Generative AI Archives - Ermer and Suter PLLC

Midweek Report

David Ermer–CDC, CMS, Congress, FDA, Generative AI, Medical / Rx research, Medicare, NIH, Obesity, Patient safety, U.S. Healthcare–March 12, 2025March 12, 2025

From Washington, DC

The Wall Street Journal reports,
- “Senate Minority Leader Chuck Schumer (D., N.Y.) threw a wrench into a Republican plan to avert a government shutdown this weekend, saying there wasn’t enough Democratic support to advance the measure funding federal agencies through Sept. 30.
- “Republicans “do not have the votes in the Senate,” to move the resolution forward, Schumer said on the Senate floor, indicating that his party was prepared to block it. He blamed Republicans, saying they “chose a partisan path” in their bill without any input from congressional Democrats.
- “As an alternative, Schumer floated a shorter-term plan that would fund the government for a month. “I hope my Republican colleagues will join us to avoid a shutdown on Friday,” he said.
- “Government funding will lapse at 12:01 a.m. Saturday if Congress doesn’t act. The GOP-led House left town after it approved Republicans’ resolution on Tuesday, effectively giving the Senate no time to revise the bill—but to simply pass it or reject it.”

The Hill adds,
- Some Democrats floated the idea that an amendment vote on the 30-day CR, which would fail, could be won in exchange for the requisite number of votes to advance the GOP bill. Some Republicans could support it, according to Sen. Tim Kaine (D-Va.), but not enough that it would be adopted.
- “It remains unclear whether Republicans would go along with that though. Senate Majority Leader John Thune (R-S.D.) did not fully shoot down the idea.
- “I think there would have to be some understanding,” he told The Hill on Wednesday evening. “We’ll see. I’m not sure exactly what their demand is — if they just need a vote on that, and if in exchange for that they’ll give us the votes to fund the government.”
- “Thune added that discussions are “going on right now” on a path forward, but he also panned the idea of a full shift to a 30-day CR in order to finish 2025 appropriations bills.”

The Wall Street Journal further tells us,
- “The Centers for Medicare and Medicaid Services plans to terminate four demonstration projects at the end of 2025, closing out models affecting primary care, kidney care and healthcare payments in the state of Maryland.
- “The agency will also make changes to other projects, including dropping a planned initiative that would offer certain generic drugs to Medicare enrollees for $2. CMS said its planned terminations would save nearly $750 million, and an agency official said the projects would affect millions of patients.”

Per Modern Healthcare,
- “Johnson & Johnson MedTech said Wednesday its Monarch Quest robotic platform received clearance from the Food and Drug Administration.
- “Robotic-assisted bronchoscopy is a minimally invasive technique that allows surgeons to reach airways and suspicious lung nodules.”

From the public health and medical research front,

The New York Times reports,
- “Measles continues to spread in West Texas and New Mexico, with more than 250 people infected — many unvaccinated school-age children. Two cases in Oklahoma, for which state officials have not provided a location, have also been linked to these outbreaks. Twelve other states have reported isolated measles cases, typically linked to international travel.”

The American Medical Association lets us know what doctors wish patients knew about measles.

STAT News reminds us,
- “The 2020s have inarguably been Covid-19’s decade.
- “Since the coronavirus outbreak was acknowledged as a pandemic exactly five years ago, the pandemic has killed well over 1 million Americans, derailed the global economy, and sparked political upheaval that continues today. It also yielded what many hail as the greatest scientific accomplishment in human history: the development of effective vaccines in under a year.
- “Yet in dominating the early 2020s, Covid-19 also distracted from what is arguably a more significant public health emergency. Even at the height of the pandemic, more young Americans died of drug overdose than Covid. And in the last year, the overall death toll from the country’s drug crisis has exceeded the Covid-19 pandemic as the deadliest health event this generation.”

MedPage Today notes,
- “Using only targeted models of syphilis screening in the emergency department (ED) would miss large proportions of active syphilis cases as well as new HIV diagnoses and acute HIV cases, according to new research.
- “Only screening patients for syphilis who came to the ED for gonorrhea and chlamydia testing would have missed 76.4% of positive syphilis screens as well as 68.7% of new HIV diagnoses, reported Kimberly Stanford, MD, MPH, of the University of Chicago Medical Center.”

Healio informs us,
- “An increase in depressive symptoms was observed among U.S. teenagers without, rather than with, behavioral risk factors, underscoring the need for greater screening in this population, data show.
- “Over the last decade, national survey data has revealed a sharp rise in depressive symptoms among U.S. adolescents,” Tanner J. Bommersbach, MD, MPH, child and adolescent psychiatrist and assistant professor at the University of Wisconsin School of Medicine and Public Health, told Healio regarding the research presented in The Lancet Regional Health Americas. “Yet, surprisingly little is known about what is driving this increase and which adolescents are most affected.”

Consumer Reports, writing in the Washington Post, explains what to do about ear pain.

Per a National Institutes of Health press release,
- “The antiviral drug tecovirimat used without other antivirals did not reduce the time to clinical resolution of clade II mpox lesions or improve pain control among adults in an international clinical trial sponsored by the National Institutes of Health (NIH). The trial enrollment was stopped in late 2024 when an interim analysis showed that tecovirimat monotherapy was ineffective in the study population. Detailed results were presented at the 2025 Conference on Retroviruses and Opportunistic Infections (CROI) in San Francisco.
- “This study brought us a step forward in better understanding mpox disease and potential treatment strategies,” said Jeanne Marrazzo, M.D., M.P.H., director of NIH’s National Institute of Allergy and Infectious Diseases (NIAID), which sponsored and funded the trial. “We are grateful to the study team and participants for their contributions to groundbreaking research on a disease that we still do not know enough about.”

The National Cancer Institute’s Cancer Information Highlights cover the following topics this week: “AI and Immunotherapy | Breast Reconstruction | Multiple Myeloma Research.”

Food Safety Magazine alerts us,
- “The U.S. Centers for Disease Control and Prevention (CDC) has released a summary analyzing the causes of foodborne illness outbreaks that occurred between 2014 and 2022. Data included in the analysis was drawn from the Foodborne Disease Outbreak Surveillance System (FDOSS), via the National Outbreak Reporting System (NORS).
- “According to CDC, approximately 800 foodborne illness outbreaks occur in the U.S. each year, causing an estimated 15,000 illnesses, 800 hospitalizations, and 20 deaths, annually.
- “An overall trend revealed in the FDOSS data for 2014–2022 included that many foodborne illness outbreaks occur because of contamination of food by an animal or environmental source before arriving at the point of final preparation. Additionally, most viral outbreaks are caused by contamination from ill food workers. The data showed that common contributing factors to bacterial outbreaks are 1) allowing foods to remain out of temperature control for a prolonged period, and 2) inadequate time and temperature control during cooking.”

The American Hospital Association News relates,
- “The AHA and Press Ganey March 12 released a new report showing hospital and health system patients reporting improvements in overall care experience and perception of safety alongside gains in key safety outcomes. It also shows that the health care workforce has had a rebound in their reported experience, resilience and perceptions of safety culture.
- “The insights report, “Improvement in Safety Culture Linked to Better Patient and Staff Outcomes,” highlights how hospitals that foster a strong culture of safety also report a better experience for patients and the health care workforce.
- “Key report findings include:
  - “13 million patients surveyed after hospital stays report improvements in their overall care experience and perception of safety.
  - “Surveys of 1.7 million members of the health care workforce show a rebound in their reported experience, resilience and perceptions of safety culture, following the enormous strain of the COVID-19 pandemic.
  - “Improvements in key safety outcomes like falls and infections across more than 25,000 units in 2,430 hospitals.”

Per MedTech Dive,
- “Capstan Medical says it has notched a first in the treatment of structural heart disease, employing a robot to implant two people with mitral valve replacement devices.
- “Current treatment options for heart valve disease exclude too many patients who are not good candidates for existing procedures, said Capstan CEO Maggie Nixon, and the company hopes its approach will provide them with a new alternative.
- “The Santa Cruz, California-based startup is developing a valve implant, catheter and robotic delivery platform to expand structural heart intervention to a broader group of people.
- “There need to be more percutaneous, minimally invasive options to help treat valve disease,” Nixon said in an interview.”

From the U.S. healthcare business front,

Modern Healthcare reports,
- “Blue Shield of California President and CEO Lois Quam is out at the company two months after taking the helm.
- “The company declined to explain the circumstances of Quam’s immediate departure.
- “Chief Financial Officer Mike Stuart will serve as interim president and CEO until the board names a permanent successor, the company said in a news release Tuesday. Stuart has worked at the nonprofit insurer for more than a decade, the company said.
- “Quam joined the company as president in August after having served as CEO of Pathfinder, a nonprofit global health organization. She was named CEO in early January as part of a corporate restructuring and was touted as its first female CEO.”

Fierce Healthcare reports,
- “Health technology company Innovaccer launched a new platform that seeks to make it easier for insurers to manage risk adjustment and quality improvements.
- “On Wednesday, Innovaccer unveiled the 360-Degree Gap Closure Solution, which assist payers in improving coding accuracy and patient outcomes. The tool comes at a time when the industry is under significant scrutiny from regulators over coding practices.
- “The platform enables better engagement across different care settings, greater automation and data governance, Innovaccer said. Health plans can deploy one-click campaigns that address care gaps in a way that reaches provider offices, pharmacies and home healthcare.”

Per BioPharma Dive,
- “Roche has raised its bet on obesity, agreeing to pay Zealand Pharma $1.65 billion to license an experimental shot the Danish company put into a Phase 2b trial in December, Zealand said Wednesday.
- “Per deal terms, Roche will pay $1.4 billion immediately and $250 million in anniversary payments to license petrelintide. With further milestone payments, Zealand could receive up to $5.3 billion. Roche and Zealand will co-commercialize the shot in the U.S. and Europe, and share in any profits and losses.
- “The deal gives Roche access to a type of experimental drug known as an amylin analog, a class the Swiss pharmaceutical company didn’t obtain when it acquired Carmot Therapeutics 15 months ago. Roche plans on testing petrelintide with one of those drugs, for which Zealand could reimburse Roche $350 million.”

Per MedTech Dive,
- “Labcorp will pay up to $225 million to acquire the oncology diagnostics businesses of BioReference Health, a subsidiary of Opko Health, to expand its portfolio of tests used in cancer care.
- “The deal, announced Tuesday, includes $192.5 million to be paid at closing and a payment of up to $32.5 million based on performance.
- “The assets, including certain customer accounts, generate about $85 million to $100 million in annual revenue, according to the announcement. Labcorp expects the acquisition to be accretive to earnings in the first year after closing.”

Healthcare Dive relates,
- “Hospital operator Landmark Holdings of Florida filed for Chapter 11 bankruptcy protections on March 9, becoming the latest in a growing number of embattled providers to restructure amid financial headwinds.
- “In first day court filings, Landmark, which owns or operates six long-term acute care hospitals across three states, said rising labor and pharmaceutical costs, as well as stagnating Medicare reimbursements, had dinged Landmark’s profitability and threatened the provider’s ability to make timely loan repayments.”
- “Still, Landmark told the court it expects to have enough cash on hand to keep its hospitals open through the bankruptcy process.:

STAT News lets us know,
- While there are no official statistics on the number of end-of-life doulas in the United States as this emerging field is still largely unregulated, Fortune reports that the National End-of-Life Doula Alliance (NEDA) has significantly grown its membership, especially after the pandemic. In 2024, NEDA had over 1,500 registered members, compared to about 250 in 2019.
- “The term “end-of-life-doula” was first formally used in the early aughts. In 2001, the Jewish Board of Family and Children’s Services launched the “Doula to Accompany and Comfort Program,” a pilot program that trained volunteers to aid and support people who would otherwise die alone.
- “Sometimes known as “death doulas,” [these] professionals * * *help people navigate what can be a confusing and overwhelming time.”

Weekend Update

David Ermer–CDC, Congress, Generative AI, U.S. Healthcare–February 23, 2025February 24, 2025

From Washington, DC

The House of Representatives and the Senate will be in session on Capitol Hill this week for Committee business and floor voting.

Roll Call updates on this week’s activities on Capitol Hill/

From the public health front,

The Wall Street Journal reports,
- “Measles outbreaks across Texas and New Mexico have sickened nearly 100 people, with more cases expected, according to state health officials.
- “The disease has spread through the South Plains region of Texas since late January, the Texas Department of State Health Services said Friday. Ninety cases have been identified to date in the state. Five patients were vaccinated, and the rest were unvaccinated or their status was unknown, the agency reported.
- “Due to the highly contagious nature of this disease, additional cases are likely to occur in the outbreak area and the surrounding communities,” the agency said.
- “The disease has been found across several counties in Texas, but the largest cluster of patients, 51, has been in Gaines County on the western border, according to health department data.
- “The New Mexico Department of Health has reported a measles outbreak that has infected nine people in Lea County, which borders Gaines County in Texas. The agency has begun contact tracing among those who developed symptoms to try to minimize the spread and has offered free vaccinations.
- “Among the 90 known cases in Texas, 77 were among people under 17 years old. Sixteen patients had to be hospitalized, the state said.
- “Last year, the Centers for Disease Control and Prevention reported 285 cases of measles nationwide, across 33 states that included Texas and New Mexico. The CDC counted 16 outbreaks, defined as three or more related cases, that accounted for about 198 out of the 285 people who fell ill. By comparison, in 2023, four outbreaks were reported among 59 individual illnesses.”

The New York Times lets us know six things E.R. doctors wish you’d avoid.

The Washington Post informs us,
- “Forty-four percent of rural Medicare patients must drive an hour or more for surgery, a recent analysis in JAMA finds. The study shows that patients in rural areas typically drive 55 minutes to a hospital — far longer than their counterparts in more populous areas.
- “The research used beneficiary data from Medicare to identify patients 65 to 99 years old who had any of a list of common surgeries between 2010 and 2020. The study looked at about 12.3 million surgery admissions overall, 2.6 million of which were in rural areas.
- “The number of rural Medicare beneficiaries who traveled more than 60 minutes for their procedure rose from 36.8 percent in 2010 to 44.1 percent in 2020, with the median travel time climbing from 47 minutes to 55 minutes. Among nonrural Medicare beneficiaries, travel times were lower, with a median of 20 minutes’ travel in 2010 vs. 23 minutes in 2020.
- “Travel times depended on the risk involved in surgery; median times for low-risk procedures such as appendectomies and hernia repair were lower than for higher-risk surgeries like aortic valve repair or a liver resection.”

The Wall Street Journal discusses the growing lack of public trust in the medical profession. It strikes the FEHBlog that health insurers can contribute toward restoring that trust by encouraging the use of primary care physicians and reducing prior authorization requirements.

From the U.S. healthcare business front,

The Washington Post explains why GLP-1 weight loss drugs also are reshaping the economy.

Per Healthcare Dive,
- “Orlando Health will close Rockledge Hospital and four outpatient facilities in Brevard, Florida on April 22, just months after buying the 298-bed facility from bankrupt Steward Health Care.
- “The health system blamed the closure on Steward, saying in a statement that “years of neglect” had left the Rockledge’s electrical, plumbing and heating, ventilation and air conditioning systems failing.
- “Orlando plans to demolish Rockledge and replace it with a new facility, as it would cost more to renovate and repair Rockledge than to build a hospital from the ground up, the system said.”

Per BioPharma Dive,
- “Bluebird bio, a pioneering gene therapy developer that in recent years has struggled to stay afloat, has agreed to be acquired and taken private in a deal with investment firms Carlyle Group and SK Capital.
- “Under an agreement announced Friday, Bluebird will sell to the two firms for $3 per share upfront. Bluebird shareholders could receive an additional $6.84 per share via a so-called contingent value right, should its currently marketed gene therapies reach $600 million in net yearly sales by the end of 2027.
- “The deal values Bluebird at just over $29 million upfront, and potentially about $96 million if the CVR is redeemed.”

Per Modern Healthcare,
- “Hartford HealthCare, which operates seven hospitals and a network of physicians, behavioral health services and other providers in Connecticut, is partnering with the artificial intelligence-driven virtual health provider K Health to improve access to primary care. On April 1, the organizations will launch HHC 24/7, a virtual health platform powered by K Health, designed to make “comprehensive, personalized primary care available anytime and anywhere.” The service will be fully integrated with Hartford HealthCare. Terms of the partnership were not disclosed.”

Friday Report

David Ermer–CDC, CMS, Congress, COVID-19, FDA, Generative AI, Medical / Rx research, Medicare, SCOTUS, Telehealth, U.S. Healthcare–January 24, 2025January 25, 2025

From Washington, DC

Govexec tells us,
- “A 50-page document, compiled by GOP members of the House Budget Committee and first reported by Politico, outlines a list of provisions that could be included in the [budget reconciliation] package, which would not be subject to the Senate’s 60-vote filibuster threshold, includes a litany of proposals increasing federal workers’ contribution to their retirement and health care benefits, in exchange for worse payouts.” * * *
- “On health care benefits, the House GOP proposes replacing the current system, by which the federal government pays for a percentage of health care premiums through the Federal Employees Health Benefits Program and the new Postal Service Health Benefits program, with a “voucher model.”
- “Under this option, the FEHB and PSHB programs would be reformed by replacing the current premium-sharing structure with a voucher, which would not be subject to income and payroll taxes,” the document states.
- “And the document calls for enactment of a bill introduced last year to require the Office of Personnel Management to audit FEHBP for improper enrollments. But OPM has said that under the current “decentralized” nature of the program, the agency does not have the capabilities to conduct such an audit.
- “Prior to the presidential transition, then-President Biden’s OPM sent Congress a legislative proposal, drawn on lessons learned in launching the PSHB program this year, to revamp how it administers FEHBP so that it can conduct better oversight.”
- FEHBlog observation — Better oversight starts with giving FEHBP and FEDVIP carriers the HIPAA 820 enrollment roster transactions that would allow them to reconcile individual enrollees with premiums paid.

MedPage reports,
- “Legislation providing more scrutiny for pharmacy benefit managers (PBMs) that failed to make it through Congress in the waning days of 2024 seems to still be viable for passage this year, according to a House staff member.
- “I think there’s plenty of political will there; that’s what I’ve seen from members,” Preston Bell, a professional staff member on the House Ways & Means Committee, said Thursday at an event sponsored by the American Enterprise Institute (AEI) on the future of the Medicare prescription drug benefit. “I do think there are disparate ideas across Congress as to how much intervention within the PBM market is appropriate. What you’ve seen come through Congress in the [massive continuing resolution] package [released and rejected in December 2024] is probably the litmus test, or maximum, of what is feasible for that type of reform.”

Healthcare Dive informs us,
- “Sara Brenner, a Food and Drug Administration official in the agency’s medical device division, has been named the FDA’s acting commissioner, according to an update made online to the regulator’s leadership biography page. * * *
- “Brenner will lead the agency until a permanent commissioner is installed. President Donald Trump has nominated Johns Hopkins surgeon Marty Makary as FDA commissioner, but he has not yet been confirmed by the Senate. Confirmation hearings for Robert F. Kennedy Jr., who, as Trump’s pick to run the Department of Health and Human Services, would be Makary’s boss, are scheduled for Jan. 29 and Jan. 30.
- “Brenner worked in the FDA’s medical devices branch, most recently as chief medical officer for in vitro diagnostics and associate director for medical affairs. A preventive medicine physician, Brenner has been at the agency since 2019, according to her LinkedIn page, and helped coordinate diagnostic standards and policy as part of HHS’ COVID-19 response.
- “Brenner was previously a senior policy advisor at the White House Office of Science and Technology Policy under the first Trump administration.”

The Hill lets us know,
- “The Food and Drug Administration (FDA) has withdrawn a rule that would have banned menthol cigarettes and flavored cigars, putting a formal end to a policy that had been indefinitely delayed under the Biden administration.
- “A regulatory filing showed the rule had been “withdrawn” on Jan. 21, President Trump’s second day in office. The move is a significant blow to public health groups who said banning menthol had the potential to save hundreds of thousands of lives, particularly among Black smokers.”

The IRS released its 2024 tax return edition of Publication 969 which concerns health savings accounts and other tax favored health plans.

From the judicial front,

Bloomberg Law reports,
- “A former Johnson & Johnson executive’s allegations that the drug company overpaid for prescription drug benefits are “speculative and hypothetical,” and injuries she did suffer cannot be resolved by the court, a New Jersey federal judge ruled.
- “The decision Friday dismissed most of Ann Lewandowski’s high-profile class action that argued the pharmaceutical giant violated its fiduciary duties under the Employee Retirement Income Security Act by not negotiating better drug prices with its pharmacy benefit manager, Express Scripts, or switching to a different PBM.
- “The lawsuit is one of several recent [actually it was the first] attempts to hold employers responsible through ERISA for monitoring and reducing health-care costs. The claims against J&J reveal that not even large drug companies are immune to complaints over high drug prices.
- “Judge Zahid N. Quraishi in the US District Court for the District of New Jersey concluded that Lewandowski lacked standing to sue in dismissing two of her three claims. Lewandowski’s argument that J&J’s plan forced her to pay higher premiums and cost her higher wages was speculative “at best,” he said.
- “And while Lewandowski did show that her copays for some drugs exceeded prices offered by other health plans, the court could not fulfill a key requirement for standing by making her whole, the judge said. Any amount refunded to her would have to go through the health plan for money it spent after she hit her out-of-pocket limit, Quraishi said.
- “In straightforward terms, a favorable decision would not be able to compensate Plaintiff for the money she already paid,” he wrote.
- “The judge did find that Lewandowski has standing to pursue her claim against J&J for not providing more information she requested around the plan’s drug prices, including the contract with Express Scripts, which was not a party to the suit. Quraishi invited Lewandowski to amend her complaint.”

The Wall Street Journal points out,
- “Enforcement of the Corporate Transparency Act, which requires millions of companies to disclose their true ownership, remains on hold despite a U.S. Supreme Court ruling in favor of the Treasury Department.
- “The Supreme Court on Thursday overturned a lower court order that was blocking enforcement of the CTA. However, a separate national injunction issued earlier this month by a federal judge apparently remains in place and continues to block the law’s implementation.
- “The Treasury’s Financial Crimes Enforcement Network, which is overseeing the law’s implementation, issued an alert Friday confirming compliance with the CTA isn’t mandatory while the injunction remains in force.”

Fierce Healthcare relates,
- “The Centers for Medicare & Medicaid Services has changed course on plans to appeal a court ruling that determined it must recalculate UnitedHealthcare’s Medicare Advantage star ratings.
- “The agency submitted a filing in Texas district court earlier this week saying it intended to file an appeal to the Fifth Circuit Court. In new court documents filed Friday, CMS has withdrawn its notice of appeal.”

From the public health and medical research front,

The Center for Disease Control and Prevention announced today,
- Seasonal influenza activity remains elevated across the country and is increasing in most areas. COVID-19 activity is elevated in many areas of the country. RSV activity has peaked in many areas of the country.
- COVID-19
  - COVID-19 activity is elevated in many areas of the country, though wastewater levels are moderate, emergency department visits are at low levels, and laboratory percent positivity has declined in the last week. Emergency department visits and hospitalizations are highest in older adults and emergency department visits are also elevated in young children.
  - There is still time to benefit from getting your recommended immunizations to reduce your risk of illness this season, especially severe illness and hospitalization.
  - CDC expects the 2024-2025 COVID-19 vaccine to work well for currently circulating variants. There are many effective tools to prevent spreading COVID-19 or becoming seriously ill.
- Influenza
  - Seasonal influenza activity remains elevated across the country and is increasing in many areas.
- RSV
  - RSV activity has peaked in many areas of the country. Emergency department visits and hospitalizations are highest in children and hospitalizations are elevated among older adults in some areas.
- Vaccination
  - Vaccination coverage with influenza and COVID-19 vaccines are low among U.S. adults and children. COVID-19 vaccine coverage in older adults has increased compared with the 2023-2024 season. Vaccination coverage with RSV vaccines remains low among U.S. adults. Many children and adults lack protection from respiratory virus infections provided by vaccines.

BioPharma Dive relates,
- “An experimental obesity drug from Novo Nordisk helped people lose an average of up to 22% of their body weight over 36 weeks in an early-stage trial, results that, if reproduced in further testing, could rival medicines Eli Lilly has on the market and in development.
- ‘Novo said Friday it is planning “further clinical development” of the drug, called amycretin, but didn’t specify the design of additional trials or when they might begin. Amycretin affects the same two targets as a Novo drug called cagrisema that recently missed expectations in a Phase 3 trial but does so in a single molecule rather than a two-drug combination.”
Per Healio,
- “Integrating lifestyle care into low back pain management resulted in greater improvements in disability, weight loss and physical quality of life vs. just guideline-recommended care, a randomized study showed.
- “The findings, published in JAMA Network Open, “could influence future updates to back pain guidelines,” Emma Mudd, PhD, senior research officer at the University of Sydney in Australia and the analysis’ lead author, said in a press release. “Patients valued the holistic support, and the outcomes speak for themselves.”

Earlier this week, the CVS Health Foundation announced $4 million in grants related to its health aging initiative.

From the U.S. healthcare business front,

Beckers Hospital Review notes,
- “Mayo Clinic’s chief executive said at the World Economic Forum’s annual meeting in Davos, Switzerland, that he is fully committed to the adoption of artificial intelligence in healthcare, the Rochester (Minn.) Post Bulletin reported.
- “I personally would not want to have my healthcare, in some specialties, without AI because I firmly believe I will get a better outcome,” said Gianrico Farrugia, MD, president and CEO of the Rochester-based health system, according to the newspaper’s coverage of the event Jan. 22.
- “Mayo Clinic has been at the forefront of developing and deploying healthcare AI, with 320 algorithms in use, the news outlet reported.”

Beckers Payer Issues adds,
- Insurers do not have to own every part of the healthcare system to improve connection, according to Jim Boyman, vice president of GuideWell Health.
- GuideWell is the parent company of Florida Blue. In December, the company launched an initiative to manage cancer care for Florida Blue ACA members. Through a partnership with Cerritos, Calif.-based The Oncology Institute and primary care organization Sanitas, Florida Blue members diagnosed with cancer will be connected with an oncology team to manage a personalized treatment plan.
- “Everyone talks about how fragmented healthcare is,” Mr. Boyman told Becker’s. “This shows how you don’t necessarily have to own all parts of the system to reduce that fragmentation. You can use technology and relationships to collaborate and overcome fragmentation through programs like this.”

Fierce BioTech reports,
- “Neomorph is building out its supply of Big Pharma partnerships, this time stamping down an option-to-license pact with AbbVie that centers around the biotech’s molecular glue platform.
- “AbbVie will pay the San Diego biotech an undisclosed upfront sum and offer up to $1.64 billion in option fees and milestones, plus royalties, according to a Jan. 23 release.
- “The new partners will look to develop molecular glue degraders—a novel class of small molecules designed to selectively degrade proteins that drive disease—for multiple targets across oncology and immunology.
- “Protein degraders represent a groundbreaking advancement in the field of drug discovery and at AbbVie we are committed to advancing this technology forward,” Steven Elmore, Ph.D., AbbVie’s vice president of small molecule therapeutics and platform technologies, said in the release. “We are excited to collaborate with Neomorph to develop novel molecular glue degraders that could pave the way for new, effective therapies in the treatment of immune disorders and cancer.”
- “Neomorph emerged in 2020 and quickly garnered a neuro deal worth up to $1.45 billion in biobucks with Biogen, plus a partnership with Novo Nordisk that offers up to $1.46 billion.”

Per Fierce Healthcare,
- “Self-funded employer health plan Centivo is announcing Centivo Care, a tech-forward virtual primary care platform integrated with behavioral health specialists.
- “Centivo’s virtual offerings, which will be available in states where the company operates, are increasingly desired by its clients’ members, said Wayne Jenkins, M.D., chief medical officer for Centivo and president of Centivo Care, in an interview with Fierce Healthcare.
- “He said at first, just 5% to 10% of people preferred the virtual option, but now it’s closer to 20%. For some employers, they see an even higher adoption rate. One of its clients, JetBlue Airlines, sees high utilization since their employees travel so often and can more easily text with a physician or schedule a video call than attend an appointment in person.
- “Centivo Care is one of few primary care practices to earn a Patient-Centered Medical Home accreditation from the National Committee for Quality Assurance, the company said in a news release. These virtual appointments are free, and members receive personalized care plans, after-visit summaries, preventive care reminders and more.”

Per Beckers Hospital Review,
- Telehealth utilization grew across most U.S. regions in October 2024, with the Midwest as the sole exception, according to FAIR Health’s monthly telehealth regional tracker.
- Nationally, telehealth claim lines increased from 4.80% of medical claim lines in September to 4.89% in October, marking a 2% rise. Regional increases varied, with the West seeing the largest growth at 2.8%, while the Midwest experienced a 3.7% decrease.
- Here are four things to know about telehealth utilization, according to FAIR Health’s tracker:
  - Psychiatric nurses moved up to the second-most common telehealth specialty nationally in October, overtaking family practice, which fell to fourth place.
  - Mental health conditions remained the leading telehealth diagnostic category nationally and regionally.
  - The tracker revealed modest differences in telehealth costs compared to office visits. For instance, the median cost for a nutritional therapy reassessment was typically $1 to $2 lower via telehealth than in-office, except in the West, where telehealth costs were slightly higher.
  - Telehealth usage was highest among patients aged 31–40, followed by those aged 19–30, a pattern consistent across all regions.

Cybersecurity Saturday

David Ermer–Cybersecurity, Generative AI–January 18, 2025January 18, 2025

From the cybersecurity policy and law enforcement front,

Federal News Network tells us,
- “President-elect Donald Trump’s pick to lead the Department of Homeland Security is signaling potential changes at the Cybersecurity and Infrastructure Security Agency.
- “South Dakota Gov. Kristi Noem, nominated by Trump to serve as homeland security secretary, testified before the Senate Homeland Security and Governmental Affairs Committee on Friday. She fielded a range of questions, largely on border security and immigration enforcement.
- “On the cybersecurity front, Noem in her opening statement said she would prioritize a “comprehensive, whole-of-government approach to cybersecurity,” without offering further specifics.
- “I fully acknowledge that people in Washington, DC do not have all of the answers, and therefore I will leverage private, public partnerships,” Noem added as part of her opening statement. “I will advance cutting edge state of the art technologies to protect our nation’s digital landscape.”

Cybersecurity Dive lets us know,
- “The White House rolled out a highly anticipated executive order on Thursday [January 16, 2025] to combat a rising level of sophisticated attacks targeting U.S. government agencies, critical infrastructure providers and high-profile individuals by state-linked threat groups and other malign actors.
- “The executive order will give the U.S. more authority to level sanctions against malicious actors that have disrupted hospitals and other critical providers.
- “Federal authorities also plan to leverage the government’s $100 billion in annual IT spending to make sure technology companies develop more secure software.” * * *
- To help increase security in the public and private sector, the executive order aims to:
  - Give the U.S. more authority to level sanctions against hackers that have critical providers, including hospitals.
  - Require software vendors doing business with the federal government to prove they are using secure development practices. The federal government plans to validate that evidence and publish the information to help private sector buyers make informed decisions on secure software.
  - The National Institute for Standards and Technology will develop guidance on how to deploy software updates in a secure and reliable manner.
  - The General Services Administration will develop guidance on how cloud customers can securely use these products.
  - Identify minimum cybersecurity standards for companies working with the federal government. Bureaucracy and cybersecurity requirements for using federal information systems will be streamlined for three years.
  - Federal authorities will begin research into AI-based tools to search for software vulnerabilities, manage patching and detect threats. A public-private partnership will be developed to use AI to protect critical infrastructure in the energy sector.
  - The U.S. will only buy internet-connected devices that meet Cyber Trust Mark standards starting in 2027.

Cyberscoop adds,
- “A sweeping executive order on cybersecurity released Thursday won largely positive reviews, with the main question being its timing — and what will come of it with the executive branch set to be handed over from president to president.”

NextGov/FCW informs us,
- The Office of Personnel Management did not take long nor have to look too far to find its next chief information officer.
- Melvin Brown II, who previously served as OPM’s deputy chief information officer, was named OPM’s chief information officer this week, according to a LinkedIn post he published Sunday January 12, 2025.

Cyberscoop relates,
- “The Department of the Treasury has sanctioned a Chinese national and a cybersecurity company based in Sichuan, China, for taking part in the Salt Typhoon hacking campaign that has swept up data from at least nine U.S. telecommunications companies.
- “The department’s Office of Foreign Assets Control (OFAC) named Yin Kecheng of Shanghai and the Sichuan Juxinhe Network Technology Co. Ltd., as entities that had “direct involvement” in the Salt Typhoon campaign. Kecheng is described as an affiliate of the Chinese Ministry of State Security with over a decade of hacking experience.
- “Kecheng is also alleged to have been involved in a recent hack of the Treasury Department.”

Per HHS news releases,
- “[On January 14, 2025,] the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a settlement with Solara Medical Supplies, LLC (Solara), a supplier and direct-to-patient distributor of continuous glucose monitors, insulin pumps, and other supplies to patients with diabetes, concerning potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule and Breach Notification Rule following a [2019] breach of electronic protected health information (ePHI) caused by a phishing incident.” * * *
- “In November 2019, OCR received a breach report concerning a phishing attack in which an unauthorized third party gained access to eight of Solara’s employees’ email accounts between April and June 2019, resulting in the breach of 114,007 individuals’ ePHI. In January 2020, OCR received notification of a second breach, when Solara reported that it had sent 1,531 breach notification letters to the wrong mailing addresses. OCR’s investigation determined that Solara failed to conduct a compliant risk analysis to identify the potential risks and vulnerabilities to ePHI in Solara’s systems; failed to implement security measures sufficient to reduce the risks and vulnerabilities to ePHI to a reasonable and appropriate level; and failed to provide timely breach notification to individuals, HHS, and the media.
- “Under the terms of the resolution agreement, Solara agreed to implement a corrective action plan that will be monitored by OCR for two years and pay $3,000,000 to OCR.” * * *
- “The resolution agreement and corrective action plan may be found here.”
and
- “[On January 15, 2025,] the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a settlement with Northeast Surgical Group, P.C. (NESG), a provider of surgical services in Michigan, for a potential violation under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule.” * * *
- “In March 2023, OCR received a breach report concerning a ransomware incident that had affected NESG’s information system. NESG concluded that the protected health information of 15,298 patients had been encrypted and exfiltrated from its network. OCR’s investigation determined that NESG had failed to conduct a compliant risk analysis to determine the potential risks and vulnerabilities to ePHI in NESG’s systems.
- “Under the terms of the resolution agreement, NESG agreed to implement a corrective action plan that OCR will monitor for two years and paid $10,000 to OCR.: * * *
- “The resolution agreement and corrective action plan may be found here.”

From the cybersecurity vulnerabilities and breaches front,

Per Cybersecurity Dive,
- “The Cybersecurity and Infrastructure Security Agency spotted Salt Typhoon on federal networks before defenders discovered the China-sponsored threat group intruded into U.S. telecom systems, Director Jen Easterly said Wednesday.
- “CISA’s sleuthing “enabled law enforcement to unravel and ask for process on virtual private servers,” Easterly said during an onstage interview at the Foundation for Defense of Democracies. Details gathered from that investigation and response allowed CISA to discover Salt Typhoon and its activities, Easterly said.” * * *
- “CISA’s observations didn’t prevent Salt Typhoon from attacking the telecom networks en masse, but Easterly presented the agency’s threat hunting and intelligence gathering capabilities as an example of intra-government and public-private collaboration improvements made under her stewardship of the agency.
- “Easterly is scheduled to step down as CISA director when the President-elect Donald Trump takes office next week.”
and
- Threat hunters are scrambling to determine the scope of damage and potential impact from a critical zero-day vulnerability that impacts a trio of Ivanti products, including Ivanti Connect Secure VPN appliances.
- Shadowserver scans identified more than 900 unpatched Ivanti Connect Secure instances on Sunday [January 12, 2025] and said the devices are likely vulnerable to exploitation. The amount of unpatched and vulnerable instances found by Shadowserver scans is down from more than 2,000 on Thursday [January 9, 2025].
- The nonprofit, which analyzes and shares malicious activity with more than 200 national computer security incident response teams covering 175 countries, was asked not to disclose how it knows these instances are unpatched, but has yet to receive any false positive feedback, Shadowserver CEO Piotr Kijewski told Cybersecurity Dive via email on Friday.
- Researchers are especially concerned about widespread exploitation of the zero-day because of previous cyberattacks linked to software defects in Ivanti products.

CISA added seven more known exploited vulnerabilities to its catalog this week.
- January 13, 2025
  - CVE-2024-12686 BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) OS Command Injection Vulnerability
  - CVE-2023-48365 Qlik Sense HTTP Tunneling Vulnerability
- January 14, 2025
  - CVE-2024-55591 Fortinet FortiOS Authorization Bypass Vulnerability
  - CVE-2025-21333 Microsoft Windows Hyper-V NT Kernel Integration VSP Heap-based Buffer Overflow Vulnerability
  - CVE-2025-21334 Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability
  - CVE-2025-21335 Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability
- January 16, 2025
  - CVE-2024-50603 Aviatrix Controllers OS Command Injection Vulnerability

More details from

Cybersecurity Dive
- “The Cybersecurity and Infrastructure Security Agency added a command injection vulnerability in BeyondTrust Remote Support and Privileged Access Products to its catalog of known exploited vulnerabilities on Monday [January 13, 2025].
- “The medium-severity flaw, listed as CVE-2024-12686, allows an attacker with administrative privileges to inject commands into a computer network and run as if they are a site user. The vulnerability has a CVSS score of 6.6.
- “The CVE is the second vulnerability disclosed by BeyondTrust during its investigation into an attack spree in December. The attacker reset the passwords of numerous accounts after compromising a Remote Support SaaS API key. A limited number of RemoteSupport SaaS customers were impacted by the attacks.”

CSO Online
- Fortinet has confirmed the existence of a critical authentication bypass vulnerability in specific versions of FortiOS firewalls and FortiProxy secure web gateways. The flaw has been exploited in the wild since early December in what appears to be an indiscriminate and widespread campaign, according to cybersecurity firm Arctic Wolf.
- The fix for this zero-day is part of a bigger patch cycle by Fortinet, which released updates for 29 vulnerabilities across multiple products, 14 of which impact FortiOS, the operating system used in Fortinet’s FortiGate firewalls. Some of the flaws impact multiple products that share the same code, which is the case for the zero-day now tracked as CVE-2024-55591.
- Although Fortinet does not credit Arctic Wolf with discovering the vulnerability, the indicators of compromise listed in the advisory match the analysis of the attack campaign Arctic Wolf warned about in December and documented in more detail on Friday.

Security Week
- “The software giant [Microsoft] on Tuesday called urgent attention to three separate flaws in the Windows Hyper-V NT Kernel Integration Virtualization Service Provider (VSP) and warned that malicious attackers are already launching privilege escalation exploits.
- “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” Microsoft said in a series of barebones advisories.
- “As is customary, the company did not release technical details or IOCs (indicators of compromise) to help defenders hunt for signs of compromise.
- “The three exploited zero-days — CVE-2025-21334, CVE-2025-21333 and CVE-2025-21335 — affect the Windows Hyper-V NT Kernel Integration Virtualization Service Provider (VSP) that handles efficient resource management and communication between the host system and guest virtual machines (VMs).”
and
- Threat actors are exploiting a critical-severity remote code execution (RCE) vulnerability in Aviatrix Controller to deploy malware, cybersecurity firm Wiz reports.
- The issue, tracked as CVE-2024-50603 (CVSS score of 10/10), exists because user-supplied input is not properly neutralized, allowing unauthenticated, remote attackers to inject arbitrary code that is executed with high privileges on the Aviatrix cloud networking platform.
- The solution is designed to help organizations manage and secure their cloud infrastructure across multiple providers from a single place.
- Impacting certain endpoints within the Aviatrix Controller’s API, which is implemented in PHP, the vulnerability was patched in December, but technical information on it was only published last week.

From the ransomware front,

Cybersecurity Dive reports on January 17, 2025,
- Blue Yonder said it is investigating a threat after Clop listed the supply chain management company among nearly 60 companies the ransomware group claims it hacked. The attacks were linked to exploited vulnerabilities in Cleo file-transfer software, according to researchers from Zscaler and Huntress.
- A spokesperson for Blue Yonder on Friday confirmed the company uses Cleo to manage certain file transfers. Once the zero-day was confirmed, Blue Yonder said it immediately took steps to mitigate the threat.
- “Like many Cleo Harmony customers across the globe, we are currently investigating any potential impact of this matter on our business and we continue to update our customers as we have additional information,” the spokesperson told Cybersecurity Dive via email.”

CISO Online alerts us on January 13, 2025,
- CISOs are being warned to make sure employees take extra steps to protect their AWS access keys after word that a threat actor is using stolen login passwords for ransomware attacks.
- The target is Amazon S3 buckets and the attack uses AWS’ own encryption to make data virtually unrecoverable without paying the attackers for a decryption key, said a report by researchers at Halcyon Tech.
- “Unlike traditional ransomware that encrypts files locally or in transit, this attack integrates directly with AWS’s secure encryption infrastructure,” the report notes. “Once encrypted, recovery is impossible without the attacker’s key.” * * *
- “There are, however, a few things AWS customers’ IT administrators can do:
  - “use the Condition element in IAM (identity and access management) policies to prevent the application of SSE-C to S3 buckets. Policies can be configured to restrict this feature to only authorized data and users;
  - “enable detailed logging for S3 operations to detect unusual activity, such as bulk encryption or lifecycle policy changes;
  - “regularly review permissions for all AWS keys to ensure they have the minimum required access;
  - ‘disable unused keys and rotate active ones frequently.
- “In a statement accompanying the Halcyon report, AWS referred customers to this web page with information for administrators on how to deal with suspected unauthorized activity on their accounts.”

Per Industrial Cyber,
- “The U.S. National Institute of Science and Technology (NIST) through its National Cybersecurity Center of Excellence (NCCoE) division published Monday draft Ransomware Community Profile reflects changes made to the Cybersecurity Framework (CSF) from CSF 1.1 to CSF 2.0 which identifies security objectives that support managing, detecting, responding to, and recovering from ransomware events. The NIST IR 8374 Rev. 1 (draft) comes as the agency is currently considering a more comprehensive revision to the profile to reflect recent ransomware policy developments and incorporate the results of collaborative activities in the ransomware prevention and response space.
- “NIST is seeking feedback by March 14, 2025, on the revised draft of the risk management framework, which will guide the future of its ransomware prevention guidance. General comments on the draft are also encouraged. The agency is also looking for input on which elements of the Ransomware Community Profile have been beneficial. Suggestions for improvements to the Community Profile are also welcome.”

From the cybersecurity defense front,

Here are CISA news releases from the last week of the Biden administration:
- “The Cybersecurity and Infrastructure Security Agency (CISA) published today [January 14, 2025] the Joint Cyber Defense Collaborative (JCDC) Artificial Intelligence (AI) Cybersecurity Collaboration Playbook. Developed alongside federal, international, and private-sector partners through JCDC, this playbook provides the AI community—including AI providers, developers, and adopters—with essential guidance on how to voluntarily share actionable incident information and it describes how proactive information sharing can enhance operational collaboration and improve resilience of AI systems.”
- “The Cybersecurity and Infrastructure Security Agency (CISA), in close coordination with the Office of Management and Budget (OMB), Office of the National Cyber Director (ONCD) and Microsoft, announces today [January 15, 2025] the release of Microsoft Expanded Cloud Log Implementation Playbook. This guidance helps public and private sector organizations using Microsoft Purview Audit (Standard) to operationalize newly available cloud logs to be an actionable part of their enterprise cybersecurity operations.”
- CISA Director Jen Easterly’s final CISA blog post concerns “Strengthening America’s Resilience Against the PRC Cyber Threats.”
Here is a link to Dark Reading’s CISO Corner.

Midweek Report

David Ermer–CDC, FDA, Generative AI, HIPAA Privacy and Security Rules, Medical / Rx research, Mental health care, NIH, Obesity, Rx coverage, Telehealth, U.S. Healthcare–January 15, 2025January 16, 2025

From Washington, DC,

Per HHS press releases,
- Today, HHS released a report in response to the Consolidation in Health Care Markets Request for Information (RFI) – PDF, highlighting the impacts of increasing consolidation in our nation’s health care markets and recent influx of Private Equity (PE) and other private investors active in the space.
and
- “The Substance Abuse and Mental Health Services Administration (SAMHSA), an agency within the U.S. Department of Health and Human Services (HHS), today released updated National Behavioral Health Crisis Care Guidance (National Guidance), comprised of three documents: 2025 National Guidelines for a Behavioral Health Coordinated System of Crisis Care; Model Definitions for Behavioral Health Emergency, Crisis, and Crisis-Related Services; and a draft Mobile Crisis Team Services: An Implementation Toolkit, which is being released today for public comment. The updated National Guidance now reflects the national transition to the 988 Suicide & Crisis Lifeline in 2022 and other progress and emerging needs related to behavioral health crisis care and provides a framework for transforming behavioral health crisis care systems in communities throughout the United States, at a time when the U.S. continues to face record high rates of suicide and overdose.”
and
- “Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a settlement with South Broward Hospital District d/b/a Memorial Healthcare System (Memorial Healthcare System), a Florida health system, concerning a potential violation of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule. The settlement resolves litigation resulting from an investigation about a complaint alleging a lack of timely access to an individual’s protected health information (PHI). The HIPAA Right of Access provisions require that individuals or their personal representatives receive timely access to their health information for a reasonable cost. OCR’s investigation determined that Memorial Healthcare System failed to provide timely access within 30 calendar days. Memorial Healthcare System has agreed to pay $60,000. The agreement marks OCR’s 52nd Right of Access enforcement action.”
The American Hospital Association News informs us,
- “The Department of Health and Human Services and Drug Enforcement Administration published a series of rules Jan. 15 related to telemedicine prescribing of controlled substances, including a special registration proposed rule and a final rule on telemedicine prescribing of buprenorphine.
- “The proposed rule for special registration outlines three types of registration to waive in-person visit requirements prior to virtual prescribing of controlled substances and a state registration for every state in which a patient is treated by the special registrant. Providers would need to apply for the special registrations. The DEA also proposes that providers be required to review nationwide prescription drug monitoring programs after three years. Comments on the proposed rule are due March 15.
- “The DEA’s final rule for the telemedicine prescribing of buprenorphine will enable practitioners to prescribe a six-month initial supply of Schedule III-V medications to treat opioid use disorder via audio-only telemedicine interaction without a prior in-person evaluation. Practitioners can then prescribe additional medication via other telemedicine encounters (real-time, two-way audio-visual) or after an in-person encounter. The agency finalized a stipulation that providers will need to complete a review of the PDMP for the state where the patient is located. Requirements for the special registration proposed rule would not apply to clinicians prescribing buprenorphine for OUD.”
and
- “The Centers for Medicare & Medicaid Services announced Jan. 15 that 53.4% of people with Traditional Medicare are in an accountable care relationship with a provider, a 4.3% increase from last year. The agency said it is the largest increase since it began tracking accountable care relationships.
- “For 2025, CMS approved 228 applications for the Medicare Shared Savings Program, bringing the total number of accountable care organizations participating in MSSP to 476. Approved applicants included 55 new ACOs and 173 renewing or reentering ACOs, the most in the program’s history.
- “CMS said there was also a 16% increase from last year in federally qualified health centers, rural health clinics and critical access hospitals participating in the MSSP. In addition, 103 ACOs are continuing participation in CMS’ ACO Realizing Equity, Access, and Community Health Model, and 78 kidney contracting entities and 15 CMS Kidney Care First Practices are continuing participation in the Kidney Care Choices Model.”

The Census Bureau has partnered with the Department of Defense to track how veterans fare in labor market when they return to civilian life. Check out their report.

From the Food and Drug Administration front,

The Wall Street Journal reports
- “Eli Lilly said it received Food and Drug Administration approval for its treatment for moderate to severely active Crohn’s disease, an inflammatory bowel disease that causes chronic abdominal pain.
- “The treatment, developed by the pharmaceutical company under the brand name Omvoh, is now approved to treat two types of inflammatory bowel disease in the U.S., the Indianapolis company said Wednesday. The drug was previously approved to treat ulcerative colitis in adults in October 2023.
- “Omvoh’s approval as a treatment for Crohn’s disease was based on results from a study in which 53% of patients treated with the drug achieved clinical remission, and 46% of patients had visible healing of the intestinal lining, at one year.”
and
- The Food and Drug Administration is banning the use of Red No. 3, an artificial dye linked to cancer in animals, from food and ingested drugs.
- The move will impact thousands of food products on the market in the U.S., including Betty Crocker’s loaded mashed potatoes and MorningStar Farms plant-based bacon strips. It is even in products that aren’t red, such as Brach’s candy corn.
- Food manufacturers will have until early 2027 to reformulate products that use Red 3. Consumer advocates pushed the agency to revoke authorization for the additive after two studies linked it to cancer in male laboratory rats.

Roll Call adds,
- “The Food and Drug Administration unveiled a proposal on Wednesday to limit the amount of nicotine allowed in cigarettes and some other combustible tobacco products, a final step for the agency before the Trump administration takes over next week.
- The FDA first announced it would pursue regulatory changes to maximum nicotine levels in combustible smoking products in 2022 in an effort to reduce the public health effects related to addiction and minimize youth uptake.
- “The agency is seeking public comment on the rule, but the proposal’s fate is unclear given the coming change in administration.”

STAT News described the last two FDA steps along with Tuesday’s proposal putting nutrition labels on the front of food packages as springing into Making America Healthy Again.

From the judicial front,

Beckers Payer Issues lets us know that insurer lawsuits over Medicare Advantage Star ratings are piling up.

STAT News relates,
- “After years of sparring, the Biden administration and Gilead Sciences have settled a contentious lawsuit over patents for a pair of HIV prevention pills in a case that raised questions about the extent to which government-funded research should lead to affordably priced medicines.
- “At issue was a battle over patents for Truvada and a newer, upgraded version called Descovy — two highly effective and lucrative medications — as well as the role played by the federal government in making it possible to prevent transmission of a highly infectious disease that plagued the American public for decades.
- “The Centers for Disease Control and Prevention, which had funded academic research into HIV prevention that later formed the basis for the pills, maintained that Gilead infringed its patent rights. The U.S. Department of Health and Human Services also contended that the company had refused to reach a licensing agreement despite several attempts to strike a deal.
- “Gilead, however, maintained it had invented the pills and that the concept of using Truvada to prevent HIV was well-known by the time the CDC tried to obtain its patents. The company also insisted it negotiated in good faith with the government. After a May 2023 trial, a jury sided with Gilead, finding it did not infringe on patents held by the CDC and, moreover, that those patents were invalid. The Biden administration, which sought $1 billion in royalties, subsequently appealed the decision.
- “In a statement, the company said Wednesday that it will receive a license to “certain” current and future patents concerning HIV prevention that “will protect Gilead’s freedom to operate for years to come.” Any additional terms were not disclosed, although a Gilead spokeswoman wrote to say the settlement does not contain any payments from Gilead or the federal government.”

From the public health and medical research front,

The Hill reports,
- “Respiratory illnesses are spreading throughout the U.S., causing multiple states to see a spike in hospital visits. The latest data shows another virus, known as HMPV, has also been spiking in some parts of the country.
- “The Centers for Disease Control and Prevention previously confirmed it was monitoring a spike in cases of HMPV, or human metapneumovirus, in China’s northern provinces. The agency noted the cases of the virus, which is not new, were not a “cause for concern in the U.S.” and that rates of infection nationwide are at typical “pre-pandemic” levels.
- “HMPV is considered relatively common, with most infected before age 5, according to Dr. Eileen Schneider, an epidemiologist with the CDC. It often circulates during flu season and causes symptoms similar to the common cold, including coughing, wheezing, congestion and shortness of breath.” * * *
- “Across Iowa, Kansas, Missouri and Nebraska, more than 5.8% of tests submitted for HMPV tested positive through the first week of the year, data shows. That’s more than double the positivity rate across the next-highest region — Alaska, Washington, Oregon and Idaho — which sits at around 2.7%.” * * *
- “HMPV is typically diagnosed based on symptoms, the Cleveland Clinic explains, and not testing, unless you have serious symptoms.
- “There are no vaccines or treatment therapies for HMPV, which makes preventing the spread of HMPV especially important. Health experts recommend washing your hands often and avoiding contact with those who are infected with HMPV if possible.”
Becker Hospital Review tells us,
- “The latest data from the American Society of Health-System Pharmacists reports that the active number of drug shortages in the U.S. has decreased to 271, down from a high of 323 in the first quarter of 2024. However, despite this decline, ongoing challenges continue to burden healthcare providers.”
and
- “Eli Lilly expects its experimental weight loss pill, orforglipron, to receive approval as early as next year, CEO David Ricks told Bloomberg Jan. 13.
- “The company is preparing to release key late-stage trial data on the drug by mid-2025. The weight loss pill aims to compete with popular injectable treatments like Eli Lilly’s own Zepbound and Novo Nordisk’s Wegovy, which currently dominate the space.
- “If approved, orforglipron would offer a pill alternative to the current injectables, making it easier for patients to use while also addressing manufacturing challenges.
- “In mid-stage trials, the drug helped patients lose up to 14.7% of body weight, compared to just 2.3% for those who took a placebo.”

The National Cancer Institute points out,
- “For people with a history of smoking, a diagnosis of lung cancer can cause feelings of guilt and shame due to the stigma that’s often associated with the disease. This stigma can hinder open communication between patients and health care providers and hinder patients’ use of tobacco cessation counseling. Researchers at Memorial Sloan Kettering Cancer Center have developed a training program to help health care providers reduce lung cancer–related stigma. In this interview, the trial’s leaders, Smita Banerjee, Ph.D., a behavioral scientist, and Jamie Ostroff, Ph.D., a psychologist, discuss the impact of stigma on people with lung cancer and an NCI-supported clinical trial that’s evaluating the training program.”

From the U.S. healthcare business front,

Fierce Healthcare reports “As deadly fires continue to rage in Los Angeles, healthcare companies far and wide are stepping up to serve those affected. At least 24 people have died from the fires, and dozens remain missing.” Bravo.

STAT News notes,
- “When Eli Lilly last year started offering lower-priced vials of its blockbuster obesity drug Zepbound, which were previously sold in injectable pens, it framed the move as a way to expand patient access. But some experts weren’t convinced, noting that Lilly was only offering the lowest doses in vials, and the new prices, $399 or $549 a month, are still prohibitive for many patients.
- “CEO Dave Ricks said Lilly is now considering expanding the vial offering. “We’d like to lower the entry cost, and we’d like to have more doses available. That’s not something we’re announcing today, but we see that as an option,” he said Tuesday at a taping of ”The Readout LOUD,” STAT’s biotech podcast.”

Kaufmann Hall shares its “Winter 2025 Kaufman Hall Report: Highlights from the 2024 Healthcare Leadership Conference.”

Per Healthcare Dive,
- “Teladoc Health is joining an Amazon marketplace that aims to connect consumers with health benefits programs, the telehealth vendor said Monday.
- “Now, eligible users can find and enroll in Teladoc’s diabetes, hypertension, pre-diabetes and weight management programs through Amazon’s Benefits Connector.
- “The program could help drive enrollment in Teladoc’s chronic care offerings, executives said at the J.P. Morgan Healthcare Conference in San Francisco on Monday. “I wouldn’t count on it bringing revenue for us very quickly, but it is certainly something that we will continue to pursue in terms of growing our chronic care program,” Teladoc CFO Mala Murthy said.”

Medical Economics explains why 2024 was a ‘blockbuster year’ for concierge medicine.

Fierce Pharma offers news from the third day of JP Morgan healthcare conference.

Healthcare Dive discusses top healthcare technology trends in 2025. The shape of AI regulation will be uncertain under the Trump administration this year, while healthcare companies will continue bolstering cyber defenses to withstand increasing attacks, experts say.

Tuesday Report

David Ermer–ACA, AHRQ, CDC, Congress, FDA, Generative AI, Medical / Rx research, NIH, No Surprises Act, Obesity, OPM, Rx coverage, Telehealth, U.S. Healthcare–January 14, 2025January 14, 2025

OPM Headquarters a/k/a the Theodore Roosevelt Building

From Washington, DC

Today, the U.S. Office of Personnel Management released a list of its accomplishments during the Biden-Harris administration.

Here is a link to Andreessen Horowitz bio of Scott Kupor who is President elect Trump’s designee for OPM Director.

The Washington Post is maintaining a website outside its paywall providing comprehensive news on Mr. Trump’s nominations.

The Wall Street Journal reports,
- “Two vaccine skeptics who had been advising Robert F. Kennedy, Jr. as he prepares to become health secretary have been sidelined by Trump transition officials, people familiar with the matter said, underscoring a split over immunizations in the “Make America Healthy Again” movement.
- “Adviser Stefanie Spear and lawyer Aaron Siri had asked prospective administration hires about their beliefs around vaccines even if they were interviewing for posts that had little to do with immunizations, people familiar with the interviews said. Kennedy, whose hearings to lead the Department of Health and Human Services could start on Capitol Hill as early as next week, also lobbed questions related to inoculation, the people said.
- “The questions were different from those asked in separate meetings with President-elect Donald Trump’s staff, according to some of the people. Trump’s team asked about topics traditionally important to conservatives, such as the size of government and deregulation.
- “Siri is no longer advising the presidential transition, a transition spokeswoman confirmed, and people familiar with the matter said his vaccine stances played a role. Spear, who had told others she would be Kennedy’s chief of staff, was passed over for that post in favor of a veteran of the first Trump administration—in part because of her vaccine priorities and in part because of her lack of experience, according to people familiar with the matter.”

The No Surprises Act regulators, which group includes OPM, released FAQ 69 which concerns an important opinion from the U.S. Court of Appeals for the Fifth Circuit handed down October 30, 2024. The Court has not issued its mandate in the case while it considers the Texas Medical Association’s motion for rehearing and rehearing en banc. The FAQ also includes compliance advice about the No Surprises Act anti-gag clause.

Per a Federal Trade Commission news release,
- “The Federal Trade Commission today published a second interim staff report on the prescription drug middleman industry, which focuses on pharmacy benefit managers’ (PBMs) influence over specialty generic drugs, including significant price markups by PBMs for cancer, HIV, and a variety of other critical drugs.
- “Staff’s latest report found that the ‘Big 3 PBMs’—Caremark Rx, LLC (CVS), Express Scripts, Inc. (ESI), and OptumRx, Inc. (OptumRx)—marked up numerous specialty generic drugs dispensed at their affiliated pharmacies by thousands of percent, and many others by hundreds of percent. Such significant markups allowed the Big 3 PBMs and their affiliated specialty pharmacies to generate more than $7.3 billion in revenue from dispensing drugs in excess of the drugs’ estimated acquisition costs from 2017-2022. The Big 3 PBMs netted such significant revenues all while patient, employer, and other health care plan sponsor payments for drugs steadily increased annually, according to the staff report.”

STAT News adds,
- “In response to the latest report, a CVS spokesperson wrote that “any proposed policy regulating PBMs should face a simple test: will this increase or decrease drug costs? Nearly all recently proposed ‘anti-PBM’ policies would ultimately increase U.S. drug costs and serve as a handout to the pharmaceutical industry. Instead of focusing on the impact to consumers and organizations that pay for prescription drugs, the FTC has prioritized comments from the conflicted pharmaceutical and pharmacy industries that would profit from a weakened PBM guardrail.”
- “The company also argued it is “inappropriate and misleading to draw broad conclusions from cherry-picked” generic drugs. Between 2017-2022, specialty generic products have represented less than 1.5% of total spending on medicines by health plans contracted with CVS. In contrast, branded specialty products represent more than 50% of total spending.
- “A spokeswoman for Cigna, which owns Express Scripts, wrote to say “this is another set of misleading conclusions based on a subset of medications that represent less than 2% of what our health plans spend on medications in a year — much like their first interim report that the FTC itself has already said is ‘limited’ and ‘tentative’. Nothing in the FTC’s report addresses the underlying cause of increasing drug prices, or helps employers, unions, and municipalities keep prescription benefits affordable for their members. We look forward to continuing to address the blatant inaccuracies in the Commission’s reports.”
- “One Wall Street analyst maintained the FCC report does not tell the complete PBM story. TD Cowen analyst Charles Rhyee wrote in an investor note that “the fundamental issue with the FTC’s claims… is that they use only data on specialty generics, a small subset of the overall drug market – 0.9% of total drug spending – and is not representative of the value that the PBM industry delivers as a whole.”
Per a Food and Drug Administration press release,
- “Today, the U.S. Food and Drug Administration is announcing an important step to provide nutrition information to consumers by proposing to require a front-of-package (FOP) nutrition label for most packaged foods. This proposal plays a key role in the agency’s nutrition priorities, which are part of a government-wide effort in combatting the nation’s chronic disease crisis. If finalized, the proposal would give consumers readily visible information about a food’s saturated fat, sodium and added sugars content—three nutrients directly linked with chronic diseases when consumed in excess.
- “The proposed FOP nutrition label, also referred to as the “Nutrition Info box,” provides information on saturated fat, sodium and added sugars content in a simple format showing whether the food has “Low,” “Med” or “High” levels of these nutrients. It complements the FDA’s iconic Nutrition Facts label, which gives consumers more detailed information about the nutrients in their food.” * * *
- “Comments on the proposed rule can be submitted electronically to http://www.regulations.gov by May 16, 2025.”
The Wall Street Journal adds,
- “It is unclear how the incoming Trump administration will view the rule. Robert F. Kennedy Jr., the prospective next head of U.S. health policy, is a critic of processed foods and has been outspoken about his view that U.S. food companies are partly to blame for sickening Americans.
- “Consumer advocacy groups and public health organizations cheered the rule, though some said they hoped the Trump administration would consider labels similar to those adopted in other countries that bear more pointed warnings.
- “Industry groups have warned the FDA that they could sue to challenge mandatory front-of-package labels. Such labels, they said, could threaten First Amendment rights—because companies could consider them a form of forced speech—and only Congress has the authority to require them.”

The New York Times reports,
- “Among both men and women, drinking just one alcoholic beverage a day increases the risk of liver cirrhosis, esophageal cancer, oral cancer and various types of injuries, according to a federal analysis of alcohol’s health effects issued on Tuesday.
- “Women face a higher risk of developing liver cancer at this level of drinking, but a lower risk of diabetes. And while one alcoholic drink daily also reduces the likelihood of strokes caused by blood clots among both men and women, the report found, even occasional heavy drinking negates the benefits.
- “The report, prepared by an outside scientific review panel under the auspices of the Department of Health and Human Services, is one of two competing assessments that will be used to shape the influential U.S. Dietary Guidelines, which are to be updated this year.”

Monica M. Bertagnolli, M.D., issued a statement on ending her tenure as NIH director January 17, 2025. The FEHBlog has enjoyed her Director’s blog entries.

From the public health and medical research front,

The U.S. Preventive Services Task Force today gave B grades to the following recommended preventive services:
- “The USPSTF recommends screening for osteoporosis to prevent osteoporotic fractures in women 65 years or older.”
- “The USPSTF recommends screening for osteoporosis to prevent osteoporotic fractures in postmenopausal women younger than 65 years who are at increased risk for an osteoporotic fracture as estimated by clinical risk assessment.”
and an inconclusive grade to the following preventive service
- “The USPSTF concludes that the current evidence is insufficient to assess the balance of benefits and harms of screening for osteoporosis to prevent osteoporotic fractures in men.”

The USPSTF notes,
- “This recommendation updates the 2018 USPSTF recommendation on screening for osteoporosis. In 2018, the USPSTF recommended screening for osteoporosis with bone measurement testing to prevent osteoporotic fractures in women 65 years or older and in postmenopausal women younger than 65 years who are at increased risk of osteoporosis, as determined by a formal clinical risk assessment tool.⁴⁵ For the current recommendation, the USPSTF has noted that screening can include DXA BMD, with or without fracture risk assessment. The current recommendation is otherwise generally consistent with the 2018 recommendation.”

The Journal of the American Medical Association expands on this USPSTF note in an editorial comment.
- “At first glance, the updated US Preventive Services Task Force (USPSTF) Recommendation Statement on osteoporosis screening¹ appears nearly identical to the previous 2018 statement, especially regarding the recommendation for universal screening in women 65 years or older and insufficient evidence to support a recommendation for or against screening in men. However, subtle revisions to the 2018 recommendation² may result in substantive changes in screening of younger postmenopausal women in clinical practice. While a B recommendation for higher-risk postmenopausal women younger than 65 years is common to both statements, the 2018 statement recommended assessing risk of osteoporosis in these women using a formal clinical risk assessment tool, whereas the 2024 Recommendation Statement¹ recommends screening those at increased risk for an osteoporotic fracture as estimated by clinical risk assessment. Additionally, the screening test for both younger and older postmenopausal women in the 2018 recommendation is specified broadly as bone measurement testing. By contrast, the 2024 statement is more specific and defines screening as central (hip or lumbar spine) dual-energy x-ray absorptiometry (DXA) bone mineral density (BMD) testing with or without fracture risk assessment.
- “In postmenopausal women younger than 65 years, osteoporosis screening presents several challenges. While time is often limited and resources scarce in the overstretched primary care practice environment, the USPSTF recommends a 2-step process to identify women in this age group who warrant screening. The clinician first determines whether traditional osteoporosis risk factors such as low body weight or tobacco use are present. For women with 1 or more risk factors, the USPSTF then advises risk assessment with a clinical risk assessment tool (eg, the Osteoporosis Self-Assessment Tool [OST], the Osteoporosis Risk Assessment Instrument [ORAI], or the Fracture Risk Assessment Tool [FRAX]) calculated without BMD information to further select women who warrant BMD testing. Primary care clinicians should be aware that the OST and ORAI were designed to identify osteoporosis (BMD T score ≤−2.5), while FRAX was developed to estimate 10-year absolute probabilities of hip and major osteoporotic fracture. Use of the OST or ORAI entails a simple calculation with few inputs (e.g., the OST is based on age and weight alone), whereas use of FRAX requires entering information on 11 clinical risk factors into a web-based algorithm. Table 2 in the Recommendation Statement¹ provides “frequently used thresholds for increased osteoporosis risk” for OST (score <2) and ORAI (score ≥9), indicating that these thresholds identify women for whom central DXA BMD testing is suggested. In contrast to the 2011 and 2018 recommendations, the 2024 USPSTF Recommendation Statement¹ does not suggest a specific FRAX threshold to define increased osteoporosis risk.

Per a National Cancer Institute news release,
- “Feeding fructose to lab animals with cancer made their tumors grow faster, a new study has shown. But the tumors didn’t directly consume fructose, the researchers found. Instead, the liver converted it into a type of fat that cancer cells gobbled up.
- “Studies have suggested that diets containing excess fructose—which is found in high-fructose corn syrup and table sugar—can help tumors grow. But how this common dietary sweetener might do so has been a bit of a mystery. The researchers believe their study provides some important answers.
- “The NIH-funded study, published December 4 in Nature, showed that several types of cancer cells lacked the enzyme needed to use fructose directly. However, liver cells have the necessary enzyme, called KHK, and used it to convert fructose into fats called lipids.
- “The findings could open up a new avenue for potential cancer treatments, said the study’s senior researcher, Gary Patti, Ph.D., of Washington University in St. Louis. A drug that blocks the KHK enzyme slowed fructose-fueled tumor growth in mice, the scientists showed.”

The National Institutes of Health released an NIH research matters bulletin concerning “Cancer prevention and screening | Improving flu vaccines | LDL structure.”

AP reports,
- “A group of global experts is proposing a new way to define and diagnose obesity, reducing the emphasis on the controversial body mass index and hoping to better identify people who need treatment for the disease caused by excess body fat.
- “Under recommendations released Tuesday night, obesity would no longer be defined solely by BMI, a calculation of height and weight, but combined with other measurements, such as waist circumference, plus evidence of health problems tied to extra pounds.
- “Obesity is estimated to affect more than 1 billion people worldwide. In the U.S., about 40% of adults have obesity, according to the U.S. Centers for Disease Control and Prevention.
- “The whole goal of this is to get a more precise definition so that we are targeting the people who actually need the help most,” said Dr. David Cummings, an obesity expert at the University of Washington and one of the 58 authors of the report published in The Lancet Diabetes & Endocrinology journal.”

Per MedPage Today,
- “Integrating smoking cessation into a lung cancer screening program had the biggest benefit for patients who wanted to quit, a randomized trial showed.
- “Self-reported tobacco abstinence was greater at both 3 and 6 months with higher levels of integration of smoking cessation assistance in the lung cancer screening program, reported Paul Cinciripini, PhD, of the University of Texas MD Anderson Cancer Center in Houston, and colleagues in JAMA Internal Medicine.”
and
- “Antiviral drugs commonly used to treat non-severe influenza appeared to have little or no effect on key clinical outcomes, except for baloxavir (Xofluza), according to a systematic review and meta-analysis of 73 randomized trials.”

From the U.S. public health front,

Fierce Healthcare, Fierce Pharma, and BioPharma Dive each report on the second day of the J.P. Morgan Healthcare Conference being held in San Francisco, California.

STAT News adds,
- “Since society rebounded from the pandemic, Teladoc Health has gone from a soaring rocket ship considered an emblem of the potential of health tech to a cautionary tale about overblown hype. Its telehealth services are now viewed by many as an interchangeable commodity in a crowded market.
- “In his first prominent public appearance as CEO of the virtual care giant, Chuck Divita showed up [at the JPM Conference] and played the part — promising growth and stability and reminding investors of the company’s strong foundation.”

Beckers Hospital Review points out,
- Eli Lilly is leading a push with other pharmaceutical companies to request a pause in the Biden administration’s drug pricing negotiations, even as officials prepare to release a new list of medications to be targeted for price reductions, Bloomberg reported Jan. 13.
- Speaking at the JPMorgan HealthCare Conference in San Francisco, Eli Lilly CEO Dave Ricks emphasized the need for changes to the Inflation Reduction Act before additional drugs are included in the program.

MedCity News relates, “Nvidia announced four new partnerships focused on scaling AI models across the healthcare industry. The company is teaming up with Mayo Clinic, Illumina, IQVIA and Arc Institute” at JPM Conference.

BioPharma Dive lets us know,
- “Eli Lilly on Tuesday said the company’s revenue in 2024 totaled about $45 billion, a 32% jump on 2023’s total but less than what it had estimated in October.
- “Third quarter sales of Mounjaro and Zepbound, its GLP-1 drugs for diabetes and obesity, were below Wall Street analysts’ expectations at $3.5 billion and $1.9 billion, respectively. CEO David Ricks said GLP-1 market growth was slower than the company anticipated.
- “Shares of the Indianapolis-based company fell by as much as 8% in morning trading, shaving tens of billions of dollars from its market valuation. Since hitting a high of $960 apiece in late August, shares have tumbled in value by about one-fifth as Zepbound sales have fallen short of forecasts.”

McKinsey & Company explains “How healthcare entities can use M&A to build and scale new businesses.”

Monday Report

David Ermer–ACA, CDC, COVID-19, FDA, Generative AI, Medical / Rx research, NIH, OPM, U.S. Healthcare–January 13, 2025January 13, 2025

From Washington, DC,

Fierce Healthcare lets us know,
- “One week before President-elect Donald Trump’s inauguration, the Biden administration is finalizing a rule that sets new standards for the individual market under the Affordable Care Act.
- “First proposed in October, the rule protects consumers from having their coverage swapped unwittingly. Brokers and agents that violate this policy, and pose other “unacceptable” risks, can be suspended. The rule will go into effect on Wednesday.
- “The rule also amends the risk adjustment program through user fee rates, new calculations to the Basic Health Program (BHP) and reporting to the ACA Quality Improvement Strategy (QIS), designed to improve member outcomes.”

Here is a link to CMS’s fact sheet on the final Affordable Care Act (“ACA”) rule titled “HHS Notice of Benefit and Payment Parameters for 2026” and a link to the rule itself.

The ACA regulators today withdrew an October 28, 2024, proposed rule which would have “expand access to coverage of recommended preventive services without cost sharing in the commercial market, with a particular focus on reducing barriers to coverage of contraceptive services, including over the counter (OTC) contraceptives.”

FedSmith confirms,
- “President-elect Donald Trump has nominated Scott Kupor as the Director of the Office of Personnel Management (OPM).
- “Kupor would lead an OPM organization that has grown under the Biden administration. It now has a larger budget and workforce.
- “For fiscal year 2025, the Biden administration proposed a budget of $465.8 million for OPM, which is an increase of about 21% compared to the enacted budget of $385.7 million in fiscal year 2023.”

The U.S. Office of Personnel Management posted on the Federal Register’s Public Inspection List a final rule which, according to Govexec, “will standardize the maps relied upon to determine the locality pay rates for white- and blue-collar federal workers across the U.S.” effective October 1, 2025.

Pew Research reports on what the data says about federal and postal workers.

Federal News Network notes,
- “The Postal Service is offering early retirement buyouts to mail handlers who work in the agency’s mail processing facilities, and other USPS employees who work in a variety of support positions.
- “USPS, in a memo obtained by Federal News Network, is offering lump-sum incentive payments worth up to $15,000 to eligible mail handlers who agree to a voluntary early retirement in the coming months.
- “The agency reached an agreement with the National Postal Mail Handlers Union, which represents 47,000 mail handlers nationwide, as well as the American Postal Workers Union, which represents 222,000 active and retired postal clerks, mail processors and sorters, as well as other USPS occupations.
- “Federal News Network reached out to both unions for comment.

From the judicial front,

The American Hospital Association News reports,
- The U.S. Chamber of Commerce Jan. 13 filed a lawsuit against the Federal Trade Commission, saying changes made by the FTC to premerger notification rules under the Hart-Scott-Rodino Act are “unnecessary and unlawful.”
- In a statement, the Chamber said the FTC “has failed to justify the need to subject every merger filing to its new burden. During the rulemaking process it never contemplated alternative, less burdensome approaches and understates the costs and overstates the benefits of changing the rule as part of its final analysis. Subjecting thousands of routine mergers and acquisitions to these additional burdens will slow down normal business transactions and increase costs, hurting the economy in the process.”
- The FTC finalized changes to the premerger notification rules, form and instructions under the HSR Act in October. The AHA expressed disappointment with the FTC’s changes, saying that the rule “functions as little more than a tax on mergers… The agency already has more than enough information about hospital transactions, and it has shown no hesitation in challenging them. The final rule will just require hospitals to divert time and resources away from patient care towards needless compliance costs.

From the Food and Drug Administration front,

The Washington Post reports,
- “The long quest for powerful non-opioid drugs that treat pain without risk of addiction is nearing a milestone, in the form of a pill that could soon win approval from the Food and Drug Administration.
- “If successful, the drug developed by Vertex Pharmaceuticals would offer a possible alternative to potent prescription painkillers such as oxycodone, which was once heavily marketed by drug companies and fueled an epidemic of dependency and death.
- “Independent experts say it remains too early to know how revolutionary the Vertex drug, suzetrigine, will be. The company’s application that is pending before the FDA, which could be approved by the end of January, is for relatively short-term pain. It is based on successful clinical trials in people recovering from two types of surgeries, as well as a safety study that monitored participants over about six weeks.
- “Vertex is still exploring whether the drug can be safely and effectively used for chronic, longer-lasting pain.”

Cardiovascular Business points out,
- “The U.S. Food and Drug Administration (FDA) has announced that Philips is recalling the software associated with its Mobile Cardiac Outpatient Telemetry (MCOT) devices after certain high-risk electrocardiogram (ECG) events were never routed to trained cardiology technicians as intended. This is a Class I recall, the FDA’s most serious classification.
- “This issue, which lasted from July 2022 to July 2024, has been associated with 109 patient injuries and two patient deaths. Some of the health events included suspected cases of atrial fibrillation or pause, supraventricular tachycardia, ventricular tachycardia and second- or third-degree atrioventricular block.
- “On Dec. 18, 2024, Philips and its subsidiary, Braemar Manufacturing, sent all customers impacted by the failure an Urgent Medical Device Correction and information on how to review which patients may need to have their data reprocessed.”
and
- “The U.S. Food and Drug Administration (FDA) has now cleared more than 1,000 clinical artificial intelligence (AI)algorithms to be used commercially for direct patient care in the United States. Cardiology is No. 2 among all healthcare specialties with 161 FDA clearances; some of those are even approved for multiple specialties.
- “Radiology is by far the king of AI FDA clearances with 758 algorithms, making up about 76% of all clinical AI in the U.S. Neurology comes in at an extremely distant third place with 35 algorithms. There are 15 other specialities with cleared AI, but they each number less than 20 algorithms.
- “The FDA updated its AI-enabled device approval list in late December, which showed the agency technically reached the 1,000 mark back in September. The first AI algorithm was cleared in 1996, and the number of submissions to the FDA has accelerated very rapidly in the past few years. The agency is now clearing an average of about 20 AI algorithms per month, and the FDA says that number is expected to rise in the coming years.”

Fierce Healthcare adds,
- “The Peterson Health Technology Institute launched an artificial intelligence task force to puzzle out the value of in-demand AI technologies for healthcare delivery organizations.
- “The task force has been operational for six months, Caroline Pearson, executive director of the PHTI, said in an interview. It will be led by Prabhjot Singh, M.D., Ph.D., a physician and co-founder of CHW Cares, which sold to Oak Street Health in 2022, and Margaret McKenna, former chief technology officer at Devoted Health. Both Singh and McKenna are advisers to the PHTI.
- “There are about 60 people on the task force from a dozen healthcare systems, including UC San Diego Health, Intermountain Health, Mass General Brigham, Providence, Ochsner Health and MultiCare. Pearson also said there are many C-suite executives on the task force including CEOs, chief financial officer and chief information officers.
- “They’re not AI cheerleaders,” Pearson said. “They’re just trying to run effective, efficient healthcare systems.”

From the public health and medical research front,

The Center for Disease Control and Prevention announced today,
- “COVID-19 activity has increased in most areas of the country. Seasonal influenza activity remains elevated across the country. RSV activity is very high in many areas of the country, particularly in young children.
- “COVID-19
  - “COVID-19 activity has increased in most areas of the country, with high COVID-19 wastewater levels, increasing emergency department visits and elevated laboratory percent positivity. Emergency department visits and hospitalizations are highest in older adults and emergency department visits are also elevated in young children.
  - “There is still time to benefit from getting your recommended immunizations to reduce your risk of illness this season, especially severe illness and hospitalization.
  - “CDC expects the 2024-2025 COVID-19 vaccine to work well for currently circulating variants. There are many effective tools to prevent spreading COVID-19 or becoming seriously ill.
- “Influenza
  - “Seasonal influenza activity remains elevated across the country. Additional information about current influenza activity can be found at: Weekly U.S. Influenza Surveillance Report | CDC“
- “RSV
  - “RSV activity is very high in many areas of the country, particularly in young children. Emergency department visits and hospitalizations are highest in children and hospitalizations are elevated among older adults in some areas.”
- “Vaccination
  - “Vaccination coverage with influenza and COVID-19 vaccines are low among U.S. adults and children. COVID-19 vaccine coverage in older adults has increased compared with the 2023-2024 season. Vaccination coverage with RSV vaccines remains low among U.S. adults. Many children and adults lack protection from respiratory virus infections provided by vaccines.”

Speaking of wastewater, the Your Local Epidemiologist newsletter, to which the FEHBlog subscribes, explains,
- We’re seeing a lot of [H5N1] virus in California’s cows and birds. California is the number one state for dairy cattle, and so far, 703 herds have tested positive for H5N1. That’s more than 2/3 of all the dairy farms in the state. Plus, 93 commercial or backyard poultry flocks, accounting for about 22 million animals, have also been infected.
- Unfortunately, we don’t have the wastewater testing capabilities yet to differentiate between humans and animals. A recent preprint showed wastewater is picking up viruses from animals (rather than humans) through milk dumping, animal sewage, and bird contamination. We are also relying on epidemiologists’ accounts on the ground to sort through the signals.

Per an NIH news release,
- “New findings from the National Institutes of Health’s (NIH) Researching COVID to Enhance Recovery (RECOVER) Initiative suggest that infection with SARS-CoV-2, the virus that causes COVID-19, may be associated with an increase in the number of myalgic encephalomyelitis/chronic fatigue syndrome (ME/CFS) cases. According to the results, 4.5% post-COVID-19 participants met ME/CFS diagnostic criteria, compared to 0.6% participants that had not been infected by SARS-CoV-2 virus. RECOVER is NIH’s national program to understand, diagnose, prevent, and treat Long COVID.
- “The research team, led by Suzanne D. Vernon, Ph.D., from the Bateman Horne Center in Salt Lake City, examined adults participating in the RECOVER adult cohort study to see how many met the IOM clinical diagnostic criteria for ME/CFS at least six months after their infection. Included in the analysis were 11,785 participants who had been infected by SARS-CoV-2 and 1,439 participants who had not been infected by the virus. Findings appear in the Journal of General Internal Medicine.
- “ME/CFS is a complex, serious, and chronic condition that often occurs following an infection. ME/CFS is characterized by new-onset fatigue that has persisted for at least six months and is accompanied by a reduction in pre-illness activities; post-exertional malaise, which is a worsening of symptoms following physical or mental activity; and unrefreshing sleep plus either cognitive impairment or orthostatic intolerance, which is dizziness when standing. People with Long COVID also experience some or all of these symptoms.
- “Long COVID is an infection-associated chronic condition that occurs after SARS-CoV-2 infection and is present for at least three months as a continuous, relapsing and remitting, or progressive disease state that affects one or more organ systems. People with Long COVID report a variety of symptoms including fatigue, pain, and cognitive difficulties.
- “Dr. Vernon and her team determined that new incidence cases of ME/CFS were 15 times higher than pre-pandemic levels.
- “These findings provide additional evidence that infections, including those caused by SARS-CoV-2, can lead to ME/CFS.”

The American Hospital Association News tells us,
- The San Francisco Department of Public Health Jan. 10 announced a presumptive positive case of H5N1 bird flu in a child after they experienced symptoms of fever and conjunctivitis. The child was not hospitalized and has since fully recovered, the agency said. An initial investigation by SFDPH did not reveal how the child may have contracted the virus, and the department is continuing to investigate.
Per Medscape,
- More than 15 million people, accounting for 4.6% of the US population, were diagnosed with at least one autoimmune disease from January 2011 to June 2022; 34% were diagnosed with more than one autoimmune disease.
- Sex-stratified analysis revealed that 63% of patients diagnosed with autoimmune disease were women, and only 37% were men, establishing a female-to-male ratio of 1.7:1; age-stratified analysis revealed increasing prevalence of autoimmune conditions with age, peaking in individuals aged ≥ 65 years.
- Among individuals with autoimmune diseases, 65% of patients had one condition, whereas 24% had two, 8% had three, and 2% had four or more autoimmune diseases (does not add to 100% due to rounding).
- Rheumatoid arthritis emerged as the most prevalent autoimmune disease, followed by psoriasis, type 1 diabetes, Grave’s disease, and autoimmune thyroiditis; 19 of the top 20 most prevalent autoimmune diseases occurred more frequently in women.
- Source: https://www.jci.org/articles/view/178722

The American Medical Associations shares what doctors wish their patients knew about Parkinson’s Disease.

The New York Times reports,
- “The number of people in the United States who develop dementia each year will double over the next 35 years to about one million annually by 2060, a new study estimates, and the number of new cases per year among Black Americans will triple.
- “The increase will primarily be due to the growing aging population, as many Americans are living longer than previous generations. By 2060, some of the youngest baby boomers will be in their 90s and many millennials will be in their 70s. Older age is the biggest risk factor for dementia. The study found that the vast majority of dementia risk occurred after age 75, increasing further as people reached age 95.
- “The study, published Monday in Nature Medicine, found that adults over 55 had a 42 percent lifetime risk of developing dementia. That is considerably higher than previous lifetime risk estimates, a result the authors attributed to updated information about Americans’ health and longevity and the fact that their study population was more diverse than that of previous studies, which have had primarily white participants.
- “Some experts said the new lifetime risk estimate and projected increase in yearly cases could be overly high, but they agreed that dementia cases would soar in the coming decades.”

Health Day considers whether “Doctors Can Estimate Life Expectancy After a Dementia Diagnosis?”
- “Updated estimates give a better picture of how long a person will live following a dementia diagnosis.
- “Age plays a factor in how long people have left.
- “Women tend to have longer life expectancy than men.”

From the U.S. healthcare business front,

Fierce Healthcare and BioPharma Dive share news from the J.P. Morgan Healthcare Conference now underway in San Francisco.

BioPharma Dive relates,
- “Johnson & Johnson on Monday said it has agreed to acquire Intra-Cellular Therapies, a developer of drugs for diseases of the brain, for $132 per share, or about $14.6 billion.
- “The announcement of the deal, which if completed would be the largest acquisition of a biotechnology company since early 2023, came on the first day of the J.P. Morgan Healthcare Conference, an industry meeting that’s known for dealmaking.
- “The chief prize in buying Intra-Cellular is a medicine known as Caplyta that’s approved in the U.S. to treat schizophrenia and bipolar depression. The biotech recently asked the Food and Drug Administration to expand Caplyta’s clearance to include major depressive disorder, which affects about 10 times as many people as have schizophrenia and a little more than three times as many as have bipolar depression.”
and
- “Eli Lilly has turned to a biotechnology startup for help building its pipeline of cancer drugs, agreeing on Monday to purchase an experimental cancer drug from privately held Scorpion Therapeutics for as much as $2.5 billion.
- “As part of the deal, Scorpion will spin out a new, independent company that will hold its other assets as well as inherit its employees. Lilly will take a minority stake in the new company, which will be owned by Scorpion’s current shareholders, among them Atlas Venture, Vida Ventures and Omega Funds.
- “Current Scorpion CEO Adam Friedman will lead the new company along with other members of the startup’s management.”
and
- “Late last week, Biogen made an unsolicited offer to buy one of its partners, brain drug developer Sage Therapeutics.
- “The two biotechnology companies have worked together over the past four years on a mood-stabilizing medicine known as Zurzuvae. They split research costs and, after the medicine got approved as a treatment for postpartum depression, began sharing profits.
- B”ut Biogen now wants Zurzuvae all to itself. In a Jan. 10 letter to Sage’s top executive Barry Greene, Biogen CEO Christopher Viehbacher wrote that his company’s experience selling nervous system drugs would “enable more streamlined operations and efficient commercial execution” around Zurzuvae, which, in turn, should improve patient access.”

Healthcare Dive reports,
- “California-based Prospect Medical Holdings filed for Chapter 11 bankruptcy on Saturday in the U.S. Bankruptcy Court for the Northern District of Texas, following years of financial difficulties and escalating pressure from state and federal regulators over its operating practices.
- “The health system declared $1 billion to $10 billion in both assets and liabilities and said it had more than 100,000 creditors in its initial court filing.
- “Prospect, which operates 16 hospitals across California, Connecticut, Pennsylvania and Rhode Island, said it will use the restructuring process to sell hospitals and focus on realigning its portfolio back to its core, home-state operations.”

Cybersecurity Saturday

David Ermer–Cybersecurity, Generative AI–January 11, 2025January 11, 2025

From the cybersecurity policy and law enforcement front,

Bloomberg alerts us,
- “The Biden administration is racing to put out an executive order meant to shore up US cybersecurity in its dwindling days in office, according to four people familiar with the matter.
- “The executive order, which has cleared some internal hurdles and is close to being published, incorporates lessons from a series of major breaches during the Biden administration, including the most recent Treasury Department hack attributed to China, according to people familiar with the matter who didn’t want to be named to discuss information that hasn’t yet been made public.
- “Among the measures, it directs the government to implement “strong identity authentication and encryption” across communications, according to an undated draft of the order seen by Bloomberg News. In the December Treasury hack, intruders accessed unclassified documents stored locally on laptops and desktop computers. Encrypting information sent by email and worked on in the cloud could help safeguard it from hackers who successfully access systems but then cannot open specific documents.” * * *
- “Whether President-elect Donald Trump will leave the executive order in place when he takes office remains unclear, though he’s vowed to pare back federal regulation. Trump has signaled that he intends to repeal another Biden administration order intended to provide guardrails around artificial intelligence.”

Federal News Network provides more details on the draft EO for those interested.

Dark Reading reports,
- “Yesterday [January 7, 2025] the White House introduced a cybersecurity labeling program for wireless Internet-connected devices, intended to help Americans make more informed decisions about the products they buy and their security.
- “As Americans continue to add Internet of Things (IoT) devices to their home networks — everything from baby monitors to security cameras — there are growing concerns about the safety of these devices and their vulnerability to hackers. The goal of this label is to guide consumers to more secure products as well as encourage vendors in their cyber practices.
- “Known as the “US Cyber Trust Mark,” the label has been a long time coming, with the Federal Communications Commission gathering input over the past 18 months. In a bipartisan and unanimous vote, the FCC authorized the program and said 11 vendors will act as label administrators while UL Solutions will serve as the lead administrator.
- “The White House launched this bipartisan effort to educate American consumers and give them an easy way to assess the cybersecurity of such products, as well as incentivize companies to produce more cybersecure devices, much as EnergyStar labels did for energy efficiency,” the White House brief read.”
- “Though this new system has good intentions for both consumers and vendors, there are concerns and speculation as to how effective this cybersecurity label will be.” Read the article for those details.

Here’s a link to the Federal Register version of the recent proposed HIPAA Security Rule amendments which appears in the January 6, 2025, issue. The public comment deadline is March 7, 2025.

Fedscoop tells us,
- “Guy Cavallo, the chief information officer of the Office of Personnel Management since July 2021, will retire from federal service on Jan. 13, he confirmed to FedScoop.
- “Cavallo leaves federal service having held several top technology roles over the past decade, including as deputy CIO of the Small Business Administration and executive director of IT operations at the Transportation Security Administration. He also served as OPM’s principal deputy CIO and acting CIO before being named permanent CIO.
- “As the longest-tenured CIO of OPM in recent memory, Cavallo led that charge on a two-year sprint replacing or migrating over 50 applications from legacy on-premises data centers to the cloud and the launch of the new Postal Health Benefits System last year for more than 1.7 million postal workers and retirees. He touted the system as fully operational 100% of the time with no unscheduled downtime throughout the Open Season.
- “Cavallo also led OPM to winning several Technology Modernization Fund awards in recent years, the most recent of which came in late 2024 to support the use of artificial intelligence to update legacy mainframe programs for OPM’s retirement systems.“

The National Institute of Standards and Technology announced on January 8,
- NIST extends the public comment period on the initial public draft (ipd) of NIST Special Publication (SP) 800-172r3 (Revision 3), Enhanced Security Requirements for Protecting Controlled Unclassified Information (CUI) until January 17, 2025.
- NIST strongly encourages you to use the comment template and submit comments to 800-171comments@list.nist.gov. Comments received in response to this request will be posted on the Protecting CUI project site after the due date. Submitters’ names and affiliations (when provided) will be included, while contact information will be removed.
- For more information, see the NIST Protecting CUI Project.

Per HHS press releases,
- “[On January 7, 2025], the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced an $80,000 settlement with Elgon Information Systems (Elgon), a Massachusetts company that provides electronic medical record and billing support services to covered entities, under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. OCR enforces the HIPAA Privacy, Security, and Breach Notification Rules, which set forth the requirements that covered entities (health plans, health care clearinghouses, and most health care providers), and business associates must follow to protect the privacy and security of protected health information (PHI). The HIPAA Security Rule establishes national standards to protect and secure our health care system by requiring administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of electronic PHI (ePHI). The settlement resolves an investigation concerning a ransomware attack on Elgon’s information system.” * * *
- The resolution agreement and corrective action plan may be found at: https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/elgon-inc-ra-cap/index.html
and
- [Also on January 7, 2025], the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a $90,000 settlement with Virtual Private Network Solutions, LLC (VPN Solutions), a Virginia business associate that provides data hosting and cloud services to covered entities (health plans, health care clearinghouses, and most health care providers) and business associates, for a potential violation under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. OCR enforces the HIPAA Privacy, Security, and Breach Notification Rules, which set forth the requirements that covered entities (health plans, health care clearinghouses, and most health care providers), and business associates must follow to protect the privacy and security of protected health information (PHI). The HIPAA Security Rule establishes national standards to protect and secure our health care system by requiring administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of electronic PHI (ePHI). The settlement resolves an investigation concerning a ransomware attack on VPN Solutions’ information system.” * * *
- “The resolution agreement and corrective action plan may be found at: https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/vpns-ra-cap/index.html

Per Cyberscoop,
- “Microsoft is petitioning a Virginia [federal] court to seize software and shut down internet infrastructure that they allege is being used by a group of foreign cybercriminals to bypass safety guidelines for generative AI systems.
- “In a filing with the Eastern District Court of Virginia, Microsoft brought a lawsuit against ten individuals for using stolen credentials and custom software to break into computers running Microsoft’s Azure OpenAI services to generate “harmful content.”
- “In a complaint filed Dec. 19, 2024, the company accuses the group of violating the Computer Fraud and Abuse Act, the Digital Millennium Copyright Act, the Lanham Act and the Racketeer Influence and Corrupt Organizations Act, as well as trespass to chattels and tortious interference under Virginia state law.”

From the cybersecurity reminiscences department,

“HHS OCR Director Melanie Fontes Rainer reflects on 2024 as a historic year filled with tremendous activities and accomplishments for OCR on Health Insurance Portability and Accountability Act of 1996 (HIPAA) rulemakings, enforcement actions, and resources for the health care sector on HIPAA privacy and cybersecurity.”

In Cyberscoop, “National Cyber Director Harry Coker looks back (and ahead) on the Cyber Director office. It’s made real strides, but there’s a lot more that it could be doing, he said, and more that needs to be done.”

In a blog post, Valeria Colman, the Cybersecurity and Infrastructure Security Agency’s (CISA) chief strategy officer, looks back at “CISA Through the Years: Policy and Impact.”

From the cybersecurity vulnerabilities and breaches front,

Cybersecurity Dive reports,
- “AT&T and Verizon, two of the nine U.S. telecom companies attacked by Salt Typhoon, said they evicted the China-government sponsored threat group from their networks.
- “We detect no activity by nation-state actors in our networks at this time,” an AT&T spokesperson said in a prepared statement. A Verizon spokesperson made a similar statement, asserting the carrier has “contained the cyber incident brought on by this nation-state threat actor. An independent and highly respected cybersecurity firm has confirmed the Verizon containment.”
- “AT&T and Verizon did not say when they ejected the nation-state group from their networks, but declared their networks secure last week.”

Dark Reading adds,
- “The Chinese threat actor group known as “Silk Typhoon” has been linked to the December 2024 hack on an agency that’s part of the US Department of the Treasury.
- “In the breach, the threat actors were able to use a stolen Remote Support SaaS API key through third-party cybersecurity vendor BeyondTrust to steal data from workstations in the Office of Foreign Assets Control (OFAC).
- “Silk Typhoon, also known as Hafnium, is well known for hitting targets in education, healthcare, defense, and non-governmental organizations.
- “Using tools such as the China Chopper Web shell, the group’s cyber-espionage campaigns focus mainly on data theft.” * * *
- “The Cybersecurity and Infrastructure Security Agency (CISA) has since confirmed that these exploits are limited to just the agency, and there is no indication that any other federal agencies have been impacted by the incident.”

Bleeping Computer lets us know,
- BayMark Health Services, North America’s largest provider of substance use disorder (SUD) treatment and recovery services, is notifying an undisclosed number of patients that attackers stole their personal and health information in a September 2024 breach.
- The Texas-based organization provides medication-assisted treatment (MAT) services targeting both substance use and mental health disorders to more than 75,000 patients daily in over 400 service sites across 35 U.S. states and three Canadian provinces.
- In data breach notification letters mailed to affected individuals, BayMark revealed that it learned of the breach on October 11, 2024, following an IT systems disruption. A follow-up investigation revealed that the attackers accessed BayMark’s systems between September 24 and October 14.

Per Dark Reading,
- Cybercriminals have picked up a new tactic, impersonating CrowdStrike recruiters in order to distribute a crypto miner on their victims’ devices.
- This malicious campaign starts with an email, inviting the victim to schedule an interview with a recruiter for a position as a junior developer.
- The illegitimate email contains a link, alleging that it will take the recipient to a site so they can schedule their interview, but in reality, takes the victim to a malicious website containing links to download a purported “CRM application.”

CISA reminds us,
- “In an era of increasingly sophisticated cyber threats, securing critical infrastructure has become a cornerstone of national security. CISA’s mission is to drive collaborative, proactive efforts to reduce risk and strengthen resilience for our nation’s critical infrastructure, federal civilian branch assets, and the private sector more broadly. While these efforts are many and varied, I’d like to highlight three particularly transformative initiatives—the Known Exploited Vulnerabilities (KEV) Catalog, Cybersecurity Performance Goals (CPGs), and the Pre-Ransomware Notification Initiative (PRNI)—to illustrate how we can collectively work to reshape the cybersecurity landscape.”

CISA added four known exploited vulnerabilities to its catalog this week.
- January 7, 2025
  - CVE-2024-41713 Mitel MiCollab Path Traversal Vulnerability
  - CVE-2024-55550 Mitel MiCollab Path Traversal Vulnerability
  - CVE-2020-2883 Oracle WebLogic Server Unspecified Vulnerability
- January 8, 2025
  - CVE-2025-0282 Ivanti Connect Secure Vulnerability

SC Media offers details on the January 7, 2025, KVEs while Cybersecurity Dive discusses the January 8, 2025, KVE.

From the ransomware front,

Axios gives us a primer on ransomware.

Here’s a link to a helpful September 2024 CISA PowerPoint presentation about its available tools such as the Pre-Ransomware Notification Initiative.

Security Week discusses “Temple University’s Critical Infrastructure Ransomware Attacks (CIRA)” database.
- “The Critical Infrastructure Ransomware Attacks (CIRA) database currently covers more than 2,000 attacks documented since 2013 and includes nearly 300 entries for incidents that came to light in 2024.
- “It contains information such as name of the victim, date of the incident, country or US state, targeted critical infrastructure sector, name of the attacking threat group, duration of the incident, MITRE ATT&CK mapping, and — if known — the amount of money that was demanded by the attacker and the ransom paid by the victim.” * * *
- “The database is available for free upon request. To date it has been requested more than 1,500 times, mainly by researchers and other members of the cybersecurity industry (61%), as well as students, government entities, educators, and reporters.”

From the cybersecurity defenses front,

Cybersecurity Dive identifies four cybersecurity trends to watch this year.
- Critical industries are up against never before seen challenges to remain secure and operational, while regulatory pressures have completely upended the role of the CISO in corporate America.

Dark Reading considers current trends in artificial intelligence and cybersecurity.

CISA Director Jen Easterly discusses “Corporate Cyber Governance: Owning Cyber Risk at the Board Level.”

CISA also released its “Cybersecurity Performance Goals Adoption Report.”

TechTarget shares “Top 15 email security best practices for 2025.”

Here is a link to Dark Reading’s CISO Corner.

Friday Report

David Ermer–CDC, CMS, COVID-19 vaccine, FDA, Federal employment benefits, Generative AI, Medical / Rx research, NIH, OPM, Rx coverage, SCOTUS, U.S. Healthcare–January 10, 2025January 10, 2025

From Washington, DC.

STAT News reports,
- “The Biden administration’s [last] regulation affecting the Medicare Advantage industry would come with a much lighter touch than the past two years.
- “President Biden’s Centers for Medicare and Medicaid Services on Friday proposed to increase the average benchmark payment to private Medicare Advantage plans by 2.2% for 2026. That compares to cuts of 0.2% for this year and 1.1% in 2024, although the Biden administration gave the Medicare Advantage industry one of the largest-ever payment hikes in 2023.
- “The proposed rule was rolled out weeks earlier than normal, as the Trump administration gets ready to take over the White House and federal agencies later this month. It’s unclear what, if any, changes President Trump’s team will make to the proposal. Trump has picked Mehmet Oz to lead CMS, but it’s possible that the Senate won’t confirm him before the final rule is published by the beginning of April.
- “But the Biden White House at least appears worried Trump will undo the latest proposal, warning that any “pauses” to some of its changes to how Medicare Advantage insurers are paid would result in an extra $10 billion windfall for the industry.”

An CMS press release adds,
- “The CY 2026 Advance Notice and Draft CY 2026 Part D Redesign Program Instructions are open for public comment, and CMS will accept comments through 11:59 PM Eastern Time on February 10, 2025. The CY 2026 Rate Announcement and the CY 2026 Part D Redesign Program Instructions will be published no later than April 7, 2025.
- “The CY 2026 Advance Notice may be viewed at https://www.cms.gov/files/document/2026-advance-notice.pdf.
- “A fact sheet discussing the provisions of the CY 2026 Advance Notice can be viewed at https://www.cms.gov/newsroom/fact-sheets/2026-medicare-advantage-and-part-d-advance-notice-fact-sheet.
- “The Draft CY 2026 Part D Redesign Program Instructions can be found at https://www.cms.gov/files/document/draft-cy-2026-part-d-redesign-program-instructions.pdf.
- “A fact sheet discussing the provisions of the Draft CY 2026 Part D Redesign Program Instructions can be viewed at https://www.cms.gov/newsroom/fact-sheets/draft-cy-2026-part-d-redesign-program-instructions-fact-sheet.”

Per HHS press releases,
- “Today, U.S. Department of Health and Human Services (HHS) Secretary Xavier Becerra declared a Public Health Emergency (PHE) for California to address the health impacts of the ongoing wildfires in Los Angeles County.
- “The declaration follows President Biden’s major disaster declaration and gives the Centers for Medicare & Medicaid Services’ (CMS) health care providers and suppliers greater flexibility in meeting emergency health needs of Medicare and Medicaid beneficiaries.
- “We will do all we can to assist California officials with responding to the health impacts of the devastating wildfires going on in Los Angeles County,” said Secretary Becerra. “We are working closely with state and local health authorities, as well as our partners across the federal government, and stand ready to provide public health and medical support. My thoughts and prayers are with the people impacted in my home state.”
and
- “The U.S. Department of Health and Human Services (HHS) has issued its AI Strategic Plan (hereafter referred to as “Strategic Plan” or “Plan”). The Plan establishes both the strategic framework and operational roadmap for responsibly leveraging emerging technologies to enhance HHS’s core mission, while maintaining our commitment to safety, effectiveness, equity, and access. Additionally, the Plan outlines the ways in which HHS will deliver on its goal of being a global leader in innovating and adopting responsible AI that achieves unparalleled advances in the health and well-being of all Americans.
- “At HHS, we are optimistic about the transformational potential of AI,” said Deputy Secretary Andrea Palm. “These technologies hold unparalleled ability to drive innovation through accelerating scientific breakthroughs, improving medical product safety and effectiveness, improving health outcomes through care delivery, increasing access to human services, and optimizing public health. However, our optimism is tempered with a deep sense of responsibility. We need to ensure that Americans are safeguarded from risks. Deployment and adoption of AI should benefit the American people, and we must hold stakeholders across the ecosystem accountable to achieve this goal.”

The Wall Street Journal reports,
- “New divisions have emerged among U.S. intelligence agencies over whether foreign adversaries have been developing devices that led to the illness known as Havana Syndrome, according to an intelligence report released Friday.
- “Most of the U.S. intelligence community still believes it is very unlikely that the wide range of symptoms that have been reported by more than 1,500 U.S. government employees since the first cases emerged in Havana in late 2016 were caused by a foreign power.
- “But in a notable shift, two intelligence agencies now say there is a “roughly even chance” U.S. adversaries have been developing a novel weapon that could cause the illness.
- “One of the dissenting agencies says it might have already been used to harm a small number of American personnel and dependents who have reported Havana Syndrome symptoms, the report said.
- “Havana Syndrome is a set of unexplained medical symptoms that include dizziness, headache, fatigue, nausea, anxiety, cognitive difficulties and memory loss of varying severity.”

Per Federal News Network,
- “The Office of Personnel Management’s retirement claims backlog remained basically the same in December as compared to November, but the number of days it took to process those claims ticked up to 57 from 55 days.
- “OPM also hit a new low in retirement claims received last month with 5,020. This is the lowest amount of claims received since November 2023.”

Govexec tells us,
- “The Office of Personnel Management on Wednesday sent guidance to agency heads outlining transition authorities that President-elect Donald Trump could use to immediately place his nominees in temporary positions at federal agencies and departments.
- “Although Trump is pushing Senate Republicans to expeditiously confirm his picks, he will have the authority to appoint individuals, for up to 30 days, to advisory or consultative senior executive service positions while they’re awaiting confirmation.
- “Likewise, cabinet-level agencies will be able to make five noncareer SES appointments and other agencies can institute up to three such appointments, which is standard. Such appointments must be made by Feb. 15 and also can only last for 30 days.”

From the judicial front,

Bloomberg informs us,
- “The US Supreme Court agreed [today] to review a lower court ruling that found some Obamacare coverage requirements for preventative services unlawful, but kept them enforceable nationwide.
- “In an order Friday, the court said it will hear the Biden administration’s appeal of that decision by the US Court of Appeals for the Fifth Circuit holding the structure of the US Preventive Services Task Force unconstitutional under the Appointments Clause.
- “The task force is charged with recommending some of the medical services health insurers must cover free-of-charge under the Affordable Care Act.
- “Task force members “are principal officers under Article II of the Constitution who must be—yet have not been—nominated by the President and confirmed by the Senate,” the Fifth Circuit said.”
FEHBlog note: It drives the FEHBlog nuts that the Biden Administration or Congress failed to moot the 5th Circuit opinion by making USPSTF recommendations subject to approval by the Centers for Disease Control and Prevention’s director.

From the public health and medical research front,

The CDC did not have time to update its weekly respiratory illnesses report due to the unexpected federal holiday for President Carter’s Day of Mourning yesterday. This week’s report will be posted on Monday January 13.

The University of Minnesota’s CIDRAP relates, “A first dose of COVID-19 vaccine accelerated relief of long-COVID symptoms such as fatigue and muscle aches in UK adults, but flu vaccination did not, suggests an observational University College London–led study published yesterday in the Journal of Infection.”

Per MedPage Today, “Hospitals doing fewer operative vaginal deliveries (OVDs) had higher rates of adverse perinatal outcomes for these cases than higher volume centers did, according to a population-based retrospective cohort study from California.”

The NIH Director, Dr Monica Bertagnolli, writes in her blog,
- “Millions of people in the U.S. have an autoimmune disease, from type 1 diabetes to inflammatory bowel disease, in which the immune system attacks the body’s own organs, tissues, or cells to cause damage. While treatments that tamp down the immune system can help, they can increase risk for infection or cancer due to systemic immune suppression. Similarly, for people who’ve received an organ or tissue transplant, immunosuppressants used to prevent rejection can leave the whole body vulnerable. What if there was a way to suppress the immune system only right where it’s needed, in tissues or organs at risk for immune attack?
- “An NIH-supported study reported in Science describes a way to do just that by using a cell-based therapy approach. The therapeutic approach involves taking a blood sample from a patient, modifying certain immune cells in the laboratory, and then reintroducing the engineered cells back into the body. Such cell-based therapeutics can be designed to recognize specific molecules to target tissues. This approach is already used to treat many cancers, utilizing a patient’s own engineered immune cells, known as CAR T cells, to attack and kill their cancer. Inspired by the success of the CAR T-cell example, the researchers behind this new work see the technology they’re developing as a potential platform for tackling many types of immune dysfunction.” * * *
- “While much more study is needed, the researchers suggest that such synthetic suppressor T cells could serve as a readily customizable platform to potentially treat many autoimmune conditions. Engineered immune suppressor cells could also be used to fine-tune CAR T-cell therapies for cancer so that they only attack tumors and not normal tissues, making them less toxic. This paves the way for a future in which there may be many more possibilities for precisely tamping down the immune system in ways that could prove life-changing for transplant recipients and those with type 1 diabetes, as well as many other autoimmune conditions.”
Per BioPharma Dive,
- “Pfizer on Friday said its PD-1 inhibitor sasanlimab, when combined with standard therapy in people with bladder cancer, delayed death and disease complications longer than standard therapy alone. The Phase 3 trial could give Pfizer’s subcutaneous immunotherapy an edge over rival drugs, like Merck & Co.’s Keytruda and Bristol Myers Squibb’s Opdivo, which are approved to treat people with more advanced disease. Pfizer tested sasanlimab with an immunotherapy called Bacillus Calmette-Guérin in people whose cancer hadn’t spread beyond the bladder lining after surgery. If sasanlimab wins Food and Drug Administration approval, it could be the fourth PD-1 or PD-L1 inhibitor cleared as an under-the-skin shot. The FDA has already approved subcutaneous versions of Roche’s Tecentriq and Opdivo, and Merck has positive Phase 3 data in hand for under-the-skin Keytruda”

From the U.S. healthcare business front,

Beckers Hospital Review identifies “100 great neuro and spine programs.”

The Wall Street Journal reports,
- AbbVie on Friday said it will post a $3.5 billion impairment charge related to last year’s $8.7 billion bet on Cerevel Therapeutics following the failure of the deal’s key drug candidate.
- AbbVie in November said the Cerevel drug, emraclidine, missed the key goal in a pair of mid-stage studies in schizophrenia, prompting the North Chicago, Ill., biopharmaceutical company to begin an evaluation of the emraclidine intangible asset for impairment.
- AbbVie, in announcing the Cerevel deal in late 2023, said it believed emraclidine had the potential to transform the schizophrenia treatment landscape and represented a multibillion-dollar peak sales opportunity.

The American Hospital Association News tells us,
- “Prices for the top 25 brand-name Medicare Part D drugs have increased by an average of 98% since entering the market, according to a report released Jan. 9 by the AARP Public Policy Institute. That price growth has often exceeded yearly rates of inflation, the organization said. The drugs highlighted in the report have not yet been selected for the Medicare Drug Price Negotiation program. The drugs accounted for nearly $50 billion in total Part D spending in 2022.”

Healthcare Dive informs us,
- “Walgreens’ first quarter earnings were notably better than Wall Street feared, though the retail pharmacy operator continues to suffer heavy losses as it works to right the ship.
- “On Friday, Walgreens posted financial results that beat analyst expectations with revenue of $39.5 billion, up 7.5% year over year. Still, Walgreens reported a net loss of $265 million, larger than its $67 million loss same time last year, mainly due to costs stemming from ongoing store closures and asset sales.
- “Walgreens’ market value has plummeting in recent years, leading the company to explore a private equity buyout, according to the Wall Street Journal. Executives didn’t address the speculation on a call with investors Friday morning, but said Walgreens made progress on its $1 billion cost-cutting initiative in the quarter, including a pending sale of beleaguered medical chain VillageMD and closures of 70 underperforming retail stores.”

Thursday Report

David Ermer–CDC, CMS, Congress, FDA, Generative AI, Medical / Rx research, Obesity, Rx coverage, Telehealth, U.S. Healthcare–January 9, 2025January 9, 2025

From Washington, DC

Tammy Flanagan, writing in Govexec, discusses, “The Social Security Fairness Act: What we know so far. It may take time to implement this new law — here’s what you should know for now.”
- “It will undoubtedly take time to implement this new law as it impacts about two million beneficiaries who have their earned Social Security benefits reduced because of the WEP, and close to 750,000 individuals who have had spousal and widow’s benefits payable based on the Social Security work record of their current, former or deceased spouse.
- “The repeal of the WEP and GPO will increase the Social Security benefit entitlements of the government worker or retiree who is receiving a pension from work not covered by Social Security. For most of you reading today’s column, this would be the CSRS employees and retirees who are married or were married to a spouse who paid Social Security taxes and the CSRS employee or retiree who earned their own Social Security retirement benefit in addition to receiving a CSRS retirement benefit.
- “The WEP can also affect CSRS Offset employees and retirees as well as some employees or retirees who transferred to FERS after more than five years of creditable service under CSRS.”

The American Hospital Association News tells us,
- The Centers for Medicare & Medicaid Services will host a webinar Jan. 16 at 1 p.m. ET to provide an update on the No Surprises Act Good Faith Estimate requirements for uninsured and self-pay patients. Experts will discuss the recent GFE FAQs with a focus on implications for providers and facilities. REGISTER NOW”

From the public health and medical research front,

Per Medical Economics,
- Screening for physical inactivity during routine medical visits can play a pivotal role in the identification of patients at risk for chronic diseases, according to a study published in Preventing Chronic Disease, a journal of the U.S. Centers for Disease Control and Prevention (CDC). Using the Exercise Vital Sign (EVS), researchers found that patients screened for physical activity had healthier profiles and fewer comorbid conditions than those who were not screened.

WTW Consulting informs us,
- More and more evidence show that GLP-1 medications are good for losing weight and reducing the amount of metabolic disease in people with obesity. But only about 52% of employers currently cover these drugs for obesity, and these employers are facing rising costs.
- Previous research has shown that the cost of these drugs will exceed any medical cost savings, as is true for most medical interventions. For example, medical plans don’t save money by treating cancer or providing dialysis for patients with kidney failure.
- JAMA Network Open recently published a study that showed that healthcare spending could decrease based on the type of weight loss seen with use of GLP-1 medications. However, the study demonstrates once again that even with their impressive impacts on patient weight and health, an employer-sponsored health insurance plan should not expect net medical savings from these medications.
- The researchers looked at medical claims from over 13,000 commercially insured adults from the Medical Panel Expenditure Survey from 2001 to 2020 and found that medical spending was lower in those who weighed less. Therefore, cost effectiveness of an effective weight loss drug would be much higher in those with higher BMIs, especially in those with diabetes.
- However, the study didn’t evaluate people who had lost weight, but rather examined differences in costs based on BMI. Those who lose weight won’t necessarily have the same lower level of expense as those who weren’t previously obese. Even if their estimate of cost “savings” is correct, the net cost of semaglutide or tirzepatide is around $9,000 annually, which is more than the delta in costs for a person with diabetes who loses 25% of their body weight.
- Implications for employers:
  - An employer-sponsored health insurance plan should not expect net medical savings from these medications, even with their impressive impacts on patient weight and health.
  - The decision to cover these medications should be based on the benefit they offer, and not the hope of lower medical expenses. Lower prices would allow more people to benefit from these medications.

The Wall Street Journal warns us,
- Wildfires in California aren’t all wild anymore. They often burn in urban areas, creating a toxic soup of smoke, ash and noxious substances that can be dangerous, even deadly.
- In Los Angeles this week, wildfires have burned buildings and roadways. Incinerating the plastics, metals and other materials that these structures are built from releases hazardous chemicals and gases into the air, doctors and public-health experts say.
- Wildfires which tear through urban landscapes release chemicals from human-made fuels, construction materials, household products and generate emissions which are chemically different from wildland fires, according to a 2022 report from the National Academies of Sciences, Engineering and Medicine. About 70,000 communities and 43 million homes are at risk from fires that could burn through both wild and urban landscapes, the report stated.
- “The combination of wildfire smoke in conjunction with human elements might be even more dangerous,” said Dr. Sanjay Rajagopalan, chief of cardiovascular medicine at University Hospitals Harrington Heart & Vascular Institute in Cleveland. “When you burn plastic, for instance, or you burn rubber, you get some pretty nasty stuff.”
- Smoke from the Los Angeles wildfires could have far-reaching effects. Depending on weather patterns and geographic conditions, smoke can travel vast distances. Tens of thousands of Los Angeles County residents have already been ordered to evacuate.

BioPharma Dive points out,
- “An experimental menopause drug from Bayer succeeded in a late-stage trial in women taking drugs to treat or prevent breast cancer, the company said Thursday.
- “Bayer said the drug, elinzanetant, significantly reduced the frequency of hot flashes and improved sleep for women with breast cancer, or who are at high risk of developing it, and whose symptoms are caused by hormone therapy. The study randomized 474 women to receive treatment or a placebo and measured the effects after four and 12 weeks.
- “The announcement represents the fourth positive late-stage study result for elinzanetant, but the first that isn’t in menopausal women. Bayer has already submitted the drug for U.S. approval in postmenopausal women, and the Food and Drug Administration accepted its application in October. If cleared by regulators, the drug would compete with Astellas Pharma’s Veozah.”

Per Fierce Pharma,
- “Trailing Johnson & Johnson’s powerhouse Darzalex by roughly five years in its development timeline has made it challenging for Sanofi’s Sarclisa—the only other CD38 antibody on the market for multiple myeloma—to compete in the indication.
- “But with an on-body delivery system (OBDS) to deliver its subcutaneous (SC) formulation of Sarclisa, Sanofi may be finding the edge it needs.
- “The company has taken a major step in the development of its OBDS as a phase 3 trial has met its primary co-endpoints, showing non-inferiority to intravenous (IV) Sarclisa. The company reported the trial result in a press release Thursday.”

From the U.S. healthcare business front,

Health Dive relates,
- “Blue Shield of California, one of the largest plans in the state, has revamped its corporate structure and named its first-ever female CEO.
- “Blue Shield created a parent company called Ascendiun to oversee the insurer, along with its managed Medicaid subsidiary and clinical services firm Altais, starting Jan. 1, the company announced Wednesday. Ascendiun also includes a newly created health services business called Stellarus, which aims to scale and sell Blue Shield’s pharmacy and technology offerings to other insurers.
- “Lois Quam, who has been Blue Shield’s president since last year, will step up as chief executive of the insurer. Quam will be the first woman to serve as Blue Shield’s CEO in the organization’s 86 years of operation. Paul Markovich, Blue Shield’s CEO for over a decade, will become president of Ascendiun and will also lead Stellarus on an interim basis.”
and
- “Amwell is selling its virtual psychiatric care business to fellow telehealth provider Avel eCare for about $21 million in cash, the company said Thursday.
- “The divestiture, which includes an additional earn-out payment for Amwell if the business meets financial targets, includes the psychiatric care segment’s technology and personnel along with Asana, a clinical network that employs and contracts with the unit’s clinicians.
- “Amwell CEO Ido Schoenberg said in a statement the sale strengthens the telehealth firm’s balance sheet and “fortifies our confidence” to reach positive cash flow in 2026.”

Kaufman Hall offers a report titled “Hospital and Health System M&A in Review: Despite Industry Stabilization, Numbers Reveal Ongoing Distress in 2024” as well as its November 2024 National Hospital Flash Report.

The American Hospital Association announced,
- “The AHA today released its 2025-2027 Strategic Plan, approved by the AHA Board of Trustees in November. The plan is rooted in four core disciplines — advocacy and representation, thought leadership, knowledge exchange, and agents of change. It also includes nine principles that serve as the foundation of the AHA’s work and strategies to help the field make progress on its mission of advancing health in America. View the 2025-2027 Strategic Plan for more information.”

Modern Healthcare notes,
- Oakland, California-based Kaiser Permanente led a $275 million Series F funding round for Innovaccer, a company that sells technology to unify patient data across health systems.
- Innovaccer said the round will help it introduce new artificial intelligence and cloud capabilities. The company also said the new capital will help it to continue scaling a developer ecosystem that can allow health systems to implement AI tools with other third-party vendors.

NCQA suggests “Health Care Trends to Watch in 2025.”

Per Fierce Healthcare,
- “A new report from Press Ganey highlights the close relationship between patient experience and health plan star ratings.
- “Researchers polled 450,000 people across 200 plans and combined those survey results with its database of 5.5 million patient encounters. It found that people who gave poor scores for safety and privacy in surveys following a visit to their primary care providers also frequently awarded their health plan one star on quality and access to needed care on Medicare consumer services.
- “The report noted these are critical data for plans to consider, as they have traditionally focused on making improvements to customer service, benefit design and patient engagement. It suggests they should also be considering ways to address safety.
- “In addition, the survey found that patients expect easy access to primary care, but their ability to reach specialists is a key differentiator. Plans that earned four or more stars connected a higher proportion of their members with specialty care.”

MedTech Dive points out “five medtech trends to watch in 2025. After a busy 2024, experts called out competition in soft tissue robotics, uncertainty from a Trump White House and continued success for pulsed field ablation as trends to watch this year.”

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.