Generative AI Archives - Ermer and Suter PLLC

Monday report

David Ermer–CDC, CMS, FDA, Generative AI, Medical / Rx research, OPM, Rx coverage, U.S. Healthcare–February 9, 2026February 10, 2026

From Washington, DC,

The Hill reports,
- “The Trump administration on Monday proposed stripping the power of an independent board to review challenges from fired federal workers while barring employees from taking the matter to court.
- “The new proposed rule would impact federal workers fired through a Reduction in Force (RIF), the process used at 22 different agencies last year as the Trump administration conducted widespread layoffs.
- “If finalized, any federal worker fired in a future RIF would not be able to plead their case before the quasi-judicial Merit Systems Protection Board (MSPB), which last year found that some agencies had “engaged in a prohibited personnel practice” in firing the workers.
- “Instead, any challenges would be reviewed by the Office of Personnel Management (OPM), which last year alongside the Office of Management and Budget instructed agencies to begin RIFs.”

Per a CMS news release,
- “Today, the Centers for Medicare & Medicaid Services (CMS) proposed regulations to lower health care costs, promote competition, and strengthen program integrity in the Federal and State-Based Health Insurance (Exchanges). The proposed Notice of Benefit and Payment Parameters for 2027 would crack down on fraud and misleading practices by agents and brokers, restore accountability for taxpayer-funded subsidies, and remove federal barriers that have limited plan innovation and driven up premiums—helping ensure coverage is more affordable and works better for consumers, taxpayers, and states.” * * *
- “To review the proposed rule, visit https://www.federalregister.gov/d/2026-02769.
- “Public comments must be submitted by March 11, 2026.
- “To review the proposed rule fact sheet, visit https://www.cms.gov/newsroom/fact-sheets/hhs-notice-benefit-payment-parameters-2027-proposed-rule.”

Bloomberg Law adds,
- “The Notice of Benefit and Payment Parameters from the Centers for Medicare & Medicaid Services would allow certain plans that offer preset dollar amounts for care—such as indemnity plans—to meet the requirements of a “qualified health plan” under the ACA if they demonstrate a sufficient number of doctors would accept the plan’s payment terms.” * * *
- “The rule likewise expands hardship exemptions to permit more individuals to buy “catastrophic” plans with the lowest level of cost-sharing and coverage, and allows catastrophic plan issuers to offer multi-year terms. The proposal would also permit plans with low deductibles and higher out-of-pocket costs
- “The rule also reverses changes made under the Biden administration, including requiring insurers to offer standardized plan options that were meant to simplify choices.”

Healio observes,
- “A voluntary program designed to help Medicare Part D beneficiaries manage drug costs[, which took effect last year,] could provide considerable benefit to people with cancer, according to study results.
- “The Medicare Prescription Payment Plan (M3P) provides flexibility that may ease financial distress — particularly for those with limited or fixed incomes — and reduce the potential for cost-related treatment nonadherence, researchers concluded.”
- “However, many patients and health care professionals are unaware of the program, according to Aryana Sepassi, PharmD, MAS, assistant professor of clinical pharmacy at UC San Diego Skaggs School of Pharmacy and Pharmaceutical Sciences.”

From the Food and Drug Administration front,

MedTech Dive reports,
- “The Food and Drug Administration’s breakthrough program has made a steady start to the 2026 financial year, granting designations at the same pace as in the two prior years.
- “After years of growth that peaked in 2021, designations have settled at a lower rate in recent years. The agency awarded 164 to 166 designations per financial year three times from 2022 to 2025.
- “The FDA is on course to grant a similar number of breakthrough designations in its 2026 financial year. After one quarter, the agency had awarded 42 designations, a pace that would result in 168 breakthrough statuses if maintained across the full financial year.”

MedPage Today tells us,
- “Oncology specialists should inform patients about a risk of serious toxicity related to dihydropyrimidine dehydrogenase (DPD) deficiency and should test for DPYD variants before starting treatment with capecitabine (Xeloda) and fluorouracil, the FDA announced.
- “In a safety update communicationopens in a new tab or window, the agency noted that DPYD encodes DPD, which breaks down more than 80% of fluorouracil. Certain homozygous or compound heterozygous DPYD variants result in complete or near-complete absence of DPD activity, increasing the risk for serious, potentially fatal toxicities when exposed to capecitabine or fluorouracil, which are widely used in cancer treatment. Potential adverse reactions include mucositis, diarrhea, neutropenia, and neurotoxicity. The reactions also can occur in patients who have partial DPD activity.
- “Capecitabine and fluorouracil, or 5-FU, are routinely used in treatment regimens for breast, colorectal, gastric, and pancreatic cancers.”
STAT New informs us,
- “The Food and Drug Administration has rejected a rare-disease gene therapy from Regenxbio, the company said Monday.
- “The one-time treatment, called RGX-121, is designed to replace a malfunctioning gene that causes mucopolysaccharidosis type II, also known as Hunter syndrome, an ultra-rare disorder that causes physical and cognitive impairments.”
- “Regenxbio had applied for accelerated approval, a type of conditional market clearance, based on RGX-121’s ability to significantly reduce in the short term a specific biomarker in cerebrospinal fluid believed to correlate with longer-term cognitive improvements in patients with the severe form of Hunter syndrome.
- “But the FDA, in its letter rejecting the therapy, raised questions about the appropriateness of using the surrogate biomarker, called CSF HS D2S6, as a predictor of clinical benefit. The agency also questioned the eligibility criteria Regenxbio used to enroll patients into its clinical trial and the use of a natural history comparator arm, the company said.”

From the judicial front,

Bloomberg Law reports,
- “Medical providers are testing a new legal strategy to recoup unpaid arbitration awards as health insurers rack up victories in surprise billing disputes.
- “The shift underscores the difficulties both sides face in arbitration under the No Surprises Act, which requires doctors and insurers to settle most unexpected out-of-network bills themselves rather than balance-billing the patient. The volume of disputes has exposed cracks in the system, leading to a series of lawsuits around ineligible claims, fraud, and unpaid awards.
- “Courts have largely concluded that the law doesn’t grant doctors the right to sue over unpaid awards in most circumstances. Most recently, the US Supreme Court denied two air ambulance companies’ petition to hear their case after the US Court of Appeals for the Fifth Circuit ruled against them.
- “Providers are now adapting their legal strategy by arguing insurance companies are guilty of improper denial of benefits under the Employee Retirement Income Security Act and unjust enrichment under common law. Hundreds of cases in the US District Court for the District of New Jersey were paused last month pending a decision on the amended claims in Rowe Plastic Surgery of NJ LLC v. Aetna Life Insurance Co .
- “But the doctors are likely to face problems, at least in overcoming ERISA preemption on their unjust enrichment claims, said Leslie Howard, co-founder of Cohen Howard, a firm representing out-of-network providers.”

The American Hospital Association News relates,
- “The 5th U.S. Circuit Court of Appeals Feb. 9 affirmed a district court ruling upholding Louisiana’s 340B contract pharmacy law. The state law prohibits drug companies from denying hospitals the same 340B discounts for drugs dispensed at community pharmacies that would be provided via in-house pharmacies. Three drug companies — AbbVie, PhRMA and AstraZeneca — challenged the law, arguing that it was unconstitutional in several ways. “Rejecting those arguments, the appeals court held that Louisiana’s law was not preempted by federal law, did not violate the Fifth Amendment’s Takings Clause, did not violate the Constitution’s Contract Clause and was not unconstitutionally vague. “States regulate pharmacies — and the distribution of drugs to those pharmacies — every day,” the 5th Circuit explained. “Act 358 fits comfortably within that tradition.
- “The AHA filed friend-of-the-court briefs supporting Louisiana’s law last year.”

The Society for Human Resource Management notes,
- “On Feb. 6, a federal appeals court vacated a preliminary injunction of two executive orders (EO) — EO 14151 on “Ending Radical and Wasteful Government DEI Programs and Preferencing” and EO 14173 on “Ending Illegal Discrimination and Restoring Merit-Based Opportunity” — finding they were not unconstitutional on their face. The court had previously stayed the injunction, pending appeal. This ruling was the first by a federal appeals court to find the two EOs facially constitutional. Both EOs focused on infrastructure inside the federal government with an emphasis on contracts and grants.
- “EO 14173, issued Jan. 21, 2025, “was the most significant EO for the private sector” last year, said W. John Lee, an attorney with Morgan Lewis in Philadelphia. Established on May 19, 2025, the U.S. Department of Justice’s Civil Rights Fraud Initiative “is a direct result of the EO and is a prominent example of how it is reshaping federal enforcement of civil rights law.” EO 14151, issued Jan. 20, 2025, set the tone for EO 14173. EO 14173 reshaped compliance obligations for federal contractors and grantees. It also revoked EO 11246, ending EO-based affirmative action programs for women and minorities.
- “On Jan. 21, 2025, U.S. Equal Employment Opportunity Commission (EEOC) Chair Andrea Lucas made it clear that the EEOC’s enforcement priorities had shifted in alignment with President Donald Trump’s EOs.
- “While the 4th U.S. Circuit Court of Appeals vacated the injunction, it sent the case back to the district court for further proceedings and left open the possibility of challenges based on individual application of the EOs.”

The Wall Street Journal points out,
- “A lawsuit that drugmaker Novo Nordisk filed on Monday against telehealth firm Hims & Hers shows how fierce the maneuvering over the booming obesity-drug market has become.
- “In the lawsuit filed in a federal court in Delaware, Novo Nordisk accused Hims & Hersof violating the patents covering its Ozempic and Wegovy drugs used for weight loss by trying to sell custom-made versions of those medicines.
- “The pill from Hims & Hers threatened to undermine Novo Nordisk’s efforts to recapture momentum in the $70 billion weight-loss drug market by providing a lower-cost alternative to a Wegovy pill the Danish company recently launched.
- “Novo Nordisk has been pulling out the stops to reclaim the momentum it lost to Eli Lilly in the booming market.”

From the public health and medical / Rx research front,

The AP reports,
- “A leading U.S. health official on Sunday urged people to get inoculated against the measles at a time of outbreaks across several states and as the United States is at risk of losing its measles elimination status.
- “Take the vaccine, please,” said Dr. Mehmet Oz, the Centers for Medicare and Medicaid Services administrator whose boss has raised suspicion about the safety and importance of vaccines. “We have a solution for our problem.”

Health Day tells us,
- “Americans could be facing an uphill battle when it comes to protecting their heart health as they age, a new Cleveland Clinic poll reveals.
- “Nearly 3 of 4 Americans (72%) feel confident in their ability to maintain heart health as they age, the survey found.
- “But nearly as many (69%) also report that they have at least one known risk factor for heart disease.
- “Worse, nearly 1 in 4 (24%) aren’t sure whether they are at increased risk for heart disease, according to the survey.
- “Healthy aging is about prevention,” said Dr. Samir Kapadia, chair of cardiovascular medicine at the Cleveland Clinic.
- “Heart disease often develops silently over decades, which is why staying active, understanding your risk factors, and addressing them early can make a profound difference in both quality of life and longevity,” Kapadia said in a news release.”

The American Medical Association lets us know “what doctors wish patients knew about the shingles virus.”
- “If you’ve ever had chickenpox, then the virus that causes shingles is present in your body and can resurface at some point in the future. Find out more.”

The New York Times relates,
- “If you think your daily doses of espresso or Earl Grey sharpen your mind, you just might be right, new science suggests.
- “A large new study provides evidence of cognitive benefits from coffee and tea — if it’s caffeinated and consumed in moderation: two to three cups of coffee or one to two cups of tea daily.
- “People who drank that amount for decades had lower chances of developing dementia than people who drank little or no caffeine, the researchers reported. They followed 131,821 participants for up to 43 years.
- “This is a very large, rigorous study conducted long term among men and women that shows that drinking two or three cups of coffee per day is associated with reduced risk of dementia,” said Aladdin Shadyab, an associate professor of public health and medicine at the University of California, San Diego, who wasn’t involved in the study.”

NBC News relates,
- “Bad,” or LDL, cholesterol is a major risk factor for heart disease and most people are screened for it as part of their yearly physicals.
- There’s another marker in the blood that may be a better predictor of heart disease risk, a recent large review suggests. But it’s not part of routine blood testing.
- “Apolipoprotein B (apoB) is a protein that attaches to harmful fat particles in the blood. The apoB protein is found on the surface of harmful lipoproteins like low density lipoprotein, or LDL, that contribute to heart disease. Since each one of the harmful particles contains one apoB molecule, testing for it essentially captures the overall number of harmful plaque-producing compounds.” * * *
- “ApoB testing is hot among health influencers and increasingly touted in the commercial blood testing market. Recently, the Sweetgreen salad chain — which has tied itself to anti-seed-oil influencers — launched a collaboration with the testing company Function Health and is promoting apoB screening along with its menus.
- “Dr. Michael Shapiro, a preventive cardiologist and the chair of the American Heart Association Council on Lipidology, Lipoprotein, Metabolism & Thrombosis, said that he typically uses an apoB test in select patients.” * * *
- “In some cases, insurance may cover the test. If not, it typically costs around $70 at a lab.
- “There aren’t clear guidelines for what target apoB levels should be. In healthy people, apoB values less than 90 mg/dL are typically considered acceptable, with some saying lower targets closer to 70 mg/dL may be more optimal for preventing heart disease.”
MedPage calls attention to
- “Most women said they preferred clinic-based cervical cancer testing over at-home self-sampling, with demographics and life experiences shaping those preferences, a cross-sectional study indicated.
- “In a nationally representative survey, 20.4% of women said they would prefer to do their own at-home self-sampling for cervical cancer screening, while 60.8% said they prefer clinic-based testing and 18.8% said they were uncertain on their preference, reported Sanjay Shete, PhD, of the University of Texas MD Anderson Cancer Center in Houston, and colleagues in JAMA.
- “The survey showed that women who had experienced prejudice or discrimination while receiving medical care had higher odds of preferring self-sampling at home (adjusted OR 1.94, 95% CI 1.16-3.22), while Black women had lower odds of preferring at-home self-sampling compared with their white peers (aOR 0.45, 95% CI 0.21-0.96).
- “When women were asked why they preferred at-home self-sampling, privacy was the most common reason (54.9%), followed by time constraints (35.1%) and fear of embarrassment (33.4%).”
and
- “The CDC’s Advisory Committee on Immunization Practices recently voted to stop recommending a universal dose of the hepatitis B vaccine at birth.
- “An evidence review found that universal hepatitis B vaccination at birth is safe, effective, and protective for individual and public health.
- “There was no improvement in safety or effectiveness with a delayed first dose of the hepatitis B vaccine.”

Per Genetic Engineering and Biotechnology News,
- “In a study using gut microbiome samples from over 11,000 people across 39 countries, a single group of bacteria (CAG-170) has been found in higher numbers in the gut microbiomes of healthy people. CAG-170 remain unculturable in the lab, and are only identifiable from their genetic fingerprints.
- “Further analysis of CAG-170 revealed the bacteria have the capacity to produce high levels of Vitamin B12 and enzymes that break down a wide range of carbohydrates, sugars, and fibers in our gut. The researchers suggest that Vitamin B12 supports other species of gut bacteria, rather than supporting the humans whose guts it is being produced in. CAG-170 could, in the future, be used as an indicator of our gut microbiome health or serve as the basis for the development of probiotics specifically designed to support and maintain healthy levels of CAG‑170 in the gut.”

Per Cardiovascular Business,
- “An oral PCSK9 inhibitor from Merck is associated with significant reductions in low-density lipoprotein (LDL) cholesterol, according to new data published in The New England Journal of Medicine.[1] All PCSK9 inhibitors on the market today are injectable—an oral option that does not require needles could make a major impact on patient care.
- “Fewer than half of patients with established atherosclerotic cardiovascular disease currently reach LDL cholesterol goals,” lead author Ann Marie Navar, MD, PhD, an associate professor of cardiology at the University of Texas Southwestern Medical Center in Dallas, said in a statement. “An oral therapy this effective has the potential to dramatically improve our ability to prevent heart attacks and strokes on a population level.”
- “Back in November, researchers presented initial findings from this study at the American Heart Association’s Scientific Sessions 2025 conference. Now, however, the analysis can be read in full.
- “The CORALreef Lipids trial focused on nearly 3,000 heart patients with high LDL cholesterol who were randomized to either receive enlicitide, Merck’s experimental oral PCSK9 inhibitor, or a placebo. Two patients received the new drug for every one patient treated with a placebo.”

Per Radiology Business,
- “A new MRI-specific artificial intelligence tool could significantly improve the diagnosis of neurological conditions in busy settings.
- “Developed by researchers at the University of Michigan, the tool can read brain scans in just seconds. The tool, named Prima, is a video language model that can simultaneously process video, images and text in real time. Experts involved in its development are hopeful it can help address the rising imaging volumes.
- “As the global demand for MRI rises and places significant strain on our physicians and health systems, our AI model has potential to reduce burden by improving diagnosis and treatment with fast, accurate information,” said senior study author Todd Hollon, MD, a neurosurgeon at U-M Health.
- “Researchers trained Prima using more than 200,000 MRI exams collected at the university over several decades. Imaging data were included alongside patients’ medical histories and clinical indications for the scans. The team tested the model on more than 30,000 brain studies over a one-year period. Unlike earlier AI tools that focus on just one disease, Prima was designed to analyze all available imaging and clinical information at once, similar to how a radiologist reviews a case, giving it broad applicability.”

From the U.S. healthcare business front,

Healthcare Dive reports,
- “Kaiser Permanente nearly tripled its operating income last year, even as the integrated healthcare conglomerate weathered rising expenses.
- “Kaiser, which recorded results alongside its subsidiary Risant Health, recorded operating income of $1.4 billion last year, up from $569 million in 2024 as the nonprofit continued to invest in operational improvements, according to earnings results released last week.
- “Still, expenses rose by more than $11 billion last year as Kaiser said rising medication costs and other line items made providing care more expensive.”

Beckers Hospital Reviews identifies eleven rapidly growing health systems.

BioPharma Dive relates,
- “Eli Lilly will acquire biotechnology startup Orna Therapeutics, saying Monday it will pay up to $2.4 billion to buy the privately owned company and a technology able to reprogram immune cells within the body.
- “The Indiana-based drugmaker didn’t disclose how much upfront cash it’s shelling out for Orna, which specializes in “circular” RNA medicines that are believed to be more stable and easier to pair with the lipid nanoparticles used for delivery. But it noted in its statement that it intends to use Orna’s technology to develop cell therapies for autoimmune conditions.
- “In announcing the deal, Lilly cited its interest in Orna’s lead project, which instructs immune cells to latch onto B cells that are attacking patients’ tissue in inflammatory diseases. The company presented data from preclinical studies at the American Society for Hematologymeeting in December that it’s using to support advancing into Phase 1 studies.”
and
- “Japan’s largest drug company is teaming up with an artificial intelligence specialist to find new medicines for cancer and other diseases, through a deal that could be worth more than $1.7 billion.
- “Announced Monday, the multiyear collaboration grants Takeda Pharmaceutical access to two technologies at Iambic Therapeutics. The first is an AI-driven platform used to discover and develop new drugs. The second is a model meant to predict how proteins will interact with certain receptors.
- “The companies haven’t disclosed the deal’s upfront cost, nor any specific disease targets. The focus, though, will be on small molecule drugs for cancers and conditions rooted in the digestive or immune systems. Iambic will get milestone payments based on the partnership’s level of success, and is also eligible to receive royalties on net sales of any products it generates.”

Per Beckers Payer Issues,
- “Patients who take advantage of zero-cost preventive screenings see better health outcomes and reduced spending, according to January research from BCBS Association and Blue Health Intelligence.
- “The groups reviewed claims data of BCBS members with breast or colorectal cancer. The research pointed to lower likelihood of invasive tests and treatment.
- “Eighty-one percent of members who were diagnosed with colorectal cancer through a preventive screening were classified in an early stage, compared to a 73% rate overall. For breast cancer, that figure was 86% during preventive screening. The early-stage rate was 82% overall.”

Per an Institute of Clinical and Economic Review news release,
- “The Institute for Clinical and Economic Review (ICER) today posted its revised Evidence Report assessing the comparative clinical effectiveness and value of sibeprenlimab (Voyxact®, Otsuka Holdings Co., Ltd.), atacicept (Vera Therapeutics, Inc.), and delayed-release budesonide (“Nefecon”, Tarpeyo®, Calliditas Therapeutics AB) for IgA nephropathy.
- “IgA nephropathy has historically been thought of as a relatively benign form of kidney disease, but it has become increasingly recognized that it frequently progresses to end-stage kidney disease,” said ICER’s Chief Medical Officer, David Rind, MD. “Management of progressive disease has typically included treatments targeted at B-cells, but such therapies, such as systemic glucocorticoids, have serious side effects. New therapies offer the possibility of better outcomes with fewer harms.”
- “This Evidence Report will be reviewed at a virtual public meeting of the CTAF on February 26, 2026. The CTAF is one of ICER’s three independent evidence appraisal committees comprising medical evidence experts, practicing clinicians, methodologists, and leaders in patient engagement and advocacy.
- “Register here to watch the live webcast of the virtual meeting.”

Cybersecurity Saturday

David Ermer–Cybersecurity, Generative AI, Uncategorized–February 7, 2026February 7, 2026

From the cybersecurity policy front,

The Wall Street Journal reports,
- “After months of partisan wrangling, a temporary extension on Tuesday of legislation aimed at encouraging firms to share cyberattack intelligence with Washington might be too little, too late for corporate cybersecurity leaders.
- “The seesaw effect we saw last year has eroded the trust that intel sharing needs to be built on,” said Timothy Youngblood, an investor who led cybersecurity teams at T-Mobile, McDonald’s and Kimberly-Clark. Before providing sensitive details of a data breach or ransomware attack, companies need to be assured “they will not have the information used against them,” Youngblood said.
- “The Cybersecurity Information Sharing Act, or CISA, provides liability and antitrust protections for companies that share attack data with federal agencies. Created in 2015 with a 10-year sunset clause, the act lapsed twice over the past four months as lawmakers clashed over proposed revisions. It was extended this week [to September 30, 2026] as part of a broader spending bill approved by Congress and signed by President Trump.
- “But an eight-month shelf life—and on-again off-again status—is unlikely to encourage hacked companies to risk legal or reputational damage by sharing sensitive data, especially in the wake of costly downtime, cybersecurity experts said. Staffing and resource cuts over the past year at the federal Cybersecurity and Infrastructure Security Agency, which shepherds private-public intelligence sharing, is adding to their concerns, they said.
- “Temporary extensions are Band-Aids,” said Kevin Greene, public sector chief cybersecurity technologist at security firm BeyondTrust. Prolonged uncertainties, he said, will “absolutely create some friction in information sharing.”

Cyberscoop relates,
- “The Trump administration needs help from industry to reduce the cybersecurity regulatory burden and to back important cyber legislation on Capitol Hill, among other areas, National Cyber Director Sean Cairncross said Tuesday.
- “You know your regulatory scheme better than I do: Where there’s friction, where there’s frustration with information sharing, what sort of information is shared, the process through which it’s shared,” he said. “It is helpful for us to hear that and have that feedback so that we can address it, engage it and try to make it better.”
- “The Trump administration is interested in being a partner with industry rather than a “scold,” Cairncross said at an Information Technology Industry Council event. The Biden administration sought to impose more cybersecurity rules on the private sector than prior administrations.”

Cybersecurity Dive adds,
- “Cairncross’s comments come as the White House prepares to unveil its five-page national cybersecurity strategy, which will focus heavily on streamlining regulations to reduce the burden on industry, including critical infrastructure organizations.
- “The White House wants to revise the current patchwork of cybersecurity regulations “so that form follows function rather than [the rules being] a compliance checklist,” said Cairncross, who has led the relatively new Office of the National Cyber Director since August.” * * *
- “Cairncross did not provide a timeline for the strategy’s release, but he said the White House would publish it “sooner rather than later.” The goal of the brief document, he explained, is “to point a direction for the USG to go so resources and effort can be lined up.”
and
- “Governments should work closely with the private sector when designing and detailing their national cybersecurity strategies, a prominent think tank said in a report published on Monday.
- “Active participation from the private sector, particularly large technology, telecommunications, and cybersecurity firms, is critical throughout the strategy’s development,” the Center for Cybersecurity Policy and Law (CCPL) said in its white paper. “The private sector can help not only support but also deliver on the government’s cybersecurity objectives and is key to a secure and resilient nation.”
and
- “The Trump administration is making progress on creating an information sharing and analysis center for the AI industry to improve its ties with the government as AI cyber threats proliferate, a U.S. official said on Tuesday.
- “The administration is absolutely committed to making sure that we’re supporting this industry, making sure that we’re going to foster information sharing,” Nick Andersen, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency, said during a talk at an event hosted by the Information Technology Industry Council. “We just want to make sure we take the opportunity to get that relationship right.”

Federal News Network shares five updates on the Trump Administration’s cybersecurity agenda.
- Six-pillar national cyber strategy
- CIRCIA update
- AI-ISAC in development
- AI security policy framework
- CIPAC replacement coming soon?

DefenseScoop notes,
- “Marine Corps Maj. Gen. Lorna Mahlock was confirmed by the Senate on Friday evening [January 30] as deputy commander of U.S. Cyber Command, where she could have an outsized influence as the organization prepares for new leadership and other major changes.
- “She was nominated for the position by President Donald Trump.
- “Her Senate confirmation, which happened via voice vote, means she’ll also pin on a third star and become a lieutenant general.
- “Mahlock brings deep cyber knowledge and background to her new role.”

Per Cybersecurity Dive,
- “The Federal Communications Commission is warning telecommunications companies to regularly patch their systems, enable multifactor authentication and segment their networks to avoid falling victim to ransomware attacks.
- “Recent events show that some U.S. communications networks are vulnerable to cyber exploits that may pose significant risks to national security, public safety, and business operations,” the FCC’s Public Safety and Homeland Security Bureau said in a Jan. 29 alert.”

From the cybersecurity vulnerabilities and breaches front.

Cyberscoop reports,
- “Cybersecurity and Infrastructure Security Agency order published Thursday [February 4, 2026] directs federal agencies to stop using “edge devices” like firewalls and routers that their manufacturers no longer support.
- “It’s a stab at tackling one of the most persistent and difficult-to-manage avenues of attack for hackers, a vector that has factored into some of the most consequential and most common types of exploits in recent years. New edge-device vulnerabilities surface frequently.
- “Under the binding operational directive CISA released Thursday, federal civilian executive branch (FCEB) agencies must inventory edge devices in their systems that vendors no longer support within three months, and replace those on a dedicated list with supported devices within one year.”

The American Hospital Association News tells us,
- “The National Institute of Standards and Technology Feb. 2 published details on a critical vulnerability that impacted Notepad++, a free, open-source text and source code program widely used by several industries, including health care. The vulnerability impacted an update component affecting iterations of the program prior to version 8.8.9, and allowed attackers to gaining access to and disrupt the update process. According to the program’s developer, attacks that occurred from June to November 2025 were likely executed by a sophisticated nation-state threat actor.”

Cybersecurity Dive informs us,
- “Cybercrime “began its shift toward an AI-driven future” in 2025, the security firm Malwarebytes said in a report published Tuesday that charted AI’s influence on the rapidly growing hacking ecosystem.
- “AI is making cyberattacks faster and more effective through deepfakes, vulnerability discovery, autonomous ransomware attacks and growing connectivity between AI models and penetration testing tools, according to the report.
- “Malwarebytes urged businesses to “shrink their attack surfaces, harden identity systems, close blind spots, accelerate remediation, and adopt continuous monitoring.”
and
- “Hackers working for an Asian government have breached at least 70 government agencies and critical infrastructure organizations in 37 countries over the past year as part of an espionage campaign likely aimed at collecting information about rare earth minerals, trade deals and economic partnerships, Palo Alto Networks said in a reportpublished on Thursday.
- “While this group might be pursuing espionage objectives,” researchers with the company’s Unit 42 group wrote in the report, “its methods, targets and scale of operations are alarming, with potential long-term consequences for national security and key services.”
- “The security firm provided indicators of compromise and described the threat actor’s techniques and infrastructure.”

CISA added six known exploited vulnerabilities to its catalog this week.
- February 3, 2026
  - CVE-2021-39935 GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability
    - Cyber Press discusses this KVE here.
  - CVE-2025-40551 SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
    - Cybersecurity Dive discusses this KVE here.
  - CVE-2019-19006 Sangoma FreePBX Improper Authentication Vulnerability
  - CVE-2025-64328 Sangoma FreePBX OS Command Injection Vulnerability
    - The Hacker News discusses these KVEs here.
- February 5, 2026
  - CVE-2025-11953 React Native Community CLI OS Command Injection Vulnerability
    - Security Wek discusses this KVE here.
  - CVE-2026-24423 SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability
    - Bleeping Computer discusses this KVE here.

Dark Reading points out, “CISA Makes Unpublicized Ransomware Updates to KEV Catalog
- “A third of the “flipped” CVEs affected network edge devices, leading one researcher to conclude, ‘Ransomware operators are building playbooks around your perimeter.'”

Cyberscoop adds,
- “Attackers are again focusing on a familiar target in the network edge space, actively exploiting two critical zero-day vulnerabilities in Ivanti software that allows administrators to set mobile device and application controls.
- “The vulnerabilities — CVE-2026-1281 and CVE-2026-1340 — each carry a CVSS rating of 9.8 and allow unauthenticated users to execute code remotely in Ivanti Endpoint Manager Mobile (EPMM). Ivanti did not say when the earliest known date of exploitation occurred but warned that a “very limited number of customers” were attacked before it disclosed and addressed the defects Thursday [January 29, 2026]. * * *
- “The Cybersecurity and Infrastructure Security Agency has flagged 31 Ivanti defects on its known exploited vulnerabilities catalog since late 2021. At least 19 defects across Ivanti products have been exploited in the past two years.
- “The agency added CVE-2026-1281 to the catalog Thursday, but not CVE-2026-1340. Both defects have been exploited, according to watchTowr. Yet, a spokesperson for Ivanti said the vulnerabilities have not been chained together for exploitation.
- “The latest code-injection vulnerabilities demonstrate attackers are focusing on EPMM in particular of late. Ivanti disclosed a separate pair of vulnerabilities in the same product in May 2025.”

Cybersecurity Dive informs us,
- “Two months after a critical vulnerability was disclosed in React Server Components, researchers warn of a significant change in threat activity targeting the flaw.
- “The original vulnerability, tracked as CVE-2025-55182, allows an unauthenticated attacker to achieve remote code execution due to unsafe deserialization of payloads.
- “The initial wave of attacks in December led to hundreds of systems being compromised as state-linked threat groups and other actors engaged in widespread exploitation. The vulnerability, dubbed React2Shell, has been targeted in a wide range of industries since it was discovered in late November.
- “Researchers from GreyNoise on Monday reported a distinctive change over the prior seven days, as more than half of the threat activity now emanated from only two IP addresses, according to a blog post. Before the change, there were 1,083 unique sources linked to threat activity, according to researchers.
- “GreyNoise said its sensors detected more than 1.4 million attempts to exploit CVE-2025-55182 during the seven-day period.
- “Researchers warned the exploitation appears to be focused on the developer community.”

Per Dark Reading,
- “Threat actors are using a forensic tool’s Windows kernel driver to kill security products, despite the fact the driver’s digital certificate was revoked more than a decade ago.
- “In a blog post Wednesday, security researchers at Huntress detailed how the company responded to an intrusion earlier this month in which the threat actor used compromised SonicWall SSL VPN credentials for initial access to the victim’s network. But the real kicker was how the attacker avoided detection: they weaponized the Windows kernel driver of a legitimate forensic toolset called EnCase to disable security products across the network.”
- “The attack technique is known as bring-your-own-vulnerable-driver (BYOVD), which involves taking advantage of the elevated privileges and kernel-level access of a driver to terminate security processes before an intrusion is detected. Threat actors have increasingly used drivers to disable endpoint detection and response (EDR) platforms, often in ransomware attacks; these tools are commonly known as EDR killers.”
Per SC Media,
- “More than 300 malicious OpenClaw skills hosted on ClawHub spread malware including the Atomic macOS Stealer (AMOS), keyloggers and backdoors, Koi Security reported Sunday.
- “OpenClaw, formerly known as Moltbot and Clawdbot, is an open-source AI agent that has recently gained significant popularity as a personal and professional assistant.
- “ClawHub is an open-source marketplace for OpenClaw “skills,” which are tools OpenClaw agents can install to enable new capabilities or integrations.
- “Koi Security Researcher Oren Yomtov discovered the malicious skills in collaboration with his own OpenClaw assistant named Alex, according to Koi Security’s blog post, which is written from Alex’s perspective.
- “Yomtov and Alex audited all 2,857 skills available on ClawHub at the time of their investigation, and discovered that 341 were malicious, with 335 seemingly tied to the same campaign.”

Per Security Week,
- “The big takeaway from 2026 onward is the arrival and increasingly effective use of AI, and especially agentic AI, that will revolutionize the attack scenario. The only question is how quickly.
- ‘Michael Freeman, head of threat intelligence at Armis, predicts, “By mid-2026, at least one major global enterprise will fall to a breach caused or significantly advanced by a fully autonomous agentic AI system.”
- “These systems, he continues, “use reinforcement learning and multi-agent coordination to autonomously plan, adapt, and execute an entire attack lifecycle: from reconnaissance and payload generation to lateral movement and exfiltration. They continuously adjust their approach based on real-time feedback. A single operator will now be able to simply point a swarm of agents at a target.”

From the ransomware front,

Bleeping Computer reports today,
- “A major U.S. payment gateway and solutions provider says a ransomware attack has knocked key systems offline, triggering a widespread outage affecting multiple services.” * * *
- “BridgePay Network Solutions confirmed late Friday that the incident disrupting its payment gateway was caused by ransomware.
- “In an update posted Feb. 6, the company said it has engaged federal law enforcement, including the FBI and U.S. Secret Service, along with external forensic and recovery teams.
- “Initial forensic findings indicate that no payment card data has been compromised,” the company said, adding that any accessed files were encrypted and that there is currently “no evidence of usable data exposure.”
The Rhode Island Current tells us,
- “A state vendor and major provider of workers’ compensation insurance in Rhode Island confirmed it was the victim of a cyberattack in January.
- “The Beacon Mutual Insurance Company posted about the Jan. 14 incident to its website around noon Thursday, following inquiries from Rhode Island Current earlier in the day. The requests for comment were prompted by Beacon’s appearance on public websites that list and track recent reports of ransomware — a genre of malware characterized by making users’ files encrypted and inaccessible unless they pay a price.
- “Yes, this was a ransomware attack,” Michelle N. Pelletier, the assistant vice president of marketing and communications at the Warwick company, confirmed over email late Thursday afternoon.
- “But Pelletier added that not all was lost, and that the company’s production environment — or the live systems that users interact with directly — remained safe from harm.
- “Fortunately, our production environment was not encrypted, and we were able to resume normal operations on January 20,” Pelletier wrote.”

Security points out,
- “If battling ransomware isn’t challenging enough, these attacks have undergone a significant metamorphosis, with attackers shedding their encryption-based model for one of pure exfiltration. The result? A more stealthy, discreet approach that successfully bypasses traditional defenses to snatch sensitive data and employ a double or triple extortion scheme.
- “With pure exfiltration, businesses don’t realize they’re a victim until it’s too late.”

Security Week adds,
- “Data allegedly pertaining to over 5 million Panera Bread customers has emerged online after hackers failed to extort the US bakery-cafe chain.
- “The ShinyHunters extortion group has claimed the theft of roughly 14 million records from Panera Bread, after compromising a Microsoft Entra single-sign-on (SSO) code.
- “The attack falls in line with recent ShinyHunters attacks that rely on voice phishing (vishing) and SSO authentication to access victim organizations’ cloud-based software-as-a-service (SaaS) environments.
- “Last week, ShinyHunters published on its Tor-based leak site a 760GB archive allegedly containing the sensitive information stolen from Panera Bread.
- “According to the data breach notification site Have I Been Pwned, the data was leaked after the hackers failed to extort the food chain.
- “The archive includes 5.1 million unique email addresses and likely impacts as many Panera customers. Associated information such as names, addresses and phone numbers was also present in the leak.”

Security.com lets us know,
- “A recent Black Basta attack campaign was notable because the ransomware contained a bring-your-own-vulnerable-driver (BYOVD) defense evasion component embedded within the ransomware payload itself.
- “Normally the BYOVD defense evasion component of an attack would involve a distinct tool that would be deployed on the system prior to the ransomware payload in order to disable security software. However, in this attack, the vulnerable driver (an NsecSoft NSecKrnl driver) was bundled with the ransomware itself.
- “BYOVD is by far the most frequently used technique for defense impairment these days. Generally, attackers will deploy a signed vulnerable driver to the target network, which they then exploit to elevate privileges and disable security software. Since the vulnerable drivers operate with kernel-mode access, they can be used to terminate processes, making them an effective tool for disrupting security measures. In most cases, the vulnerable driver is deployed along with a malicious executable, which will use the driver to issue commands.”

Bleeping Computer relates,
- “Ransomware operators are hosting and delivering malicious payloads at scale by abusing virtual machines (VMs) provisioned by ISPsystem, a legitimate virtual infrastructure management provider.
- “Researchers at cybersecurity company Sophos observed the tactic while investigating recent ‘WantToCry’ ransomware incidents. They found the attackers used Windows VMs with identical hostnames, suggesting default templates generated by ISPsystem’s VMmanager.
- “Diving deeper, the researchers discovered that the same hostnames were present in the infrastructure of multiple ransomware operators, including LockBit, Qilin, Conti, BlackCat/ALPHV, and Ursnif, as well as various malware campaigns involving RedLine and Lummar info-stealers.”

Per Dark Reading,
- “The operators of DragonForce, a ransomware-as-a-service outfit that first surfaced in 2023, appear to be drawing heavily from the organized crime playbook, creating a cartel and attempting to bring mafia-style territorial organization — and a bit of muscle — to the ransomware ecosystem.
- “A detailed analysis by LevelBlue showed the group has recently shifted its business model to one where customers — or affiliates — of its service can create their own brands while still operating under a blossoming DragonForce cartel umbrella.” * * *
- “DragonForce has established itself as a relatively major player in the ransomware ecosystem since launching activities in 2023. Though not as big as rivals like Akira and Qilin, it has commanded some attention for its aggressive marketing and outreach. As of July 2025, the company had notched at least 250 victims based on its data leak site, according to Check Point Research.”

From the cybersecurity defenses front,

Cyberscoop reports,
- “Following a series of high-profile cyberattacks, boards of directors are now requiring their organizations to take greater responsibility for the risks posed by enterprise resource planning (ERP) systems pose after a series of high-profile cyberattacks. The Jaguar Land Rover (JLR), incident in Sept. 2025 illustrates the severe consequences of such attacks. The cyberattack forced JLR to halt production for six weeks, making it the costliest cyberattack in Britain’s history. The company’s revenue declined 24 percent that quarter, accounting for potentially over a $1.2 billion drop in earnings, and subsequently reported a 43.3% wholesale sales volume drop the following quarter.
- “For decades, organizations have treated ERP systems like SAP as back-office workhorses. However, the JLR incident—carried out by executed by the cybercrime group ShinyHunters —has thrust ERP systems into the spotlight. That shift in attention is critical: today, 90% of the Fortune 500 use SAP, making these systems “crown jewel” assets that require the highest level of protection.
- “The threat is escalating. A recent Google Cloud Security report forecasts that ransomware operations specifically designed to target critical enterprise applications such as ERP systems will emerge in 2026, forcing organizations to make quick ransom payments and sacrifice business resilience.
- “In our roles as board members, advisers, and cybersecurity CEOs, we’re witnessing a fundamental shift in how organizations approach ERP security: the conversation has moved from compliance to survival. Organizations are grappling with critical question: Who owns the risk? What is our recovery time? Can we patch critical ERP vulnerabilities within 72 hours? Do we have visibility inside the application?”

Help Net Security explains where NSA zero trust guidance aligns with enterprise reality.

This HHS Inspector General’s report points out “Security Controls to Enhance Its Ability to Prevent and Detect Cyberattacks.”

Tech Target describes “five steps to ensure HIPAA compliance on mobile devices.”

Here is a link to Dark Reading’s CISO Corner.

Friday report

David Ermer–CDC, Congress, COVID-19, FDA, Generative AI, Rx coverage, U.S. Healthcare–February 6, 2026February 7, 2026

From Washington, DC

The Wall Street Journal reports,
- “Mehmet Oz arrived on Capitol Hill last week to pitch Republicans on an idea to codify into law President Trump’s drug-pricing model, which ties U.S. pharmaceutical costs to lower prices typically paid abroad.
- “Oz, the Centers for Medicare and Medicaid Services administrator, could sense the skepticism from GOP senators—members of the Finance Committee—as they raised concerns about industry backlash and a potential chilling effect on innovation.
- “You read the room,” Oz said in an interview. “When’s the right time to tell them they need to do something different?”
- “The move marked the opening effort of the administration’s push to advance the president’s planahead of the midterm elections, as healthcare costs have become a top voter concern. While Trump has proposed sending money directly to Americans through Health Savings Accounts to ease those costs, that discussion was absent from Oz’s talks with Republicans, he said.
- “That’s not the most important issue for us,” said Oz, the former television host and celebrity surgeon widely known as Dr. Oz. He emphasized making sure that pricing deals reached under Trump with more than a dozen pharmaceutical companies endure beyond his time in office.”
and
- “The White House on Thursday launched its drug-pricing website, dubbed TrumpRx, the culmination of efforts by the administration to bring down pharmaceutical costs for some consumers.
- “When it launched, it had roughly 40 drugs available, including obesity treatments Novo Nordisk’s Wegovy and Eli Lilly’s Zepbound and infertility treatments such as Gonal-F from EMD Serono. The prices for the drugs on TrumpRx were generally much lower than their sticker price, with President Trump touting some discounts of hundreds of dollars a month. The website, TrumpRx.gov, allows customers to search for specific medicines and purchase them through a manufacturer’s direct-to-consumer site, or in some cases gives users coupons that they can present at certain pharmacies.” * * *
- “The website likely won’t have a substantial impact on the amount most Americans pay for their prescriptions, as most of Americans are insured—either through private or government plans—and are likely to get a better deal on the drugs via their coverage. The roughly 27 million Americans who are uninsured are those most likely to benefit from the direct-to-consumer offerings.”
Here is a link to the White House’s fact sheet on TrumpRx.

Govexec tells us,
- “The U.S. Postal Service on Thursday reported that it experienced a net loss of nearly $1.3 billion in the first quarter of fiscal 2026, as there continues to be a lack of consensus among postal leaders, stakeholders and lawmakers about how to fix the agency’s longstanding financial challenges.
- “Officials attributed the loss to a $634 million increase to workers’ compensation, among other spending hikes, paired with a $264 million reduction in operating revenue. In comparison, USPS saw a net income of $144 million during the first quarter of fiscal 2025.
- “USPS, however, experienced a net loss of $9 billion in fiscal 2025, and officials have projected that the postal agency will continue to operate in the red for fiscal 2026.
- “At a USPS Board of Governors meeting on Thursday, Postmaster General David Steiner and the board reiterated their argument that legislative and administrative reforms, such as raising the postal agency’s $15 billion statutory debt limit, are necessary to reverse these losses.”

From the Food and Drug Administration front,

Fierce Pharma reports,
- “With online health and wellness company Hims & Hers opening a new front in the GLP-1 compounding showdown Thursday, the United States’ top drug regulator has taken notice.
- “FDA will take swift action against companies mass-marketing illegal copycat drugs, claiming they are similar to FDA-approved products,” FDA commissioner Marty Makary, M.D., said in a Feb. 5 post on X. “The FDA cannot verify the quality, safety, or effectiveness of non-approved drugs.”
- “Makary’s comments mark a clear and sharp rebuttal to Hims’ announcement earlier in the day that it had launched a compounded version of Novo Nordisk’s new Wegovy (semaglutide) pill for obesity, which starts at just $49 per month.”
and
- “The FDA removed a prior “limitations of use” restriction it had placed on Gilead Sciences’ CAR-T Yescarta, allowing it to be used in patients with relapsed or refractory (R/R) primary central nervous system lymphoma (PCNSL).
- “Yescarta is approved for R/R large B-cell lymphoma, but previously wasn’t permitted to treat those with the rare, fast-growing PCNSL subtype. Prognoses related to this disease, which originates in the brain, spinal cord, eye, or cerebrospinal fluid, are typically poor, with a five-year survival rate of about 30%. The cancer type has no standard-of-care treatment options and an estimated 1,500 cases are diagnosed annually in the U.S.
- “Dana-Farber Cancer Institute ran a phase 1 study to evaluate the safety of Yescarta in patients with PCNSL, as those with the disease had previously been excluded from the clinical trials supporting Yescarta’s initial approval, global head of development at Gilead’s Kite unit, Gallia Levy, M.D., Ph.D. explained in a company release.”

MedTech Dive relates,
- “Johnson & Johnson is recalling certain Cerepak detachable coil systems due to a higher-than-expected failure to detach rate that has been associated with four serious injuries and one death. The events were reported as of Oct. 14.
- “The failure to detach could result in hemorrhagic and ischemic stroke, procedural delays or the need for additional surgical intervention, according to the Food and Drug Administration, which posted the recall on Thursday.
- “J&J issued a letter to customers on Oct. 2 recommending they remove certain Cerepak products from where they are used or sold.”

Cardiovascular Business tells us,
- “Zydus Pharmaceuticals, a New Jersey-based distributor of generic drugs, has recalled nearly 23,000 bottles of its icosapent ethyl capsules due to leakage issues that may have weakened their effectiveness. The prescription-strength capsules were manufactured by Softgel Healthcare in India and are sold in the United States as a more affordable option to name-brand treatment options.
- “Icosapent ethyl is primarily used to help treat patients with high triglyceride levels in their blood. Taken together with a statin, it can also help significantly reduce the risk of heart attack, stroke or other cardiac complications in certain patient populations.
- “Use of the affected product may lead to inconsistent therapeutic effects and an increase in potential gastrointestinal side effects in some patients,” according to the Food and Drug Administration (FDA).”

From the judicial front,

Fierce Healthcare reports,
- “The Department of Health and Human Services has officially backed down on its halted 340B Rebate Model Pilot Program, telling the courts this week that it plans to pull relevant notices and application approvals.
- “Lawyers for the government and plaintiffs who sued to block the program—several hospitals and hospital groups including American Hospital Association (AHA)—filed Thursday afternoon in the U.S. District Court for the District of Maine a joint motion for vacatur and remand.
- “The filing acknowledged the preliminary injunction plaintiffs had secured and the government’s failed bid to have the the temporary pause overturned by the appellate court. Both reflected judges’ belief that the hospitals were likely to succeed on the merits of their claims based on at least two administrative issues—”a failure to provide a reasonable explanation or address significant reliance interests and a failure to consider relevant costs.”
- “As such, HHS does not believe providing more administrative documents to the court would change any decisions, according to the joint motion.”

The Wall Street Journal relates,
- “Luigi Mangione will face murder and weapons charges in a Manhattan court in June for the killing of UnitedHealthcare CEO Brian Thompson, three months before jury selection in his federal trial for crimes related to the same killing.
- “New York state court Judge Gregory Carro set a June 8 trial date during a snap hearing Friday, prompting an outburst from Mangione, who claimed he was being denied double-jeopardy protections.” * * *
- “The Manhattan district attorney’s office argued the state case should go first because the killing occurred in Manhattan and local prosecutors—working with many NYPD detectives—led the investigation that resulted in Mangione’s arrest.
- “The State has an overriding interest in trying this defendant for the cold-blooded execution of Brian Thompson on December 4, 2024. It resulted in the tragic death of a guest to our city on our streets,” Assistant District Attorney Joel Seidemann said in a letter to the judge.”

From the public health and medical / Rx research front,

The Centers for Disease Control and Prevention announced today,
- “Seasonal influenza activity remains elevated nationally with most areas of the country reporting stable or decreasing trends. Emergency department visits are stable and highest among children 5-17 years. Hospitalizations trends continue to decrease overall and are highest among those 65 years and older. RSV activity is elevated in many areas of the country. Emergency department visits for RSV are highest among infants under 1 year and children 1-4 years old. RSV hospitalizations are highest among infants less than 1 year old.
- “COVID-19
  - COVID-19 activity is elevated in some areas of the country.
- “Influenza
  - “Seasonal influenza activity remains elevated nationally with most areas of the country reporting stable or decreasing trends; however, activity continues to increase in the Pacific Northwest.
  - “Additional information about current influenza activity can be found at: Weekly U.S. Influenza Surveillance Report | CDC
- “RSV
  - RSV activity is elevated in many areas of the country, including emergency department visits among infants under 1 year and children 1-4 years old. Hospitalizations are highest among infants less than 1 year old.
- “Vaccination
  - “National vaccination coverage for COVID-19, influenza, and RSV vaccines remains low for children and adults. COVID-19, influenza, and RSV vaccines can provide protection against severe disease this season. It is not too late to get vaccinated this season. Talk to your doctor or trusted healthcare provider about what vaccines are recommended for you and your family.

The University of Minnesota CIDRAP adds,
- “The effectiveness of this season’s flu vaccine in Canada is 40% against medically attended infection with influenza A(H3N2) viruses, 37% against newly emerged and predominant subclade K of the H3N2 strain, and 31% against the H1N1 influenza A strain, an interim analysis estimates.
- “Researchers from the Canadian Sentinel Practitioner Surveillance Network (SPSN) conducted the test-negative study, which evaluated samples from patients aged one year or older who had acute respiratory illness. Community-based sentinel health care providers in Alberta, British Columbia, Ontario, and Quebec collected the specimens from October 26, 2025, to January 10, 2026, and the findings were published yesterday in Eurosurveillance.”

The AP reports,
- “During the early years of the COVID-19 pandemic, experts worried that disruptions to cancer diagnosis and treatment would cost lives. A new study suggests they were right.
- “The federally funded study published Thursday by the medical journal JAMA Oncology is being called the first to assess the effects of pandemic-related disruptions on the short-term survival of cancer patients.
- “Researchers found that people diagnosed with cancer in 2020 and 2021 had worse short-term survival than those diagnosed between 2015 and 2019. That was true across a range of cancers, and whether they were diagnosed at a late or early stage.
- “Of course, COVID-19 itself was especially dangerous to patients already weakened by cancer, but the researchers worked to filter out deaths mainly attributed to the coronavirus, so they could see if other factors played a role.”

Healio informs us,
- “As the number of home hazards increased, so did the effect of visual function on the odds of falling.
- “Home safety evaluations and environmental adaptations could be helpful for adults with low vision.”
and
- “Use of SGLT2 inhibitors was associated with lower 5-year risk for chronic kidney disease and AKI compared with GLP-1 receptor agonists for adults with type 2 diabetes, according to data published in JAMA Internal Medicine.”

Radiology Business lets us know;
- “New research suggests that photon-counting computed tomography scans outshine conventional contrasted chest CT for follow-up imaging of lung cancer.
- “Patients who have been diagnosed with the disease require routine imaging to monitor treatment effectiveness and ensure their cancer has not progressed or recurred. This is typically done via standard contrast-enhanced CT scans. Though effective, the standard of care comes with caveats, including increased exposure to both radiation and contrast media. What’s more, image quality can vary based on patient size, which can negatively affect lesion detection and characterization.
- “Experts believe that emerging photon-counting technology can help address these shortcomings. Published in RSNA’s flagship journal, Radiology, a new paper details numerous benefits photon-counting CT scans have over conventional CTs, including reduced radiation exposure and enhanced lesion visualization. Experts involved in the study went as far as to suggest that the advanced technology could replace conventional CTs in certain settings soon.”

Genetic Engineering and Biotechnology News observes,
- “If you zoomed in far enough on a new experimental HIV vaccine, you wouldn’t see the usual protein shell that most vaccines rely on. Instead, you’d find tiny geometric structures folded from strands of DNA—molecular origami designed not to be noticed at all. This “invisible” scaffold may be the key to awakening some of the rarest and most sought‑after cells in immunology: the B cells capable of maturing into broadly neutralizing antibody producers.
- “Many next‑generation vaccines use virus‑like particles (VLPs)—nanostructures that mimic the outer shape of a virus but contain no genetic material. By displaying many copies of a viral antigen on their surface, VLPs can activate B cells far more effectively than free‑floating proteins. The paper is titled “DNA origami vaccines program antigen-focused germinal centers,” and was published recently in Science.

From the U.S. healthcare business and artificial intelligence front,

Fierce Healthcare reports,
- “Centene is “laser-focused” on improving the performance of its Medicaid business following a difficult 2025.
- “CEO Sarah London told investors Friday morning on the company’s earnings call that the team made headway in this effort in later part of 2025, with it’s Q4 medical loss ratio of 93% on par with expectations set for analysts in October and showing notable improvement from the second quarter of 2025.
- “She said that utilization trend patterns seen in the third quarter largely carried into Q4, with behavioral health as the largest driver. Home health services and high-cost pharmaceuticals were also key factors in cost and utilization trends seen in the back half of the year, she said.
- “And while a spike in flu and other respiratory illnesses generated headlines late in the year, London said that utilization patterns in its Medicaid population were on par with expectations.
- “As an organization, we have been laser-focused on restoring our Medicaid business to sustainable profitability while maintaining our focus on quality outcomes for our members and the communities we serve,” London said.”
and
- “Molina Healthcare’s share price plunged on Friday as it posted a $160 million loss in the fourth quarter as well as guidance for 2026 that fell short of analysts’ expectations.
- “Shares in the company were down by about 28% at 11:30 a.m. ET, with its stock tumbling out of the gate at market open on Friday. By comparison, Molina earned $251 million in profit for the fourth quarter of 2024.
- “For the full year, Molina has posted $472 million in profit, down from $1.2 billion in 2024.
- “In the earnings report, Molina revealed that it will exit the Part D space in the 2027 plan year due to financial pressure, including Medicare Advantage prescription drug (MAPD) plans. The company will focus on its existing dual-eligible business in Medicare, according to the announcement.”

Healthcare Dive relates
- “Primary care physicians spend a significant amount of time on work in their electronic health records, even when they decrease the number of appointments they schedule with patients, according to new research published in Health Affairs.
- “Physicians who cut back appointments saw their visit volume decline by 32.6% compared with other doctors. But their EHR time fell by just 21.2% — meaning the number of minutes spent in their records systems actually increased per visit by more than 20%, according to the study.
- ‘Primary care physicians need to handle a lot of tasks outside appointments, like responding to patient messages, researchers wrote. So reducing visits doesn’t necessarily eliminate a host of EHR tasks — though it does have repercussions for physicians’ pay and patients’ access to care, they noted.”
and
- “Epic rolled out an artificial intelligence tool this week that drafts clinical notes, setting up the nation’s largest electronic health record vendor as a major competitor in the ambient scribe market.
- “AI Charting, part of Epic’s AI tool called Art geared toward clinicians, listens during patients’ appointments with providers and can suggest orders based on the conversation. The product also allows clinicians to personalize the note’s structure using voice commands, like asking the tool to format current conditions as a bulleted list, according to a press release.
- “Epic plans to expand beyond documentation to make the tool “an active assistant in the room,” Corey Miller, Epic’s vice president of research and development, said via email. “This is really just the start for Art,” he said.”

Fierce Healthcare adds,
- “Infinitus has launched a new suite of agentic artificial intelligence tools for healthcare payers that aim to improve member engagement through personalized communications.
- “Infinitus is an AI company that helps call centers better handle inbound call volumes. For payer organizations, pressured to control costs as call volumes rise and ratings of members demand a modern consumer experience, AI is positioned to solve both issues.
- “With the Agentic AI Member Services Suite, health plan members have 24/7 access to an AI agent that can answer simple administrative questions, onboard members, triage questions and navigate care. Through messaging and calling capabilities, Inifinitus’ AI agents can proactively reach out to patients and scale member services without adding team members.”
and
- “Aetna is continuing to build out its digital member experience with the launch of a new onboarding program designed to ease the process.
- “The insurer said Thursday that the platform will be available to 4 million new members during the welcome period for their enrollment. The program leads on Rich Communication Services, or RCS, to support navigation and connect members with key information and resources they may need after enrolling in a new plan through text messaging.
- “Nathan Frank, senior vice president and chief digital and technology officer for Aetna, told Fierce Healthcare that building trust with the member requires an end-to-end experience, and tech like the new onboarding program can play a key role in that effort.
- “Onboarding isn’t just about administration and signing people up and making sure that you have the right information,” he said. “It’s the moment when members decide whether their health plan feels simple, or is it overwhelming?”

Thursday report

David Ermer–Congress, FDA, Federal employment benefits, Generative AI, Medical / Rx research, OPM, Rx coverage, U.S. Healthcare–February 5, 2026February 5, 2026

From Washington, DC

Govexec reports,
- “The House Oversight and Reform Committee on Wednesday unanimously advanced legislation aimed at updating the federal government’s buyout programs to encourage employees to leave.
- “Voluntary Separation Incentive Payments are one of the government’s main tools for reducing agency headcounts, alongside Voluntary Early Retirement Authority and reductions in force. But VSIP offerings max out at $25,000, where the cap has sat since the 1990s.
- “The Federal Workforce Early Separation Incentives Act (H.R. 7256), introduced by Rep. Nick Langworthy, R-N.Y., would remove the $25,000 hard cap on VSIP payments and replace it with a maximum of six months of a federal worker’s salary, subject to agency head approval. The new model is based off how federal agencies already calculate severance pay for laid-off feds.
- ‘Langworthy said an update to the federal government’s buyout program was long-overdue, and that the changes will allow agencies to move more agilely—and humanely—in workforce planning.”

The Wall Street Journal relates,
- “The Trump administration is planning to make it easier to discipline—and potentially fire—career officials in senior positions across the government, a move that would affect roughly 50,000 federal workers.
- “The U.S. Office of Personnel Management, which oversees the federal workforce, issued a final rule on Thursday that creates a category of worker for high-ranking career employees whose work focuses on executing the administration’s policies. Workers who fall into that category would no longer be subject to rules that for decades have set a high bar for firing federal employees.
- “While political appointees at agencies are considered at-will employees who serve at the discretion of the president, career employees have long enjoyed strong job protections, including the ability to appeal firings, suspensions, or disciplinary action to an independent board. Workers that fall under the new category wouldn’t be able to appeal to the board.”

An OPM news release adds,
- “The final rule was published for public inspection in the Federal Register on February 5, 2026, and will take effect 30 days after publication. Following the rule’s effective date, specific positions may be placed in Schedule Policy/Career by presidential executive order. Read Director Kupor’s blog post on the rule here.”

Tammy Flanagan, writing in Govexec, points out “the federal leave options employees can use when annual and sick time run out.”
- “From unpaid leave to parental and military leave, federal workers have multiple options for time off under specific circumstances.”

STAT News informs us,
- “President Trump on Thursday night is planning to announce the launch of TrumpRx, the website that he and his aides have touted for months as a platform aimed at lowering prescription drug prices.
- “The website, which uses technology from health care company GoodRx, is expected to display the cash prices — that is, the prices available when paying without insurance — for certain drugs and direct patients to other sites where they can buy the therapies. It’s part of Trump’s plan to lower drug prices in the U.S., but some experts are skeptical the platform will meaningfully affect affordability.” * * *
- “TrumpRx will not sell medications. It is expected to be a searchable website that links to other sites through which patients can directly buy brand drugs. That might be a drug company’s own website, such as Eli Lilly’s LillyDirect or Novo Nordisk’s NovoCare Pharmacy, or an online pharmacy that partners with a drugmaker, such as Amazon Pharmacy and Truepill.”

The American Hospital Association News notes,
- “The Assistant Secretary for Technology Policy/Office of the National Coordinator for Health Information Technology announced the selection of nine pilots as part of the Behavioral Health Information Technology Initiative to help improve behavioral health data exchange across care settings. The BHIT Initiative is a $20 million effort led by ASTP/ONC in coordination with the Substance Abuse and Mental Health Services Administration to support standard data elements and foster data exchange. The pilots, which will be completed by the end of this year, will be used to inform future standards, technical specifications, guidance and policy considerations. The pilots span across 45 exchange partners and eight states and Washington, D.C. The states are Colorado, Connecticut, Delaware, Florida, Massachusetts, North Carolina, Oregon and Rhode Island.”

Healthcare Dive calls our attention to the fact
- “More than one-fourth of doctors enrolled in Medicaid didn’t actually deliver care to any Medicaid beneficiaries in 2021, according to new research adding to worries about low physician participation in the safety-net insurance program.
- “Almost 28% of doctors enrolled in Medicaid were “ghost providers” and didn’t treat a single patient that year, the study published in Health Affairs on Monday found. Another 10% treated fewer than 10 patients, while the remaining 62.2% were standard or “core” providers treating the brunt of Medicaid enrollees.
- “Participation varied widely by specialty, with psychiatrists most likely to be ghost providers and primary care physicians and cardiologists least likely to be ghost providers, the study found.”

From the Food and Drug Administration front,

STAT News reports,
- “The nation’s top drug regulator said he wants to do away with pharmaceutical ads that employ “dancing patients, glowing smiles, and catchy jingles that drown out the fine print.” On Super Bowl Sunday, the drug industry will treat him to lounging football stars, a shouting DJ Khaled, and the soothing tones of Enya.
- “Sunday’s game, the annual zenith of American advertising, is the first since Food and Drug Administration Commissioner Marty Makary began a self-described “crackdown” on drug marketing last year. And, based on the ads released in advance, little has changed in the eyes of the industry.”

Per an FDA news release,
- “Today, the U.S. Food and Drug Administration took additional steps to support the transition of our nation’s food supply from the use of artificial petroleum-based colors to alternatives derived from natural sources. Companies will now have flexibility to claim products contain ‘no artificial colors’ when the products do not contain petroleum-based colors. In the past, companies were generally only able to make such claims when their products had no added color whatsoever — whether derived from natural sources or otherwise.
- “The agency sent a letter to industry providing notice of the FDA’s intent to exercise enforcement discretion related to these voluntary labeling claims.”

From the public health and medical / Rx research front,

The AP reports,
- “Chronic exposure to pollution from wildfires has been linked to tens of thousands of deaths annually in the United States, according to a new study.
- “The paper, published Wednesday in the journal Science Advances, found that from 2006 to 2020, long-term exposure to tiny particulates from wildfire smoke contributed to an average of 24,100 deaths a year in the lower 48 states.
- “Our message is: Wildfire smoke is very dangerous. It is an increasing threat to human health,” said Yaguang Wei, a study author and assistant professor in the department of environmental medicine at Icahn School of Medicine at Mount Sinai.
- “Other scientists who have studied the death toll from wildfire smoke were not surprised by the findings.
- “The estimates they’re coming up with are reasonable,” said Michael Jerrett, professor of environmental health science at the University of California, Los Angeles who was not involved in the study. “We need more of them. It’s only if we’re doing multiple studies with many different designs that we gain scientific confidence of our outcomes.”

Bloomberg Law tells us,
- “Chris Womack is one of a dwindling number of Texas ranchers who can remember fighting the New World screwworm, a once-vanquished pest threatening to make an unwanted encore in the US after its recent return to northern Mexico.
- “You never forget the smell,” Womack, 60, said of his first encounter with a calf being devoured by screwworm maggots. It was one of many he and his father would treat in the early 1970s as an outbreak of the parasite — which can kill cattle in less than two weeks — devastated Texas ranchers.
- “More than 50 years later, Womack and other Texas cattlemen are bracing for the screwworm’s potential comeback. Cases are proliferating in a Mexican state that borders Texas, with the pest having escaped containment by an international eradication program that banished it for decades. Texas Governor Greg Abbott issued a disaster declaration last week to open up state resources for the screwworm response.
- “The pest’s resurgence would squeeze the $130 billion US cattle industry, which is already struggling with a record-low herd and rising costs. The screwworm prompted the US to ban cattle imports from Mexico for much of the last 14 months, crimping American beef producers at a time when record prices for the meat are adding to the pressure on shoppers angry about the cost of food.”

MedPage Today lets us know,
- “New research challenged the longstanding belief that autism is much more common in males versus females.
- “In a Swedish study of 2.7 million people, male-to-female ratios in autism diagnoses were nearly equal by age 20.
- “Diagnosis rates peaked earlier for males, but females experienced a significant catch-up in adolescence.”

Genetic Engineering and BioTechnology News relates,
- “Some types of CD8+ T cells (killer T cells) may play a role in the development of multiple sclerosis (MS). This is according to data from a new study published in Nature Immunology. Specifically, scientists found specific T cells that are abundant in people with MS, which also target the Epstein-Barr virus (EBV). They suggest that this points to a possible role for the virus in triggering the immune response seen in the autoimmune disease.
- “Full details are published in a paper titled “Antigen specificity of clonally enriched CD8+ T cells in multiple sclerosis.” For Joe Sabatino, MD, PhD, senior author on the study and an assistant professor of neurology at University of California, San Francisco’s Weill Institute for Neurosciences, “these understudied CD8+ T cells [connect] a lot of different dots.” That is because scientists have known for several years that EBV, a common virus carried by about 95 percent of adults, is present in virtually everyone who develops MS. This data “gives us a new window on how EBV is likely contributing to this disease,” he said.”

Per BioPharma Dive,
- “Bayer’s experimental blood thinner asundexian cut the relative likelihood of a repeat stroke by 26% without increasing the risk of internal bleeding, the company said Thursday, boosting hopes that the company might become a new option for “secondary treatment” of the disorder.
- “The news could also elevate the outlook for medicines like asundexian, which are called Factor XIa inhibitors and are being advanced by a handful of the world’s largest pharmaceutical companies.
- “Members of that drug class, including asundexian and a similar therapy from Bristol Myers Squibb and Johnson & Johnson, have previously suffered clinical setbacks in different types of cardiovascular illnesses. But asundexian’s success, first announced in November, lifted Bayer shares and indicated the drugs might be able to fulfill at least some of their commercial potential.
- “The German drugmaker released full data from its positive study, “Oceanic-Stroke,” at the International Stroke Conference in New Orleans on Thursday.”

Per the AP,
- “A new kind of pill sharply reduced artery-clogging cholesterol in people who remain at high risk of heart attacks despite taking statins, researchers reported Wednesday.
- “It’s still experimental but the pill helps rid the body of cholesterol in a way that today can be done only with injected medicines. If approved by the Food and Drug Administration, the pill, named enlicitide, could offer an easier-to-use option for millions of people.
- “Statins block some of the liver’s production of cholesterol and are the cornerstone of treatment. But even taking the highest doses, many people need additional help lowering their LDL, or “bad,” cholesterol enough to meet medical guidelines.
- “In a major study, more than 2,900 high-risk patients were randomly assigned to add a daily enlicitide pill or a dummy drug to their standard treatment. The enlicitide users saw their LDL cholesterol drop by as much as 60% over six months, researchers reported in the New England Journal of Medicine.”

From the U.S. healthcare business and artificial intelligence front,

Healthcare Dive reports,
- “Cigna posted fourth quarter 2025 results Thursday morning that outperformed analysts’ consensus expectations, with adjusted revenue of $72.5 billion up more than 10% and adjusted operational income of $2.1 billion up 16%.
- “Cigna Healthcare, the company’s insurance division, saw its revenue drop 16% in the quarter due to the sale of its Medicare Advantage business to Health Care Service Corporation. Cigna Healthcare’s operational income rose 44% year over year, however, after the company jacked up premiums for its stop-loss products after seeing those costs spike in the fourth quarter of 2024.
- “But the lion’s share of attention on Thursday morning’s call was devoted to Express Scripts, and how the FTC settlement might impact the massive PBM’s profits.
- “Short answer? It won’t, executives said.”

BioPharma Dive relates
- “Hims & Hers Health is launching a copycat form of Novo Nordisk’s newly launched obesity pill, ushering in the latest contentious battle between the makers of branded weight loss medications and their drug-compounding counterparts.
- “Hims said Thursday that it’s now enabling healthcare providers to prescribe a compounded pill with the same active ingredient, semaglutide, as Novo Nordisk’s oral Wegovy. That treatment will be sold as part of treatment plans that begin at $49 for the first month — $100 lower than the price Novo is charging under a deal with the Trump administration. Hims also claimed that its treatment is formulated differently and involves a different delivery method to protect the active ingredient during digestion.
- “In a statement issued in response to Hims’ announcement, Novo spokesperson Ambre James-Brown called Hims’ move “illegal mass compounding and deceptive advertising” and threatened litigation. The compounder is “unlawfully” mass-marketing an “unapproved, inauthentic, and untested knockoff” of Novo’s medication, she said.”
Modern Healthcare tells us,
- “Adtalem Global Education has become Covista, the Chicago-based education company said, with a plan to expand its healthcare career network.
- “Covista serves nearly 100,000 students and has a community of 385,000 alumni across its five accredited institutions.
- “Covista touts it puts 24,000 new professionals annually into the healthcare workforce — more than any other U.S. institution — including 10% of America’s new nurses.”

Beckers Payer Issues lets us know,
- “Participating Medicare Part D plans can officially begin covering weight-loss treatment in 2027.
- “The initiative falls under CMS’ voluntary “Better Approaches to Lifestyle and Nutrition for Comprehensive hEalth” — or BALANCE — model. The December news followed President Trump’s negotiations with Eli Lilly and Novo Nordisk to secure most-favored-nation pricing for drugs that treat obesity, diabetes and related conditions.
- “To better understand Medicare usage and spending shifts, KFF analyzed CMS data from 2019 through 2024 [as discussed in the article].
and
- “Here are 12 payer tools that achieved “Best in KLAS” recognition for 2026:
  - “Care management solutions: Cognizant (TriZetto CareAdvance Enterprise)
  - “Claims & administration platforms: Cognizant (TriZetto Core Claims/Administration Solutions)
  - “CMS payer interoperability: Edifecs (XEngine Server for FHIR)
  - “Data analytics platforms: Innovaccer (Healthcare Data Platform)
  - “Payer/provider data exchange: Moxe (Digital ROI)
  - “Post-payment accuracy & integrity solutions: Trend Health Partners (TRENDConnect)
  - “Pre-payment accuracy & integrity solutions: HealthEdge (Source)
  - ‘Quality measurement & reporting: Inovalon (Converged Quality)
  - “Risk adjustment (coding, retrieval & compliance solutions): Datavant (Risk Adjustment Suite)
  - “Risk adjustment (POC & in-home health assessments): Cozeva (PayerOne Risk)
  - “IT consulting services: Huron
  - “Employer-sponsored healthcare services: Premise Health
- “The full report is accessible from KLAS Research here.“

Per Beckers Hospital Review,
- “Chicago-based CommonSpirit Health now has 242 artificial intelligence applications live across its hospitals, up from 230 last year.
- “We are expanding our use of AI across CommonSpirit by deploying new capabilities and scaling the most impactful of our existing tools,” CIO Daniel Barchi told Becker’s.
- “In 2025, the health system generated more than $100 million in annual savings through its use of AI and robotic process automation tools across multiple areas of the organization. Mr. Barchi said the value generated in fiscal year 2026 is expected to exceed last year’s total.
- “More important than the financial impact is the expanded clinical and operational value we are seeing from these tools — value that is not measured only in dollars,” he said. “Our sepsis surveillance tool has contributed to continued reductions in sepsis-related mortality. Screening tools for colon and breast cancer are helping us identify high-risk patients, leading to thousands of additional screenings. AI tools for imaging are reducing scan times by up to 50%, supporting a better experience for patients and providers.”
- “As CommonSpirit expands its AI footprint, Mr. Barchi said the health system has also declined or scaled back AI tools that failed to deliver expected value.”

Tuesday report

David Ermer–Congress, Federal employment benefits, Generative AI, Medical / Rx research, Mental health care, NCQA, Patient safety, SCOTUS, Uncategorized–February 3, 2026February 3, 2026

From Washington, DC,

Federal News Network reports,
- “The House [of Representatives] passed a spending package to end a short-term partial government shutdown and fund most federal agencies through the end of the fiscal year.
- “The spending deal, which includes a two-week continuing resolution for the Department of Homeland Security, was passed by the Senate last Friday.
- “President Donald Trump signed the spending package into law on Tuesday afternoon.” * * *
- “The spending package includes language guaranteeing back pay to federal employees who were briefly furloughed during the partial shutdown.” * * *
- “After Trump signed the spending plan into law, OPM directed furloughed employees to return to work.”
The Wall Street Journal notes,
- Twenty-one Republicans voted against the package [on the final vote [217-214] for passage], largely hard-liners who wanted to use the spending package as a vehicle to tighten election procedures. Twenty-one Democrats—mostly a collection of appropriations-committee members and centrists—voted for it.

Fierce Healthcare adds,
- “The legislation finalizes several key healthcare extenders including provisions of the Medicare telehealth program and Acute Hospital Care at Home waiver as well as major supplementary funding programs for rural hospitals and those with high proportions of government-covered patients. The bill provides a five-year extension of the Acute Hospital Care at Home program and a two-year extension for Medicare telehealth flexibilities. The telehealth provisions in the bill include removing Medicare’s geographic requirements for telehealth and expanding the types of practitioners able to furnish telehealth services for the government health program.
- “The bill also introduces reforms to pharmacy benefit manager (PBM) practices, including elements that would prevent PBMs from tying compensation in Part D to the list price of drugs, and boost price transparency for employers in their PBM contracts.
- “Other provisions in the bill require that Medicare Advantage plans provide accurate provider lists, addressing so-called “ghost networks” that have come under fire in recent years. It would also require that health systems establish unique identification numbers for outpatient services, allowing the Centers for Medicare & Medicaid Services to track pricing in these facilities.”

Rep. Jodey Arrington (R TX), the chairman of the House Budget Committes, writing in Real Clear Health, shares his vision of a second reconciliation bill that would focus on healthcare.

The HHS Office of Inspector General posted “Medicare Advantage Industry Segment-Specific Compliance Program Guidance.”

Per an AHIP news release,
- “Public and private payers are delivering greater value to Americans and the health care system by advancing value-based care (VBC). AHIP, in collaboration with the Centers for Medicare & Medicaid Services (CMS), today released the results of the 2025 Alternative Payment Model (APM) Adoption Survey. The findings reaffirm the commitment of the federal government and private health plans to advance VBC and APM models that shift away from fee-for-service (FFS) models toward payment arrangements that reward quality, efficiency and improved patient outcomes.
- “This year’s survey highlights how health plans continue to work hand-in-hand with providers to advance value-based care and drive meaningful improvement for patients. These innovative payment models reward outcomes, resulting in patient-centered, high-quality, coordinated care that is more affordable for Americans,” said Danielle Lloyd, MPH, AHIP’s senior vice president of private market innovations and quality initiatives for Clinical Affairs.” * * *
- To view the full 2025 survey findings, click here.

NCQA announced today,
- “Every year, NCQA seeks public comment about proposed changes to HEDIS Volume 2.
- “Public comment is your opportunity to weigh in on the relevance, scientific soundness and feasibility of new and revised measures for HEDIS. Your feedback helps us determine changes to our programs, procedures and processes.
- “This year’s public comment is open February 13–March 13.
- We’d like input on:
  - Seven new HEDIS measures.
  - Revising three HEDIS measures.
- “This year’s public comment will go live Friday, February 13, at 9:00a.m. ET.
- “We’ll post the link and more details here, so check back on February 13.”

The Washington Post relates,
- “The American Society of Plastic Surgeons has issued a broad recommendation against gender transition surgeries for youths, becoming the first major medical association in the United States to narrow its guidance on pediatric gender care amid a crackdown by the Trump administration.
- “A statement sent Tuesday to the group’s 11,000 members and obtained by The Washington Post recommends surgeons delay gender-related chest, genital and facial surgery until a patient is at least 19 years old. Fewer than 1,000 minors in the United States receive such surgeries every year, according to research published in JAMA, the American Medical Association’s journal, and the vast majority of the procedures are mastectomies, not genital surgeries.”

From the Food and Drug Administration front,

The American Hospital Association News reports,
- “The Food and Drug Administration Feb. 3 released an early alert on a heart pump issue from certain Abiomed products. The agency said Abiomed found its Impella RP with SmartAssist and Impella RP Flex with SmartAssist devices could display inaccurate information due to a malfunction of the differential pressure sensors. The company reported 22 injuries associated with the issue since Jan. 15.”

MedTech Dive relates,
- “Abbott received a warning letter from the Food and Drug Administration related to its FreeStyle Libre continuous glucose monitors.
- “The warning letter, dated Jan. 23 and posted to the FDA’s website on Tuesday, concerns performance specifications and testing for the glucose sensors’ accuracy. An Abbott spokesperson wrote in an email that the company is implementing corrective actions and providing ongoing updates to the FDA.
- “The warning letter does not affect Abbott’s ability to manufacture, market or distribute Libre products, wrote Leerink Partners analyst Mike Kratky and J.P. Morgan analyst Robbie Marcus.”

The Wall Street Journal informs us,
- “AstraZeneca AZN said the U.S. Food and Drug Administration rejected an initial submission for its Saphnelo lupus drug in injection form, and vowed to work with the regulator to move forward with an updated application.
- “The U.K. pharmaceutical company said Tuesday that the FDA issued a complete response letter, which indicates that a new drug application can’t be approved in its present form, regarding Saphnelo for subcutaneous administration. The company said it subsequently provided information requested in the letter and that it was committed to working with the FDA to progress the application as quickly as possible.
- “A decision on the updated application is expected in the first half of 2026, AstraZeneca said.
- “The drug, a treatment for the autoimmune disease systemic lupus erythematosus, is already approved as an intravenous infusion and that form of administration remains commercially available, AstraZeneca said.”

Fierce Biotech tells us,
- “As the first CAR-T treatment for an autoimmune disease draws ever closer, officials at the FDA have signaled a willingness to support the development of these novel cell therapies with a flexible regulatory approach.
- “While interested in CAR-T therapies’ potential to achieve durable, drug-free remission in serious autoimmune conditions, the FDA is equally wary of their “unpredictable long-term toxicity,” according to an article published Monday in the Annals of Internal Medicine.
- “In the article, Vinay Prasad, M.D., director of the FDA’s Center for Biologics Evaluation and Research, and two other regulators said that, recognizing the complexity of autoimmune conditions in terms of seriousness and type, the agency will work with CAR-T makers “on a case-by-case basis to encourage appropriate study populations in rheumatologic autoimmune disease.”
- “Simultaneously, citing a need to monitor a drug’s effect on fertility, the FDA officials recommended that industry conduct long-term follow-up studies for CAR-T products in the autoimmune setting, “as is standard for genetic therapies and CAR T-cells for oncologic indications.”
- “While the FDA “shares enthusiasm for this class of products,” it will “carefully shepherd” the advancement of clinical studies “focused on the development, durability, and long-term safety of CAR T-cell therapies,” the regulators wrote.”

STAT News lets us know, “AI could soon renew prescriptions without clinician help. Should the FDA make sure it’s safe? Doctronic claims its AI doctor doesn’t need FDA approval. Experts aren’t so sure.”

From the public health and medical / Rx research front,

Nature reports,
- “Nearly 40% of new cancer cases worldwide are potentially preventable, according to one of the first investigations¹ of its kind, which analysed dozens of cancer types in almost 200 countries.
- “The study found that in 2022, roughly seven million cancer diagnoses were linked to modifiable risk factors — those that can be changed, controlled or managed to reduce the likelihood of developing the disease. Overall, tobacco smoking was the leading contributor to worldwide cancer cases, followed by infections and drinking alcohol. The findings suggest that avoiding such risk factors is “one of the most powerful ways that we can potentially reduce the future cancer burden”, says study co-author Hanna Fink, a cancer epidemiologist at the World Health Organization’s International Agency for Research on Cancer in Lyon, France.
- “The study was published today in Nature Medicine.”

The American Journal of Managed Care relates,
- “The majority (57.5%) of commercially insured patients had at least 1 chronic condition in 2024. The average allowed amount¹ for a patient with no chronic conditions was $1590, whereas the average allowed amount for a patient with 1 chronic condition was nearly double ($3039). Of 44 common chronic conditions studied, hyperlipidemia, or high cholesterol, was the most common, with a crude prevalence² of 21.2%. These and other findings are reported in a new FAIR Health white paper: Chronic Conditions in the United States: A Study of Commercial Claims.” * * *
- “Many patients had more than 1 chronic condition. For example, 11.5% of patients had 2 conditions, and 9.1% had 3.
- “Some chronic conditions frequently co-occur. In the commercially insured population, 33.4% of patients had hyperlipidemia, hypertension, obesity, or some combination of these, and 4.3% had all 3.³ Half the patients with any one of these conditions had more than 1.” * * *
- “For the complete white paper, click here“
CNN tells us,
- “Men develop a greater risk of cardiovascular disease years earlier than women — starting at around age 35, according to a new long-term study.
- “The report, published Wednesday in the Journal of the American Heart Association, followed more than 5,000 adults from young adulthood and found that men reached clinically significant levels of cardiovascular disease about seven years earlier than women.
- “Experts advise both men and women to monitor their heart health in early adulthood and to see their doctor regularly.
- “Heart disease doesn’t happen overnight; it develops over years. One of the things I think oftentimes people aren’t aware of is that it can start really early in your 30s or 40s,” said study coauthor Dr. Sadiya Khan, professor of cardiovascular epidemiology at Northwestern University Feinberg School of Medicine in Chicago.
- “Even if you don’t have heart disease at that time, your risk can start at that time.”
MedPage Today adds,
- “National data showed 79% of adults with hypertension didn’t have their blood pressure within the blood pressure goal recommended by guidelines.
- “Most of those uncontrolled hypertension cases went untreated by blood pressure medication.
- “These findings highlight a large gap in hypertension control that treating hypertension earlier and more intensively could address.”

The New York Times observes,
- “For much of the 20th century and beyond, social scientists attributed a range of chronic mental health problems to dysfunction between infants and their mothers, who were categorized as overbearing, rejecting, domineering or ambivalent.
- “But a team of researchers from Pennsylvania State University has found that at times the early parenting behavior of fathers may have a greater impact on children’s health.
- “For a study published recently in the journal Health Psychology, the scientists observed three-way interactions between 10-month-old infants, their fathers and their mothers, and then checked in on the families when the children were 2 and 7.
- “They found that fathers who were less attentive to their 10-month-olds were likely to have trouble co-parenting, instead withdrawing or competing with mothers for the children’s attention. And at age 7, the children of those fathers were more likely to have markers of poor heart or metabolic health, such as inflammation and high blood sugar.
- “Mothers’ behavior did not have the same effect, said Alp Aytuglu, a postdoctoral scholar at Penn State’s College of Health and Human Development and an author of the paper.
- “We of course expected that family dynamics, everybody in the family, fathers and mothers, would impact child development — but it was only fathers, in this case,” Dr. Aytuglu said.”

Per Health Day,
- “More than one-quarter of young children experience persisting symptoms after concussion (PSaC), according to a study published online Jan. 26 in Pediatrics.
- “Sean C. Rose, M.D., from The Ohio State University in Columbus, and colleagues assessed the frequency of PSaC after early childhood concussion and identified potential predictors of PSaC. The analysis included 235 young children (ages 6 months to <6 years) with concussion, 108 with orthopedic injury, and 75 community controls.
- “The researchers found that at one month postinjury, PSaC were documented in 28 percent of children with concussion, higher than in the orthopedic injury group (10 percent) and the community control group (2 percent). PSaC were documented in just under one-quarter of children at three months postconcussion (24 percent) and 16 percent at 12 months. PSaC at one month postconcussion was predicted by total symptom burden in the emergency department (odds ratio, 1.108). There were no associations for age, loss of consciousness, receiving brain imaging in the emergency department, attending daycare or school, or parent education with PSaC.”
and
- “The symptoms women experience on the verge of menopause could be vastly different from what they might expect, a new study says.
- “Women in perimenopause – the time leading up to their final period, as well as the year after – expect to be plagued with hot flashes and night sweats.
- “However, these women reported symptoms like exhaustion and fatigue far more frequently than those typically associated with menopause, researchers reported Jan. 28 in the journal Menopause.
- “This study shines a light on how little we still understand about perimenopause and how much it affects people’s daily lives,” lead researcher Dr. Mary Hedges said in a news release. She’s a community internal medicine physician at the Mayo Clinic in Jacksonville, Florida.”

Per BioPharma Dive,
- “An experimental obesity shot Pfizer got through a buyout of Metsera helped enrollees in a mid-stage trial lose significantly more weight than a placebo, spurring up to an 11% reduction over 28 weeks using a regimen that switched from a weekly to monthly dose after 12 weeks.
- “When including only participants who completed the trial, the shot helped people lose up to 12 percentage points more of their body weight than those who received a placebo. Though cross-trial comparisons can be misleading, the results “look slightly inferior” to what was seen in testing of Eli Lilly’s blockbuster Zepbound at a similar timepoint, wrote Leerink Partners analyst David Risinger.
- “Pfizer executives noted on a conference call that, going forward, they intend to test a far higher dose than they did in Phase 2 testing. Phase 3 trials starting later this year will involve a dose that’s double the highest one used in the Phase 2.”

From the U.S. healthcare business and artificial intelligence front,

Fierce Healthcare reports,
- “Kaiser Permanente and Renown Health have wrapped the paperwork on a deal forming an insurance and outpatient care joint venture in northern Nevada.
- “The arrangement announced last September (see below) represents an entry into the geographic market for Kaiser, the country’s largest nonprofit health system. It brings Hometown Health—an existing health plan run by Renown Health, a Reno-based, two-hospital nonprofit system—plus an existing primary care medical office under joint ownership. The partners have plans to open two more facilities in 2026, plus retail pharmacies in 2027.
- “This joint venture with Renown Health allows us to extend our value-based care model and nation-leading health outcomes to northern Nevada, in collaboration with Renown Health’s trusted local teams,” Greg Adams, chair and CEO of Kaiser, said in a Tuesday announcement. “Together, we will improve health outcomes; expand access to affordable, high-quality care; and serve the needs of this growing community.”
- “Financial terms of the transaction were not disclosed.”
and
- “Primary care company Carbon Health filed for Chapter 11 bankruptcy relief in Texas.
- “The company, which offers both in-person care at nearly 100 clinics and virtual care services, said Monday it reached a restructuring agreement with its existing lenders that establishes a “clear path to recapitalization and new ownership.”
- “Carbon Health intends to pursue a dual-track, court-supervised process that allows it to enter a Chapter 11 plan premised on a debt-for-equity exchange, and a post-petition marketing and sale process for all or a portion of its assets, the company said in a press release issued Monday.
- “This structure is intended to maximize value while preserving flexibility as the process moves forward,” Carbon Health executives said.
- “To implement the restructuring, Carbon Health and certain affiliates have filed voluntary petitions for reorganization under Chapter 11 of the U.S. Bankruptcy Code in the United States Bankruptcy Court for the Southern District of Texas.”

Healthcare Dive relates,
- “Humana is launching an artificial intelligence tool that aims to help its call center workers answer beneficiaries’ questions about their coverage, the insurer said Tuesday.
- “Agent Assist, developed in partnership with Google Cloud, can summarize conversations between workers and enrollees in real time while highlighting relevant information, like the member’s benefit and eligibility details and important context from the call, Chris Sakalosky, vice president of strategic industries at Google Cloud, said via email.
- “The insurer began rolling out Agent Assist in October, and plans to implement the tool across Humana’s service centers this year.”

Per MedCity News,
- “About 50 million people in the U.S. are affected by autoimmune disease, and about 80% of them are women. When women give birth, they often experience significant hormonal changes that can trigger new diagnoses or symptoms of autoimmune disease.
- “That’s why WellTheory, a platform focused on autoimmune disease, launched a new program last week aimed at supporting women in the postpartum period.
- ‘Atherton, California-based WellTheory treats autoimmune conditions such as Addison’s disease, celiac disease, multiple sclerosis and lupus. Using a collaborative care model, it partners with patients’ physicians to deliver personalized plans focused on nutrition, stress, sleep and movement. The company offers video sessions, unlimited expert messaging and diagnostics. It serves both employers and health plans.
- “The new postpartum program includes personalized care plans and one-on-one support with autoimmune and hormonal health experts. WellTheory also provides advanced hormonal testing if appropriate, including assessment of sex hormones, cortisol levels and metabolites. This helps identify root causes of conditions like postpartum depression.”

Adam Fein writing in his Drug Channels blog lets us know,
- “The boffins at the Centers for Medicare & Medicaid Services (CMS) recently dropped the latest National Health Expenditure (NHE) data, which track all U.S. spending on healthcare. (Links below.)
- “We spent an astounding $5,278,588,000,000 on healthcare in 2024. Yes, that’s $5.3 trillion!
- “Retail outpatient prescription drugs accounted for less than 9% of that total. More than half of net outpatient drug spending was paid by federal, state, and local government programs. Below, we delve into the spending trends, which reveal the impact of the Inflation Reduction Act (IRA) on Medicare spending, the boom in healthcare marketplaces, and the post-pandemic bust in Medicaid.
- “Contrary to what you might read, the government’s data show that drug spending growth was not driven by purportedly “skyrocketing” drug prices. In reality, nearly all of the increase in drug spending reflected higher utilization—more people treated, more prescriptions dispensed, and shifts among drugs dispensed—rather than higher net prices.”

Per Fierce Pharma,
- “Armed with what CEO Robert Davis called the “broadest and widest pipeline we’ve had in years,” Merck is preparing for its post-Keytruda future with what it foresees as a host of major sales opportunities over the next decade.
- “Thanks in part to its recent acquisitions of Verona Pharma and Cidara Therapeutics, the company sees new growth drivers delivering potential annual revenue of more than $70 billion by the “mid-2030s,” Merck said in its fourth-quarter and full-year earnings presentation (PDF).
- “To put the $70 billion number into context, Davis pointed to the figure as being more than double the $35 billion Keytruda is expected to pick up during its peak sales year in 2028. The oncology superstar is slated for a loss of exclusivity (LOE) in 2028, and a growing pipeline of Keytruda biosimilars is already lining up to take a shot at the drug’s massive market.
- “Our belief in our ability to have substantial growth once we get closer to the LOE is as high as it’s ever been,” Davis emphasized on a conference call. “And we’re not done.”
and
- “During the first six months of Maziar Mike Doustdar’s tenure as Novo Nordisk’s CEO, the company enjoyed a run of positive momentum highlighted by the launch of its Wegovy pill and a recent stock-price runup. But investor optimism came to a sudden halt Tuesday as the company warned of significant sales and earnings declines in 2026.
- “Tuesday, Novo put out word that it’s expecting sales and earnings to slide between 5% and 13% this year. In 2025, Novo generated sales growth of 10% and operating profit growth of 6%, the company said.
- “A few factors are playing into the 2026 guidance. For one, the company said it’s expecting sales to decline in the U.S. amid “intensifying competition” and lower prices in some areas of its business. Novo is also warning of a sales hit from the recent “Most Favored Nation” pricing deal it struck with the Trump administration.
- “The company is also forecasting a currency hit as the U.S. dollar has lost value against the Danish krone, Novo’s local currency.”

Per MedTech Dive,
- “Medtronic plans to acquire CathWorks, which makes tools to help detect coronary artery disease, the companies announced on Tuesday. Medtronic will pay up to $585 million, with the potential for undisclosed earn-out payments after the acquisition closes.
- “The companies have worked together since 2022, when Medtronic agreed to co-promote CathWorks’ FFRangio System in the U.S., Europe and Japan.
- “The FFRangio System uses artificial intelligence and computational science to provide an assessment of the entire coronary tree using routine angiograms, a type of X-ray for imaging blood vessels. The system can provide fractional flow reserve, or FFR, values that help detect what lesions are causing a reduction in blood flow. The system can also help physicians measure the dimensions of a lesion during an operation.”

Per Radiology Business,
- “RadNet Inc. is entering the Midwest by acquiring a 60-year-old private practice’s outpatient imaging assets.
- “The Los Angeles company has reached a deal to acquire six freestanding centers, all operated by Indianapolis-based Northwest Radiology, for an undisclosed sum.
- “Founded in 1967, NWR is one of Indiana’s largest independent imaging groups, employing 18 physicians. They will continue to provide contracted services across the practice’s former locations.
- “The centers are primarily located in Carmel, a growing northern suburb of Indianapolis recently recognized by Travel & Leisure magazine for its livability. RadNet—which, as a publicly traded company, will eventually disclose the purchase price in a future regulatory filing—expects to net $18 million in annual revenue from the sale.
- “Steve Forthuber, president and CEO of Eastern Operations for RadNet, said the practice has built “remarkable trust and confidence” among the local physician community. The company plans to work closely with NWR radiologists to further expand their “clinical reach and capabilities.”

Monday report

David Ermer–CDC, Congress, FDA, Generative AI, Medical / Rx research, No Surprises Act, OPM, U.S. Healthcare–February 2, 2026February 2, 2026

From Washington, DC,

The Wall Street Journal reports,
- “President Trump demanded Monday that House lawmakers back the bipartisan spending deal passed by the Senate last week and set aside policy demands in an effort to quickly end a partial government shutdown.
- “We need to get the Government open, and I hope all Republicans and Democrats will join me in supporting this Bill, and send it to my desk WITHOUT DELAY,” Trump posted on Truth Social. “There can be NO CHANGES at this time.”
- “House Speaker Mike Johnson (R., La.) is trying to pass as soon as Tuesday the $1.2 trillion package that funds large parts of the federal government through the end of the fiscal year while funding the Department of Homeland Security for just two weeks. That short-term extension is designed to provide time for a bipartisan deal to be reached on stricter policies for immigration-enforcement agents.”

The American Hospital Association (AHA) News tells us,
- “The Department of Health and Human Services today announced a new behavioral health initiativeto assist homeless individuals with substance use treatment and recovery. The program, called the Safety Through Recovery, Engagement, and Evidence-based Treatment and Supports, or STREETS, will focus on psychiatric care, medical stabilization and crisis intervention, HHS said. The initiative is tied to an executive order issued by the administration last week on substance use.”

In January 2024 OPM proposed to create to advance the FEHB / PSHB eligibility date to the first day of employment. AFHO, the trade association that the FEHBlog represents, used the public comment period to advocate for the HIPAA 820. Today, in a welcome deregulatory step, OPM withdrew the proposed rule.

MedCity News considers whether “It is Time to Change the Independent Dispute Resolution Process of the No Surprises Act.” The FEHBlog thinks so because the current process is opaque.

From the Food and Drug Administration front,

MedTech Dive reports,
- “Grail has filed for Food and Drug Administration approval of its multi-cancer early detection test, the company said Thursday.
- “The premarket approval filing for Grail’s Galleri test focuses on a U.S. study of more than 25,000 people and a randomized, controlled trial the company is running in the United Kingdom.
- “Grail President Josh Ofman said at an event in January that approval will be a “major trigger” for evidence-based decisions with U.S. payers and could enable Medicare coverage.”

Cardiovascular Business relates,
- “eMurmur, an Ontario-based artificial intelligence (AI) startup, has received U.S. Food and Drug Administration (FDA)clearance for its suite of algorithms designed to evaluate heart recordings captured by digital stethoscopes.
- “The newly approved offering, eMurmur Heart AI, was designed to detect both the presence and absence of heart murmurs. In addition, it can provide hemodynamic data that helps care teams as they develop patient management strategies. eMurmur Heart AI can be accessed through the company’s own standalone software—available as a web platform or mobile app—or through a third-party system.”

From the public health and medical / Rx research front,

The AHA News reports,
- “The Centers for Disease Control and Prevention released its annual progress report on health care-associated infections Jan. 29, which found continued decreases in hospitalizations from multiple infections last year. Among the findings, there was an 11% decrease in hospital-onset Clostridioides difficile, or C. difficile, infection; a 10% decrease in catheter-associated urinary tract infections, or CAUTI; a 9% decrease in central line-associated bloodstream infections, or CLABSI; and a 7% decrease in hospital-onset methicillin-resistant Staphylococcus aureus, or MRSA.
- “Among inpatient rehabilitation facilities, there was an 18% decrease in hospital-onset C. difficile infections and an 8% decrease in CAUTI. For long-term care hospitals, there was a 23% decrease in ventilator-associated events and a 15% decrease in hospital-onset C. difficile. The report recommended providers continue reinforcing prevention practices, review HAI surveillance data to identify areas for improvement and address any gaps in prevention practices.”

Cardiovasular Business relates,
- “Researchers have developed a new injectable therapy that could help protect a patient’s brain after they experience a stroke. The team behind this new treatment shared a look at its early progress in Neurotherapeutics.
- “The therapy in question was built to cross the blood-brain barrier and help repair brain tissue, limiting the risk of permanent brain damage and encouraging a healthy recovery following an ischemic stroke. Co-author Samuel Stupp, PhD, founding director of Northwestern University’s Center for Regenerative Nanomedicine, previously found that supramolecular therapeutic peptides (STPs) technology could reverse paralysis and repair tissue in mice after a single injection. This analysis took those observations related to the potential benefits of STPs and transferred them to a new area of medicine.
- “Current clinical approaches are entirely focused on blood flow restoration,” co-author Ayush Batra, MD, an associate professor with the Northwestern University Feinberg School of Medicine and co-director of the NeuroVascular Inflammation Laboratory at Northwestern, said in a statement. “Any treatment that facilitates neuronal recovery and minimizes injury would be very powerful, but that holy grail doesn’t yet exist. This study is promising because it’s leading us down a pathway to develop these technologies and therapeutics for this unmet need.”

MedPage Today informs us,
- “Use of single maintenance and reliever therapy (SMART) for moderate-to-severe asthma saved money by improving outcomes, according to a meta-analysis.
- “While SMART is recommended by guidelines, combination inhalers aren’t FDA approved for both rescue and maintenance therapy, and thus insurance coverage has been a struggle in the U.S.
- “Finding an economic advantage should influence payer decisions, the researchers suggested, calling for broader formulary inclusion of SMART.”
and
- “All hypertensive disorders of pregnancy were tied to increased long-term cardiovascular risk, but superimposed preeclampsia carried the highest risk.
- “All subtypes were significantly associated with higher risks of heart failure and stroke, and most were associated with higher risk of cardiovascular death.
- “Unspecified hypertension was associated with myocardial infarction, while chronic and unspecified hypertension were both associated with atrial fibrillation.”

The Endocrinology Advisor lets us know that “the fit-fat index (FFI), which calculates the ratio of cardiorespiratory fitness to various adiposity measures (BMI, WHR, or WHtR), is significantly associated with lower risks for cardiovascular and all-cause mortality.”
Genetic Engineering and BioTechnology News points out,
- “Evidence has been rising over the past few years that the gut microbiome can significantly influence how well cancer treatments work, especially immunotherapies. But the underlying mechanism has remained unclear. Now, a new study reveals how bacteria in the gut can help determine whether the amino acid asparagine (obtained from diet) will increase tumor growth or activate immune cells against the cancer.
- “The findings, published in Cell Microbe and Host in the paper, “Microbiota utilization of intestinal amino acids modulates cancer progression and anticancer immunity,” could lead to a novel cancer treatment approach and monitoring strategy; instead of targeting tumors directly, clinicians may one day be able to reshape the gut microbiome or diet to starve tumors while supercharging immune cells.
- “Our study suggests that we need to think about how the interplay of diet, gut microbiota and tumor-infiltrating immune cells could affect cancer growth and response to therapy. We can’t overlook this key level regulation,” said Chunjun Guo, PhD, associate professor of immunology at Weill Cornell.”
Per BioPharma Dive,
- “Novo Nordisk’s experimental combination shot CagriSema helped people with diabetes and obesity lower their blood sugar and lose more weight than the blockbuster drug Wegovy in a Phase 3 trial, the company said Monday, building the case for regulatory approval.
- “The results come from one of several studies Novo has underway in obesity and diabetes for CagriSema, which adds a second metabolic drug to the active ingredient from Wegovy in a fixed-dose injection. The Denmark-based drugmaker has already asked the Food and Drug Administration to approve the shot in obesity.
- “The data could sharpen Novo’s rivalry with Eli Lilly and its obesity drug Zepbound, which has overtaken Wegovy to become the biggest-selling obesity treatment in the world. Looking at all participants enrolled in the trial, CagriSema’s weight loss and blood-sugar reductions fall numerically short of Zepbound’s, but a head-to-head trial comparing the two hasn’t been completed yet.”
and
- “An experimental rare disease drug from Sanofi succeeded against one so-called lysosomal storage disorder but failed against another, the French pharmaceutical company said Monday.
- “According to Sanofi, the drug, dubbed venglustat, missed its primary objective in a Phase 3 study testing it against Fabry disease. However, in another study in a form of Gaucher disease, the drug met its main goal and three out of four key secondary endpoints. Sanofi didn’t provide details — they’ll be shared at medical meeting this week — but said it intends to submit the Gaucher results to global regulatory authorities.”

From the U.S. healthcare business and artificial intelligence front,

MedCity News reports,
- “Access to primary care is collapsing in the U.S., creating an opening for new models that lower costs and improve outcomes.
- “This week, Premise Health and Crossover Health moved to capitalize on that opportunity, announcing an agreement to merge into a single company focused on scaling primary care access. The combined organization will provide onsite, nearsite and virtual care for more than 400 employers with millions of members, operating nearly 900 wellness centers across the country.
- “The new entity will be led by Premise CEO Stu Clark. He framed the deal as a convergence of two companies with the same thesis: advanced primary care is the lever to disrupt U.S. healthcare. Both companies define advanced primary care as an integrated bundle of primary care, behavioral health, pharmacy services and care navigation.
- “Crossover and Premise have proven that a few things happen when you deploy our advanced primary care models: access goes up, health improves and costs go down. Costs go down for the employer as well as for the family,” Clark stated.
- “The company’s target customers will be large self-insured employers, mainly Fortune 1000 companies, unions, Native tribes and government entities, he said.”

Healthcare Dive relates,
- “Tenet has regained full ownership of Conifer Health Solutions, acquiring the remaining stake in its revenue cycle management business from CommonSpirit Health.
- “CommonSpirit will pay Tenet almost $1.9 billion over the next three years to get out of its existing services contract, according to the deal announced Monday. That’s offset by $540 million that Conifer will pay CommonSpirit for its almost 24% equity stake and to eliminate CommonSpirit’s capital account.
- “All told, Tenet executives said the deal creates almost $2.7 billion in total value to the system through the cash payments, the reduction of liability on its balance sheet and the value of the additional Conifer equity. Tenet’s stock rose 2% in morning trade Monday following the news.”

Fierce Healthcare informs us,
- “Community Health Systems (CHS) has wrapped a deal to divest its 80% interest in two joint ventures to Vanderbilt University Medical Center (VUMC), the organizations announced Monday morning.
- “The joint ventures own and operate Tennova Healthcare – Clarksville, a 270-bed hospital with 1,100 staff, and other ancillary businesses in the major Tennessee city. CHS received $623 million before certain transaction expenses for the interests, with CHS also paying $23 million of owed balances to the subsidiaries upon completion of the transaction.
- “VUMC, in its announcement, said it will be renaming the hospital and a freestanding emergency room to Vanderbilt Clarksville Hospital and Vanderbilt Emergency Sango, respectively. It also highlighted physician practices in Clarksville plus nearby Dover, Pleasant View and Tiny Town that were included in the deal.”
and
- “Community Health Systems (CHS) has sold its Commonwealth Health system to nonprofit Tenor Health Foundation, the for-profit chain announced.
- “The sale, effective Feb. 1, comes just days after the parties received regulatory clearance from the state and in the wake of community and government efforts to keep the facilities open despite financial losses (see that story below).
- “The announcement also makes public the three-hospital system’s price tag: $33 million of cash plus a $15 million promissory note from Tenor, with additional cash considerations possible depending on collections of certain patient accounts receivable during the following 90 days.”

Healthcare Dive adds,
- “Healthcare bankruptcies declined in 2025, even as the sector faces financial headwinds on the horizon, according to an analysis published last week by restructuring advisory firm Gibbins Advisors.
- “The industry recorded 45 bankruptcy filings for debtors with liabilities of at least $10 million last year, down 21% from 2024 — and a steep drop from the 79 cases logged in 2023. However, hospital bankruptcies rose.
- “Another year of falling Chapter 11 bankruptcy filings doesn’t necessarily signal financial health in the sector, the report cautioned. Healthcare remains under “significant pressure” as the industry faces looming challenges like historic cuts to Medicaid, according to Gibbins.”

The New York Times tells us,
- If you wind up at an urgent care center in America, it’s increasingly likely you will be treated by a P.A. For a long time, P.A. meant the same thing everywhere: “physician assistant,” a licensed medical professional who can perform patient care, including prescribing medicine, under the supervision of a doctor.
- But that might be changing. In Oregon, New Hampshire and Maine, P.A. now means “physician associate,” and other states may follow this year.
- “Assistant” versus “associate” might sound like a trivial semantic debate, but to many practitioners, and to the American Academy of Physician Associates (which changed its own name in 2021), it’s an important part of the expanding role of P.A.s in health care. * * *
- “Since 2000, the number of P.A.s has quadrupled, while many parts of the country face a shortage of doctors. That means P.A.s are becoming more numerous — and visible — in all fields of medicine, from primary care to dermatology. And along with the name change, they are seeking the ability to operate more independently from doctors.”

Per The Wall Street Journal,
- “Eli Lilly plans to open a $3.5 billion weight-loss drug manufacturing plant in Pennsylvania’s Lehigh Valley, creating 850 permanent jobs.
- “Pennsylvania is investing $100 million in tax credits and grants for the project, plus $5 million for a pharmaceutical training center.
- “Lehigh Valley manufacturing jobs have grown by 28.8% since 2010, triple the national rate, despite recent U.S. manufacturing job contractions.”

Per Beckers Health IT,
- “Oracle Health is expanding its Clinical AI Agent to help clinicians automate the creation of clinical orders during patient appointments.
- “The tool now supports automated order creation for laboratory tests, imaging and diagnostic studies, new and refilled prescription medications, follow-up appointments and referrals. Oracle Health said in a Feb. 2 news release that the update builds on the product’s existing note-generation feature and uses ambient listening during visits to draft clinical orders for physician review and approval.
- “The technology is designed to reduce the administrative burden of repetitive manual tasks, such as order entry, which can pull providers away from direct patient care and contribute to burnout.”

Cybersecurity Saturday

David Ermer–Cybersecurity, Generative AI–January 31, 2026January 31, 2026

From the cybersecurity policy and law enforcement front,

The Wall Street Journal reports,
- “Senators voted 71-29 to pass a $1.2 trillion package of five bills funding many agencies through September and a sixth to provide two weeks of funding for the Department of Homeland Security. The measure was designed to give lawmakers more time to negotiate over proposed new restrictions on immigration enforcement.
- “The proposal still needs to be approved by the House, which isn’t expected to return until Monday. With no law passed, funding for the Pentagon, DHS and other departments lapsed at 12:01 a.m. Saturday, and the partial shutdown is expected to run through the weekend.”

The Homeland Security appropriations had been Division H of the consolidated appropriations bill, H.R. 7148. The amended version which the Senate passed yesterday, replaced Section H with a two week long extension of Fiscal Year 2025 appropriations. The FEHBlog raises this point because the provision reauthorizing CISA 2015 is found in Division I.
- “SEC. 5008. CYBERSECURITY INFORMATION SHARING ACT OF 2015. Section 111(a) of the Cybersecurity Information Sharing Act of 2015 (6 U.S.C. 1510(a)) is amended by striking “September 30, 2025” and inserting “September 30, 2026”
Consequently this reauthorization will apply when the House passes amended H.R. 7148 next week.

Per a Cybersecurity and Infrastructure Security Agency (CISA) news release,
- “The Cybersecurity and Infrastructure Security Agency (CISA) is calling on critical infrastructure organizations to take decisive action against insider threats. To support this effort, CISA has released today a powerful new resource—Assembling a Multi-Disciplinary Insider Threat Management Team. Designed for critical infrastructure entities and state, local, tribal, and territorial (SLTT) governments, this comprehensive infographic provides actionable strategies guidance to proactively prevent, detect and mitigate insider threats-helping organizations stay ahead of evolving organizational vulnerabilities.
- “Insider threats often take two forms: calculated acts of harm and unintentional mistakes. Malicious insiders may exploit access for personal gain or revenge, causing severe damage to systems and trust, At the same time, negligence or simple human errors can open the door to vulnerabilities that adversaries can exploit. Whether driven by intent or accident, insider threats pose one of the most serious risks to organizational security and resilience- demanding proactive measures to detect, prevent and respond.
- “Insider threats remain one of the most serious challenges to organizational security because they can erode trust and disrupt critical operations.” said Acting CISA Director Dr. Madhu Gottumukkala. “CISA is committed to helping organizations confront this risk head-on by delivering practical strategies, expert guidance, and actionable resources that empower leaders to act decisively — building resilient, multi-disciplinary teams, fostering accountability, and safeguarding the systems Americans rely on every day.”

Security Week reports,
- “The White House has announced that software security guidance issued during the Biden administration has been rescinded due to “unproven and burdensome” requirements that prioritized administrative compliance over meaningful security investments.
- “The US Office of Management and Budget (OMB) has issued Memorandum M-26-05, officially revoking the previous administration’s 2022 policy, ‘Enhancing the Security of the Software Supply Chain through Secure Software Development Practices’ (M-22-18), as well as the follow-up enhancements announced in 2023 (M-23-16).
- “The new guidance shifts responsibility to individual agency heads to develop tailored security policies for both software and hardware based on their specific mission needs and risk assessments.
- “Each agency head is ultimately responsible for assuring the security of software and hardware that is permitted to operate on the agency’s network,” reads the memo sent by the OMB to departments and agencies.
- “There is no universal, one-size-fits-all method of achieving that result. Each agency should validate provider security utilizing secure development principles and based on a comprehensive risk assessment,” the OMB added.
- “While agencies are no longer strictly required to do so, they may continue to use secure software development attestation forms, Software Bills of Materials (SBOMs), and other resources described in M-22-18.”

The American Hospital Association News relates,
- “The FBI has launched a two-month campaign, Operation Winter SHIELD (Securing Homeland Infrastructure by Enhancing Layered Defense), highlighting 10 actions organizations can use to protect against cyberattacks. The recommendations were developed with domestic and international partners and based on recent cyber investigations to reflect adversary behavior and defensive gaps. The recommendations include adopting phish-resistant authentication, implementing a risk-based vulnerability management program, tracking and retiring end-of-life technology on a defined schedule, and managing third-party risk, among others.
- “Operation Winter SHIELD is based on lessons learned from the most significant nation state and criminal cyber investigations,” said John Riggi, AHA national advisor for cybersecurity and risk. “In sum, agencies involved focused on the most common methodologies threat actors are using to ‘beat us,’ and what cyber defensive measures are the most effective at reducing cyber risk and increasing resiliency and recovery. There is nothing surprising on the list, but the landmark campaign serves as an excellent validation and a concise summary of cybersecurity best practices. Operation Winter SHIELD also acknowledges the private sector’s crucial role in defending the nation’s critical infrastructure against the very real and very serious cyber threats we face as a nation.”

Cyberscoop tells us,
- “The internet domain registration system is a major weakness that malicious hackers can exploit, but is often being overlooked, a senior Secret Service official said Thursday.
- “It is staggering to me that we live in a world where domain registrars and registrars will do bulk registration of various spellings of a major institution’s brand name to create URLs to then use in phishing campaigns or in fraudulent advertising,” the official, Matt Noyes, said at a conference in Washington, D.C.
- “It was one of two areas Noyes identified as attack vectors that aren’t adequately being addressed during a panel at the 2026 Identity, Authentication and the Road Ahead Policy Forum, along with susceptibility to business email compromise scams.
- “The problem is in how the Internet Assigned Numbers Authority (IANA) functions, he said. A decade ago, the United States relinquished its control of that process.

The Register informs us,
- “Ransomware crims have just lost one of their best business platforms. US law enforcement has seized the notorious RAMP cybercrime forum’s dark web and clearnet domains.
- “RAMP, which stands for Russian Anonymous Marketplace, was an online souk, favored by ransomware-as-a-service gangs, extortionists, initial access brokers, and other miscreants specializing in digital crime. Its websites now say “This Site Has Been Seized,” with the notice attributing the takedown to the FBI in coordination with the US Attorney’s Office for the Southern District of Florida and the Computer Crime and Intellectual Property Section of the Department of Justice.” * * *
- “It’s ~~highly unlikely~~ impossible that this takedown signals the end of ransomware and other crime crews who used RAMP’s websites to buy and sell malware and exploits and recruit affiliates. Much like horror-movie monsters, cybercrime forums never really die, and their users will likely scatter to other underground marketplaces to buy and sell their illicit services.
- “Still, “its loss represents a meaningful disruption to a core piece of criminal infrastructure,” Tammy Harper, a senior threat intelligence researcher at Flare who specializes in ransomware research, told The Register.”

Per Cyberscoop,
- “Millions of devices used as proxies by cybercriminals, espionage groups and data thieves have been removed from circulation following Google’s disruption of IPIDEA, a China-based residential proxy network. The reduction in available proxy devices came after Google’s Threat Intelligence Group used legal action and intelligence sharing to target the company’s domain infrastructure, Google said in a blog post Wednesday.
- “Google’s action, aided by Cloudflare, Lumen’s Black Lotus Labs and Spur, impaired some of IPIDEA’s proxy infrastructure, but not all of it. The coordinated strikes against malicious infrastructure underscore the back-and-forth struggle threat hunters confront when they take out pieces of cybercriminals’ vast and growing infrastructure.
- “Initial data indicates IPIDEA’s proxy network was cut by about 40%.
- “We have still seen around 5 million distinct bots communicating with the IPIDEA command and control servers, so as of now they are still able to operate with a large volume of proxies,” Chris Formosa, senior lead information security engineer at Lumen Technologies’ Black Lotus Labs, told CyberScoop Thursday.”

From the cybersecurity breaches and vulnerabilities front,

Cybersecurity Dive reports,
- “The share of cyberattacks that relied on vulnerability exploitation as the initial means of access dropped in the fourth quarter of 2025, although it still remained high, researchers from Cisco’s Talos threat intelligence team said in a blog post published on Thursday.
- “Nearly 40% of the incidents to which Cisco responded in Q4 began with the exploitation of public-facing network services, compared with 62% in the third quarter.
- “Cisco also saw fewer ransomware attacks in Q4 (13% of all incidents) compared with Q3 (when it was 20%) and the first half of the year (when it was nearly 50% in both Q1 and Q2).
- “Notably, Cisco said it “did not respond to any previously unseen ransomware variants.”
and
- “Federal authorities and security researchers are warning about a critical vulnerability in Fortinet FortiCloud single sign-on, which is currently under exploitation.
- “The flaw, tracked as CVE-2026-24858, allows an attacker with a registered device and a FortiCloud account to access devices registered to other accounts. FortiCloud SSO authentication needs to be enabled in those other devices in order for the attack to work.
- “The Cybersecurity and Infrastructure Security Agency on Wednesday warned that Fortinet has confirmed several forms of malicious activity, including hackers changing firewall configurations on FortiGate devices, creating false unauthorized accounts and making changes on VPN accounts in order to get access to new accounts.”

Cyberscoop relates,
- “Google Threat Intelligence Group warned that a diverse and growing collection of attackers, including nation-state groups and financially motivated cybercriminals, are exploiting a path-traversal vulnerability affecting WinRAR that was disclosed and patched six months ago.
- “The high-severity vulnerability — CVE-2025-8088 — was exploited in the wild almost two weeks before RARLAB, the vendor behind the file archiver tool, addressed the vulnerability in a software update in late July.
- “Active exploitation of the vulnerability has consistently extended to more threat groups during the past six months and remains ongoing. Google threat hunters have attributed attacks to at least three financially motivated attackers, four Russia state-sponsored groups and one attacker based in China.”
and
- “ChatGPT users beware: your browser extensions could be used to steal your accounts and identity.
- “LayerX Research has identified at least 16 Chrome browser extensions for ChatGPT floating around the internet that promise to enhance work productivity. All show signs of being built by the same threat actor and designed for the same purpose: to pilfer account credentials.
- “According to security researcher Natalie Zargarov, as legitimate AI browser extensions have become more widely used, “many of these extensions mimic known brands to gain users’ trust, particularly those designed to enhance interaction with large language models.”
- “As these extensions increasingly require deep integration with authenticated web applications, they introduce a materially expanded browser attack surface,” Zargarov wrote.”

CISA added seven five known exploited vulnerabilities to its catalog this week.
- January 26, 2025
  - CVE-2018-14634 Linux Kernel Integer Overflow Vulnerability
  - CVE-2025-52691 SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability
  - CVE-2026-21509 Microsoft Office Security Feature Bypass Vulnerability
  - CVE-2026-23760 SmarterTools SmarterMail Authentication Bypass Using an Alternate Path or Channel Vulnerability
  - CVE-2026-24061 GNU InetUtils Argument Injection Vulnerability
    - Security Affairs discusses these KVEs here.
- January 27, 2025
  - CVE-2026-24858 Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability
    - The Hacker News discusses this KVE here.
- January 29, 2025
  - CVE-2026-128 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
    - Bleeping Computer discusses this KVE here.
Cybersecurity Dive points out,
- “The cybercrime group ShinyHunters is claiming credit for at least five attacks related to a voice phishing campaign that previously was disclosed by security researchers at Okta.
- “Okta warned Thursday that a social engineering campaign using custom phishing kits was targeting Google, Microsoft and Okta environments using voice phishing techniques.
- ‘The phishing kits were capable of intercepting user credentials and persuading targeted users to skip multifactor authentication.”

Bank Info Security notes,
- “The victim count in a 2025 hack against a Maryland-based firm that provides “artificial intelligence-powered” administrative and technology services to healthcare practices soared to nearly 3.1 million nationwide, according to an updated breach report from Healthcare Interactive.
- “The company, more commonly known as HCIactive, previously filed lowball estimate breach reports to several state attorneys general. But in a Jan. 7 breach report submitted to Oregon state regulators, HCIactive said the incident affected a total of about 3.06 million individuals.
- “Based on HCIactive’s latest breach tally provided to Oregon regulators, the company’s hacking incident as of Wednesday would rank among the 10 largest of the 691 protected health information breaches reported in 2025.”

From the ransomware front,

WFSB (Hartford, CT) reports,
- “A ransomware attack has disrupted New Britain [CT]’s city network systems for more than 48 hours, forcing departments to operate with pen and paper while federal authorities investigate.
- “What began as a suspected cyberattack has been confirmed as a ransomware attack that started early Wednesday morning when the New Britain Police Department was notified of a network disruption that spread throughout the city’s internet server.” * * *
- “The city hopes to restore its server sometime this weekend. The attack comes as data breaches have increased significantly, with the Identity Theft Resource Center reporting that data breaches increased by five percent over the last year and 79 percent over the past five years.
- “One of those incidents included a phishing attack that hit a New Haven [CT] High School.”

Sophos explains how ransomware operators choose victims.
- “Counter Threat Unit™ (CTU) researchers are frequently asked about ransomware groups posing a threat to organizations in specific verticals or geographic locations. These questions usually follow the publication of third-party reports that highlight how a particular ransomware group is “targeting” a specific sector. CTU™ researchers understand the concerns but maintain that focusing on defending against specific groups is not the best way to avoid becoming a victim of ransomware. As the majority of ransomware attacks are opportunistic, organizations should instead consider how they can best prepare for any ransomware or data theft attack, regardless of the perpetrators.
- “How threat actors choose their victims and deploy ransomware depends on their motivations. Cybercriminals want to make money, so all organizations are potential victims of these groups. In contrast, state-sponsored actors use ransomware for destructive purposes, to obscure espionage activity, to generate revenue, or to achieve a combination of these outcomes. Each of these groups therefore has a separate threat profile, and the organizations at risk can vary greatly.”

Panda Security shares “50+ Ransomware Statistics Vital for Security in 2026.”
- “Ransomware statistics for 2026 reveal how widespread attacks have become and why awareness is your first line of defense.”

Per Dark Reading,
- “Victims hit with the emerging Sicarii ransomware should never opt to pay up: the decryption process doesn’t work, likely a result of an unskilled cybercriminal using vibe-coding to create it.
- “Researchers at Halcyon’s Ransomware Research Center observed a technical flaw where even if a victim pays, the decryption process fails in such a way where not even the threat actor can fix the issue. Paying the ransom is, of course, not recommended in general, as doing so funds further cybercrime and doesn’t necessarily guarantee your data is safe, nor that attackers wouldn’t simply exploit you again.”

Bleeping Computer lets us know,
- “Marquis Software Solutions, a Texas-based financial services provider, is blaming a ransomware attack that impacted its systems and affected dozens of U.S. banks and credit unions in August 2025 on a security breach reported by SonicWall a month later.
- “The software company provides data analytics, compliance reporting, CRM tools, and digital marketing services to more than 700 banks, credit unions, and mortgage lenders across the United States.
- “In statements to customers earlier this week seen by BleepingComputer, Marquis says the ransomware operators didn’t breach its systems by exploiting an unpatched SonicWall firewall, as previously believed.
- “Instead, the attackers used information obtained from firewall configuration backup files stolen after gaining unauthorized access to SonicWall’s MySonicWall online customer portal.
- “Based on the ongoing third-party investigation, we have determined that the threat actor that attacked Marquis was able to circumvent our firewall by leveraging the configuration data extracted from the service provider’s cloud backup breach,” Marquis said.”

Dark Reading considers “How Can CISOs Respond to Ransomware Getting More Violent?”
- “Ransomware defense requires focusing on business resilience. This means patching issues promptly, improving user education, and deploying multifactor authentication.”

From the cybersecurity defenses front,

Security Week explores offensive cybersecurity.

Cyberscooop observes that “Cybersecurity can be America’s secret weapon in the AI race.”
- “Beijing is aggressively exploiting global data for strategic purposes. AI-powered cybersecurity is essential to Washington’s counter-offensive to win the global market.”

Dark Reading shines a light on “From Quantum to AI Risks: Preparing for Cybersecurity’s Future.”
- “In the latest edition of “Reporters’ Notebook,” a trio of journalists urge the cybersecurity industry to prioritize patching vulnerabilities, preparing for quantum threats, and refining AI applications.”
and
- “Out-of-the-Box Expectations for 2026 Reveal a Grab-Bag of Risk.”
  - “Security teams need to be thinking about this list of emerging cybersecurity realities, to avoid rolling the dice on enterprise security risks (and opportunities).”

The Hackers News calls attention to “3 Decisions CISOs Need to Make to Prevent Downtime Risk in 2026.”
- “Prioritizing relevant threat intelligence, filling operational gaps, and improving the entire workflow from triage to response directly impacts performance rates across SOCs. For CISOs, this translated into a clear priority: take targeted action to reduce dwell time by empowering analysts with actionable, relevant, and unique threat intelligence feeds, enabling fast and confident decision-making.”
Here’s a link to Dark Reading’s CISO Corner.

Monday report

David Ermer–CMS, Congress, FDA, Generative AI, Medical / Rx research, Medicare, Mental health care, No Surprises Act, Patient safety, U.S. Healthcare–January 26, 2026January 26, 2026

From Washington, DC

Roll Call reports,
- “The Senate inched closer to triggering a partial government shutdown Monday as GOP leaders pushed forward with a $1.33 trillion funding package that includes a Homeland Security bill Democrats vowed to oppose.
- “With only four days left before current funding for most federal agencies runs out, both parties sought to find an exit ramp from the road to a shutdown that neither side wants.”

The Wall Street Journal reports,
- “The Trump administration is proposing a .09% average payment increase for Medicare Advantage plans in 2027, significantly below Wall Street’s roughly 4% to 6% expectations.
- “The proposal also includes eliminating payments tied to diagnoses from insurer medical chart reviews not linked to specific medical visits, reducing the 2027 payment rate by 1.53 percentage points.
- “Overall payments are projected to increase by 2.54% for 2027, combining the proposed rate changes with an additional 2.45% from underlying billing trends.”

Here are links to CMS’s fact sheet and AHIP’s reaction.

Per another CMS news release,
- “The Centers for Medicare & Medicaid Services (CMS) today issued an Advance Notice of Proposed Rulemaking (ANPRM) seeking public feedback on potential approaches to strengthen the American-made supply chain for personal protective equipment (PPE) and essential medicines. Building on lessons learned during the COVID-19 public health emergency, the agency is exploring ways to reduce reliance on foreign-made medical supplies and enhance the nation’s readiness for future emergencies while supporting American workers and manufacturers.” * * *
- “Information on how to submit comments is available via the Federal Register at: https://www.federalregister.gov/public-inspection/current. There is a 60-day comment period.”
The American Hospital Association (AHA) News notes,
- The AHA Jan. 26 urged the Health Resources and Services Administration to take immediate action to stop a new Eli Lilly and Company policy from taking effect on Feb. 1, including by “assessing civil monetary penalties for intentionally overcharging 340B hospitals.”
- On Jan. 15, Lilly issued a notice to all 340B covered entities that the company was updating its data requirements for its 340B distribution program. The policy would require 340B covered entities to submit claims data for all dispensations of all Lilly drugs, regardless of setting.
- “All told, Lilly’s draconian new policy is a case of ‘déjà vu all over again,’” the AHA wrote. “Once more, we have a drug company taking unilateral action against 340B hospitals based on flawed legal and policy reasoning, testing the limits of the law and challenging HRSA’s authority over the 340B Program. Much like its 2021 contract pharmacy restrictions and its 2024 unilateral rebate policy, Lilly seeks to boost its bottom line at the expense of 340B hospitals and the vulnerable patients they serve.”

Healthcare Dive reports,
- “Providers and health insurers submitted almost 1.2 million cases to a federal portal meant to resolve disputes over surprise medical bills in the first half of 2025 — almost 40% more than in the last six months of 2024, according to new data from the CMS.
- “Arbiters are handling the rising volume while cutting into the existing backlog, processing more than 1.3 million disputes in the first half of the year, the CMS said. That’s up almost 50% from the prior six months.
- “Still, despite faster closures, the independent dispute resolution process remains dogged by problems. Many submitted disputes are actually ineligible for IDR, and parsing through those is the primary cause of delays, the CMS said. And, the lion’s share of disputes continue to be submitted by a handful of mostly private equity backed-provider groups, raising concerns IDR is being exploited for profit.”

The AHA News adds,
- “The Departments of Health and Human Services, Labor, and the Treasury have added Dane Street, LLC as a new independent dispute resolution entity, bringing the total number to 16. IDR arbitrators help make payment determinations in disputes between providers, group health plans and health insurance issuers under the No Surprises Act.”

OPM Director Scott Kupor writes in his Secrets of OPM blog about “the performance management priorities and actions the Trump Administration is taking on behalf of the American people.”

From the Food and Drug Administration front,

Fierce Healthcare relates,
- “Aidoc has secured 11 new indications from the Food and Drug Administration (FDA), bringing a comprehensive body CT triage solution to emergency departments and ambulatory settings to reduce patient backlogs.
- “Aidoc, a clinical artificial intelligence company, is trying to solve the root issue of overcrowding in emergency departments and provider offices. The company argues that providers’ operational workflows, which mostly prioritize patients on a “first come, first serve” basis, don’t work well.
- “Instead of first-in, first-out, Aidoc’s AI triage solution can prioritize scans based on its initial review of the images. Those scans are then moved up in the queue for radiologists to review, allowing acutely ill patients to receive care more quickly.”

MedTech Dive points out,
- “Intuitive Surgical on Monday provided more details about its new cardiac surgery initiative for the da Vinci 5 robot, including specifying nine procedures that received U.S. clearance.
- “Among those are mitral and tricuspid valve repair, mitral valve replacement, and left atrial appendage closure — procedures that comprise key businesses for heart device companies such as Boston Scientific, Abbott and Edwards Lifesciences.
- “Intuitive said cardiac procedures with da Vinci 5 can enable surgeons to operate through small incisions without splitting the breastbone, which is typically required in open heart surgery.” * * *
- “The update comes after Intuitive executives told analysts on an earnings call last week that the Food and Drug Administration had cleared the robot for cardiac surgery.”
- “Intuitive said it plans to begin working with a limited number of U.S. sites through 2026 to establish da Vinci 5 cardiac programs.”

From the public health and medical / Rx research front,

The Wall Street Journal reports,
- “The American Academy of Pediatrics recommends children be vaccinated against 18 diseases, more than the U.S. government directs after it overhauled its schedule.
- “The doctors group, which released its recommendations Monday, kept its guidance largely unchanged from its previous version from last year. The group said it doesn’t endorse the Centers for Disease Control and Prevention’s childhood-vaccine schedule. The agency now recommends all children get vaccinated against 11 diseases.”

A commentator, writing in STAT News, observes,
- “The recent overhaul of the U.S. pediatric vaccine schedule under Health and Human Services Secretary Robert F. Kennedy Jr. touched off a firestorm of criticism — most of it for demoting six vaccines from routinely recommended to “shared clinical decision-making” (SCDM). The implication was that these six vaccines are optional, less safe, or less useful than the routinely recommended ones.
- “Like nearly everyone in public health, I agree that the evidence for the safety and efficacy of the six vaccines is robust and hasn’t changed.
- “But in its urge to say what Kennedy gets wrong, the public health and medical community is actively resisting something he gets right: Vaccination decisions belong to patients and their parents, guided by candid advice from health care professionals.”

The American Medical Association lets us know what doctors wish their patients knew about polio.

The New York Times relates,
- “For years, the nonprofit groups that coordinate transplants in the United States regularly ignored federal rules — skipping patients at the top of waiting lists and sending organs to those who weren’t as sick and hadn’t waited as long.
- “But new federal data shows that the rate of skipped patients has dropped by more than half in recent months, a change that reflects a far-reaching effort to make the transplant system fairer and safer.
- “This is truly great news for patients and the system,” said Dr. Jesse Roach of the National Kidney Foundation. “We need to continue to monitor it, to ensure the system is fair, efficient and transparent. But this is a win.”

Beckers Clinical Leadership informs us,
- “The Joint Commission and the National Quality Forum are aligning their serious safety event reporting frameworks in an effort to reduce redundancy and ease the administrative burden on healthcare providers.
- “Effective Jan. 1, 2027, The Joint Commission will adopt the NQF’s Serious Reportable Events, or SRE List, across all accredited domestic and international organizations, according to a Jan. 26 news release from the organizations. Three workplace safety events — homicide, sexual abuse or assault, and physical assault of staff — will be retained as part of the revised SRE list.
- “Leaders of both organizations said consolidating around the NQF list will simplify reporting for clinicians and hospitals while providing a more consistent, standardized framework for measuring and tracking patient safety events across states and health systems.”

Genetic Engineering and BioTechnology News notes,
- “It is known that inflammatory bowel disease (IBD) increases the risk of colorectal cancer (CRC). But the underlying mechanism—and the genetic drivers—between this link remain yet to be determined. Genetic variants in TNFSF15, encoding tumor necrosis factor (TNF)-like cytokine 1A (TL1A), are associated with both severe IBD and advanced CRC.
- “Now, a new study points to immune reactions in the gut—driven by a key signaling protein and a surge of white blood cells from the bone marrow—to help explain why people with inflammatory bowel disease have a higher risk of colorectal cancer.
- “This work is published in Immunity in the paper, “Innate lymphoid cells activated by the cytokine TL1A link colitis to emergency granulopoiesis and the recruitment of tumor-promoting neutrophils.”

Per Healio,
- “Researchers compared the outcomes of more than 40,000 infants who were immunized through nirsevimab or maternal RSV vaccination.
- “Nirsevimab was associated with fewer severe outcomes than the maternal vaccine.” * * *
- “Our results should not be interpreted as evidence against maternal RSV vaccination,” Marie Joelle Jabagi, PharmD, PhD, MPH, said. “Instead, they underscore that clinicians should individualize prevention strategies based on clinical context, access to care and timing within the RSV season. Both approaches remain valuable and may be complementary, particularly in efforts to maximize population-level protection against RSV.”

Per Health Day,
- “Childhood ADHD can set a person up to have poor health in middle age, a new study says.
- “People with ADHD traits at age 10 are likely to have chronic illness and disability at age 46, researchers reported Jan. 21 in JAMA Network Open.
- ‘The study said these health problems can include asthma, migraines, back problems, cancer, epilepsy, hearing problems, GI disorders, kidney disease and diabetes.
- “We have added to the concerning evidence base that people with ADHD are more likely to experience worse health than average across their lifespan,” said lead researcher Joshua Stott, a professor of aging and clinical psychology at University College London in the U.K.
- “People with ADHD can thrive with the right support, but this is often lacking, both due to a shortage of tailored support services but also because ADHD remains underdiagnosed, particularly in people in midlife and older, with needs unaddressed,” Stott said in a news release.”

From the U.S. healthcare business and artificial intelligence front,

The Street reports
- “The Centers for Medicare & Medicaid Services (CMS) recently published some in-the-weeds datasets on the use of, and spending for, drugs prescribed to Medicare beneficiaries.
- “There’s the Medicare Quarterly Part B and Part D Drug Spending Datasets and the annual version of the Medicare Part B and Part D Drug Spending datasets.”
- The Street feature a 13 minute webinar with a consultant who has used the data sets (plus a transcript of that webinar).

Fierce Healthcare brings us up to date on health system owned Medicare Advantage plans.

Beckers Hospital Review tells us,
- “More than 500,000 providers prescribed GLP-1s in 2025, with wide variation between specialties, according to a Jan. 22 article from IQVIA, a clinical research firm.
- “GLP-1 medications are approved for several conditions, including Type 2 diabetes, obesity, cardiovascular disease, chronic kidney disease, liver disease and sleep apnea. Among GLP-1 drugs approved for weight loss — Novo Nordisk’s Wegovy and Eli Lilly’s Zepbound — adoption and prescribing trends differed across provider specialties.
- “Endocrinologists stand out as both quick adopters of Wegovy and subsequent high writers for Zepbound, leveraging their expertise in managing complex metabolic conditions to integrate new treatments earlier,” according to IQVIA. “Their readiness to prescribe is shaped by familiarity with the mechanisms of GLP-1 therapies and a patient base that often presents with comorbidities where these drugs deliver added value.”
- “Primary care providers account for the largest share of GLP-1 prescriptions due their broad patient base. However, in contrast to endocrinologists, they have been slower to adopt GLP-1s, which IQVIA defines as prescribing a GLP-1 within the first 1.75 years of the drug entering the market.”

Per BioPharma Dive,
- “Children with Duchenne muscular dystrophy who received Sarepta Therapeutics’ gene therapy Elevidys in a clinical trial continued to perform better on tests of motor function than historical data suggests they should, and the benefits appear to compound with time, the company said Monday.
- “According to Sarepta, patients in the study, Embark, had greater reductions on three measures of function than a matched historical control group, with the gap “significantly widening” between two and three years after treatment. Doug Ingram, Sarepta’s CEO, said the data is an opportunity to “rebalance the discussion” surrounding Elevidys, sales of which have slowed amid safety concerns and newly restrictive labeling.
- “In research notes published Monday, multiple Wall Street analysts viewed the data as a positive development for the company. They also noted, though, that investors will be more focused on whether the results translate to sales growth. Sarepta shares, which have lost much of their value over the last year, rose by double digits in morning trading.”

MedCity News considers “what does OpenAI and Anthropic’s healthcare push mean for the industry?”
- “As OpenAI and Anthropic move deeper into healthcare, experts say AI chatbots are becoming the new front door to medicine. This shift is shaking things up for some health tech startups, redefining the patient-provider relationship, and intensifying debates over safety, privacy and accountability.:

Cybersecurity Saturday

David Ermer–Cybersecurity, Generative AI–January 24, 2026January 24, 2026

From the cybersecurity policy and law enforcement front,

Federal News Network reported last Tuesday,
- “Lawmakers are moving to extend key cybersecurity information authorities and grant programs, while also providing funds for the Cybersecurity and Infrastructure Security Agency to fill “critical” positions.
- “The “minibus” appropriations agreement released by House and Senate negotiators on Tuesday includes fiscal 2026 funding for the Department of Homeland Security. DHS funding could be a sticking point in moving the bill forward, as some Democrats want more restrictions around the Trump administration’s immigration enforcement operations.
- “The bill also extends the Cybersecurity Information Sharing Act of 2015 (CISA 2015) and the State and Local Cybersecurity Grant Program through the end of fiscal 2026. Both laws are set to expire at the end of this month.
- “The extension would give lawmakers more time to work out differences between competing versions of CISA 2015 reauthorizations in the House and Senate.”

Roll Call adds,
- “The House passed a roughly $1.25 trillion spending package Thursday in a pair of votes that overcame internal GOP divisions and Democratic protests over the Trump administration’s immigration policies.
- “The most closely watched of the four bills at stake was the Homeland Security measure, which was at greatest risk of defeat amid an immigration crackdown that raised civil rights concerns.
- “But the bill, which was taken up separately from the rest of the package, passed on a 220-207 vote. Seven Democrats joined almost all Republicans to support the measure. Kentucky Rep. Thomas Massie was the lone GOP dissenter.” * * *
- “The Senate plans to take up that [bi-partisan, bi-cameral] mega package next week to meet a Jan. 30 deadline, when current funding for most federal agencies is set to run out.”

Cyberscoop tells us,
- “The acting head of the Cybersecurity and Infrastructure Security Agency faced pointed questions from lawmakers Wednesday [January 21, 2026] over CISA personnel decisions and staffing levels.
- “Members of the House Homeland Security Committee asked Madhu Gottumukkala about a reported attempt to fire the agency’s chief information officer, efforts to push out a large number of staff and whether CISA had enough people to do the job.
- “Gottumukkala at times sidestepped the questions, with the probing coming from both sides of the aisle. However, Democrats exhibited deeper worries about the agency’s workforce and its ability to do its job.
- “Cutbacks at CISA after employees were “bullied into quitting” — among other methods of reducing CISA’s size — have “weakened our defenses and left our critical systems and infrastructure more exposed, and the American people more vulnerable,” said Rep. James Walkinshaw, D-Va.
- “Said Chairman Andrew Garbarino, R-N.Y.: “This committee supports the administration’s goal of aligning department [of Homeland Security] resources towards urgent homeland security priorities. At the same time, workforce continuity, clear leadership and mission readiness are essential to effective cyber defenses.”
Cybersecurity Dive informs us,
- “The National Institute of Standards and Technology is reevaluating its role in analyzing software vulnerabilities as it tries to meet skyrocketing demand for vulnerability analysis and reassure partners about the government’s continuing commitment to the program that catalogs those flaws.
- “We’ve been doing more and more thinking about the [National Vulnerability Database] and, strategically, how we’re planning on moving forward,” Jon Boyens, the acting chief of NIST’s Computer Security Division, told members of the agency’s Information Security and Privacy Advisory Board during a quarterly meeting on Thursday [January 22, 2026]. * * *
- To solve this {skyrocketing demand] problem, NIST will begin prioritizing which vulnerabilities it enriches based on several factors, including whether a vulnerability appears in the Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities catalog, whether it exists in software that federal agencies use and whether it exists in software that NIST defines as critical.
- “All CVEs aren’t equal,” Boyens said. “We’re in the process of defining that prioritization. We’ve had an informal prioritization for a while. We want to formalize it now.”

Cyberscoop relates,
- “Russian national pleaded guilty to leading a ransomware conspiracy that targeted at least 50 victims during a four-year period ending in August 2022.
- “Ianis Aleksandrovich Antropenko began participating in ransomware attacks before moving to the United States, but conducted many of his crimes while living in Florida and California, where he’s been out on bond enjoying rare leniency since his arrest in 2024.
- “Antropenko pleaded guilty in the U.S. District Court for the Northern District of Texas earlier this month to conspiracy to commit money laundering and conspiracy to commit computer fraud and abuse. He faces up to 25 years in jail, fines up to $750,000 and is ordered to pay restitution to his victims and forfeit property.
- “Federal prosecutors reached a plea agreement with Antropenko after a years-long investigation, closing one of the more unusual cases against a Russian ransomware operator who committed many of his crimes while living in the U.S.”
and
- “Law enforcement agencies from multiple European countries are still pursuing leads on people involved in the Black Basta ransomware group, nearly a year after the group’s internal chat logs were leaked, exposing key details about its operations, and at least six months since the group claimed responsibility for new attacks.
- “Officials in Ukraine and Germany said they raided the homes of two Russian nationalsaccused of participating in Black Basta’s crimes and effectively halted their operations. The pair of alleged criminals who were living in Ukraine were not named.
- “German police publicly identified a third Russian national — Oleg Evgenievich Nefedov — as Black Basta’s alleged leader. Nefedov, a 35-year-old who was subsequently added to the most-wanted lists of Europol and Interpol, allegedly formed and ran Black Basta since 2022, authorities said.
- “He is accused of extorting more than 100 companies in Germany and about 600 other countries globally. Nefedov’s current whereabouts are unknown, but he is believed to be living in Russia.”

From the cybersecurity vulnerabilities front,

Cyberscoop reports,
- “European cybersecurity organization has launched a decentralized system for identifying and numbering software security vulnerabilities, introducing a fundamental shift in how the global technology community could track and manage security flaws.
- “The Global CVE Allocation System, or GCVE, will be maintained by The Computer Incident Response Center Luxembourg (CIRCL) as an alternative to the traditional Common Vulnerabilities and Exposures program, which narrowly avoided shutdown last April when the Cybersecurity and Infrastructure Security Agency initially failed to renew its contract with MITRE, the nonprofit that operates the CVE system. A last-minute extension averted immediate collapse, but the near-miss exposed the 25-year-old program’s dependence on a single funding source and triggered development of competing models.
- “Unlike the traditional CVE system, which relies on a centralized structure for assigning vulnerability identifiers, GCVE introduces independent numbering authorities that can allocate identifiers without seeking blocks pre-allocated from a central body or adhering strictly to centrally enforced policies. Each approved numbering authority receives a unique numeric identifier that becomes part of the vulnerability identification format, allowing organizations to assign identifiers at their own pace and define their own internal policies for vulnerability identification.
- “The system maintains backward compatibility with the existing CVE infrastructure through a technical accommodation. All existing and future standard CVE identifiers are represented within the GCVE system using the reserved numbering authority designation of zero. A vulnerability identified as CVE-2023-40224 in the traditional system can be represented as GCVE-0-2023-40224, allowing the new framework to coexist with established practices without disrupting existing databases and tools.”

CISA added six known exploited vulnerabities to its catalog this week.
- January 21, 2026
  - CVE-2026-20045 Cisco Unified Communications Products Code Injection Vulnerability
    - Security Week discusses this KVE here.
- January 22, 2026
  - CVE-2025-31125 Vite Vitejs Improper Access Control Vulnerability
  - CVE-2025-34026 Versa Concerto Improper Authentication Vulnerability
  - CVE-2025-54313 Prettier eslint-config-prettier Embedded Malicious Code Vulnerability
  - CVE-2025-68645 Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability
    - Bleeping Computer discusses these KVEs here.
- January 23, 2026
  - CVE-2024-37079 Broadcom VMware vCenter Server Out-of-bounds Write Vulnerability
    - The Hacker News discusses this KVE here.

Bleeping Computer adds,
- “Days after admins began reporting that their fully patched firewalls are being hacked, Fortinet confirmed it’s working to fully address a critical FortiCloud SSO authentication bypass vulnerability that should have already been patched since early December.
- “This comes after a wave of reports from Fortinet customers about threat actors exploiting a patch bypass for the CVE-2025-59718 vulnerability to compromise fully patched firewalls.
- “Cybersecurity company Arctic Wolf said on Wednesday [January 21, 2026] that the campaign began on January 15, with attackers creating accounts with VPN access and stealing firewall configurations within seconds, in what appear to be automated attacks. It also added that the attacks are very similar to incidents it documented in December, following the disclosure of the CVE-2025-59718 critical vulnerability in Fortinet products.
- “On Thursday, Fortinet finally confirmed these reports, stating that ongoing CVE-2025-59718 attacks match December’s malicious activity and that it’s now working to fully patch the flaw.”

Cybersecurity Dive lets us know,
- “LastPass on Tuesday warned of a phishing campaign with false claims that the company is conducting maintenance and asking customers to back up their vaults in the next 24 hours, according to an alert released by the company.
- LastPass said the campaign began on or about Monday, which was Martin Luther King Jr. Day, when many U.S. businesses were closed. The company emphasized the email is not a legitimate request and confirmed that customers are being targeted in a social engineering campaign.
- “This campaign is designed to create a false sense of urgency, which is one of the most common and effective tactics we see in phishing attacks,” a spokesperson for LastPass said in a statement.
- The spokesperson added that LastPass would never ask customers for their master passwords or demand action. under a tight deadline.
and
- “AI agents are involved in 40% of insider cybersecurity threats, according to a report by managed security service provider Akati Sekurity.
- “Non-human identities outnumber humans 144 to one in the average business and constitute an attack surface IT teams, service providers and vendors are ill-equipped to defend, Akati CEO Krishna Rajagopal told Channel Dive.
- “[Partners] are focused on making sure that the LLMs are secure and doing an assessment, looking at the security of the MCP server. But there is this little worm — literally the agentic agent — that can [go] rogue, and if that goes rogue, most MSPs and MSSPs currently do not have an answer for,” Rajagopal said.”

Dark Reading relates,
- “A zero-day vulnerability affecting a range of Cisco’s unified communications products has been exploited by threat actors, though details of the activity are unclear.
- “Cisco on Wednesday disclosed and patched CVE-2026-20045, a remote code execution (RCE) vulnerability in Cisco’s Unified Communications Manager(UCM) as well as other products. Cisco has 30 million users for UCM, which provides IP-based voice, video, conferencing, and collaboration for enterpises — so the potential impact could be vast.”

From the ransomware front,

The Hackers News reports,
- “Cybersecurity researchers have disclosed details of a new ransomware family called Osiris that targeted a major food service franchisee operator in Southeast Asia in November 2025.
- “The attack leveraged a malicious driver called POORTRY as part of a known technique referred to as bring your own vulnerable driver (BYOVD) to disarm security software, the Symantec and Carbon Black Threat Hunter Team said.
- “It’s worth noting that Osiris is assessed to be a brand-new ransomware strain, sharing no similarities with another variant of the same name that emerged in December 2016 as an iteration of the Locky ransomware. It’s currently not known who the developers of the locker are, or if it’s advertised as a ransomware-as-a-service (RaaS).
- “However, the Broadcom-owned cybersecurity division said it identified clues that suggest the threat actors who deployed the ransomware may have been previously associated with INC ransomware (aka Warble).”

Bleeping Computer cautions,
- “The ShinyHunters extortion gang claims it is behind a wave of ongoing voice phishing attacks targeting single sign-on (SSO) accounts at Okta, Microsoft, and Google, enabling threat actors to breach corporate SaaS platforms and steal company data for extortion.
- “In these attacks, threat actors impersonate IT support and call employees, tricking them into entering their credentials and multi-factor authentication (MFA) codes on phishing sites that impersonate company login portals.
- “Once compromised, the attackers gain access to the victim’s SSO account, which can provide access to other connected enterprise applications and services.”

Fox News tells us,
- “Cybercriminals are happy to target almost any industry where data can be stolen. In many cases, less prepared and less security-focused companies are simply easier targets.
- “A recent ransomware attack on a company tied to dozens of gas stations across Texas shows exactly how this plays out. The incident exposed highly sensitive personal data, including Social Security numbers and driver’s license details, belonging to hundreds of thousands of people.
- “The breach went undetected for days, giving attackers ample time to move through internal systems and steal sensitive data. If you’ve ever paid at the pump or shopped inside one of these convenience stores, this is the kind of incident that should make you stop and pay attention.
- “According to a disclosure filed with the Maine Attorney General’s Office, Gulshan Management Services, Inc. reported a cybersecurity incident that impacted more than 377,000 individuals. Gulshan is linked to Gulshan Enterprises, which operates around 150 Handi Plus and Handi Stop gas stations and convenience stores across Texas.”
The HIPAA Journal calls our attention to four recent attacks against healthcare providers — here and here.

From the cybersecurity defenses front,

Cybersecurity Dive shares “Five cybersecurity trends to watch in 2026. Corporations across the globe are facing a dynamic risk environment, as AI adoption surges with few guardrails, business resilience takes center stage and the insurance industry raises major concerns.”
- AI governance and guardrails now front and center
- Cybersecurity regulatory shifts shape disclosures
- Cyber insurance enters new phase in pricing, coverage
- CVE crisis resolved while patching challenges remain
- Operational resilience becomes the new watchword for cyberattack readiness
and
- “CISOs are slightly less confident than CEOs that AI will improve their company’s cyber defenses, according to a new report.
- “Roughly 30% of CEOs think AI will help them with cybersecurity, while only 20% of CISOs said the same, Axis Capital said in its report.
- “The survey also revealed transatlantic disagreement about the value of AI and the dangers of AI-fueled cyberattacks.”

ISACA shares “Post Quantum Cryptography: A 12 Month Playbook for Digital Trust Professionals.”
- “The window for “harvest‑now, decrypt‑later” attacks is open, and the clock is ticking. With NIST’s first three post-quantum cryptography (PQC) standards now finalized (FIPS 203/204/205) and HQC selected in 2025 as an additional encryption option, audit, risk and security teams have the clarity they need to start moving with intent. This blog post distills the core ideas from our ISACA Journal article into a pragmatic, one-year plan you can run inside any enterprise.”

Here is a link to Dark Reading’s CISO Corner.

Cybersecurity Saturday

David Ermer–Cybersecurity, Generative AI–January 17, 2026January 17, 2026

From the cybersecurity policy and law enforcement front,

The Wall Street Journal reports,
- “Federal lawmakers next week are expected to revive efforts to renew lapsed cybersecurity legislation aimed at fostering collaboration between Washington and private-sector companies in chasing down state-sponsored hackers.
- “We’re making a hard push,” Rep. Andrew Garbarino, a New York Republican, said about extending the Cybersecurity Information Sharing Act, which provides liability and antitrust protections to companies sharing cyberattack intelligence with the federal government.
- “Garbarino at a congressional hearing Tuesday said House and Senate lawmakers on both sides of the aisle are committed to fully reauthorizing the decade-old legislation, known as CISA, beyond a reprieve passed in Novemberand set to expire at the end of January. Congress failed to approve a long-term extension before last year’s government shutdown in October.”

Cyberscoop tells us,
- “President Donald Trump re-nominated Sean Plankey to lead the Cybersecurity and Infrastructure Security Agency on Tuesday, after Plankey’s bid for the position ended last year stuck in the Senate.
- “It’s not clear whether or how Plankey’s resubmitted nomination will overcome the hurdles that left many observers convinced his chance of becoming CISA director had likely ended, but it does definitively signal that the Trump administration still wants Plankey to have the job.
- “Plankey’s nomination was included in a batch sent to the Senate announced on Tuesday [January 13].

Cybersecurity Dive informs us,
- “In an attempt to help critical infrastructure operators protect themselves from hackers, the U.S. and six other countries have published security guidance for organizations that run operational technology, offering advice on everything from network segmentation to activity logging.
- “Exposed and insecure OT connectivity is known to be targeted by both opportunistic and highly capable actors,” the authoring agencies — representing the U.S., Australia, Canada, Germany, the Netherlands, New Zealand and the United Kingdom — wrote in the document, “Secure connectivity principles for Operational Technology.”
- “Improving OT cybersecurity, the agencies added, “can challenge attackers’ efforts and raise the threshold necessary to cause physical harm, environmental impact, and disruption.”
and
- “The Department of Homeland Security is preparing to introduce a new system for holding sensitive discussions with critical infrastructure operators, replacing a framework that the Trump administration abruptly eliminated in its early days.
- “The new program, currently dubbed Alliance of National Councils for Homeland Operational Resilience (ANCHOR), will streamline the process through which federal agencies and infrastructure providers meet to discuss cyber and physical security threats, according to multiple people familiar with the matter, who requested anonymity to speak freely.”

Cyberscoop relates,
- “A 40-year-old Jordanian national pleaded guilty Thursday [January 15, 2026] to operating as an access broker, selling access to at least 50 victim company networks he broke into by exploiting two commercial firewall products in 2023, according to the Justice Department.
- Feras Khalil Ahmad Albashiti, who lived in the Republic of Georgia at the time, sold an undercover FBI agent unauthorized access to the victim networks on a cybercrime forum under the moniker “r1z” in May 2023, authorities said in court records.
- The undercover FBI agent continued communicating with Albashiti for the next five months, uncovering evidence of additional alleged crimes. He’s accused of selling malware that could turn off endpoint detection and response products from three different companies.
- Albashiti proved the malware worked when, unbeknownst to him, the FBI observed him use the EDR-killing malware on an FBI server the agency granted him access to as part of its investigation.

From the cybersecurity breaches and vulnerabilities front,

Cybersecurity Dive reports,
- “The healthcare sector experienced twice as many breaches in 2025 as it did in 2024, but the number of exposed patient records dropped precipitously, according to a new report from Fortified Health Security.
- “Ransomware attacks and third-party risk are powering the surge in breaches, with many of those intrusions now threatening operations more than data privacy.
- “The industry has shifted from major, headline events to a more taxing state of constant disruption,” Fortified said in its report.”
and
- “Cybersecurity remained the top risk concern among corporate leaders for a fifth year in a row, but AI jumped into the number two position, according to a report released Wednesday from Allianz Commercial.
- “AI rose sharply from the number 10 spot to the second biggest concern, indicating growing interest in how the technology might improve productivity, while also creating novel security challenges, according to the annual Allianz Risk Barometer.
- “Companies increasingly see AI not only as a powerful strategic opportunity, but also as a complex source of operational, legal and reputational risk,” Allianz chief economist Ludovic Subran told Cybersecurity Dive. “In many cases, adoption is moving faster than governance, regulation and workforce readiness can keep up.”

CISA added two known exploited vulnerabilities to its catalog this week.
- December 12, 2026
  - CVE-2025-8110 Gogs Path Traversal Vulnerability
    - The Hacker News discusses this KVE here.
- December 13, 2026
  - CVE-2026-20805 Microsoft Windows Information Disclosure Vulnerability
    - The Register discusses this KVE here.
Dark Reading informs us,
- “Linux systems may soon be facing a new threat with an advanced, cloud-first malware framework developed by China-affiliated actors that’s aimed at establishing persistent access to cloud and container environments.
- “Check Point Research discovered the framework, called VoidLink, which is comprised of cloud-focused capabilities and modules, including custom loaders, implants, rootkits, and modular plug-ins, according to a blog post published Tuesday [January 13]. Calling it an “impressive piece of software,” Check Point researchers said the framework is far more advanced than any current Linux-oriented malware.”
and
- “The year has barely begun, but 2026 is already in familiar territory for Fortinet customers, as a new vulnerability has come under attack.
- “On Jan. 13, Fortinet disclosed a critical flaw in its FortiSIEM platform, tracked as CVE-2025-64155 and assigned a 9.4 CVSS score. The OS command injection vulnerability allows an unauthenticated attacker to achieve remote code execution (RCE) on FortSIEM instances through crafted TCP requests.
- “Yesterday, cybersecurity vendor Defused warned in a post on X that CVE-2025-64155 had been exploited in the wild. Much of the threat activity observed by Defused’s honeypots came from different IP addresses, including three from Chinese providers.
- “In a LinkedIn post, Simo Kohonen, Defused founder and CEO, said the company’s honeypots had received a “good amount” of targeted exploitation activity that began almost immediately after public disclosure. China-nexus threat groups have heavily targeted Fortinet, along with other edge device vendors, in recent years.”
Cyberscoop points out,
- “Predator spyware operators have the ability to recognize why an infection failed, and the tech has more sophisticated capabilities for averting detection than previously known, according to research published Wednesday [January 14].
- Jamf Threat Labs found from an analysis of a Predator sample that it has an error code system that can alert operators to why an implant didn’t stick, with “error code 304” signifying that a target was running security or analysis tools.
- “This error code system transforms failed deployments from black boxes into diagnostic events,” Shen Yuan and Nir Avraham wrote for the company. “When an operator deploys Predator against a target and receives error code 304, they know the target is running security tools — not that the exploit failed, not that the device is incompatible, but specifically that active analysis is occurring.
- “This has direct implications for targeted individuals: if security analysis tools like Frida are running, Predator will abort deployment and report error code 304 to operators, who can then troubleshoot why their deployment failed,” they continued.

Bleeping Computer notes,
- Security researchers have discovered a critical vulnerability in Google’s Fast Pair protocol that can allow attackers to hijack Bluetooth audio accessories, track users, and eavesdrop on their conversations.
- The flaw (tracked as CVE-2025-36911 and dubbed WhisperPair) affects hundreds of millions of wireless headphones, earbuds, and speakers from multiple manufacturers that support Google’s Fast Pair feature. It affects users regardless of their smartphone operating system because the flaw lies in the accessories themselves, meaning that iPhone users with vulnerable Bluetooth devices are equally at risk.
- Researchers with KU Leuven’s Computer Security and Industrial Cryptography group who discovered it explain that the vulnerability stems from the improper implementation of the Fast Pair protocol in many flagship audio accessories.

Per SC Media,
- “A vulnerability in the AI-powered Cursor integrated development environment (IDE) could have enabled an attacker to conduct stealthy remote code execution (RCE) attacks via indirect prompt injection, Pillar Security reported Wednesday.
- “The flaw, tracked as CVE-2026-22708, arose from implicit trust in certain shell built-ins including “export” and “typeset,” which would allow them to be executed without any notification of or approval from the user, even when the user’s allowlist was empty.”

From the ransomware front,

The HIPAA Journal reports,
- “The threat from ransomware is greater than ever, according to a new report from GuidePoint Security. The cybersecurity firm recorded a 58% year-over-year increase in victims, making 2025 the most active year ever reported by GuidePoint Security. In 2025, GuidePoint Security tracked 2,287 unique victims in Q4, 2025 alone – the largest number of victims in any quarter tracked by the GuidePoint Research and Intelligence Team (GRIT). December was the most active month in terms of claimed victims, which increased 42% year-over-year to 814 attacks. On average, 145 new victims were added to dark web data leak sites every week in 2025, with the year ending with 7,515 claimed victims.
- “Law enforcement operations have targeted the most active groups, and there have been notable successes; however, they have had little effect on the number of victims, which continues to increase. Rather than the ransomware-as-a-service (RaaS) landscape being dominated by one or two major actors, law enforcement operations have helped create a highly fragmented ecosystem, with smaller groups conducting attacks in high volume, using repeatable operations. In 2025, GRIT tracked 124 distinct named ransomware groups – a 46% increase from 2024 and the highest number of groups ever recorded in a single year.
- “While ransomware attacks are conducted globally, as in previous years, ransomware actors are primarily focused on the United States, where 55% of attacks were conducted last year, followed by Canada, which accounted for 4.5% of attacks. The manufacturing sector was the most heavily targeted, accounting for 14% of attacks, followed by the technology sector (9%), and retail/wholesale (7%). Healthcare ranked in fourth spot, with more than 500 victims in 2025.”

Symantec adds,
- “The cyber-extortion epidemic reached new heights in 2025, with a record number of attacks recorded. As outlined in our new whitepaper, this increase is being powered by a new breed of attackers who eschew encryption and rely solely on data theft as leverage for extortion. By using zero-day vulnerabilities or exploiting weaknesses in the software supply chain, attackers can steal data from even the best-defended organizations before they become aware of the issue.
- Meanwhile, there has also been no decline in the number of attacks involving encryption. This is despite significant levels of disruption among key players, such as the collapse of LockBit in late 2024 and the closure of RansomHub in April 2025. Instead, other ransomware operators such as Akira, Qilin, Safepay and DragonForce expanded rapidly in the wake of those departures, quickly winning over affiliate attackers who previously worked with the departing actors.

The Register calls our attention to
- “Researchers at Group-IB say the DeadLock ransomware operation is using blockchain-based anti-detection methods to evade defenders’ attempts to analyze their tradecraft.
- “First spotted in July 2025, the DeadLock group has attacked a wide range of organizations while almost managing to stay under the radar.
- “It abandons the usual double extortion approach in which cybercrooks steal data, encrypt systems, and threaten to post it online for all to see if the victim refuses to pay a ransom.” * * *
- “But for the researchers at Group-IB, the old-school encryption-only model is not the most notable aspect of the DeadLock operation. Its use of Polygon smart contracts to obscure its command-and-control (C2) infrastructure is an unusual move that’s slowly gaining popularity.
- “Once a victim’s systems are encrypted, DeadLock drops an HTML file that acts as a wrapper for the decentralized messenger Session. This file replaces an instruction for the victim to download Session to communicate with DeadLock.
- “By using blockchain-based smart contracts to store the group’s proxy server URL – the one victims connect to before communicating with the criminals – it allows DeadLock to rotate this address frequently, making it difficult for defenders to permanently block its infrastructure.”

From the cybersecurity business and defenses front,

Dark Reading reports,
- “CrowdStrike continues its shopping spree, announcing plans to acquire browser security startup Seraphic Security. The acquisition will bring browser telemetry to the endpoint detection company’s flagship Falcon security platform.
- “Seraphic Security’s platform, which includes a secure Web gateway, zero-trust network access, and cloud access security browser, provides protection and detection capabilities to browsers. Enterprises can use the platform to provide their users with secure access to software-as-a-service and private Web applications. Security teams get a consistent secure browser experience across both managed and personal devices without the complexity or cost of deploying virtual desktop infrastructure or a virtual private network.” * * *
- “CrowdStrike plans to combine Seraphic’s “continuous in-session browser protection” with the identity protection and authorization capabilities from SGNL (announced last week) and Falcon’s existing endpoint telemetry and threat intelligence, according to the release announcing the acquisition. The combination will provide next-generation identity security that protects every interaction across endpoints, browser sessions, and the cloud, the company said.”

Bleeping Computer relates,
- “Microsoft announced on Wednesday [January 14] that it disrupted RedVDS, a massive cybercrime platform linked to at least $40 million in reported losses in the United States alone since March 2025.
- “Microsoft filed civil lawsuits in the United States and the United Kingdom, seizing malicious infrastructure and taking RedVDS’s marketplace and customer portal offline as part of a broader international operation with Europol and German authorities.
- ‘Two co-plaintiffs joined Microsoft in this action: H2-Pharma, an Alabama pharmaceutical company that lost $7.3 million in a business email compromise scheme, and the Gatehouse Dock Condominium Association in Florida, which lost nearly $500,000 in resident funds.”

Federal News Network tells us,
- “As the Defense Department moves to meet its 2027 deadline for completing a zero trust strategy, it’s critical that the military can ingest data from disparate sources while also being able to observe and secure systems that span all layers of data operations.
- “Gone are the days of secure moats. Interconnected cloud, edge, hybrid and services-based architectures have created new levels of complexity — and more avenues for bad actors to introduce threats.
- “The ultimate vision of zero trust can’t be accomplished through one-off integrations between systems or layers. For critical cybersecurity operations to succeed, zero trust must be based on fast, well-informed risk scoring and decision making that consider a myriad of indicators that are continually flowing from all pillars.
- “Short of rewriting every application, protocol and API schema to support new zero trust communication specifications, agencies must look to the one commonality across the pillars: They all produce data in the form of logs, metrics, traces and alerts. When brought together into an actionable speed layer, the data flowing from and between each pillar can become the basis for making better-informed zero trust decisions.”

Security Week notes,
- “Tracked as CVE-2025-20393 (CVSS score of 10/10), the security defect was disclosed on December 17, one week after Cisco’s Talos researchers observed its in-the-wild exploitation as a zero-day.
- “This attack allows the threat actors to execute arbitrary commands with root privileges on the underlying operating system of an affected appliance,” Cisco said at the time.
- “The company said the attacks targeted only a small set of appliances, and attributed the campaign to UAT-9686, a China-linked APT.
- “On Thursday, Cisco updated its advisory to provide information on the flaw, the affected products, and the available patches.
- “The flaw affects the Spam Quarantine feature of the AsyncOS software running on Secure Email Gateway and Cisco Secure Email and Web Manager, and exists due to insufficient validation of HTTP requests.’

SC Media considers,
- “The concerning cyber-physical security disconnect”
and
- “Five questions to ask about email whitelists.”

Here’s a link to Dark Reading’s CISO Corner.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.