proposed impact.” 
  • Federal News Network informs us,
    • “Probationary federal employees are on track to see more restrictions when appealing any future terminations, according to a new proposal from the Trump administration.
    • “Under new proposed regulations from the Office of Personnel Management, fired probationary employees would only be able to appeal their termination if they believe it was due to discrimination based on “partisan political reasons” or “marital status” — or if their agency diverged from standard termination procedures.
    • “These limited grounds of appeal for probationary terminations reflect the historical principle that probationary periods serve as a critical evaluation phase for new federal employees, and thus that agencies should enjoy great flexibility in separating employees serving probationary or trial periods,” OPM wrote in its proposal, which is scheduled to be published Tuesday on the Federal Register.
    • “Generally, OPM’s regulations seek to alter both the latitude and method for probationary federal employees to appeal an agency’s decision to fire them. Along with limiting options for appeal, the proposal would put OPM in charge of adjudicating employees’ cases, rather than the Merit Systems Protection Board.”

From the judicial front,

  • Bloomberg Law reports,
    • “A federal judge issued a preliminary injunction against a new government pilot set to significantly shift how certain health-care providers access steeply discounted medicines from drugmakers, halting the program from going into effect Jan. 1, 2026.
    • “Judge Lance E. Walker of the US District Court for the District of Maine ruled Monday that hospital groups suing the US Department of Health and Human Services over its new 340B Rebate Model Pilot Program demonstrated they’ll suffer irreparable harm in order for the court to grant a temporary block on the plan.
    • “The order hands a win to the American Hospital Association, the Maine Hospital Association, and other safety-net health systems that sued the government Dec. 1, alleging violations of the Administrative Procedure Act because the health department ignored comments about shifting the program to a rebate model.”
  • and
    • “A series of class actions over the exclusion of coverage for GLP-1 weight loss drugs is testing several legal strategies against how health insurance plans decide which drugs to cover and why.
    • “The cases target health insurance giants CareFirst BlueCross BlueShield, CVS Caremark, the Cigna Group, and Elevance Health Inc., alleging they and their pharmacy benefit managers breached their fiduciary duties under the Employee Retirement Income Security Act by discriminating against people with obesity and illegally denying coverage for Eli Lilly & Co.’s Zepbound, the only drug approved for sleep apnea.
    • “The lawsuits highlight the broadening dilemma that insurers and employers face in deciding whether to cover the blockbuster shots, as their popularity surges and lower cash prices come available to consumers outside of health plans. But pressure for coverage is likely to increase as the list of conditions the drugs are approved for continues to grow and as a newly approved pill is poised to increase demand.
    • “There’s more policy momentum to scrutinize exactly these kinds of PBM practices on the whole,” said Elizabeth McCuskey, a health law professor at Boston University. “So I think this adds a little fuel to that fire.”
  • The Proskauer law firm adds,
    • “In another development in the ongoing litigation over the enforceability of Independent Dispute Resolution (“IDR”) awards issued under the No Surprises Act (“NSA”), two air ambulance providers, Guardian Flight LLC and Med‑Trans Corporation, have filed a petition for writ of certiorari with the U.S. Supreme Court, seeking review of the Fifth Circuit’s decision holding that the NSA provides no private right of action to enforce IDR awards.  The petition asks the Court to decide a key question that has divided federal courts across the country: whether the NSA permits providers to bring private causes of action to enforce IDR awards in court.  Should the Supreme Court grant cert, the outcome of the case could have broad implications for the enforceability of NSA arbitration awards, a key feature of the NSA’s regulatory framework.”

From the public health and medical / Rx research front,

  • NBC News reports,
    • “An NBC News/Stanford University investigation has found widespread declines in kindergarten vaccination against tetanus. In states that provided data back to 2019, more than 75% of counties and jurisdictions across the U.S. have seen downward trends in young children getting the diphtheria-tetanus-pertussis (DTaP) series of shots. The vaccine is first given to babies at 2 months.
    • “Because tetanus isn’t spread from person to person, there isn’t a herd immunity threshold, but reductions in vaccination rates leave more people vulnerable to the disease.”
  • The American Medical Association lets us know what doctors wish their patients knew about Wilson disease.
    • “Wilson disease is a rare genetic condition that causes copper to build up in the body, often damaging the liver, brain and other organs before symptoms are recognized. Early signs of the condition—also called Wilson’s disease and named for the British neurologist who described it in 1912—can be subtle or mistaken for more common conditions. Because of that, many people live with the disorder for years before receiving the diagnosis that can change the course of their health.”
  • The Washington Post relates,
    • “University of Pennsylvania researcher Ran Barzilay is a father of three. His first two children received cellphones before they turned 12. But this summer, as early results from his own study on screens and teen health rolled in, he changed course. His youngest? Not getting one anytime soon.
    • Barzilay’s analysis of more than 10,500 children across 21 U.S. sites found that those who received phones at age 12, compared with age 13, had a more than 60 percent higher risk of poor sleep and a more than 40 percent higher risk of obesity.
    • “This is not something you can ignore for sure,” said Barzilay, a professor of psychiatry and a child-adolescent psychiatrist at the Children’s Hospital of Philadelphia.”
  • Medscape considers whether “Relative Fat Can Replace Mass BMI in Assessing Obesity?”
    • “Developed and validated in 2018 using data from the National Health and Nutrition Examination Survey (NHANES), RFM is a sex-specific anthropometric measure of obesity that estimates body fat percentage based on height and waist circumference using the following formula:
      • “RFM = 64 − (20 × height/waist circumference) + (12 x sex [0 for males and 1 for females])
    • “This simple calculation incorporates waist circumference as a proxy of visceral body fat while accounting for sex-based differences in fat mass. Multiple studies have shown RFM to be a superior and more consistent predictor of cardiometabolic risk and mortality. 
    • “Obesity cutoffs were derived from NHANES (1999-2014) data linking RFM with all-cause mortality. After adjusting for age, BMI category, ethnicity, education, and smoking status, this analysis suggested that higher RFM was associated with substantially increased mortality risk. Women with an RFM of ≥ 40% (40% body fat) and men with an RFM of ≥ 30% (30% body fat) had a 50% higher risk of death compared with women with an RFM of ≤ 35% and men with an RFM of ≤ 25%. Additionally, women with an RFM of ≥ 45% had nearly double the risk of death, whereas men with an RFM of ≥ 35% had more than 2.5 times the risk of death.”
  • The Wall Street Journal tells us,
    • “It’s the leading cause of disability and one of the most costly health challenges of our time: chronic lower back pain.
    • “Yet effective and safe treatments are few and far between, leading patients to try everything from supplements to acupuncture to cannabis for relief.
    • “Now, two new studies provide some of the most comprehensive evidence yet that THC—the psychoactive compound in cannabis that creates the high—in combination with other parts of the cannabis plant may provide safe and effective relief. The two large, Phase 3 clinical trials demonstrated that the THC product is safe and more effective at reducing chronic lower back pain than placebo or opioids.
    • “Unfortunately, the news, while promising, won’t provide immediate relief for the more than 70 million U.S. adults who suffer from chronic lower back pain. The product tested is expected to be available in parts of Europe next year, while the path to approval in the U.S. will require another clinical trial.”
  • Beckers Hospital Review identifies “eight recent drug shortages and discontinuations, according to the FDA’s drug supply databases.”

From the U.S. healthcare business front,

  • The American Medical Association reports,
    • “Physicians continue to use telehealth at far higher levels than they did before the COVID-19 public health emergency, but an AMA report shows that the practice setting in which a physician delivers care can influence how often they use the technology.
    • “Overall, 71.4% of physicians reported using telehealth in 2024. That figure is far higher than the 25.1% of physicians who used it prior to the COVID-19 public health emergency in 2018, though it is down from the 79% of doctors using telehealth in 2020, according to the AMA Policy Research Perspectives report, “Patient-Facing Telehealth: Use Is Higher Than Pre-Pandemic But With Great Variation Across Physician Specialties” (PDF).
    • “Among the physicians surveyed in 2024, here is how many said their practices used telehealth for these services:
      • “52.5%—managed patients with chronic disease.
      • “48.5%—diagnosed or treated patients.
      • “40.3%—provided care to patients with acute disease.
      • “25%—provided preventive care.
    • “However, the ownership of the practice a physician was a part of appeared to have an impact on those numbers. Physicians in hospital-owned practices were more likely to report using telehealth than physicians who were part of a private practice.”  
  • Beckers Hospital Review informs us,
    • “Chesterfield, Mo.-based Mercy Health recorded an operating income of $70.2 million (2.6% operating margin) in the first quarter of fiscal 2026, up from an operating loss of $7.5 million (-0.3% margin) during the same period last year. 
    • “Mercy reported total operating revenue of $2.7 billion for the three months ended Sept. 30, up from $2.5 billion during the same period last year. Patient service revenue totaled $2.4 billion, up from $2.2 billion. Capitation revenue was $150.5 million, up from $141.3 million.”
  • and
    • “Seven hundred fifty-six rural U.S. hospitals are at risk of closure due to financial problems, with more than 40% of those hospitals at immediate risk of closure.
    • “The counts are drawn from the Center for Healthcare Quality and Payment Reform’s most recent analysis, based on hospitals’ latest cost reports submitted to CMS and verified as current through December 2025. The analysis identifies two distinct tiers of rural hospital vulnerability: those at risk of closure and those facing an immediate risk of closure.” 
  • Fierce Pharma points out,
    • “Following a feud with activist investor Deep Track Capital in the first half of 2025, vaccine developer Dynavax Technologies has rounded out the year by agreeing to sell itself to France’s Sanofi.
    • “To get its hands on the Emeryville, California-based company and its approved adult hepatitis B vaccine Heplisav-B, Sanofi will pay $15.50 per Dynavax share in cash, which works out to a total deal value of roughly $2.2 billion, the French pharma said in a Dec. 24 press release.
    • “The acquisition, which is expected to close in 2026’s first quarter, also grants Sanofi access to Dynavax’s promising shingles prophylactic Z-1018, which is currently in phase 1/2 testing and could eventually challenge GSK’s incumbent shot Shingrix, if approved.”

In notable death news,

  • The Wall Street Journal reports,
    • “Joel F. Habener, a Harvard University academic whose research paved the way for revolutionary weight-loss drugs Ozempic, Mounjaro and others, which analysts forecast will be the biggest blockbusters in pharmaceutical history, died Sunday in Newton, Mass. He was 88.
    • “Eileen Martin, a friend of Habener’s, said he died peacefully at home. She didn’t give a cause.
    • “Habener led research that discovered a hormone dubbed GLP-1. The hormone regulates blood sugar levels and would later become the key ingredient in Novo Nordisk’s Ozempic and Eli Lilly’s Mounjaro—drugs that proved a major advance in diabetes treatment and so effective at regulating appetite that people who take them have called them miracle cures for obesity. Others taking the drugs say they cure addictions to nicotine, alcohol and gambling.”
  • RIP 

Weekend update

David ErmerCongress, FDA, Medical / Rx research, Medicare, Mental health care, Rx coverage, U.S. Healthcare

From Washington, DC

  • Congress is out of session again this week. The House of Representatives begins its 2026 session on January 6 while the Senate begins its 2026 session on January 5.
  • The American Bazaar tells us,
    • “Around 25,000 people have expressed interest in joining the “Tech Force,” a cadre of engineers to be hired by the Trump administration as it looks to install staff with artificial intelligence expertise in federal roles.
    • “The Trump administration will use that list to recruit software and data engineers, in addition to other tech roles, said Scott Kupor, director of the U.S. Office of Personnel Management, in a post on X. The 25,000 figure has been provided by a senior Trump administration official, according to a Reuters report.”
  • Beckers Hospital Review informs us,
    • “The Department of Homeland Security will replace the random lottery used to select H-1B visa recipients with a system that gives greater weight to applicants with higher skills.”
    • The article lets us know five things about this change.

From the Food and Drug Administration front,

  • Fierce Pharma points out,
    • “It’s been a long time coming: Four years after Omeros came up short in its bid to gain an FDA approval for stem cell transplant drug narsoplimab, the Seattle biotech has finally scored its long-awaited nod.
    • “With a Christmas Eve thumbs-up for narsoplimab, the FDA has delivered Omeros its first U.S. approval in its 31 years. Taking on the commercial name Yartemlea, it also becomes the first treatment for hematopoietic stem cell transplant-associated thrombotic microangiopathy (TA-TMA). The first-in-class lectin pathway inhibitor is for patients age 2 and older.
    • By selectively inhibiting MASP-2, which is the effector enzyme of the lectin pathway, Yartemlea blocks activation while preserving complement functions important for host defense.”

From the public health and medical / Rx research front,.

  • The Washington Post reports,
    • “When Marc and Cristina Easton’s son was diagnosed with autism at 20 months, the Baltimore couple left the doctor’s appointment in confusion. Their toddler — who was very social — didn’t resemble the picture of the condition they thought they knew. And the specialists could offer little clarity about why or what lay ahead.
    • “It wasn’t until four years after their child’s diagnosis that the Eastons finally began to get answers that offered them a glimmer of understanding. This summer, a team from Princeton and the Flatiron Institute released a paper showing evidence for four distinct autism phenotypes, each defined by its own constellation of behaviors and genetic traits. The dense, data-heavy paper was published with little fanfare. But to the Eastons, who are among the thousands of families who volunteered their medical information for the study, the findings felt seismic.
    • “This idea that we’re seeing not one but many stories of autism made a lot of sense to me,” Cristina said.”
  • The New York Times relates,
    • “The egg has become a dominant source of anxiety for many women. Human eggs are finite, declining in both quality and quantity with age. In a woman’s 30s, this starts to make it harder to get pregnant, and by menopause, a woman is without functional eggs. Growing awareness of this reproductive reality has led to a surge in egg freezing, as women aim to preserve the vitality of their younger eggs.
    • “But there’s more to infertility than old eggs. Recent research is bringing greater attention to the ovaries.
    • ‘An expanding body of evidence suggests that the age of an ovary, not just the eggs it contains, is important to reproduction and healthy aging. That includes the cells and tissues that make up the environment around a woman’s eggs, such as support cells, nerves and connective tissue.
    • “The tissues surrounding the follicles — fluid-filled sacs that contain an immature egg — can change with age, even becoming fibrotic. Research has shown that this can harm the quality of eggs, reduce the number that mature each month and block ovulation. Fibrosis is common in many aging organs as thick, scarlike tissue builds up. But it occurs decades earlier in the ovaries.”
  • The Wall Street Journal lets us know,
    • “Approved by the Food and Drug Administration decades ago for seizures and nerve pain from shingles, gabapentin is now the seventh-most widely prescribed drug in the U.S., according to the Iqvia Institute for Human Data Science. About 15.5 million people were prescribed gabapentin in 2024, according to an analysis by Centers for Disease Control and Prevention researchers. 
    • “Studies show that most of the prescriptions are written to treat conditions that it wasn’t approved for—a practice that is legal and common, but means the FDA hasn’t vetted its risks and benefits for those purposes.
    • “Some doctors say gabapentin can be helpful for certain types of neuropathic pain, a condition resulting from nerve damage. But doctors also give it to patients with other types of chronic pain, anxiety, migraines, insomnia, distorted sense of smell and hot flashes in menopause. Veterinarians dispense it to calm or treat pain in cats and dogs.
    • “A growing body of research shows it isn’t as safe or effective as doctors have long thought. Gabapentin has been associated in studies with greater risk of dementia, suicidal behavior, severe breathing problems for people who have lung disease, and edema, in addition to well-known side effects like dizziness.
    • “A study published this year found giving gabapentin to surgery patients didn’t reduce complications or get them out of the hospital any faster, and more of them reported pain four months after surgery. Doctors for years had touted gabapentin as a way to use fewer opioids. 
    • ‘While the medical establishment has mostly maintained that gabapentin isn’t habit-forming, some patients have reported debilitating adverse effects when they try to taper off it. They say the withdrawal symptoms make it clear to them they have developed a dependence to the drug taking it as prescribed.”
  • and
    • summarizes “The Future of Everything’s top stories of the year, including a formula for aging, fruit-picking robots and the car of the future.”
      • “This longevity doctor has a formula for aging better. Dr. Eric Topol’s research suggests lifestyle impacts longevity more than genes. The cardiologist believes more people can become “super agers” by embracing regular exercise and digital health technology.”
      • “Inflammaging” leads to cancer, but allergy drugs could help fight it. Dr. Miriam Merad is testing whether allergy drugs and other seemingly unlikely medications can help reduce chronic inflammation—or inflammaging—and thereby slow cancer in older patients.

From the U.S. healthcare business front,

  • The Wall Street Journal reports,
    • “Mail-order pharmacies filled just 9% of Medicare prescriptions in the three-year period examined by the Journal, but accounted for 37% of the excess dispensing, the analysis showed. Such pharmacies often send 90-day refills automatically when patients near the end of their earlier supplies.” * * *
    • “The Journal’s analysis counted as excess only dispensed prescription drugs that exceeded a month’s supply over up to three years’ worth of prescriptions.” * * *
    • “The Journal analysis is based on Medicare prescription records accessed under a research agreement with the federal government. The records include details of each individual prescription for more than 50 million Medicare recipients between 2021 and 2023, but don’t identify individuals. 
    • “Doctors and patients said such earlier-refilling practices aren’t limited to Medicare patients, and that it also happens with people covered by employer-sponsored plans. The Journal analysis doesn’t cover those private plans.”
  • Beckers Payer Issues identifies six insurer moves in 2025 that signal a heightened PBM focus.
  • Fierce Healthcare offers a 2026 outlook based on parting thoughts from dozens of healthcare CEOs retired in 2025.
  • HR Dive shares its “top 10 learning stories of 2025. Workers sounded off about the need for more training and just how great a role the onboarding experience plays in their retention.”

Cybersecurity Saturday

David ErmerCybersecurity, Generative AI

From the cybersecurity law enforcement front,

From the cybersecurity policy and law enforcement front,

  • Cyberscoop reports,
    • “The National Institute of Standards and Technology announced that it will partner with The MITRE Corporation on a $20 million project to stand up two new research centers focused on artificial intelligence, including how the technology may impact cybersecurity for U.S. critical infrastructure.
    • “On Monday [December 22], the agency said one center will focus on advanced manufacturing while the second — the AI Economic Security Center to Secure U.S. Critical Infrastructure from Cyberthreats — will focus more directly on how industries that provide water, electricity, internet and other essential services can protect and maintain services in the face of AI-enabled threats. According to NIST, the centers will “drive the development and adoption” of AI-driven tools, including agentic AI solutions.
    • “The centers will develop the technology evaluations and advancements that are necessary to effectively protect U.S. dominance in AI innovation, address threats from adversaries’ use of AI, and reduce risks from reliance on insecure AI,” spokesperson Jennifer Huergo wrote in an agency release.
  • Federal News Network interviewed “a panel of former federal executives for their opinions about 2025 and what federal IT and acquisition storylines stood out over the last 12 months.”
  • Security Week tells us,
    • “The US Justice Department announced on Monday [December 22] the seizure of a web domain and a password database used by a cybercrime group to steal millions of dollars from bank accounts.
    • “According to the DOJ, the seized domain, web3adspanels.org, hosted a backend web panel used by the cybercriminals to store and manipulate thousands of stolen bank login credentials.
    • The threat actor conducted a massive bank account takeover scheme that involved malicious ads on search engines such as Google and Bing in an effort to lure users to fake bank websites.
    • “These phishing sites tricked victims into handing over their login credentials, which the cybercriminals could then use to access and drain their bank accounts.
    • “The FBI has identified nearly 20 victims in the US, including two companies, and has determined that the cybercriminals attempted to steal roughly $28 million, with the actual losses estimated at approximately $14.6 million.” 
  • Bleeping Computer informs us,
    • “An Interpol-coordinated initiative called Operation Sentinel led to the arrest of 574 individuals and the recovery of $3 million linked to business email compromise, extortion, and ransomware incidents.
    • “Between October 27 and November 27, the investigation, which involved law enforcement in 19 countries, took down more than 6,000 malicious links and decrypted six distinct ransomware variants.
    • “Interpol says that the cybercrime cases investigated are connected to more than $21 million in financial losses.”

From the cybersecurity breaches and vulnerabilities front,

  • Cybersecurity Dive reports,
    • “WatchGuard warns that a critical vulnerability in its Firebox devices is facing exploitation as part of a campaign targeting edge devices, according to an advisory from the company
    • “The flaw, tracked as CVE-2025-14733, involves an out-of-bounds write vulnerability in the Fireware OS internet key exchange daemon process. An unauthenticated attacker can achieve remote code execution. 
    • “WatchGuard said it discovered the flaw through an internal process and issued a patch on Thursday. 
    • “Since the fix became available, our partners and end users have been actively patching affected Firebox appliances,” a WatchGuard spokesperson told Cybersecurity Dive. “We continue to strongly encourage timely patching as a core best practice in security hygiene.”
  • Security Week shares information about the Watchguard patch.
  • Dark Reading points out,
    • “Much has been said about IT worker scams in the last few years, but it’s not every day that we get a glimpse into how pervasive the issue has become. 
    • “Stephen Schmidt, senior vice president and chief security officer at Amazon, wrote on LinkedIn over the weekend that the company has prevented “more than 1,800 suspected DPRK operatives from joining [Amazon] since April 2024, and we’ve detected 27% more DPRK-affiliated applications quarter-over-quarter this year.” 
    • “IT worker scams involve operatives working as part of or on behalf of a government try to gain remote IT employment. It is most often associated with North Korea (DPRK), but that’s not the only entity engaging in this practice. While one primary goal may be the worker gaining a foothold in a network for espionage purposes or for sensitive IP theft (and these things do happen), Schmidt, who wrote about North Korean worker scams specifically, highlighted another reason: “Their objective is typically straightforward: get hired, get paid, and funnel wages back to fund the regime’s weapons programs,” he wrote.
  • The Wall Street Journal relates,
    • “AI is making cybercriminals more efficient, enabling them to scale up operations and create more targeted and convincing scams.
    • “Thanks to AI, criminals are getting better at finding targets—for example, by scanning social media to identify people going through big life changes.
    • “Most experts don’t think fully autonomous AI cyberattacks are possible yet in the real world, but research has shown that AI is capable of planning and carrying out an attack on its own in a lab.”
  •  Per SC Media,
    • “A series of campaigns were observed targeting the financial sector across multiple continents worldwide — attacks that exhibited the tradecraft of North Korean-affiliated threat actors.
    • “In a Dec. 18 white paper, Darktrace researchers said the attacks leveraged advanced social engineering focused on job hunters, spear-phishing, React2Shell exploitation, and a new Beavertail malware variant.
    • “While the initial access vector remains unknown, Darktrace said evidence suggests it originated from a malicious npm package hosted on GitHub or GitLab — behavior that aligns with the Lazarus Group’s history of exploiting supply-chain vulnerabilities.
    • “According to Darktrace, the attackers used Beavertail for initial credential theft, followed by heavily obfuscated Python scripts and Tsunami modules, hallmarks of a “well-resourced adversary.”
  • Cyber Insider adds,
    • “A malicious NPM package masquerading as a WhatsApp API library has been discovered exfiltrating users’ messages, credentials, contacts, and media, all while delivering fully functional code.
    • “The package, named lotusbail, had been available on the NPM registry for over six months, amassing more than 56,000 downloads before its true purpose came to light.
    • “The discovery was made by Koi Security, whose researchers published a detailed technical report over the weekend, outlining the package’s behavior. The threat actor behind lotusbail cloned the legitimate @whiskeysockets/baileys WhatsApp Web API library and inserted advanced malware designed to siphon off sensitive user data during normal operation.”

From the ransomware front,

  • Cybersecurity Dive reports,
    • A Cybersecurity and Infrastructure Security Agency program that warns organizations about imminent ransomware attacks has suffered a major setback after its lead staffer left the agency rather than take a forced reassignment.
    • David Stern, the driving force behind CISA’s Pre-Ransomware Notification Initiative (PRNI) — through which the agency alerts organizations that ransomware actors are preparing to encrypt or steal their data — resigned on Dec. 19, according to four people familiar with the matter. The Department of Homeland Security had ordered Stern to take a job at the Federal Emergency Management Agency in Boston or quit, and Stern chose the latter, three of the people said. * * *
    • “The fate of the warning initiative is now unclear. In a statement, CISA Director of Public Affairs Marci McCarthy said the program “has not stopped and continues to operate as a key element in CISA’s efforts to defeat ransomware attacks.” One person familiar with the matter said the agency is preparing several staffers to take over for Stern. But others said the program relied heavily on Stern’s trusted relationships with the organizations that alert CISA to pending ransomware attacks.”
  • InfoSecurity Magazine explores this year’s top ransomware trends.
  • The HIPAA Journal tells us,
    • “Madison, WI-based ARC Community Services, a provider of behavioral health, substance use disorder treatment, and support services to women and children, has experienced a ransomware attack involving the theft of sensitive data from its network.” The attack occurred in November 2024.
  • CSO informs us,
    • “A recent upgrade to the RansomHouse ransomware operation has added new concerns for enterprise defenders, introducing a multi-layered encryption update to the group’s double-extortion RaaS model.
    • “Also tracked under the cluster Jolly Scorpius, the ransomware gang has transitioned from a simple, single-phase encryption routine to a multi-layered dual-key encryption architecture that increases the complexity of its extortion operations.
    • “Detailed by Palo Alto Networks’ threat intelligence team, the update raises the bar for recovery once systems are compromised. The change affects how files are processed and encrypted during an attack, complicating analysis and limiting defenders’ ability to recover data without paying a ransom.”

From the cybersecurity business and defenses front,

  • The Wall Street Journal reports,
    • Artificial-intelligence software company ServiceNow NOW agreed to acquire cybersecurity startup Armis for about $7.75 billion in cash in a move intended to take advantage of growing demand for AI security.
    • Armis recently raised $435 million in a funding round that valued the company at $6.1 billion, and it had been planning for an initial public offering at the end of 2026 or early 2027.
    • ServiceNow said on Tuesday that the acquisition would triple its market opportunity for security and risk solutions and entrench its position in the market for securing AI technology.
    • The increasing integration of AI tools into business workflows has raised worries that companies could become more vulnerable to cyberattacks and hacks.
  • Cyberscoop lets us know,
    • “How to determine if agentic AI browsers are safe enough for your enterprise. Automation is transforming web browsing, enabling AI agents to perform tasks once handled by humans. Yet with greater convenience comes a complex security landscape that enterprises can’t afford to ignore.”
  • Federal News Network discusses “The next cyber battlefield: Preparing federal networks for autonomous malware.”
    • “Recent research from Google’s Threat Intelligence Group has drawn new attention to a long-standing question in cybersecurity: How close are we to malware that can truly think and adapt on its own?
    • “Earlier this month, Google disclosed five experimental code families, including PROMPTFLUX and PROMPTSTEAL, that used large language models (LLMs) during execution to generate commands, rewrite portions of their own code, and adapt to their environment.
    • “While these findings are concerning, it’s important to note that “autonomous” malware is still in the early stages. But that’s precisely the point. Even in this primitive form, these early samples show how the threat landscape is rapidly evolving. Federal agencies now have a narrow window to prepare before those capabilities mature into operational threats.
    • “Autonomous malware represents a fundamental shift in cybersecurity, as this malicious code can reason about its surroundings, make tactical decisions, and evolve its behavior in real time. For federal networks built on complex systems and strict change-control policies, that evolution could eventually collapse traditional defense timelines and upend response models.”
  • Per a CISA news release,
    • “NIST and CISA’s draft Interagency Report Protecting Tokens and Assertions from Forgery, Theft, and Misuse is now available for public comment through January 30, 2026. This report is in response to Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity and Amending Executive Order 13694 and Executive Order 14144, providing implementation guidance to help federal agencies and cloud service providers (CSPs) protect identity tokens and assertions from forgery, theft, and misuse.
    • “This report emphasizes the need for CSPs and cloud consumers, including government agencies, to better define their respective roles and responsibilities in managing identity and access management (IAM) controls in cloud environments. It establishes principles for both CSPs and cloud consumers, calling on CSPs to apply Secure by Designbest practices, and to prioritize transparency, configurability, and interoperability—empowering cloud consumers to better defend their diverse environments. It also calls upon government agencies to understand the architecture and deployment models of their procured CSPs to ensure proper alignment with risk posture and threat environment. 
    • “Comments on the report may be submitted to iam@list.nist.gov. Please visit NIST’s site for more information.” 
  • Per Dark Reading,
    • “As More Coders Adopt AI Agents, Security Pitfalls Lurk in 2026. Developers are leaning more heavily on AI for code generation, but in 2026, the development pipeline and security need to be prioritized.”
  • Here is a link to Dark Reading’s CISO Corner.

Tuesday report

David ErmerCMS, FDA, HSA, Medical / Rx research, Medicare, OPM, Patient safety, Rx coverage, U.S. Healthcare

The FEHBlog will be on hiatus following today until next December 27 Cybersecurity Saturday. Merry Christmas and Jingle Bells to all.

From Washington, DC,

  • Federal News Network reports,
    • “There’s an old adage that tells someone to “put your money where your mouth is.” Well, Don Bauer is going all in at the Office of Personnel Management.
    • “Bauer wrote a column for Federal News Network criticizing OPM’s plans to consolidate and modernize human resources systems across the government. In his Oct. 30 column, Bauer wrote that OPM’s initial plan was “not modernization; it’s madness.”
    • “Now Bauer is in charge of that madness. Federal News Network has learned Bauer will join OPM on Jan. 12 as its new deputy associate director for workforce standards and data center (WSDC) in the HR Solutions (HRS) office. He will be leading the HR Line of Business, the quality service management office (QSMO) and human capital management core modernization effort.”
  • Good luck, Mr. Bauer.
  • Mercer tells us,
    • “In Notice 2026-5, IRS and the Treasury Department provide key details about health savings account (HSA) enhancements passed as part of the One Big Beautiful Bill Act (OBBBA) (Pub. L. No. 119-21), clearing the way for employers to continue offering telehealth and to begin offering direct primary care service arrangements (DPCSAs) to otherwise HSA-eligible employees.
    • “Effective for the 2025 plan year, OBBBA reinstated and made permanent COVID-19-era telehealth relief allowing HSA-compatible high-deductible health plans (HDHPs) to cover telehealth and other remote care services before the statutory minimum deductible is satisfied.
    • “Beginning Jan. 1, 2026, OBBBA also allows individuals enrolled in DPCSAs to remain eligible to make or receive HSA contributions and treats certain bronze and catastrophic plans as HDHPs.
    • “This article summarizes the Notice 2026-5 question-and-answer guidance, addressing significant topics such as which services the IRS will treat as “telehealth and other remote care services;” whether a DPCSA can separately bill for primary care services or offer services beyond primary care; and whether a bronze or catastrophic plan can be an HDHP if purchased using an employer-sponsored individual coverage health reimbursement account (ICHRA).
    • ‘Comments about the guidance are due March 6, 2026.”
  • Per a CMS news release,
    • “The Centers for Medicare & Medicaid Services (CMS) announced today a new voluntary test of a model that is designed to enable Medicare Part D plans and state Medicaid agencies to cover GLP-1 medications used for weight management and metabolic health improvement, while helping control costs for patients and taxpayers.
    • “The Better Approaches to Lifestyle and Nutrition for Comprehensive hEalth (BALANCE) Model builds on emerging evidence that combines access to GLP-1 medications with access to evidence-based lifestyle supports to achieve better long-term health outcomes. The model represents a major step toward potential expanded access and affordability for millions of Americans. 
    • “Today’s announcement builds upon our historic Most Favored Nations drug pricing deals’ goal of democratizing access to weight-loss medication, which has been out of reach for so many in need,” said CMS Administrator Dr. Mehmet Oz. “These actions further the administration’s bold plan to reform our country’s health systems and Make America Healthy Again. With the BALANCE Model, we’re pairing breakthrough science with healthy living to cut costs while empowering Americans to take control of their health.”
    • “Under the model, CMS negotiates directly with pharmaceutical manufacturers of GLP-1 drugs for lower net prices and standardized coverage terms. Negotiation areas include: 
      • “Guaranteed net pricing and potential out-of-pocket limits for beneficiaries;
      • “Standardized coverage criteria; and
      • “Evidence-based lifestyle support offerings.”
    • “To learn more about the BALANCE Model, visit: https://www.cms.gov/priorities/innovation/innovation-models/balance.” * * * 
    • “Prior to the launch of the BALANCE model, CMS also plans to implement a new Medicare GLP-1 payment demonstration beginning in July 2026, which will serve as a short-term bridge to the model. This additional payment demonstration means that Medicare beneficiaries can start accessing these important medications at prices negotiated by the Administration as soon as possible.
    • “The GLP-1 payment demonstration will operate outside of the Medicare Part D benefit’s coverage and payment flow, which means that Part D Plan Sponsors will not carry risk for eligible GLP-1 products furnished under the demonstration. Beneficiaries enrolled in Medicare Part D who meet the negotiated access criteria will have access to these drugs. Under the demonstration eligible Medicare beneficiaries will pay $50 for a month of GLP-1 medications.
    • “CMS will provide additional information on the design and implementation of the GLP-1 payment demonstration in early 2026.
  • The Wall Street Journal points out,
    • “About half of 20 million Americans with FSA [healthcare flexible spending] accounts let some of their money expire each year.
    • “The average forfeited amount per individual is over $400, and unused FSA money generally returns to employers.
    • “FSAs offer tax savings; a worker in the 22% tax bracket contributing $1,500 could save as much as around $500 in taxes.”
  • Per an AHIP news release from December 18,
    • “AHIP’s Board of Directors has elected Jim Rechtin, President and CEO of Humana, as Board Chair effective January 1, 2026. Rechtin succeeds Pat Geraghty, who announced his retirement after 14 years leading GuideWell and Florida Blue effective December 31, 2025.
    • “I was proud to be part of AHIP’s work this year to unite our industry around voluntary commitments to simplify prior authorization – an important ongoing effort that shows what’s possible when health plans work together to deliver for patients. As Board Chair, I look forward to taking the same cooperative approach to helping health consumers navigate the system and access high-quality, affordable care,” Rechtin said.

From the Food and Drug Administration front,

  • MedPage Today tells us,
    • “The FDA has expanded the indication of ferric maltol (Accrufer) capsules for the treatment of iron deficiency to include adolescents.
    • “The approval makes the drug the first prescription oral medicine for iron deficiency in pediatric patients ages 10 and older. It was first approved in 2019 for adults with iron deficiency.
    • “The expanded indication was supported by the phase III FORTIS trialopens in a new tab or window in which 24 patients ages 10-17 received age-based dosing of ferric maltol twice daily, and showed a clinically meaningful average increase in hemoglobin of 1.1 g/dL at 12 weeks. This would be the expected average increase in hemoglobin with one blood transfusion, the agency noted.”
  • MedTech Dive reports,
    • “Edwards has received Food and Drug Administration approval for its Sapien M3 mitral valve replacement system, the company said Tuesday.
    • “The device is intended for people with moderate to severe mitral regurgitation, a heart condition where the valve between the left heart chambers doesn’t fully close, allowing blood to leak back through. Sapien M3 is indicated for people who are deemed unsuitable for surgery or transcatheter edge-to-edge repair therapy, a minimally invasive procedure to fix a valve by clipping its leaflets together.”
  • and
    • “The Food and Drug Administration said Monday it has issued a Class I recall notice regarding Medtronic’s removal of heart vent catheters.
    • “Medtronic previously asked customers to quarantine lots of its DLP Left Heart Vent Catheters in response to an issue linked to three serious injuries. The FDA published an early alert about the recall in August.
    • “The agency updated its notice this week to inform the public that it has classified the issue as a Class I recall.” 

From the public health and medical / Rx research front,

  • MedPage Today reports,
    • “Infants given the monoclonal antibody nirsevimab, which provides temporary immunity to respiratory syncytial virus (RSV), had lower risks of related hospitalizations and severe outcomes than those whose mothers got the RSVpreF vaccine, according to a population-based study.
    • “The study may be the first to compare the two interventions in a real-world setting in a national population.
    • “The study and two others reported alongside it join a growing body of real-world evidence demonstrating the effectiveness of RSV products in protecting against severe outcomes related to RSV in the youngest kids.”
  • Health Day informs us,
    • “People on the verge of type 2 diabetescan cut their risk of death from heart disease by more than 50% if they bring their blood sugar levels back to normal, a new study says.
    • “Patients with prediabetes reduced their heart risk by up to 58% when they successfully lowered their blood sugar, researchers reported in The Lancet Diabetes & Endocrinology.
    • “This is an important finding, given that recent studies have concluded people with prediabetes can’t lower heart disease risk through lifestyle changes like exercise, weight loss and a healthy diet, researchers said.
    • “Essentially, reversing prediabetes by lowering blood sugar matters more to your heart than any healthy habits you adopt, researchers said.
    • “This study challenges one of the biggest assumptions in modern preventative medicine,” said lead researcher Dr. Andreas Birkenfeld, a reader in diabetes at King’s College London.
  • Medscape points out,
    • “A trio of large observational studies reported at the San Antonio Breast Cancer Symposium (SABCS) 2025 suggest that GLP-1 receptor agonists may improve outcomes in some women with breast cancer.
    • “Two studies reported an overall survival benefit of GLP-1 use in certain patients with breast cancer, including those with ductal carcinoma in situ (DCIS) and invasive hormone receptor (HR)-positive nonmetastatic disease, and a third found improvements in a range of toxicities among patients receiving chemotherapy.
    • “These studies, presented during a poster session, add to other emerging research indicating that GLP-1 drugs could have implications across the breast cancer trajectory, including prevention, active therapy, and posttreatment survivorship, explained study discussant Jasmine S. Sukumar, MD, with University of Texas MD Anderson Cancer Center in Houston.”
  • Fierce Pharma relates,
    • “Just days after an upbeat R&D event, Neurocrine Biosciences has found itself having to report a phase 3 failure.
    • “The company’s Ingrezza (valbenazine), approved to treat certain uncontrolled movement conditions, failed to make a significant difference in a phase 3 trial for patients with dyskinesia due to cerebral palsy (CP), Neurocrine announced Monday.
    • “Ingrezza didn’t outperform placebo on improving involuntary, jerky movements of the body after 14 weeks of treatment, causing the phase 3 trial to miss its primary endpoint. The study, dubbed Kinect-DCP, also did not meet key secondary endpoints, according to Neurocrine.”
  • and
    • “A patient in an open label extension study of Pfizer’s hemophilia treatment Hympavzi has died, the company and several hemophilia advocacy groups confirmed this week.
    • “Pfizer is now working with its trial investigator and independent data monitoring committee to accrue more information and better understand the circumstances behind the incident, the New York drugmaker wrote in a letter to the hemophilia community, which was posted online (PDF) by the World Federation of Hemophilia (WFH) on Dec. 22.”
  • STAT News reports,
    • “Oncologists have been moving away from the notoriously unpopular neutropenic diet. It requires nearly all food to be cooked to high temperatures — or, as some have described it, “boiled to death” — to reduce the risk of food-borne illnesses. But since evidence in recent years suggested the diet didn’t actually help ward off infections, doctors started leaning away from a strict neutropenic diet.
    • “Now, a new study published last week in the Journal of Clinical Oncology is giving some physicians pause about fresh fruits and vegetables for patients whose treatment involves heavy suppression of the immune system, particularly neutrophils, white blood cells that are key to preventing infection. Contrary to research in the past, the trial found that certain blood cancer patients who were allowed a less restrictive or liberalized diet had 11% more infections than patients who were prescribed the neutropenic diet.”

From the U.S. healthcare business front,

  • Modern Healthcare reports,
    • “Analysts expect health insurance companies to be better positioned for 2026 after adjusting their offerings.
    • “Medicare Advantage offers the sector the largest potential for improvement because companies will receive a significant increase in federal pay. 
    • “Federal changes to Medicaid and the exchanges will pressure health insurance companies’ finances.”
  • Ernst & Young informs us,
    • “A changing healthcare landscape is shifting economic returns, leading organizations to rethink their value chain position.
    • “Expansion in lower-acuity care and opportunistic mergers and acquisitions can accelerate long-term growth.
    • “Implementing new benefit cost containment strategies and investing in innovative AI solutions can elevate efficiency and performance.”
  • Per a Harvard Business Review article,
    • “U.S. employers are grappling with surging healthcare costs as healthcare prices and service volumes rise. Provider consolidation, high drug prices, labor shortages, and growing chronic disease are fueling the cost increases. Employer have largely responded by shifting expenses to workers. Their track record in pursuing aggressive options—including collective purchasing, tiered plans, value-based care, and advocating for changes in government policies—is poor. The big question is whether they have the will to become more aggressive in pursuing remedies. The outlook is not promising. The reasons include the complexity of the problem, employee resistance to some solutions, and the fact that most employers just don’t have sufficient “skin in the game” to take on the disruption and risk that would be required to bend the healthcare cost curve significantly or sustainably.”
  • The FEHBlog has more confidence in employers.

FEHBlog response to public comment

  • A commenter called into question the statistices upon which AHIP relied in this recent news release which the FEHBlog quoted. In response the FEHBlog notes that the AHIP news release was generated in response to the Affordable Care Act marketplace subsidy controversy and 2020 was an outlier year for all health insurers as it was the first year of the Covid pandemic. Health plans did make MLR rebates in that year according to CMS.

Monday report

David ErmerCDC, FDA, Generative AI, Medical / Rx research, Mental health care, OPM, Patient safety, Rx coverage, U.S. Healthcare

From Washington, DC,

  • OPM’s leadership posted an end of the year letter to OPM employees.
  • STAT News reports,
    • “Drug manufacturers and pharmacy benefit managers received a holiday gift from President Trump on Friday: They still will not have to publicly post the actual prices of prescription drugs, more than five years after federal law required them to do so.
    • “Net drug prices — the amounts that health insurance companies and PBMs pay to drugmakers, after factoring in rebates — are highly valuable data that undergird the entire economic foundation of the U.S. pharmaceutical industry. But the decision from the Trump administration, rolled out in a new proposed rule, means that drug pricing data will likely remain locked out of public view for the foreseeable future.”
  • Avalere Health shares its perspective about December 2025 Advisory Committee on Immunization Practices Insights and 2026 Emerging Priorities.
    • “The ACIP’s December meeting resulted in a key change to the pediatric immunization schedule and signaled several potential changes to US vaccine coverage and access in 2026.”
  • Per an HHS news release,
    • “Executing on President Trump’s Executive Order (EO) 14192 titled “Unleashing Prosperity through Deregulation” and the President’s mandate to ensure the United States’ continued leadership in artificial intelligence (AI), the U.S. Department of Health and Human Services (HHS), through the Assistant Secretary for Technology Policy/Office of the National Coordinator for Health Information Technology (ASTP/ONC), today released the Health Data, Technology, and Interoperability: ASTP/ONC Deregulatory Actions to Unleash Prosperity (HTI-5) Proposed Rule.
    • “Today’s HTI-5 Proposed Rule has three core goals: (1) reducing burden on health IT developers by streamlining ASTP/ONC’s voluntary Health IT Certification Program by removing redundant requirements; (2) updating the information blocking regulations to better promote electronic health information access, exchange, and use so that patients’ access to their data is not blocked; and (3) advancing a new foundation of Fast Healthcare Interoperability Resources (FHIR®)-based application programming interfaces (APIs) that promote AI-enabled interoperability solutions through modernized standards and certification. The HTI-5 proposed rule is expected to save $1.53 billion in total, including $650 million over the next five years for health IT developers, providers, and other stakeholders.
    • “The HTI-5 proposed rule delivers on President Trump’s directive to reduce regulatory burden and to enable American innovation through artificial intelligence,” said Tom Keane, MD, Assistant Secretary for Technology Policy and National Coordinator for Health IT. “These proposals reflect a commonsense approach that removes redundant requirements on health IT developers, that better ensures seamless patient access to their information and that sets a foundation for AI-based data exchange.” * * *
    • “More information can be found at healthit.gov/hti5 and via ASTP/ONC’s X account, @HHS_TechPolicy
    • “ASTP/ONC is also withdrawing certain proposals not yet finalized from the HTI-2 proposed rule.”

From the Food and Drug Administration front,

  • The Wall Street Journal reports,
    • “U.S. regulators approved the first GLP-1 weight-loss pill—a tablet formulation of Novo Nordisk’s NOVO.B  Ozempic and Wegovy—ushering in a new era of the obesity-drugs revolution that is expected to broaden their use.
    • “Novo Nordisk said it plans to start selling the new pill in the U.S. soon after the new year, with a cash price of $149 a month for the starting dose.
    • “The Food and Drug Administration approval is a milestone because weekly shots such as Wegovy and Eli Lilly’s LLY Zepbound have dominated the anti-obesity market to date. Yet many people with excess weight don’t take the shots due to costspotty insurance coverage and fear of needles.
    • “Drug companies and analysts say pills will tap in to demand from people who don’t want an injection or would prefer the cadence of a daily dose. Pills also offer the prospect of lower prices and better health-insurance coverage than injections, because pills cost less to make.
    • “Eli Lilly also plans to introduce a new weight-loss pill, potentially within weeks or months.” 
  • Fierce Pharma tells us,
    • “Just two months after reviving its prowess in the idiopathic pulmonary fibrosis (IPF) treatment area with rare lung disease med Jascayd, Boehringer Ingelheim is already unlocking another patient population with a new FDA nod.
    • “The new approval for Jascayd in progressive pulmonary fibrosis (PPF) makes the drug the only preferential phosphodiesterase 4B (PDE4B) inhibitor with immunomodulatory and antifibrotic effects approved in this indication, according to a Dec. 19 company press release.
    • “Progressive pulmonary fibrosis is a life-threatening condition with a high unmet medical need. The U.S. approval of Jascayd is an important step forward to help slow lung function decline for people living with PPF, providing a new, well-tolerated treatment option,” Boehringer’s head of human pharma, Shashank Deshpande, said in a release.”
  • MedTech Dive notes,
    • “Abbott said Monday that it has received Food and Drug Administration approval for its Volt pulsed field ablation system.
    • “The catheter-based device uses targeted, high-energy electrical pulses to treat a common heart arrhythmia called atrial fibrillation. Abbott’s Volt device is indicated for both paroxysmal AFib, where episodes come and go, and persistent AFib, or episodes that last longer than seven days, according to the FDA.
    • “Medtronic, Boston Scientific and Johnson & Johnson have all debuted their own PFA devices in the last two years. The approval allows Abbott to join the fast-growing, competitive market in the U.S.”

From the public health and medical / Rx research front,

  • The American Medical Association lets us know “What doctors wish patients knew about family immunizations.”
    • “Vaccines save millions of lives each year. Two infectious diseases physicians discuss the key role they should play for the loved ones in your family.”
  • Health Day informs us,
    • “Psychiatric conditions as varied as schizophrenia and bipolar disorder might be driven by very similar genetic underpinnings, a new study says. 
    • “Mental health problems can be sorted into five general genetic categories, each with a shared “genetic architecture” driving people’s illness, according to results published in the journal Nature.
    • “Right now, we diagnose psychiatric disorders based on what we see in the room, and many people will be diagnosed with multiple disorders. That can be hard to treat and disheartening for patients,” lead researcher Andrew Grotzinger, an assistant professor of psychology and neuroscience at the University of Colorado-Boulder, said in a news release.
    • “This work provides the best evidence yet that there may be things that we are currently giving different names to that are actually driven by the same biological processes,” he said.”
  • and
    • “A new risk score can help predict which pancreatic cancer survivors are more likely to suffer a recurrence of their cancer, researchers said.
    • “The score could help better manage the follow-up care for patients who’ve had pancreatic tumors surgically removed, and whose cancers have not spread to their lymph nodes, researchers wrote Dec. 17 in JAMA Surgery.
    • “We now have a way to identify patients whose higher risk of recurrence may have been previously overlooked,” senior researcher Dr. Cristina Ferrone, chair of surgery at Cedars-Sinai Medical Center in Los Angeles, said in a news release. “This gives us the opportunity to change the way we care for this patient population in a meaningful way.”
    • “The score helps people with pancreatic neuroendocrine tumors, which are a less common and typically less aggressive form of pancreatic cancer.
    • “Patients whose cancer has not spread outside the pancreas, to either the lymph nodes or surrounding organs, have a 91% five-year survival rate following surgery, researchers said in background notes.”
  • The Wall Street Journal relates
    • “For years, Barbara Schmidt’s family feared an illness was behind a pattern of terrifying falls that repeatedly landed the 83-year-old great-grandmother in surgery with broken bones. Instead, Schmidt’s frequent tumbles might have been tied to something else: medications intended to make her better.
    • “Schmidt, who lives with her husband of 65 years in Lewes, Del., filled prescriptions for more than a dozen different drugs in the past year, according to pharmacy and medical records.
    • “That isn’t unusual for America’s seniors, according to a Wall Street Journal analysis of Medicare data. One in six of the 46 million seniors enrolled in Medicare’s drug benefit, which pays for most drugs taken by older Americans, were prescribed eight or more medications.”
    • * * * “Schmidt’s recent prescriptions came from at least five different healthcare providers. Most were affiliated with the nearby hospital system Beebe Healthcare, including a nurse practitioner whom she sees for primary care and a gastroenterology office. An orthopedic surgeon who has treated her back problems and prescribed medications to help with her pain works for an independent practice, First State Orthopaedics. 
    • “A Beebe spokesman said it has reviewed its prescribing patterns and, this November, added a new electronic medical record that will allow doctors to “view consolidated medical and medication histories” for patients and deliver “safer, more informed care.” First State Orthopaedics said it doesn’t comment on matters of patient care unless it is legally required to do so.
    • “Pharmacists who work with seniors say doctors might not be aware of their patients’ full medication list. Patients don’t always mention what their other doctors have prescribed when a history is taken, and specialists might not have access to a shared medical record.
    • “The Journal analysis found that, among seniors taking eight or more drugs, it was common for the prescriptions to come from a large number of doctors.”

From the U.S. healthcare and artificial intelligence front,

  • Per Beckers Hospital Review,
    • “Houston-based Nutex Health has opened its 26th micro-hospital, Archview ER & Hospital, in St. Louis.
    • “The 16,000-square-foot facility includes 15 emergency room beds, three inpatient suites, a full-service laboratory and advanced imaging technology, according to a Dec. 22 Nutex Health news release.
    • “It replaces Homer G. Phillips Memorial Hospital, which surrendered its license and closed in March. The hospital had been temporarily closed since December 2024, when its license was suspended due to a blood supply shortage.”
  • and
    • “Mark Cuban Cost Plus Drug Co. has added Vegzelma, a biosimilar indicated for six cancer types, to its marketplace for hospitals and other healthcare providers. 
    • “The company plans to expand its biosimilar offerings amid growing demand for biologics among health systems, according to a news release shared with Becker’s. Cost Plus Drugs also offers Starjemza, a biosimilar to Johnson & Johnson’s Stelara (ustekinumab), at a price about $3,000 lower than retail at other pharmacies.
    • “Vegzelma is a biosimilar to Roche’s Avastin (bevacizumab), which is approved for treatment of metastatic colorectal cancer; non-squamous non-small cell lung cancer; recurrent glioblastoma; metastatic renal cell carcinoma; persistent, recurrent or metastatic cervical cancer; and epithelial ovarian, fallopian tube or primary peritoneal cancer.”  

Weekend update

David ErmerCMS, Congress, FDA, Medical / Rx research, Mental health care, Obesity, Rx coverage, U.S. Healthcare

Happy Winter Solstice!

From Washington, DC,

  • The Hill reports
    • President Trump said Friday he plans to hold a meeting with major insurance companies in the coming days in a bid to pressure them to lower prices for consumers who are set to see premium costs soar when ObamaCare’s enhanced subsidies expire at the end of the year.
    • “I’m going to call in the insurance companies that are making so much money, and they have to make less, a lot less,” Trump said during an Oval Office announcement on drug pricing. “I’m going to see if they get their price down, to put it very bluntly. And I think that is a very big statement.”
  • AHIP responded
    • “Health plans are doing everything in their power to shield Americans from the high and rising costs of medical care, and we welcome any opportunity to discuss common-sense solutions to lower costs for everyone.” – Mike Tuffin, President & CEO, AHIP
    • Health insurance premiums reflect the underlying cost of medical care, plus a modest, regulated risk margin.
    • Health plans’ profit margin was 0.8% last year, 2024 NAIC data show. In 2023, the net income of health plans accounted for about 0.5% of U.S. health expenditures ($4.9 trillion, per CMS data). By comparison, the pharmaceutical industry averages 15-20% margins.
    • Health plans are the only part of the health care system whose profits and administrative costs are capped under federal law. Health insurers must spend at least 85% of group premiums and 80% of individual premiums on medical care. If those thresholds are not met, health insurers must pay rebates to consumers. Since 2012, consumers have received nearly $12 billion back from insurers, with more than $1 billion in 2024 alone, according to KFF.
    • Learn more about where Americans’ health care dollars go by clicking here or on the infographic below.
  • Federal News Network lets us know who was and was not included in the en bloc nominations resolution (S. Res. No. 532) that the Senate passed last Thursday.
  • The American Hospital Association News informs us,
    • “The Assistant Secretary for Technology Policy has issued new FAQs regarding information blocking. The updates are intended to provide clarifying guidance regarding revenue sharing, the role of a “requestor” under the alternative manner condition of the Manner Exception, the scope of electronic health information to satisfy the Manner Exception, and whether interference with an automation technology’s ability to access, exchange or use electronic health information implicates information blocking regulations.”
  • and
    • “The Department of Health and Human Services today [December 19] issued a request for information seeking public comments on how the department can accelerate the adoption and use of artificial intelligence in clinical care. The notice follows the agency’s Dec. 4 announcement of its strategy on integrating AI across internal operations, research and public health efforts. The RFI focuses on questions in three areas: AI regulation, reimbursement, and research and development. Comments will be accepted for 60 days following publication of the notice in the Federal Register.”
  • and
    •  The Centers for Medicare & Medicaid Services Dec. 19 announced the creation of the Office of Rural Health Transformation. The office will oversee management of the Rural Health Transformation Program and includes a Division of State Rural Engagement that will provide policy and operational guidance to states and other stakeholders. The office will monitor states’ implementation of the program’s initiatives to ensure compliance. 
  • and
    • “The Centers for Medicare & Medicaid Services has allocated 400 Medicare-funded residency slots to 169 teaching hospitals. Of those slots, 200 are the fourth allocation from 1,000 new residency positions authorized over five years under Section 126 of the Consolidated Appropriations Act of 2021. The other 200 are allocated under Section 4122 of the law. At least 100 of those positions must be available for psychiatry or psychiatry subspecialty residency training programs. Applications for the next round of slots under both provisions open in January and close March 31.” 
  • STAT News relates,
    • “Brand drugmakers have agreed to donate bulk ingredients to a national stockpile as part of deals with the Trump administration focused on lowering U.S. drug prices to levels available to other wealthy countries.
    • The administration announced Friday [December 19] that nine more drugmakers agreed to so-called most favored nation prices, bringing the total number of companies to sign such deals this year to 14. The agreements are similar to those shared earlier this year: brand drugmakers will lower prices and boost domestic manufacturing in return for avoiding tariffs.
    • “But the stockpile is a new aspect. Some of the nine companies agreed to donate six months’ worth of certain drug ingredients to the Strategic Active Pharmaceutical Ingredient Reserve and to make finished-dose products from those ingredients during emergencies. Among them, Merck will supply the bulk ingredients for its antibiotic ertapenem; Bristol Myers Squibb will provide the blood thinner apixaban, commonly sold under the brand name Eliquis; and GSK will donate albuterol.
    • “Few details are available, including how many active pharmaceutical ingredients are being donated, their value, and whether companies are sending actual products to the government or maintaining their own reserves of ingredients.” 

From the Food and Drug Administration front,

  • STAT News reports,
    • “It took 27 years, but Cytokinetics secured its first U.S. drug approval.
    • “On Friday, the Food and Drug Administration cleared the new medicine, called Myqorzo, to treat patients with obstructive hypertrophic cardiomyopathy, an inherited heart disorder. 
    • “Cytokinetics said it will begin selling Myqorzo in late January at a price not yet disclosed. It will compete against a similar drug from Bristol Myers Squibb that was approved in 2022 and is now bringing in more than $1 billion in sales on an annualized basis, and growing.” * * *
    • “The clearance of Myqorzo ends one of the longest R&D droughts in biotech. Cytokinetics began operations in 1998 with the goal of developing drugs based on an emerging field of science that involved inhibiting or activating certain proteins that affect the function of cardiac and skeletal muscles. Earlier programs in heart failure and ALS, among other diseases, either failed outright or produced suboptimal results.” 

From the public health and medical / Rx research front,

  • Health Day tells us “what Older Adults Should Know About Calcium and Vitamin D.”
  • The New York Times points out “Older Americans Quit Weight-Loss Drugs in Droves. In some studies, half of patients stopped taking GLP-1s within a year despite the benefits, citing the expense and side effects.”
  • Health Day tells us,
    • “Manage stress. 
    • “Get your Zzzzzs. 
    • “And build a strong social support system.
    • “New research shows that these factors — all of which are within your control — are powerful anti-aging tools. 
    • “You can learn how to perceive stress differently,” said study co-leader Jared Tanner, a research associate professor of clinical health and psychology at the University of Florida. “Poor sleep is very treatable. Optimism can be practiced.”
    • “Using MRI-based estimates of brain age, his team found that people who adhered to healthy lifestyle habits had brains that were up to 8 years younger than expected. And that was true even for folks beset with chronic pain.
    • “The findings — recently published in the journal Brain Communications — add to evidence that taking good care of yourself reaps big-time dividends.”
  • The Wall Street Journal discusses the problems confronted by parents with adult children having addiction problems.

From the U.S. healthcare business front,

  • Healthcare Dive reports,
    • “ChristianaCare and Virtua Health have called off talks to combine after mutually deciding a merger was no longer in their best interests, the regional health systems said Thursday. 
    • “The hospital operators determined “they can best fulfill their missions to serve their communities by continuing to operate independently,” Wilmington, Delaware-based ChristianaCare and Marlton, New Jersey-based Virtua said in a press release.
    • “ChristianaCare and Virtua first said they were exploring a merger in July. The deal would have created a health system with more than $6 billion in annual revenue and a footprint spanning 10 contiguous counties in New Jersey, Delaware, Pennsylvania and Maryland.”
  • HR Dive makes five benefit predictions for 2026.
    • “Employers will take a proactive role in reshaping wellness benefits.”
    • “There will be a spotlight on fertility and parental benefits.”
    • “‘She-cession’ to continue unless women receive the flexibility and benefits they need.”
    • “Paid family leave will be up to employers.”
    • “Employers will effectively reduce insurance coverage.”
  • The Wall Street Journal relates,
    • “As wellness influencers proliferate and high sleep scores are considered status symbols, 2025 is the year of the health gift. 
    • “Among the presents family and friends will be unwrapping: microbiome tests, which detail the types of bacteria living in your gut, and services that use continuous glucose monitoring devices, which measure blood sugar. Some will get panels of blood tests that examine everything from hormone levels to thyroid and liver function. 
    • “Kristina Velkova-Levine purchased a membership for regular lab testing, tracking and insights, for her husband. The membership, from a firm called Function Health, charges $365 a year for two rounds of testing, and assesses hormone, metabolic and other biomarkers. 
    • “She plans to buy one for herself, as well. Velkova-Levine, 34, and her husband plan to try to conceive next year. She says the results will help.
    • “I’ll probably just print something out, and put a cute note that it’s our moment to check all of our health thoroughly,” says Velkova-Levine, who co-founded a showerhead brand, Vitaclean, and lives in New York City and Aspen, Colo.
    • “Also coveted: devices such as the Oura ring and Whoop that track sleep, physical activity and other health metrics. The giving spirit has even seized Quest Diagnostics: The lab-testing company started selling gift cards on its consumer site in April 2024.

Cybersecurity Saturday

David ErmerCybersecurity, Generative AI

From the cybersecurity policy and law enforcement front,

  • Cyberscoop reports,
    • “With a little more than a month left before a foundational cyber threat information sharing law expires for a second time, Congress might have to do another short-term extension as negotiations on a longer deal aren’t yet bearing fruit, a key lawmaker said Tuesday.
    • “House Homeland Security Chairman Andrew Garbarino, R-N.Y., said the problem with a long-term extension of the Cybersecurity Information Sharing Act of 2015, which provides legal protections to companies to share cyber threat data with the federal government and other companies, is that there are three different views about how to approach it.
    • “The Trump administration and some in the Senate want a clean, 10-year reauthorization of the law, which Congress extended last month until Jan. 30 as part of the legislation that ended the government shutdown, after the information sharing law lapsed in October. But a reauthorization without any changes could run into House opposition, Garbarino said.” * * *
    • “Senate Homeland Security and Governmental Affairs Committee Chairman Rand Paul, R-Ky., also has a version of the bill that focuses largely on language he said is needed to defend free speech. And Garbarino’s version takes yet another approach to tweaking the law.
    • “Unfortunately, I don’t think we’re close enough with the discussions on the Senate to get it to figure out which bill will pass and what will get done,” Garbarino said. That leaves another extension tied to any funding bill that replaces the legislation currently funding the government, which also runs through Jan. 30.”
  • and
    • “Policymakers and companies are reckoning with increased reports over the past few months showing AI tools being leveraged to conduct cyber attacks on a larger and faster scale.
    • “Most notably, Anthropic reported last month that Chinese hackers had jailbroken and tricked its AI model Claude into assisting with a cyberespionage hacking campaign that ultimately targeted more than 30 entities around the world.
    • “The Claude-enabled Chinese hacks have underscored existing concerns among AI companies and policymakers that the technology’s development and relevance to offensive cybersecurity may be outpacing the cybersecurity, legal and policy responses being developed to defend against them.
    • “At a House Homeland Security hearing this week, Logan Graham, head of Anthropic’s red team, said the Chinese spying campaign demonstrates that worries about AI models being used to supercharge hacking are more than theoretical.”
  • Cybersecurity Dive tells us,
    • “A top Senate Republican is pressing the Trump administration for a plan to address the cybersecurity consequences of the U.S.’s dependence on open-source software.
    • “Leaving our reliance on OSS unmonitored is exposing America to increasingly dangerous risks,” Senate Intelligence Committee Chair Tom Cotton, R-Okla., wrote in a Wednesday letter to National Cyber Director Sean Cairncross.
    • “Cotton cited recent incidents that highlighted the unstable and sometimes untrustworthy foundations of the open-source ecosystem, including the XZ Utils crisis, a Russian developer’s control of a package that the U.S. military uses for sensitive applications and the prevalence of code contributions by Chinese companies’ employees, who are bound by Chinese laws that could force them to disclose software flaws to Beijing before fixing them.”
  • and
    • “The National Institute of Standards and Technology has prepared a companion to its widely used Cybersecurity Framework that focuses on how organizations can safely use AI.
    • “NIST’s Cybersecurity Framework Profile for Artificial Intelligence, which the agency released in draft form on Tuesday [December 16], describes how organizations can manage the cybersecurity challenges of different AI systems, improve their cyber defense capabilities with AI and block AI-powered cyberattacks. The document maps components of the Cybersecurity Framework (CSF) onto specific recommendations in each of those three areas, which NIST dubbed “secure,” “defend” and “thwart,” respectively.
    • “The three focus areas reflect the fact that AI is entering organizations’ awareness in different ways,” Barbara Cuthill, one of the profile’s authors, said in a statement. “But ultimately every organization will have to deal with all three.”
  • Cyberscoop tells us,
    • “Federal prosecutors in Michigan say they have dismantled online infrastructure tied to an alleged money laundering operation that moved tens of millions of dollars in proceeds from ransomware and other cybercrime, along with indicting the service’s creator.
    • “The U.S. Attorney’s Office for the Eastern District of Michigan announced a coordinated action with international partners and the Michigan State Police targeting E-Note, a cryptocurrency exchange and payment processing service used to launder illicit funds. The announcement coincided with the unsealing of an indictment charging a Russian national, Mykhalio Petrovich Chudnovets, with one count of money laundering conspiracy.”
  • and
    • “Former cybersecurity professionals Ryan Clifford Goldberg and Kevin Tyler Martin pleaded guilty Thursday to participating in a series of ransomware attacks in 2023 while they were employed at cybersecurity companies tasked with helping organizations respond to ransomware attacks.
    • “Goldberg, who was a manager of incident response at Sygnia, and Martin, a ransomware negotiator at DigitalMint at the time, collaborated with an unnamed co-conspirator to attack victim computers and networks and use ALPHV, also known as BlackCat, ransomware to extort payments.
    • “The plea deals mark a relatively quick turnaround as prosecutors successfully persuaded the pair to cop to their crimes less than three months after they were indicted in the U.S. District Court for the Southern District of Florida. Goldberg was arrested Sept. 22 and Martin was arrested Oct. 14.”
  • and
    • “Artem Aleksandrovych Stryzhak, a 35-year-old Ukrainian national, pleaded guilty Friday to multiple crimes stemming from his involvement in a string of ransomware attacks targeting U.S. and Europe-based organizations from mid 2018 to late 2021. He faces up to 10 years in jail for conspiracy to commit fraud, including extortion. 
    • “Stryzhak was arrested in Spain in June 2024 and extradited to the United States in April. Authorities are still looking for his alleged co-conspirator Volodymyr Tymoshchuk and announced a $11 million reward for information leading to his arrest or conviction.
    • “The defendant used Nefilim ransomware to target high-revenue companies in the United States, steal data and extort victims,” Joseph Nocella, U.S. attorney for the Eastern District of New York, said in a statement.”

From the cybersecurity breaches and vulnerabilities front,

  • Cybersecurity Dive reports,
    • “Apartment owner and developer Rockrose Development Corp. recently found that unauthorized individuals hacked its systems and claimed to have acquired confidential information, according to a letter posted to its website on Dec. 12. 
    • “The security breach occurred on July 4 and affected 47,392 people, according to a data breach notification submitted to Maine’s attorney general’s office. Rockrose discovered the issues on Nov. 14. 
    • “Rockrose determined that personally identifiable information for some individuals may have been impacted, which could indicate that the hackers accessed some sensitive areas of the network. That information could include name, Social Security number, taxpayer identification number, driver’s license number, passport number, bank account and routing numbers, health insurance information, medical information and online account credentials.”
  • Cyberscoop adds,
    • “Fallout from React2Shell — a stubborn vulnerability that impacts wide swaths of the internet’s scaffolding — continues to spread as public exploits and stealth backdoors proliferate and worrying details emerge about the targets attackers are pursuing. 
    • “Threat researchers and incident responders are reacting to swift-moving developments on React2Shell with mounting concern. Cybercriminals, ransomware gangs and nation-state threat groups are all swarming to exploit the maximum-severity vulnerability.
    • Palo Alto Networks’ Unit 42 puts the latest victim count at more than 60 organizations, which have been impacted by attacks involving exploitation of CVE-2025-55182, which Meta and the React team publicly disclosed Dec. 3.
    • “Microsoft said it found “several hundred machines across a diverse set of organizations” that were compromised via exploitation resulting in remote-code execution. Post-exploitation activity in those attacks includes reverse shell implants, lateral movement, data theft and steps that allowed attackers to maintain access to targeted networks, Microsoft said in a research blog Tuesday [December 16]. 
  • The Cybersecurity and Infrastructure Security Agency (“CISA”) added seven known exploited vulnerabilities to its catalog this week.
    • December 15, 2025
      • CVE-2025-14611 Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability
      • CVE-2025-43529 Apple Multiple Products Use-After-Free WebKit Vulnerability 
        • Kubelski Security discusses the Gladinet KVEs here.
        • The Center for Internet Security discusses the Apple KVEs here.
    • December 16, 2025
      • CVE-2025-59718 Fortinet Multiple Products Improper Verification of Cryptographic Signature Vulnerability 
        • Security Affairs discusses this KVE here.
    • December 17, 2025
      • CVE-2025-20393 Cisco Multiple Products Improper Input Validation Vulnerability
      • CVE-2025-40602 SonicWall SMA1000 Missing Authorization Vulnerability
      • CVE-2025-59374 ASUS Live Update Embedded Malicious Code Vulnerability
        • The Hacker News discusses the Cisco KVE here.
        • Security Week discusses the SonicWall KVE here.
        • Malwarebytes discusses the ASUS KVE here.
    • December 19, 2025
      • CVE-2025-14733 WatchGuard Firebox Out-of-Bounds Write Vulnerability 
        • Bleeping Computer discusses this KVE here.
  • Cyberscoop relates,
    • “Cisco customers are confronting a fresh wave of attacks from a Chinese threat group that has actively exploited a critical zero-day vulnerability affecting the vendor’s software for email and web security since at least late November, the company said in an advisory Wednesday. 
    • “Cisco said it became aware of the attacks Dec. 10. The defect CVE-2025-20393, which has a CVSS rating of 10, is an improper input validation vulnerability affecting Cisco AsyncOS software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager that allows attackers to execute commands with unrestricted privileges and implant persistent backdoors on compromised devices.
    • “There is no patch for the vulnerability and Cisco declined to say when one would be made available. Cisco said “non-standard configurations” have been observed in compromised networks, specifically customer systems that are configured with a publicly exposed spam quarantine feature.
    • “Cisco Talos researchers attributed the attacks to a Chinese advanced persistent threat group it tracks as UAT-9686, which has used tooling and infrastructure consistent with other China state-sponsored threat groups such as APT41 and UNC5174.
  • Cybersecurity Dive informs us,
    • “Multiple threat groups have been ramping up attacks using a technique called device code phishing to trick users into granting access to their Microsoft 365 accounts, according to a report Thursday from Proofpoint
    • “Hackers affiliated with China and Russia have used the technique in recent months to launch attacks. A number of criminal groups have used the same method to target M365 users as well. 
    • “This is a social engineering method that abuses a legitimate and trusted workflow for authorized access,” Sarah Sabotka, staff threat researcher at Proofpoint, told Cybersecurity Dive.”
  • and
    • A coordinated, credential-based hacking campaign has been targeting Palo Alto Networks GlobalProtect services, as well as Cisco SSL VPNs, in a surge of mid-December attacks, according to a blog post Wednesday by GreyNoise
    • The threat activity does not involve targeting of any vulnerabilities, but uses automated scripted login attempts over two days. 
    • More than 1.7 million sessions were observed targeting Palo Alto Networks GlobalProtect and PAN-OS profiles over a 16-hour period, according to GreyNoise. More than 10,000 unique IPs were detected trying to log into GlobalProtect portals on Dec. 11.  
  • and
    • “A Russia-linked hacker group has been targeting critical infrastructure organizations using vulnerabilities in their edge devices since at least 2021, highlighting an alarming shift toward exploiting well-known flaws in common networking equipment, Amazon’s threat intelligence team said Monday.
    • “The threat actor’s shift [toward edge devices] represents a concerning evolution,” Amazon researchers wrote in a blog post. “While customer misconfiguration targeting has been ongoing since at least 2022, the actor maintained sustained focus on this activity in 2025 while reducing investment in zero-day and N-day exploitation.”
  • Bleeping Computer points out,
    • “The UEFI firmware implementation in some motherboards from ASUS, Gigabyte, MSI, and ASRock is vulnerable to direct memory access (DMA) attacks that can bypass early-boot memory protections.
    • “The security issue has received multiple identifiers (CVE-2025-11901, CVE-2025‑14302, CVE-2025-14303, and CVE-2025-14304) due to differences in vendor implementations.”

From the ransomware front,

  • Cyber Press reports,
    • SentinelLABS research indicates that large language models (LLMs) such as ChatGPT, Claude, and open-source alternatives are accelerating every stage of the ransomware lifecycle, from reconnaissance to negotiation. 
    • “However, analysts emphasize that these tools are improving speed and scale rather than introducing fundamentally new attack methods.
    • “By repurposing enterprise-grade AI workflows, ransomware actors are using models to automate tasks such as creating phishing content, drafting multilingual ransom notes, and triaging data across leaked datasets. 
    • “This enables threat actors to identify financially sensitive files and tailor extortion tactics across multiple languages with greater precision.” * * *
    • “The report finds that while law enforcement disruptions have weakened mega cartels such as LockBit, Conti, and REvil, smaller, short-lived groups such as Termite, Punisher, and Obscura are emerging rapidly. 
    • “These groups exploit LLM-driven workflows to emulate more experienced operators, reducing entry barriers and complicating attribution.”
  • Manufacturing Business Technology adds,
    • “Sophos recently announced new findings from the Sophos State of Ransomware in Manufacturing and Production 2025 report which reveals that manufacturers are stopping more ransomware attacks before data can be encrypted.
    • “However, adversaries are increasingly stealing data and using extortion-only tactics to maintain pressure. As a result, more than half of manufacturing organizations impacted by encryption paid the ransom despite progress in defensive measures.”
  • Bleeping Computer relates,
    • “The Clop ransomware gang (also known as Cl0p) is targeting Internet-exposed Gladinet CentreStack file servers in a new data theft extortion campaign.
    • Gladinet CentreStack enables businesses to securely share files hosted on on-premises file servers through web browsers, mobile apps, and mapped drives without requiring a VPN. According to Gladinet, CentreStack “is used by thousands of businesses from over 49 countries.”
    • “Since April, Gladinet has released security updates to address several other security flaws that were exploited in attacks, some of them as zero-days.
    • “The Clop cybercrime gang is now scanning for and breaching CentreStack servers exposed online, with Curated Intel telling BleepingComputer that ransom notes are left on compromised servers.
    • “However, there is currently no information on the vulnerability Clop is exploiting to hack into CentreStack servers. It is unclear whether this is a zero-day flaw or a previously addressed bug that the owners of the hacked systems have yet to patch.”
  • CSO offers advice on how to create a ransomware playbook that works.

From the cybersecurity business and defenses front,

  • The Wall Street Journal reports,
    • “Blackstone is leading a $400 million investment in data-security firm Cyera that values the New York-based company at $9 billion, according to people familiar with the matter. 
    • “Cyera is among a crop of cybersecurity startups leveraging artificial intelligence to protect companies from new security vulnerabilities introduced by AI. The startup, founded in 2021 by former Israeli Defence Forces military intelligence officers Yotam Segev and Tamar Bar-Ilan, raised funding at a $6 billion valuation in June.”
  • and
    • “Kevin Mandia, founder of the cybersecurity firm Mandiant—which was acquired by Alphabet’s GOOGL 0.61%increase; green up pointing triangle Google for $5.4 billion—has formed a new company called Armadin that will take on the imminent threat from AI hacking.
    • “The company aims to use artificial intelligence to supercharge the business of testing networks for vulnerabilities. Armadin raised $24 million in seed funding from Ballistic Ventures, a venture-capital firm co-founded by Mandia, and is in talks with Accel, GV and Kleiner Perkins to raise $100 million or more, people familiar with the matter said. The deal is expected to value the company at more than $600 million. The round isn’t finalized, and the details could still change.
    • “Known as red-teaming, this kind of service will become more important as hackers turn to AI to speed up their attacks, Mandia said in an interview.  
    • “Offense is going to be all-AI in under two years,” he said. “And because that’s going to happen, that means defense has to be autonomous. You can’t have a human in the loop or it’s going to be too slow.”
  • CISA announced,
    • Today [December 19], the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency, and Canadian Centre for Cyber Security released an update to the Malware Analysis Report BRICKSTORM Backdoor with indicators of compromise (IOCs) and detection signatures for additional BRICKSTORM samples. This update provides information on additional samples, including Rust-based samples. These samples demonstrate advanced persistence and defense evasion mechanisms, such as running as background services, and enhanced command and control capabilities through encrypted WebSocket connections.
    • The update includes two new detection signatures in the form of YARA rules, enabling organizations to better identify BRICKSTORM-related activity. Organizations are strongly encouraged to deploy these updated IOCs and signatures, and to follow the detection guidance to scan for and respond to BRICKSTORM infections If BRICKSTORM, similar malware, or potentially related activity is detected, report the incident to CISA’s 24/7 Operations Center at contact@cisa.dhs.gov or (888) 282-0870.
  • Cybersecurity Dive lets us know,
    • “Hybrid infrastructure that includes a mix of public/private cloud environments, on-premises workloads and air-gapped systems are preferred by security leaders as a way to boost resilience and better manage risk, according to a report Thursday by Trellix
    • “About 96% of chief information security officers said a hybrid model is the preferred approach to meet regulatory and compliance requirements, while 97% said such a model will help meet obligations related to data sovereignty and residency. 
    • “Ultimately, a CISO must ensure their teams, technology and business partners understand the specific shared responsibility model for each service they consume and implement the necessary controls to manage the daily risks that remain the customer’s responsibility,” Trellix CISO Michael Green told Cybersecurity Dive. “This often involves leveraging tools and governance processes designed to operate across multicloud and hybrid environments to provide consistent security posture and visibility.”
  • An ISACA expert notes,
    • “Cybersecurity budgets are often built on assumptions, including the assumption that backups will always work, that insurance will cover the losses and that existing controls are “good enough.” Yet, when those assumptions fail, the operational fallout can be staggering. The City of Hamilton in Canada learned this lesson when a ransomware attack crippled nearly 80% of its network and left taxpayers facing a CAD $18.3 million recovery bill. Misplaced assumptions regarding backups, authentication, insurance and system resilience can lead organizations to underestimate risk and drive up the cost of a cyberattack.”
  • Dark Reading offers advice on creating an AI adoption playbook and of course its CISO Corner.

Friday report

David ErmerCDC, CMS, Congress, COVID-19, FDA, Federal employment benefits, Medical / Rx research, Medicare, Mental health care, NIH, Obesity, OPM, Rx coverage, U.S. Healthcare

From Washington, DC,

  • The Wall Street Journal reports,
    • “Nine pharmaceutical companies including Bristol-Myers SquibbGSK and Merckagreed to lower the prices that certain federal government programs and patients pay, in a new round of industry pacts with the Trump administration.
    • “The companies said they would reduce U.S. prices on drugs to levels comparable with prices charged in other wealthy countries, which are generally much lower. In return, the companies get administration-backed reprieves from potential new U.S. tariffs for three years.
    • “President Trump announced the deals Friday at the White House, joined by top executives of the nine companies. * * *
    • Under the terms, the “most-favored nation” prices offered by companies would apply to the U.S. Medicaid program for lower-income patients, direct-to-patient services including the planned TrumpRx.gov and to newly launched drugs in the future.
    • “Merck said it would make diabetes drugs Januvia and Janumet available to eligible American patients at a cash price that is 70% off the current list price through a direct-to-patient program. 
    • “Amgen said it would sell its migraine drug Aimovig for $299 a month, nearly 60% off the list price.
    • “Some of the companies in the new round of deals also agreed to donate the main ingredients for certain medicines to a national stockpile, to be available in the event of a national emergency. 
    • “GSK is donating six-months’ supply of a respiratory inhaler, and Bristol-Myers will donate six-months’ worth of the blood thinner Eliquis.
    • “Bristol-Myers said it would provide Eliquis free to Medicaid programs.”
  • The Hill adds,
    • “Medicare enrollees could save roughly half of what they usually pay for certain drugs next year, according to a study from the AARP.
    • “The study, published Thursday, found that the out-of-pocket cost of 10 drugs included in the first round of Medicare drug price negotiation will decrease substantially in five states with high enrollment in the program — California, Florida, New York, Pennsylvania and Texas — once negotiated prices go into effect on Jan. 1, 2026.” 
  • Roll Call sums up Congress’s activities in the final week of this term of Congress and looks forward to January.
    • “The Senate followed the House in leaving for the Christmas break on Thursday, clearing another batch of President Donald Trump’s nominations but kicking to January the fate of the next handful of spending bills.
    • “The Senate confirmed, 53-43, an en bloc package of 97 nominations. Senators also by unanimous consent confirmed the nomination of Kevin E. Lunday to be commandant of the Coast Guard. And they reached an agreement to set up confirmation of additional Trump nominees when they return in January.” * * *
    • “[T]he aspiration of Thune and Senate Republican appropriators to get the ball rolling on a package of fiscal 2026 spending bills was not to be. The rules require unanimous consent to combine more than one regular appropriations measure into a single bill — and that agreement proved elusive despite talks that went on throughout the day Thursday.
    • “That sets the stage for January, when lawmakers will have less than a month to figure out how to fund the government and avoid another partial government shutdown. Thune said he thought another shutdown would be “toxic” for Democrats and Republicans alike.
    • “I don’t think either side wants to see that happen,” Thune said. “So I’m hoping that there will be goodwill and we’ll figure out how to fund the government.”
  • Per a Centers for Medicare and Medicaid Service press release,
    • “The Centers for Medicare & Medicaid Services (CMS), in partnership with the Department of Labor and the Department of the Treasury (collectively, the Departments), today jointly proposed major updates to the historic health care price transparency rules established during President Trump’s first term.” * * *
    • “In line with Executive Order 14221, this proposed rule reflects the Department’s commitment to ensuring that health care pricing data is not only public but maximally impactful and actionable.
    • “Key improvements include:
      • “Requiring plans and issuers to exclude from the In-network Rate Files certain data for services providers would be unlikely to perform.
      • “Reorganizing In-network Rate Files by provider network rather than by plan, cutting redundancy, and aligning with how most hospitals report data pursuant to the Hospital Price Transparency requirements.
      • “Requiring Change-log and Utilization Files so users can easily identify what has changed from one In-network Rate File to the next and have clear information on which in-network providers are actively furnishing which items and services.
      • “Reducing reporting cadence for In-network Rate and Allowed Amount Files from monthly to quarterly, significantly reducing burden while maintaining meaningful transparency.
      • ‘Increasing the amount of out-of-network pricing information reported by reorganizing Allowed Amount files by health insurance market type, reducing the claims threshold to 11 or more claims, and increasing the reporting period from 90 days to 6 months and the lookback period of data from 180 days to 9 months. 
    • “The Departments seek feedback from stakeholders during the 60-day comment period on all elements of the proposed rule, including opportunities for further standardization and burden reduction. The deadline to submit comments is February 21, 2026.
    • “To access the proposed rule, visit: https://www.federalregister.gov/public-inspection/2025-23693/transparency-in-coverage
    • “To read the CMS fact sheet, visit: cms.gov/newsroom/fact-sheets/transparency-coverage-proposed-rule-cms-9882-p” 
  • Beckers Payer Issues informs us,
    • “CMS has proposed two new models aimed at curbing Medicare drug spending by linking payments to international benchmarks. The proposals — GUARD for Part D drugs and GLOBE for Part B — are the latest in the CMS Innovation Center’s efforts to make prescription drugs more affordable for beneficiaries while preserving the long-term sustainability of the Medicare program.” * * *
    • “The models were published via a notice of proposed rulemaking and are now open for public comment [for sixty days] through the Federal Register.” 
  • MedCity News delves into “CMS’ new ACCESS model [mentioned in yesterday’s post and], slated to begin on July 1, aims to shift traditional Medicare fee-for-service toward value-based care by tying payments to patient outcomes and encouraging tech-enabled, preventive care. Experts say it could benefit digitally mature, value-focused providers first, but its overall success will hinge on clear metrics, better data sharing and sustained participation.”
  • Per a Commitee for a Responsible Budget news release,
    • “Health care spending represents about 18% of the nation’s economy and the largest area of federal spending. High and rising health care costs are driven in part by the prices for medical care, which have risen 130% since 2000, compared to 93% for overall inflation.1 This is particularly true in commercial insurance – including large employers, the Affordable Care Act marketplaces, and public employers such as states and the federal government – where rising costs place a growing burden on workers, employers, and the federal government.2 To manage costs, many employers attempt to work with insurance plans to reduce spending, but many lack the market power to command lower prices from providers, such as hospitals.3
    • “Some public employers have looked to reference pricing to address rising employee health care costs in state plans. Under a reference pricing approach, the employer sponsoring the plan establishes a maximum price for certain services. States that have launched reference pricing programs for state employees have been able to reduce costs for state budgets, as well as for enrollees.
    • “In order to reduce health care costs more broadly, policymakers could consider adopting or encouraging reference pricing for federally subsidized insurance. A possible place to start would be the Federal Employees Health Benefits (FEHB) program, which is the largest employer-sponsored commercial insurance program in the country and costs the federal government roughly $50 billion per year.4
    • “In this brief, we discuss an option to adopt a version of reference pricing for hospital reimbursement rates in FEHB, with the reference price based on Medicare rates. Doing so could save billions of dollars for enrollees and the federal government.”
  • Tammy Flanagan, writing in Govexec, discusses “key decisions every federal employee [nearing retirement] must make. From survivor benefits and health coverage to leave payouts and TSP choices, federal employees nearing retirement face deadlines that can permanently shape their finances.”
  • The New York Times lets us know that “President Trump on Thursday ordered cannabis to be downgraded to a lower category of drugs, a change that would allow for more widespread use by patients and permit cannabis producers to take advantage of standard business tax breaks.” The article explains why “moving cannabis to a category of drugs that includes some common medicines will have implications for research, businesses and patients.”

From the Food and Drug Administration front,

  • Fierce Pharma reports,
    • “Seven years after the FDA’s accelerated approval of bleeding reversal agent Andexxa, which was then under the ownership of Portola Pharmaceuticals, the drug’s round trip on the U.S. market is coming to an end. 
    • “Andexxa, now under AstraZeneca’s stewardship, is slated to be pulled from the U.S. market next week, according to a Dec. 18 update from the FDA. 
    • “In the FDA communication, the agency notes that it has “received postmarketing safety data on thromboembolic events, including serious and fatal outcomes, in patients treated with Andexxa.” Based on the available data, the agency “considers the risks of the product to outweigh its benefits,” it said.”
  • BioPharma Dive relates,
    • “The Food and Drug Administration has put a partial clinical hold on one of Merck & Co. and Daiichi Sankyo’s antibody-drug conjugates following an unexpected number of deaths in a late-stage clinical trial.
    • “Daiichi initiated a voluntary pause recruiting and enrolling the trial, called IDeate-Lung02, after “higher than anticipated incidence of grade 5 interstitial lung disease events,” a spokesperson for Merck and Daiichi said in a statement to BioPharma Dive. Following the pause, the FDA verbally placed the trial on a partial clinical hold in October. The spokesperson did not say the number of deaths recorded.
    • “During the hold, Daiichi, along with the FDA and an independent committee will review the safety data and “decide on any necessary further actions.” Trial enrollees will be able to continue treatment, but no new participants will be recruited.
    • “The experimental drug, called ifinatamab deruxtecan, or I-DXd, is one of three ADCs Merck gained the rights to through a major licensing deal with Daiichi in 2023. ADCs, which link an antibody to a toxic payload, are meant to more effectively target and destroy cancer cells while sparing the surrounding healthy tissue.”
  • Per FDA news releases,
    • “The U.S. Food and Drug Administration today awarded national priority vouchers under the Commissioner’s National Priority Voucher (CNPV) pilot program to two investigational products for their potential to increase access through affordability for American patients.
    • “The products are:
      • Enlicitide decanoate — an oral PCSK9 inhibitor for lowering LDL cholesterol
      • Sacituzumab Tirumotecan — a trophoblast cell-surface antigen 2 (TROP2)-directed antibody-drug conjugate
    • “High health care costs and prescription drug prices threaten to undermine all the technological advancements we see in the medical field,” said FDA Commissioner Marty Makary, M.D., M.P.H. “We’re pleased to grant these vouchers to two products that may significantly contribute to our goal of improving the accessibility and affordability of healthcare in America.”
    • “With these awards,18 products have now received a voucher under the CNPV pilot program since it was established in June 2025. On December 9, the agency announced its first review decision under the program, achieving significant time savings compared to a typical review timeline.”
  • and
    • “The U.S. Food and Drug Administration has issued a Request for Information (RFI) seeking input from venture capital firms on developing a new contracting approach to strengthen collaboration between the agency and America’s most innovative companies. 
    • “The FDA recognizes that many breakthrough technologies and innovative solutions relevant to its public health mission — including artificial intelligence, biotechnology, medical devices, and regulatory technology — are being developed by firms within venture capital portfolios. However, longstanding challenges, have limited engagement with innovative companies. Many existing federal contracting mechanisms favor large systems integrators and intermediaries that focus on labor-based work rather than scalable technologies. In addition, small business set-aside programs can be difficult for early-stage companies to access and have faced concerns about misuse.  
    • “We should be harnessing the incredible talent of America’s innovators, instead of relying on middlemen and D.C. insiders,” said FDA Commissioner Marty Makary, M.D., M.P.H. “The FDA is exploring a new approach that enables us to harness innovative capabilities and work directly with American entrepreneurs.”
  • Per Cardiovascular Business,
    • “Abbott has received U.S. Food and Drug Administration (FDA) clearance and CE mark approval for its Amplatzer Piccolo Delivery System. The device was developed for clinicians to use when implanting the company’s Amplatzer Piccolo Occluder in a premature baby with a patent ductus arteriosus (PDA).
    • “PDAs are holes between two blood vessels that typically close when a baby is born. In rare instances, however, the hole stays open after birth, directing too much blood toward the lungs and impacting the neonate’s ability to breathe.
    • “The Amplatzer Piccolo Occluder first secured FDA approval and CE mark approval in 2019. It is the first transcatheter treatment to gain FDA clearance for closing a PDA in a premature infant. The device is smaller than a pea and delivered through a tiny incision in the child’s leg before it is guided to the heart using the newly cleared Amplatzer Piccolo Delivery System.
    • “We designed the Amplatzer Piccolo Delivery System based on feedback from leading physicians across the world to make PDA closure procedures even safer and easier,” Sandra Lesenfants, senior vice president of Abbott’s structural heart business, said in a prepared statement. “With the Amplatzer Piccolo Occluder, which is the world’s smallest heart device, and now with the new delivery system to complement it, we’re continuing to advance how we meet the needs of our tiniest patients with structural heart disease.”

From the public health and medical / Rx research front,

  • The Centers for Disease Control and Prevention announced today,
    • “RSV activity is increasing in the Southeastern, Southern, and Mid-Atlantic areas of the country with emergency department visits and hospitalizations increasing among children 0-4 years old. Seasonal influenza activity continues to increase across the country. COVID-19 activity is low nationally.
    • “COVID-19
      • “COVID-19 activity is low nationally.
    • “Influenza
    • “RSV
      • “RSV activity is increasing in the Southeastern, Southern, and Mid-Atlantic areas of the country with emergency department visits and hospitalizations increasing among children 0-4 years old.
    • “Vaccination
      • “It is not too late to get vaccinated ahead of the holidays. Talk to your doctor or trusted healthcare provider about what vaccines are recommended for you and your family.
  • Beckers Clinical Leadership tells us,
    • “Flu hospitalization cases are evenly split between children and older adults, Northwell said, and its Cohen Children’s Medical Center in New York City is at capacity. 
    • “Flu is rising a lot faster than it did last year,” Dwayne Breining, MD, senior vice president of lab services at Northwell, said during a Dec. 18 news conference. 
    • “The other two [COVID-19 and RSV] are rising but not as fast as they did last year,” Dr. Breining said. “That’s driven by a couple of things. What’s very concerning for us is the cases of flu are rising at like 35% per week; the hospitalizations are rising at 75% per week. So we’re keeping a close eye on that trend. It could mean the flu is more severe.”
    • “Experts have said a mutated version of H3N2, “subclade K,” could be fueling the current uptick in flu activity amid earlier and more intense outbreaks abroad. The strain is a version of the influenza A virus, which is generally known to cause more severe illness, particularly in older adults and young children.
    • “At Northwell, more than one-third of flu tests for the week ending Dec. 14 were positive for influenza A’s H3 subtype. The same week period in 2024 saw a 10% flu positivity rate.”
  • Per a National Institutes of Health news release from its Director Dr. Jay Bhattacharya,
    • “At the National Institutes of Health (NIH), engendering trust and confidence in the research we support is one of our top priorities. Three things guide these efforts: engaging in open, honest dialogue, acting in transparency, and delivering on our commitment to advancing science and improving health.
    • “To help guide this work, the Novel and Exceptional Technology and Research Advisory Committee (NExTRAC) recently undertook a multi-year effort to provide the NIH with a roadmap for incorporating public voices in clinical research (see NExTRAC report).  Deliberations were informed by a team of multi-disciplinary experts and community conversations across the country, specifically asked to think about strategies for incorporating public voices at every stage of the clinical research process.
    • “I am pleased to endorse these recommendations, which focus on:
      • “providing a clear vision and framework for maximally involving patients and communities in clinical research;
      • “ensuring that people and communities have meaningful input into the agenda and direction of research that is relevant and impactful for them; and
      • “increasing transparency for how research participant data are utilized in moving the scientific enterprise forward.
    • “NIH is eager to begin implementing this roadmap, starting in 2026.”
  • The University of Minnesota’s CIDRAP adds,
    • Today [December 17] the Center for Infectious Disease Research and Policy (CIDRAP) at the University of Minnesota and NEJM Evidencelaunched their new Public Health Alerts initiative with reports on potential local transmission of clade 1b mpox virus (MPXV) in California and on influenza viruses circulating during the 2024-25 flu season.
    • Public Health Alerts is designed to deliver information and early warnings about emerging health threats, enabling swift, informed responses across the United States and globally.
    • “The new collaboration between NEJM Evidence and CIDRAP fills a gap in reliable data, offering expert-reviewed reports that translate frontline observations into actionable public health evidence. An NEJM Evidence editorial today explains the initiative further.
    • “Access to emerging public health data saves lives,” said infectious disease doctor Eric J. Rubin, MD, Editor-in-Chief of the New England Journal of Medicine and NEJM Group, publisher of NEJM Evidence, in a news release. “By providing this new, rigorous pathway for public health information, NEJM Group is delivering on its commitment to equip physicians with reliable information to support evidence-based care.”
    • “Rapid, credible communication has always been essential to an effective public health response,” added CIDRAP Director Michael Osterholm, PhD, MPH. “With this new collaboration, we hope to restore and strengthen that early-warning function, providing timely, evidence-based alerts that can help local and state health leaders act quickly to protect the health of people in their communities.” 
  • Health Day informs us,
    • “It’s beside the point to debate whether vaping or nicotine pouches can be more healthy than smoking a cigarette, a major new report argues.
    • “Nicotine is toxic to the heart and blood vessels regardless of how it’s consumed, according to an expert consensus report published today in the European Heart Journal.
    • “Nicotine is not a harmless stimulant; it is a direct cardiovascular toxin,” said lead researcher Dr. Thomas Münzel, a senior professor of cardiology at University Medical Center at Johannes Gutenberg University in Mainz, Germany.
    • “Across cigarettes, vapes, heated tobacco and nicotine pouches, we consistently see increased blood pressure, damage to blood vessels and a higher risk of heart disease,” Münzel said in a news release. “No product that delivers nicotine is safe for the heart.”
  • and
    • “Young adults are inheriting a world filled with turmoil and unrest, and this instability is leaving its mark on their mental and emotional health.
    • “A single half-hour course, however, could help them feel less anxious and depressed, by helping them increase their tolerance of uncertainty, a new study says.
    • “Young adults who took the course titled “Uncertainty-Mindset Training” continued to feel better a month after taking it, researchers reported Dec. 15 in the journal Psychological Medicine.
    • “Young people today are coming of age amid great climate, economic, social and health uncertainty,” senior researcher Susanne Schweizer, an associate professor with the University of New South Wales in Sydney, said in a news release.”
  • The Washington Post points out that “feeling wonder every day improves our health and explains how to do it.
  • Health Day calls attention to
    • “A new rapid test [that] could improve treatment of urinary tract infections (UTIs), by identifying the most effective antibiotic for each individual patient.
    • “The test applies different antibiotics to bacteria found in urine samples, to see which one best suppresses bacterial growth, researchers recently reported in the journal Microbiology Spectrum.
    • “This new method could cut a full day off the time between testing and prescription, researchers said, and arm a patient with the best means of clearing their infection.
    • “The sooner we know which antibiotic is effective, the more targeted our treatment can be,” senior researcher Oliver Hayden, a professor of biomedical electronics at the Technical University of Munich in Germany, said in a news release.”
  • Beckers Hospital Review lets us know about GLP-1 drugs that are poised to enter the U.S. market.
  • Per BioPharma Dive,
    • “An experimental anti-inflammatory drug being developed by Belgium-based Galapagos met its main goal in one Phase 2 clinical trial but missed in another, the company said Thursday.
    • “The drug, which blocks an inflammation-signaling enzyme called TYK2, helped significantly improve disease signs and symptoms in people with a muscle and skin condition called dermatomyositis. But it didn’t help people with lupus, missing statistical significance on a broad measure of clinical response.
    • “Called GLPG3667, the drug is Galapagos’ biggest remaining asset following a decision to wind down the company’s cancer cell-therapy business after an unsuccessful attempt to sell it. Galapagos may seek a partner to help further develop GLPG3667, which has some competition in the form of a Roivant medicine that could be under Food and Drug Administration review for dermatomyositis early next year.”
  • Per the Genetic Engineering and Biotechnology News,
    • “As the number of antibiotic-resistant infections continues to rise, scientists are looking to bacteriophages (“phages”), viruses that infect bacteria, as an approach to tackling antibiotic resistance. A new study by researchers at the Hebrew University of Jerusalem has revealed how bacteriophages use a tiny piece of genetic material to hijack bacterial cells and make more copies of themselves.
    • “Focusing on infection of Escherichia coli by phage lambda, a bacteriophage that scientists have been studying for decades, research lead Sahar Melamed, PhD, and colleagues identified a virus-encoded small RNA molecule (sRNA) called phage replication enhancer sRNA (PreS) that acts like a hidden genetic “switch.” The team’s research indicated that this switch rewires bacterial genes to help the virus copy its DNA more efficiently and boost viral replication.
    • “The team said that understanding how phages control bacterial cells is important both for basic science and to help inform future medical applications. By uncovering how phages use tools such as PreS to take control of bacterial cells, the newly reported study provides important basic knowledge that could help scientists design new phage-based therapies targeting drug-resistant bacteria.”

From the U.S. healthcare business front,

  • Kaufman Hall discusses “key health system enterprise strategy trends in 2025… and our predictions for 2026.”
  • Radiology Business reports,
    • “Commercial insurer Anthem is defending a controversial new plan to penalize hospitals who use out-of-network radiologists and other physicians. 
    • “Word of the new administrative policy first surfaced in October and is slated to take effect Jan. 1 across 11 states. Anthem plans to punish hospitals by charging a 10% penalty of the allowed amount for claims that involve docs outside of its networks. 
    • Radiologists and other physicians have roundly criticized the change, labeling the policy as “deeply flawed and operationally unworkable.” The American Hospital Association also joined the chorus on Wednesday with its own sternly worded letter, calling for Anthem parent Elevance Health to rescind the policy. 
    • “However, the Indianapolis-headquartered conglomerate is standing its ground and refusing to honor such requests. Radiologists have charged that the No Surprises Act and its independent dispute resolution process already addresses concerns raised by Elevance. 
    • “We agree that the federal NSA has fulfilled its intent of protecting patients from unexpected medical bills at the point of care,” Catherine Gaffigan, MD, president of health solutions for Elevance Health, detailed in a Dec. 9 response letter to the American Medical Association and others who wrote to the company in November. “At the same time, our experience shows it has also created incentives for many care providers to remain out-of-network due to extremely high, unsustainable IDR awards—on average around nine times in-network commercial reimbursement rates—resulting from the NSA’s IDR arbitration process.” 
  • Amen to that.
  • Fierce Pharma relates,
    • “Pharma marketers enter 2026 asking where DTC fits in the DTP era. 
    • “That question, which few foresaw 12 months ago, reflects the fast rise of direct-to-patient (DTP) programs. In the last few months alone, AmgenBristol Myers SquibbAstraZenecaGenentechNovartis and Boehringer Ingelheim have all launched DTP services with discounts for self-pay patients on certain popular medications, joining earlier adopters Eli LillyPfizer and Novo Nordisk.
    • “The programs are changing how patients access medicines—and how patients hear about medicines could therefore evolve to reflect the emerging sales channel.” 
  • and
    • “Sixteen months after luring former Roche dealmaker James Sabry, M.D., Ph.D., out of retirement and signaling a shift in its business development approach, BioMarin has announced the largest transaction in the company’s 28-year history.
    • “In a merger of rare disease specialists, BioMarin has agreed to acquire Amicus Therapeutics for $4.8 billion. The California biopharma will pay $14.50 per share, which is a 33% premium on the $10.89 Thursday closing price of the New Jersey-based biopharma and a 46% premium on its 30-day average.
    • “With the deal, BioMarin gains two rapidly growing products—Fabry disease drug Galafold and Pompe disease combination treatment Pombiliti-Opfolda. BioMarin also acquires the U.S. rights to DMX-200, a potential first-in-class small molecule in phase 3 development for the rare kidney disease focal segmental glomerulosclerosis (FSGS).”
  • and
    • “Regeneron has had its hands full this year contending with regulatory setbacks, Amgen’s marketed Eylea biosimilar and Roche’s hard-charging ophthalmology rival Vabysmo. Next year, the biosimilar competition to the New York drugmaker’s blockbuster eye drug Eylea is only likely to ratchet up.
    • “Regeneron has inked another settlement related to Eylea biosimilars, this one with Alvotech and Teva, enabling the partners to launch their product “in the fourth quarter of 2026, or earlier under certain circumstances,” according to a Dec. 19 press release from Alvotech.”