Generative AI Archives - Page 10 of 20

Tuesday Report

David Ermer–ACA, AHRQ, CDC, Congress, FDA, Generative AI, Medical / Rx research, NIH, No Surprises Act, Obesity, OPM, Rx coverage, Telehealth, U.S. Healthcare–January 14, 2025January 14, 2025

OPM Headquarters a/k/a the Theodore Roosevelt Building

From Washington, DC

Today, the U.S. Office of Personnel Management released a list of its accomplishments during the Biden-Harris administration.

Here is a link to Andreessen Horowitz bio of Scott Kupor who is President elect Trump’s designee for OPM Director.

The Washington Post is maintaining a website outside its paywall providing comprehensive news on Mr. Trump’s nominations.

The Wall Street Journal reports,
- “Two vaccine skeptics who had been advising Robert F. Kennedy, Jr. as he prepares to become health secretary have been sidelined by Trump transition officials, people familiar with the matter said, underscoring a split over immunizations in the “Make America Healthy Again” movement.
- “Adviser Stefanie Spear and lawyer Aaron Siri had asked prospective administration hires about their beliefs around vaccines even if they were interviewing for posts that had little to do with immunizations, people familiar with the interviews said. Kennedy, whose hearings to lead the Department of Health and Human Services could start on Capitol Hill as early as next week, also lobbed questions related to inoculation, the people said.
- “The questions were different from those asked in separate meetings with President-elect Donald Trump’s staff, according to some of the people. Trump’s team asked about topics traditionally important to conservatives, such as the size of government and deregulation.
- “Siri is no longer advising the presidential transition, a transition spokeswoman confirmed, and people familiar with the matter said his vaccine stances played a role. Spear, who had told others she would be Kennedy’s chief of staff, was passed over for that post in favor of a veteran of the first Trump administration—in part because of her vaccine priorities and in part because of her lack of experience, according to people familiar with the matter.”

The No Surprises Act regulators, which group includes OPM, released FAQ 69 which concerns an important opinion from the U.S. Court of Appeals for the Fifth Circuit handed down October 30, 2024. The Court has not issued its mandate in the case while it considers the Texas Medical Association’s motion for rehearing and rehearing en banc. The FAQ also includes compliance advice about the No Surprises Act anti-gag clause.

Per a Federal Trade Commission news release,
- “The Federal Trade Commission today published a second interim staff report on the prescription drug middleman industry, which focuses on pharmacy benefit managers’ (PBMs) influence over specialty generic drugs, including significant price markups by PBMs for cancer, HIV, and a variety of other critical drugs.
- “Staff’s latest report found that the ‘Big 3 PBMs’—Caremark Rx, LLC (CVS), Express Scripts, Inc. (ESI), and OptumRx, Inc. (OptumRx)—marked up numerous specialty generic drugs dispensed at their affiliated pharmacies by thousands of percent, and many others by hundreds of percent. Such significant markups allowed the Big 3 PBMs and their affiliated specialty pharmacies to generate more than $7.3 billion in revenue from dispensing drugs in excess of the drugs’ estimated acquisition costs from 2017-2022. The Big 3 PBMs netted such significant revenues all while patient, employer, and other health care plan sponsor payments for drugs steadily increased annually, according to the staff report.”

STAT News adds,
- “In response to the latest report, a CVS spokesperson wrote that “any proposed policy regulating PBMs should face a simple test: will this increase or decrease drug costs? Nearly all recently proposed ‘anti-PBM’ policies would ultimately increase U.S. drug costs and serve as a handout to the pharmaceutical industry. Instead of focusing on the impact to consumers and organizations that pay for prescription drugs, the FTC has prioritized comments from the conflicted pharmaceutical and pharmacy industries that would profit from a weakened PBM guardrail.”
- “The company also argued it is “inappropriate and misleading to draw broad conclusions from cherry-picked” generic drugs. Between 2017-2022, specialty generic products have represented less than 1.5% of total spending on medicines by health plans contracted with CVS. In contrast, branded specialty products represent more than 50% of total spending.
- “A spokeswoman for Cigna, which owns Express Scripts, wrote to say “this is another set of misleading conclusions based on a subset of medications that represent less than 2% of what our health plans spend on medications in a year — much like their first interim report that the FTC itself has already said is ‘limited’ and ‘tentative’. Nothing in the FTC’s report addresses the underlying cause of increasing drug prices, or helps employers, unions, and municipalities keep prescription benefits affordable for their members. We look forward to continuing to address the blatant inaccuracies in the Commission’s reports.”
- “One Wall Street analyst maintained the FCC report does not tell the complete PBM story. TD Cowen analyst Charles Rhyee wrote in an investor note that “the fundamental issue with the FTC’s claims… is that they use only data on specialty generics, a small subset of the overall drug market – 0.9% of total drug spending – and is not representative of the value that the PBM industry delivers as a whole.”
Per a Food and Drug Administration press release,
- “Today, the U.S. Food and Drug Administration is announcing an important step to provide nutrition information to consumers by proposing to require a front-of-package (FOP) nutrition label for most packaged foods. This proposal plays a key role in the agency’s nutrition priorities, which are part of a government-wide effort in combatting the nation’s chronic disease crisis. If finalized, the proposal would give consumers readily visible information about a food’s saturated fat, sodium and added sugars content—three nutrients directly linked with chronic diseases when consumed in excess.
- “The proposed FOP nutrition label, also referred to as the “Nutrition Info box,” provides information on saturated fat, sodium and added sugars content in a simple format showing whether the food has “Low,” “Med” or “High” levels of these nutrients. It complements the FDA’s iconic Nutrition Facts label, which gives consumers more detailed information about the nutrients in their food.” * * *
- “Comments on the proposed rule can be submitted electronically to http://www.regulations.gov by May 16, 2025.”
The Wall Street Journal adds,
- “It is unclear how the incoming Trump administration will view the rule. Robert F. Kennedy Jr., the prospective next head of U.S. health policy, is a critic of processed foods and has been outspoken about his view that U.S. food companies are partly to blame for sickening Americans.
- “Consumer advocacy groups and public health organizations cheered the rule, though some said they hoped the Trump administration would consider labels similar to those adopted in other countries that bear more pointed warnings.
- “Industry groups have warned the FDA that they could sue to challenge mandatory front-of-package labels. Such labels, they said, could threaten First Amendment rights—because companies could consider them a form of forced speech—and only Congress has the authority to require them.”

The New York Times reports,
- “Among both men and women, drinking just one alcoholic beverage a day increases the risk of liver cirrhosis, esophageal cancer, oral cancer and various types of injuries, according to a federal analysis of alcohol’s health effects issued on Tuesday.
- “Women face a higher risk of developing liver cancer at this level of drinking, but a lower risk of diabetes. And while one alcoholic drink daily also reduces the likelihood of strokes caused by blood clots among both men and women, the report found, even occasional heavy drinking negates the benefits.
- “The report, prepared by an outside scientific review panel under the auspices of the Department of Health and Human Services, is one of two competing assessments that will be used to shape the influential U.S. Dietary Guidelines, which are to be updated this year.”

Monica M. Bertagnolli, M.D., issued a statement on ending her tenure as NIH director January 17, 2025. The FEHBlog has enjoyed her Director’s blog entries.

From the public health and medical research front,

The U.S. Preventive Services Task Force today gave B grades to the following recommended preventive services:
- “The USPSTF recommends screening for osteoporosis to prevent osteoporotic fractures in women 65 years or older.”
- “The USPSTF recommends screening for osteoporosis to prevent osteoporotic fractures in postmenopausal women younger than 65 years who are at increased risk for an osteoporotic fracture as estimated by clinical risk assessment.”
and an inconclusive grade to the following preventive service
- “The USPSTF concludes that the current evidence is insufficient to assess the balance of benefits and harms of screening for osteoporosis to prevent osteoporotic fractures in men.”

The USPSTF notes,
- “This recommendation updates the 2018 USPSTF recommendation on screening for osteoporosis. In 2018, the USPSTF recommended screening for osteoporosis with bone measurement testing to prevent osteoporotic fractures in women 65 years or older and in postmenopausal women younger than 65 years who are at increased risk of osteoporosis, as determined by a formal clinical risk assessment tool.⁴⁵ For the current recommendation, the USPSTF has noted that screening can include DXA BMD, with or without fracture risk assessment. The current recommendation is otherwise generally consistent with the 2018 recommendation.”

The Journal of the American Medical Association expands on this USPSTF note in an editorial comment.
- “At first glance, the updated US Preventive Services Task Force (USPSTF) Recommendation Statement on osteoporosis screening¹ appears nearly identical to the previous 2018 statement, especially regarding the recommendation for universal screening in women 65 years or older and insufficient evidence to support a recommendation for or against screening in men. However, subtle revisions to the 2018 recommendation² may result in substantive changes in screening of younger postmenopausal women in clinical practice. While a B recommendation for higher-risk postmenopausal women younger than 65 years is common to both statements, the 2018 statement recommended assessing risk of osteoporosis in these women using a formal clinical risk assessment tool, whereas the 2024 Recommendation Statement¹ recommends screening those at increased risk for an osteoporotic fracture as estimated by clinical risk assessment. Additionally, the screening test for both younger and older postmenopausal women in the 2018 recommendation is specified broadly as bone measurement testing. By contrast, the 2024 statement is more specific and defines screening as central (hip or lumbar spine) dual-energy x-ray absorptiometry (DXA) bone mineral density (BMD) testing with or without fracture risk assessment.
- “In postmenopausal women younger than 65 years, osteoporosis screening presents several challenges. While time is often limited and resources scarce in the overstretched primary care practice environment, the USPSTF recommends a 2-step process to identify women in this age group who warrant screening. The clinician first determines whether traditional osteoporosis risk factors such as low body weight or tobacco use are present. For women with 1 or more risk factors, the USPSTF then advises risk assessment with a clinical risk assessment tool (eg, the Osteoporosis Self-Assessment Tool [OST], the Osteoporosis Risk Assessment Instrument [ORAI], or the Fracture Risk Assessment Tool [FRAX]) calculated without BMD information to further select women who warrant BMD testing. Primary care clinicians should be aware that the OST and ORAI were designed to identify osteoporosis (BMD T score ≤−2.5), while FRAX was developed to estimate 10-year absolute probabilities of hip and major osteoporotic fracture. Use of the OST or ORAI entails a simple calculation with few inputs (e.g., the OST is based on age and weight alone), whereas use of FRAX requires entering information on 11 clinical risk factors into a web-based algorithm. Table 2 in the Recommendation Statement¹ provides “frequently used thresholds for increased osteoporosis risk” for OST (score <2) and ORAI (score ≥9), indicating that these thresholds identify women for whom central DXA BMD testing is suggested. In contrast to the 2011 and 2018 recommendations, the 2024 USPSTF Recommendation Statement¹ does not suggest a specific FRAX threshold to define increased osteoporosis risk.

Per a National Cancer Institute news release,
- “Feeding fructose to lab animals with cancer made their tumors grow faster, a new study has shown. But the tumors didn’t directly consume fructose, the researchers found. Instead, the liver converted it into a type of fat that cancer cells gobbled up.
- “Studies have suggested that diets containing excess fructose—which is found in high-fructose corn syrup and table sugar—can help tumors grow. But how this common dietary sweetener might do so has been a bit of a mystery. The researchers believe their study provides some important answers.
- “The NIH-funded study, published December 4 in Nature, showed that several types of cancer cells lacked the enzyme needed to use fructose directly. However, liver cells have the necessary enzyme, called KHK, and used it to convert fructose into fats called lipids.
- “The findings could open up a new avenue for potential cancer treatments, said the study’s senior researcher, Gary Patti, Ph.D., of Washington University in St. Louis. A drug that blocks the KHK enzyme slowed fructose-fueled tumor growth in mice, the scientists showed.”

The National Institutes of Health released an NIH research matters bulletin concerning “Cancer prevention and screening | Improving flu vaccines | LDL structure.”

AP reports,
- “A group of global experts is proposing a new way to define and diagnose obesity, reducing the emphasis on the controversial body mass index and hoping to better identify people who need treatment for the disease caused by excess body fat.
- “Under recommendations released Tuesday night, obesity would no longer be defined solely by BMI, a calculation of height and weight, but combined with other measurements, such as waist circumference, plus evidence of health problems tied to extra pounds.
- “Obesity is estimated to affect more than 1 billion people worldwide. In the U.S., about 40% of adults have obesity, according to the U.S. Centers for Disease Control and Prevention.
- “The whole goal of this is to get a more precise definition so that we are targeting the people who actually need the help most,” said Dr. David Cummings, an obesity expert at the University of Washington and one of the 58 authors of the report published in The Lancet Diabetes & Endocrinology journal.”

Per MedPage Today,
- “Integrating smoking cessation into a lung cancer screening program had the biggest benefit for patients who wanted to quit, a randomized trial showed.
- “Self-reported tobacco abstinence was greater at both 3 and 6 months with higher levels of integration of smoking cessation assistance in the lung cancer screening program, reported Paul Cinciripini, PhD, of the University of Texas MD Anderson Cancer Center in Houston, and colleagues in JAMA Internal Medicine.”
and
- “Antiviral drugs commonly used to treat non-severe influenza appeared to have little or no effect on key clinical outcomes, except for baloxavir (Xofluza), according to a systematic review and meta-analysis of 73 randomized trials.”

From the U.S. public health front,

Fierce Healthcare, Fierce Pharma, and BioPharma Dive each report on the second day of the J.P. Morgan Healthcare Conference being held in San Francisco, California.

STAT News adds,
- “Since society rebounded from the pandemic, Teladoc Health has gone from a soaring rocket ship considered an emblem of the potential of health tech to a cautionary tale about overblown hype. Its telehealth services are now viewed by many as an interchangeable commodity in a crowded market.
- “In his first prominent public appearance as CEO of the virtual care giant, Chuck Divita showed up [at the JPM Conference] and played the part — promising growth and stability and reminding investors of the company’s strong foundation.”

Beckers Hospital Review points out,
- Eli Lilly is leading a push with other pharmaceutical companies to request a pause in the Biden administration’s drug pricing negotiations, even as officials prepare to release a new list of medications to be targeted for price reductions, Bloomberg reported Jan. 13.
- Speaking at the JPMorgan HealthCare Conference in San Francisco, Eli Lilly CEO Dave Ricks emphasized the need for changes to the Inflation Reduction Act before additional drugs are included in the program.

MedCity News relates, “Nvidia announced four new partnerships focused on scaling AI models across the healthcare industry. The company is teaming up with Mayo Clinic, Illumina, IQVIA and Arc Institute” at JPM Conference.

BioPharma Dive lets us know,
- “Eli Lilly on Tuesday said the company’s revenue in 2024 totaled about $45 billion, a 32% jump on 2023’s total but less than what it had estimated in October.
- “Third quarter sales of Mounjaro and Zepbound, its GLP-1 drugs for diabetes and obesity, were below Wall Street analysts’ expectations at $3.5 billion and $1.9 billion, respectively. CEO David Ricks said GLP-1 market growth was slower than the company anticipated.
- “Shares of the Indianapolis-based company fell by as much as 8% in morning trading, shaving tens of billions of dollars from its market valuation. Since hitting a high of $960 apiece in late August, shares have tumbled in value by about one-fifth as Zepbound sales have fallen short of forecasts.”

McKinsey & Company explains “How healthcare entities can use M&A to build and scale new businesses.”

Monday Report

David Ermer–ACA, CDC, COVID-19, FDA, Generative AI, Medical / Rx research, NIH, OPM, U.S. Healthcare–January 13, 2025January 13, 2025

From Washington, DC,

Fierce Healthcare lets us know,
- “One week before President-elect Donald Trump’s inauguration, the Biden administration is finalizing a rule that sets new standards for the individual market under the Affordable Care Act.
- “First proposed in October, the rule protects consumers from having their coverage swapped unwittingly. Brokers and agents that violate this policy, and pose other “unacceptable” risks, can be suspended. The rule will go into effect on Wednesday.
- “The rule also amends the risk adjustment program through user fee rates, new calculations to the Basic Health Program (BHP) and reporting to the ACA Quality Improvement Strategy (QIS), designed to improve member outcomes.”

Here is a link to CMS’s fact sheet on the final Affordable Care Act (“ACA”) rule titled “HHS Notice of Benefit and Payment Parameters for 2026” and a link to the rule itself.

The ACA regulators today withdrew an October 28, 2024, proposed rule which would have “expand access to coverage of recommended preventive services without cost sharing in the commercial market, with a particular focus on reducing barriers to coverage of contraceptive services, including over the counter (OTC) contraceptives.”

FedSmith confirms,
- “President-elect Donald Trump has nominated Scott Kupor as the Director of the Office of Personnel Management (OPM).
- “Kupor would lead an OPM organization that has grown under the Biden administration. It now has a larger budget and workforce.
- “For fiscal year 2025, the Biden administration proposed a budget of $465.8 million for OPM, which is an increase of about 21% compared to the enacted budget of $385.7 million in fiscal year 2023.”

The U.S. Office of Personnel Management posted on the Federal Register’s Public Inspection List a final rule which, according to Govexec, “will standardize the maps relied upon to determine the locality pay rates for white- and blue-collar federal workers across the U.S.” effective October 1, 2025.

Pew Research reports on what the data says about federal and postal workers.

Federal News Network notes,
- “The Postal Service is offering early retirement buyouts to mail handlers who work in the agency’s mail processing facilities, and other USPS employees who work in a variety of support positions.
- “USPS, in a memo obtained by Federal News Network, is offering lump-sum incentive payments worth up to $15,000 to eligible mail handlers who agree to a voluntary early retirement in the coming months.
- “The agency reached an agreement with the National Postal Mail Handlers Union, which represents 47,000 mail handlers nationwide, as well as the American Postal Workers Union, which represents 222,000 active and retired postal clerks, mail processors and sorters, as well as other USPS occupations.
- “Federal News Network reached out to both unions for comment.

From the judicial front,

The American Hospital Association News reports,
- The U.S. Chamber of Commerce Jan. 13 filed a lawsuit against the Federal Trade Commission, saying changes made by the FTC to premerger notification rules under the Hart-Scott-Rodino Act are “unnecessary and unlawful.”
- In a statement, the Chamber said the FTC “has failed to justify the need to subject every merger filing to its new burden. During the rulemaking process it never contemplated alternative, less burdensome approaches and understates the costs and overstates the benefits of changing the rule as part of its final analysis. Subjecting thousands of routine mergers and acquisitions to these additional burdens will slow down normal business transactions and increase costs, hurting the economy in the process.”
- The FTC finalized changes to the premerger notification rules, form and instructions under the HSR Act in October. The AHA expressed disappointment with the FTC’s changes, saying that the rule “functions as little more than a tax on mergers… The agency already has more than enough information about hospital transactions, and it has shown no hesitation in challenging them. The final rule will just require hospitals to divert time and resources away from patient care towards needless compliance costs.

From the Food and Drug Administration front,

The Washington Post reports,
- “The long quest for powerful non-opioid drugs that treat pain without risk of addiction is nearing a milestone, in the form of a pill that could soon win approval from the Food and Drug Administration.
- “If successful, the drug developed by Vertex Pharmaceuticals would offer a possible alternative to potent prescription painkillers such as oxycodone, which was once heavily marketed by drug companies and fueled an epidemic of dependency and death.
- “Independent experts say it remains too early to know how revolutionary the Vertex drug, suzetrigine, will be. The company’s application that is pending before the FDA, which could be approved by the end of January, is for relatively short-term pain. It is based on successful clinical trials in people recovering from two types of surgeries, as well as a safety study that monitored participants over about six weeks.
- “Vertex is still exploring whether the drug can be safely and effectively used for chronic, longer-lasting pain.”

Cardiovascular Business points out,
- “The U.S. Food and Drug Administration (FDA) has announced that Philips is recalling the software associated with its Mobile Cardiac Outpatient Telemetry (MCOT) devices after certain high-risk electrocardiogram (ECG) events were never routed to trained cardiology technicians as intended. This is a Class I recall, the FDA’s most serious classification.
- “This issue, which lasted from July 2022 to July 2024, has been associated with 109 patient injuries and two patient deaths. Some of the health events included suspected cases of atrial fibrillation or pause, supraventricular tachycardia, ventricular tachycardia and second- or third-degree atrioventricular block.
- “On Dec. 18, 2024, Philips and its subsidiary, Braemar Manufacturing, sent all customers impacted by the failure an Urgent Medical Device Correction and information on how to review which patients may need to have their data reprocessed.”
and
- “The U.S. Food and Drug Administration (FDA) has now cleared more than 1,000 clinical artificial intelligence (AI)algorithms to be used commercially for direct patient care in the United States. Cardiology is No. 2 among all healthcare specialties with 161 FDA clearances; some of those are even approved for multiple specialties.
- “Radiology is by far the king of AI FDA clearances with 758 algorithms, making up about 76% of all clinical AI in the U.S. Neurology comes in at an extremely distant third place with 35 algorithms. There are 15 other specialities with cleared AI, but they each number less than 20 algorithms.
- “The FDA updated its AI-enabled device approval list in late December, which showed the agency technically reached the 1,000 mark back in September. The first AI algorithm was cleared in 1996, and the number of submissions to the FDA has accelerated very rapidly in the past few years. The agency is now clearing an average of about 20 AI algorithms per month, and the FDA says that number is expected to rise in the coming years.”

Fierce Healthcare adds,
- “The Peterson Health Technology Institute launched an artificial intelligence task force to puzzle out the value of in-demand AI technologies for healthcare delivery organizations.
- “The task force has been operational for six months, Caroline Pearson, executive director of the PHTI, said in an interview. It will be led by Prabhjot Singh, M.D., Ph.D., a physician and co-founder of CHW Cares, which sold to Oak Street Health in 2022, and Margaret McKenna, former chief technology officer at Devoted Health. Both Singh and McKenna are advisers to the PHTI.
- “There are about 60 people on the task force from a dozen healthcare systems, including UC San Diego Health, Intermountain Health, Mass General Brigham, Providence, Ochsner Health and MultiCare. Pearson also said there are many C-suite executives on the task force including CEOs, chief financial officer and chief information officers.
- “They’re not AI cheerleaders,” Pearson said. “They’re just trying to run effective, efficient healthcare systems.”

From the public health and medical research front,

The Center for Disease Control and Prevention announced today,
- “COVID-19 activity has increased in most areas of the country. Seasonal influenza activity remains elevated across the country. RSV activity is very high in many areas of the country, particularly in young children.
- “COVID-19
  - “COVID-19 activity has increased in most areas of the country, with high COVID-19 wastewater levels, increasing emergency department visits and elevated laboratory percent positivity. Emergency department visits and hospitalizations are highest in older adults and emergency department visits are also elevated in young children.
  - “There is still time to benefit from getting your recommended immunizations to reduce your risk of illness this season, especially severe illness and hospitalization.
  - “CDC expects the 2024-2025 COVID-19 vaccine to work well for currently circulating variants. There are many effective tools to prevent spreading COVID-19 or becoming seriously ill.
- “Influenza
  - “Seasonal influenza activity remains elevated across the country. Additional information about current influenza activity can be found at: Weekly U.S. Influenza Surveillance Report | CDC“
- “RSV
  - “RSV activity is very high in many areas of the country, particularly in young children. Emergency department visits and hospitalizations are highest in children and hospitalizations are elevated among older adults in some areas.”
- “Vaccination
  - “Vaccination coverage with influenza and COVID-19 vaccines are low among U.S. adults and children. COVID-19 vaccine coverage in older adults has increased compared with the 2023-2024 season. Vaccination coverage with RSV vaccines remains low among U.S. adults. Many children and adults lack protection from respiratory virus infections provided by vaccines.”

Speaking of wastewater, the Your Local Epidemiologist newsletter, to which the FEHBlog subscribes, explains,
- We’re seeing a lot of [H5N1] virus in California’s cows and birds. California is the number one state for dairy cattle, and so far, 703 herds have tested positive for H5N1. That’s more than 2/3 of all the dairy farms in the state. Plus, 93 commercial or backyard poultry flocks, accounting for about 22 million animals, have also been infected.
- Unfortunately, we don’t have the wastewater testing capabilities yet to differentiate between humans and animals. A recent preprint showed wastewater is picking up viruses from animals (rather than humans) through milk dumping, animal sewage, and bird contamination. We are also relying on epidemiologists’ accounts on the ground to sort through the signals.

Per an NIH news release,
- “New findings from the National Institutes of Health’s (NIH) Researching COVID to Enhance Recovery (RECOVER) Initiative suggest that infection with SARS-CoV-2, the virus that causes COVID-19, may be associated with an increase in the number of myalgic encephalomyelitis/chronic fatigue syndrome (ME/CFS) cases. According to the results, 4.5% post-COVID-19 participants met ME/CFS diagnostic criteria, compared to 0.6% participants that had not been infected by SARS-CoV-2 virus. RECOVER is NIH’s national program to understand, diagnose, prevent, and treat Long COVID.
- “The research team, led by Suzanne D. Vernon, Ph.D., from the Bateman Horne Center in Salt Lake City, examined adults participating in the RECOVER adult cohort study to see how many met the IOM clinical diagnostic criteria for ME/CFS at least six months after their infection. Included in the analysis were 11,785 participants who had been infected by SARS-CoV-2 and 1,439 participants who had not been infected by the virus. Findings appear in the Journal of General Internal Medicine.
- “ME/CFS is a complex, serious, and chronic condition that often occurs following an infection. ME/CFS is characterized by new-onset fatigue that has persisted for at least six months and is accompanied by a reduction in pre-illness activities; post-exertional malaise, which is a worsening of symptoms following physical or mental activity; and unrefreshing sleep plus either cognitive impairment or orthostatic intolerance, which is dizziness when standing. People with Long COVID also experience some or all of these symptoms.
- “Long COVID is an infection-associated chronic condition that occurs after SARS-CoV-2 infection and is present for at least three months as a continuous, relapsing and remitting, or progressive disease state that affects one or more organ systems. People with Long COVID report a variety of symptoms including fatigue, pain, and cognitive difficulties.
- “Dr. Vernon and her team determined that new incidence cases of ME/CFS were 15 times higher than pre-pandemic levels.
- “These findings provide additional evidence that infections, including those caused by SARS-CoV-2, can lead to ME/CFS.”

The American Hospital Association News tells us,
- The San Francisco Department of Public Health Jan. 10 announced a presumptive positive case of H5N1 bird flu in a child after they experienced symptoms of fever and conjunctivitis. The child was not hospitalized and has since fully recovered, the agency said. An initial investigation by SFDPH did not reveal how the child may have contracted the virus, and the department is continuing to investigate.
Per Medscape,
- More than 15 million people, accounting for 4.6% of the US population, were diagnosed with at least one autoimmune disease from January 2011 to June 2022; 34% were diagnosed with more than one autoimmune disease.
- Sex-stratified analysis revealed that 63% of patients diagnosed with autoimmune disease were women, and only 37% were men, establishing a female-to-male ratio of 1.7:1; age-stratified analysis revealed increasing prevalence of autoimmune conditions with age, peaking in individuals aged ≥ 65 years.
- Among individuals with autoimmune diseases, 65% of patients had one condition, whereas 24% had two, 8% had three, and 2% had four or more autoimmune diseases (does not add to 100% due to rounding).
- Rheumatoid arthritis emerged as the most prevalent autoimmune disease, followed by psoriasis, type 1 diabetes, Grave’s disease, and autoimmune thyroiditis; 19 of the top 20 most prevalent autoimmune diseases occurred more frequently in women.
- Source: https://www.jci.org/articles/view/178722

The American Medical Associations shares what doctors wish their patients knew about Parkinson’s Disease.

The New York Times reports,
- “The number of people in the United States who develop dementia each year will double over the next 35 years to about one million annually by 2060, a new study estimates, and the number of new cases per year among Black Americans will triple.
- “The increase will primarily be due to the growing aging population, as many Americans are living longer than previous generations. By 2060, some of the youngest baby boomers will be in their 90s and many millennials will be in their 70s. Older age is the biggest risk factor for dementia. The study found that the vast majority of dementia risk occurred after age 75, increasing further as people reached age 95.
- “The study, published Monday in Nature Medicine, found that adults over 55 had a 42 percent lifetime risk of developing dementia. That is considerably higher than previous lifetime risk estimates, a result the authors attributed to updated information about Americans’ health and longevity and the fact that their study population was more diverse than that of previous studies, which have had primarily white participants.
- “Some experts said the new lifetime risk estimate and projected increase in yearly cases could be overly high, but they agreed that dementia cases would soar in the coming decades.”

Health Day considers whether “Doctors Can Estimate Life Expectancy After a Dementia Diagnosis?”
- “Updated estimates give a better picture of how long a person will live following a dementia diagnosis.
- “Age plays a factor in how long people have left.
- “Women tend to have longer life expectancy than men.”

From the U.S. healthcare business front,

Fierce Healthcare and BioPharma Dive share news from the J.P. Morgan Healthcare Conference now underway in San Francisco.

BioPharma Dive relates,
- “Johnson & Johnson on Monday said it has agreed to acquire Intra-Cellular Therapies, a developer of drugs for diseases of the brain, for $132 per share, or about $14.6 billion.
- “The announcement of the deal, which if completed would be the largest acquisition of a biotechnology company since early 2023, came on the first day of the J.P. Morgan Healthcare Conference, an industry meeting that’s known for dealmaking.
- “The chief prize in buying Intra-Cellular is a medicine known as Caplyta that’s approved in the U.S. to treat schizophrenia and bipolar depression. The biotech recently asked the Food and Drug Administration to expand Caplyta’s clearance to include major depressive disorder, which affects about 10 times as many people as have schizophrenia and a little more than three times as many as have bipolar depression.”
and
- “Eli Lilly has turned to a biotechnology startup for help building its pipeline of cancer drugs, agreeing on Monday to purchase an experimental cancer drug from privately held Scorpion Therapeutics for as much as $2.5 billion.
- “As part of the deal, Scorpion will spin out a new, independent company that will hold its other assets as well as inherit its employees. Lilly will take a minority stake in the new company, which will be owned by Scorpion’s current shareholders, among them Atlas Venture, Vida Ventures and Omega Funds.
- “Current Scorpion CEO Adam Friedman will lead the new company along with other members of the startup’s management.”
and
- “Late last week, Biogen made an unsolicited offer to buy one of its partners, brain drug developer Sage Therapeutics.
- “The two biotechnology companies have worked together over the past four years on a mood-stabilizing medicine known as Zurzuvae. They split research costs and, after the medicine got approved as a treatment for postpartum depression, began sharing profits.
- B”ut Biogen now wants Zurzuvae all to itself. In a Jan. 10 letter to Sage’s top executive Barry Greene, Biogen CEO Christopher Viehbacher wrote that his company’s experience selling nervous system drugs would “enable more streamlined operations and efficient commercial execution” around Zurzuvae, which, in turn, should improve patient access.”

Healthcare Dive reports,
- “California-based Prospect Medical Holdings filed for Chapter 11 bankruptcy on Saturday in the U.S. Bankruptcy Court for the Northern District of Texas, following years of financial difficulties and escalating pressure from state and federal regulators over its operating practices.
- “The health system declared $1 billion to $10 billion in both assets and liabilities and said it had more than 100,000 creditors in its initial court filing.
- “Prospect, which operates 16 hospitals across California, Connecticut, Pennsylvania and Rhode Island, said it will use the restructuring process to sell hospitals and focus on realigning its portfolio back to its core, home-state operations.”

Cybersecurity Saturday

David Ermer–Cybersecurity, Generative AI–January 11, 2025January 11, 2025

From the cybersecurity policy and law enforcement front,

Bloomberg alerts us,
- “The Biden administration is racing to put out an executive order meant to shore up US cybersecurity in its dwindling days in office, according to four people familiar with the matter.
- “The executive order, which has cleared some internal hurdles and is close to being published, incorporates lessons from a series of major breaches during the Biden administration, including the most recent Treasury Department hack attributed to China, according to people familiar with the matter who didn’t want to be named to discuss information that hasn’t yet been made public.
- “Among the measures, it directs the government to implement “strong identity authentication and encryption” across communications, according to an undated draft of the order seen by Bloomberg News. In the December Treasury hack, intruders accessed unclassified documents stored locally on laptops and desktop computers. Encrypting information sent by email and worked on in the cloud could help safeguard it from hackers who successfully access systems but then cannot open specific documents.” * * *
- “Whether President-elect Donald Trump will leave the executive order in place when he takes office remains unclear, though he’s vowed to pare back federal regulation. Trump has signaled that he intends to repeal another Biden administration order intended to provide guardrails around artificial intelligence.”

Federal News Network provides more details on the draft EO for those interested.

Dark Reading reports,
- “Yesterday [January 7, 2025] the White House introduced a cybersecurity labeling program for wireless Internet-connected devices, intended to help Americans make more informed decisions about the products they buy and their security.
- “As Americans continue to add Internet of Things (IoT) devices to their home networks — everything from baby monitors to security cameras — there are growing concerns about the safety of these devices and their vulnerability to hackers. The goal of this label is to guide consumers to more secure products as well as encourage vendors in their cyber practices.
- “Known as the “US Cyber Trust Mark,” the label has been a long time coming, with the Federal Communications Commission gathering input over the past 18 months. In a bipartisan and unanimous vote, the FCC authorized the program and said 11 vendors will act as label administrators while UL Solutions will serve as the lead administrator.
- “The White House launched this bipartisan effort to educate American consumers and give them an easy way to assess the cybersecurity of such products, as well as incentivize companies to produce more cybersecure devices, much as EnergyStar labels did for energy efficiency,” the White House brief read.”
- “Though this new system has good intentions for both consumers and vendors, there are concerns and speculation as to how effective this cybersecurity label will be.” Read the article for those details.

Here’s a link to the Federal Register version of the recent proposed HIPAA Security Rule amendments which appears in the January 6, 2025, issue. The public comment deadline is March 7, 2025.

Fedscoop tells us,
- “Guy Cavallo, the chief information officer of the Office of Personnel Management since July 2021, will retire from federal service on Jan. 13, he confirmed to FedScoop.
- “Cavallo leaves federal service having held several top technology roles over the past decade, including as deputy CIO of the Small Business Administration and executive director of IT operations at the Transportation Security Administration. He also served as OPM’s principal deputy CIO and acting CIO before being named permanent CIO.
- “As the longest-tenured CIO of OPM in recent memory, Cavallo led that charge on a two-year sprint replacing or migrating over 50 applications from legacy on-premises data centers to the cloud and the launch of the new Postal Health Benefits System last year for more than 1.7 million postal workers and retirees. He touted the system as fully operational 100% of the time with no unscheduled downtime throughout the Open Season.
- “Cavallo also led OPM to winning several Technology Modernization Fund awards in recent years, the most recent of which came in late 2024 to support the use of artificial intelligence to update legacy mainframe programs for OPM’s retirement systems.“

The National Institute of Standards and Technology announced on January 8,
- NIST extends the public comment period on the initial public draft (ipd) of NIST Special Publication (SP) 800-172r3 (Revision 3), Enhanced Security Requirements for Protecting Controlled Unclassified Information (CUI) until January 17, 2025.
- NIST strongly encourages you to use the comment template and submit comments to 800-171comments@list.nist.gov. Comments received in response to this request will be posted on the Protecting CUI project site after the due date. Submitters’ names and affiliations (when provided) will be included, while contact information will be removed.
- For more information, see the NIST Protecting CUI Project.

Per HHS press releases,
- “[On January 7, 2025], the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced an $80,000 settlement with Elgon Information Systems (Elgon), a Massachusetts company that provides electronic medical record and billing support services to covered entities, under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. OCR enforces the HIPAA Privacy, Security, and Breach Notification Rules, which set forth the requirements that covered entities (health plans, health care clearinghouses, and most health care providers), and business associates must follow to protect the privacy and security of protected health information (PHI). The HIPAA Security Rule establishes national standards to protect and secure our health care system by requiring administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of electronic PHI (ePHI). The settlement resolves an investigation concerning a ransomware attack on Elgon’s information system.” * * *
- The resolution agreement and corrective action plan may be found at: https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/elgon-inc-ra-cap/index.html
and
- [Also on January 7, 2025], the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a $90,000 settlement with Virtual Private Network Solutions, LLC (VPN Solutions), a Virginia business associate that provides data hosting and cloud services to covered entities (health plans, health care clearinghouses, and most health care providers) and business associates, for a potential violation under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. OCR enforces the HIPAA Privacy, Security, and Breach Notification Rules, which set forth the requirements that covered entities (health plans, health care clearinghouses, and most health care providers), and business associates must follow to protect the privacy and security of protected health information (PHI). The HIPAA Security Rule establishes national standards to protect and secure our health care system by requiring administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of electronic PHI (ePHI). The settlement resolves an investigation concerning a ransomware attack on VPN Solutions’ information system.” * * *
- “The resolution agreement and corrective action plan may be found at: https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/vpns-ra-cap/index.html

Per Cyberscoop,
- “Microsoft is petitioning a Virginia [federal] court to seize software and shut down internet infrastructure that they allege is being used by a group of foreign cybercriminals to bypass safety guidelines for generative AI systems.
- “In a filing with the Eastern District Court of Virginia, Microsoft brought a lawsuit against ten individuals for using stolen credentials and custom software to break into computers running Microsoft’s Azure OpenAI services to generate “harmful content.”
- “In a complaint filed Dec. 19, 2024, the company accuses the group of violating the Computer Fraud and Abuse Act, the Digital Millennium Copyright Act, the Lanham Act and the Racketeer Influence and Corrupt Organizations Act, as well as trespass to chattels and tortious interference under Virginia state law.”

From the cybersecurity reminiscences department,

“HHS OCR Director Melanie Fontes Rainer reflects on 2024 as a historic year filled with tremendous activities and accomplishments for OCR on Health Insurance Portability and Accountability Act of 1996 (HIPAA) rulemakings, enforcement actions, and resources for the health care sector on HIPAA privacy and cybersecurity.”

In Cyberscoop, “National Cyber Director Harry Coker looks back (and ahead) on the Cyber Director office. It’s made real strides, but there’s a lot more that it could be doing, he said, and more that needs to be done.”

In a blog post, Valeria Colman, the Cybersecurity and Infrastructure Security Agency’s (CISA) chief strategy officer, looks back at “CISA Through the Years: Policy and Impact.”

From the cybersecurity vulnerabilities and breaches front,

Cybersecurity Dive reports,
- “AT&T and Verizon, two of the nine U.S. telecom companies attacked by Salt Typhoon, said they evicted the China-government sponsored threat group from their networks.
- “We detect no activity by nation-state actors in our networks at this time,” an AT&T spokesperson said in a prepared statement. A Verizon spokesperson made a similar statement, asserting the carrier has “contained the cyber incident brought on by this nation-state threat actor. An independent and highly respected cybersecurity firm has confirmed the Verizon containment.”
- “AT&T and Verizon did not say when they ejected the nation-state group from their networks, but declared their networks secure last week.”

Dark Reading adds,
- “The Chinese threat actor group known as “Silk Typhoon” has been linked to the December 2024 hack on an agency that’s part of the US Department of the Treasury.
- “In the breach, the threat actors were able to use a stolen Remote Support SaaS API key through third-party cybersecurity vendor BeyondTrust to steal data from workstations in the Office of Foreign Assets Control (OFAC).
- “Silk Typhoon, also known as Hafnium, is well known for hitting targets in education, healthcare, defense, and non-governmental organizations.
- “Using tools such as the China Chopper Web shell, the group’s cyber-espionage campaigns focus mainly on data theft.” * * *
- “The Cybersecurity and Infrastructure Security Agency (CISA) has since confirmed that these exploits are limited to just the agency, and there is no indication that any other federal agencies have been impacted by the incident.”

Bleeping Computer lets us know,
- BayMark Health Services, North America’s largest provider of substance use disorder (SUD) treatment and recovery services, is notifying an undisclosed number of patients that attackers stole their personal and health information in a September 2024 breach.
- The Texas-based organization provides medication-assisted treatment (MAT) services targeting both substance use and mental health disorders to more than 75,000 patients daily in over 400 service sites across 35 U.S. states and three Canadian provinces.
- In data breach notification letters mailed to affected individuals, BayMark revealed that it learned of the breach on October 11, 2024, following an IT systems disruption. A follow-up investigation revealed that the attackers accessed BayMark’s systems between September 24 and October 14.

Per Dark Reading,
- Cybercriminals have picked up a new tactic, impersonating CrowdStrike recruiters in order to distribute a crypto miner on their victims’ devices.
- This malicious campaign starts with an email, inviting the victim to schedule an interview with a recruiter for a position as a junior developer.
- The illegitimate email contains a link, alleging that it will take the recipient to a site so they can schedule their interview, but in reality, takes the victim to a malicious website containing links to download a purported “CRM application.”

CISA reminds us,
- “In an era of increasingly sophisticated cyber threats, securing critical infrastructure has become a cornerstone of national security. CISA’s mission is to drive collaborative, proactive efforts to reduce risk and strengthen resilience for our nation’s critical infrastructure, federal civilian branch assets, and the private sector more broadly. While these efforts are many and varied, I’d like to highlight three particularly transformative initiatives—the Known Exploited Vulnerabilities (KEV) Catalog, Cybersecurity Performance Goals (CPGs), and the Pre-Ransomware Notification Initiative (PRNI)—to illustrate how we can collectively work to reshape the cybersecurity landscape.”

CISA added four known exploited vulnerabilities to its catalog this week.
- January 7, 2025
  - CVE-2024-41713 Mitel MiCollab Path Traversal Vulnerability
  - CVE-2024-55550 Mitel MiCollab Path Traversal Vulnerability
  - CVE-2020-2883 Oracle WebLogic Server Unspecified Vulnerability
- January 8, 2025
  - CVE-2025-0282 Ivanti Connect Secure Vulnerability

SC Media offers details on the January 7, 2025, KVEs while Cybersecurity Dive discusses the January 8, 2025, KVE.

From the ransomware front,

Axios gives us a primer on ransomware.

Here’s a link to a helpful September 2024 CISA PowerPoint presentation about its available tools such as the Pre-Ransomware Notification Initiative.

Security Week discusses “Temple University’s Critical Infrastructure Ransomware Attacks (CIRA)” database.
- “The Critical Infrastructure Ransomware Attacks (CIRA) database currently covers more than 2,000 attacks documented since 2013 and includes nearly 300 entries for incidents that came to light in 2024.
- “It contains information such as name of the victim, date of the incident, country or US state, targeted critical infrastructure sector, name of the attacking threat group, duration of the incident, MITRE ATT&CK mapping, and — if known — the amount of money that was demanded by the attacker and the ransom paid by the victim.” * * *
- “The database is available for free upon request. To date it has been requested more than 1,500 times, mainly by researchers and other members of the cybersecurity industry (61%), as well as students, government entities, educators, and reporters.”

From the cybersecurity defenses front,

Cybersecurity Dive identifies four cybersecurity trends to watch this year.
- Critical industries are up against never before seen challenges to remain secure and operational, while regulatory pressures have completely upended the role of the CISO in corporate America.

Dark Reading considers current trends in artificial intelligence and cybersecurity.

CISA Director Jen Easterly discusses “Corporate Cyber Governance: Owning Cyber Risk at the Board Level.”

CISA also released its “Cybersecurity Performance Goals Adoption Report.”

TechTarget shares “Top 15 email security best practices for 2025.”

Here is a link to Dark Reading’s CISO Corner.

Friday Report

David Ermer–CDC, CMS, COVID-19 vaccine, FDA, Federal employment benefits, Generative AI, Medical / Rx research, NIH, OPM, Rx coverage, SCOTUS, U.S. Healthcare–January 10, 2025January 10, 2025

From Washington, DC.

STAT News reports,
- “The Biden administration’s [last] regulation affecting the Medicare Advantage industry would come with a much lighter touch than the past two years.
- “President Biden’s Centers for Medicare and Medicaid Services on Friday proposed to increase the average benchmark payment to private Medicare Advantage plans by 2.2% for 2026. That compares to cuts of 0.2% for this year and 1.1% in 2024, although the Biden administration gave the Medicare Advantage industry one of the largest-ever payment hikes in 2023.
- “The proposed rule was rolled out weeks earlier than normal, as the Trump administration gets ready to take over the White House and federal agencies later this month. It’s unclear what, if any, changes President Trump’s team will make to the proposal. Trump has picked Mehmet Oz to lead CMS, but it’s possible that the Senate won’t confirm him before the final rule is published by the beginning of April.
- “But the Biden White House at least appears worried Trump will undo the latest proposal, warning that any “pauses” to some of its changes to how Medicare Advantage insurers are paid would result in an extra $10 billion windfall for the industry.”

An CMS press release adds,
- “The CY 2026 Advance Notice and Draft CY 2026 Part D Redesign Program Instructions are open for public comment, and CMS will accept comments through 11:59 PM Eastern Time on February 10, 2025. The CY 2026 Rate Announcement and the CY 2026 Part D Redesign Program Instructions will be published no later than April 7, 2025.
- “The CY 2026 Advance Notice may be viewed at https://www.cms.gov/files/document/2026-advance-notice.pdf.
- “A fact sheet discussing the provisions of the CY 2026 Advance Notice can be viewed at https://www.cms.gov/newsroom/fact-sheets/2026-medicare-advantage-and-part-d-advance-notice-fact-sheet.
- “The Draft CY 2026 Part D Redesign Program Instructions can be found at https://www.cms.gov/files/document/draft-cy-2026-part-d-redesign-program-instructions.pdf.
- “A fact sheet discussing the provisions of the Draft CY 2026 Part D Redesign Program Instructions can be viewed at https://www.cms.gov/newsroom/fact-sheets/draft-cy-2026-part-d-redesign-program-instructions-fact-sheet.”

Per HHS press releases,
- “Today, U.S. Department of Health and Human Services (HHS) Secretary Xavier Becerra declared a Public Health Emergency (PHE) for California to address the health impacts of the ongoing wildfires in Los Angeles County.
- “The declaration follows President Biden’s major disaster declaration and gives the Centers for Medicare & Medicaid Services’ (CMS) health care providers and suppliers greater flexibility in meeting emergency health needs of Medicare and Medicaid beneficiaries.
- “We will do all we can to assist California officials with responding to the health impacts of the devastating wildfires going on in Los Angeles County,” said Secretary Becerra. “We are working closely with state and local health authorities, as well as our partners across the federal government, and stand ready to provide public health and medical support. My thoughts and prayers are with the people impacted in my home state.”
and
- “The U.S. Department of Health and Human Services (HHS) has issued its AI Strategic Plan (hereafter referred to as “Strategic Plan” or “Plan”). The Plan establishes both the strategic framework and operational roadmap for responsibly leveraging emerging technologies to enhance HHS’s core mission, while maintaining our commitment to safety, effectiveness, equity, and access. Additionally, the Plan outlines the ways in which HHS will deliver on its goal of being a global leader in innovating and adopting responsible AI that achieves unparalleled advances in the health and well-being of all Americans.
- “At HHS, we are optimistic about the transformational potential of AI,” said Deputy Secretary Andrea Palm. “These technologies hold unparalleled ability to drive innovation through accelerating scientific breakthroughs, improving medical product safety and effectiveness, improving health outcomes through care delivery, increasing access to human services, and optimizing public health. However, our optimism is tempered with a deep sense of responsibility. We need to ensure that Americans are safeguarded from risks. Deployment and adoption of AI should benefit the American people, and we must hold stakeholders across the ecosystem accountable to achieve this goal.”

The Wall Street Journal reports,
- “New divisions have emerged among U.S. intelligence agencies over whether foreign adversaries have been developing devices that led to the illness known as Havana Syndrome, according to an intelligence report released Friday.
- “Most of the U.S. intelligence community still believes it is very unlikely that the wide range of symptoms that have been reported by more than 1,500 U.S. government employees since the first cases emerged in Havana in late 2016 were caused by a foreign power.
- “But in a notable shift, two intelligence agencies now say there is a “roughly even chance” U.S. adversaries have been developing a novel weapon that could cause the illness.
- “One of the dissenting agencies says it might have already been used to harm a small number of American personnel and dependents who have reported Havana Syndrome symptoms, the report said.
- “Havana Syndrome is a set of unexplained medical symptoms that include dizziness, headache, fatigue, nausea, anxiety, cognitive difficulties and memory loss of varying severity.”

Per Federal News Network,
- “The Office of Personnel Management’s retirement claims backlog remained basically the same in December as compared to November, but the number of days it took to process those claims ticked up to 57 from 55 days.
- “OPM also hit a new low in retirement claims received last month with 5,020. This is the lowest amount of claims received since November 2023.”

Govexec tells us,
- “The Office of Personnel Management on Wednesday sent guidance to agency heads outlining transition authorities that President-elect Donald Trump could use to immediately place his nominees in temporary positions at federal agencies and departments.
- “Although Trump is pushing Senate Republicans to expeditiously confirm his picks, he will have the authority to appoint individuals, for up to 30 days, to advisory or consultative senior executive service positions while they’re awaiting confirmation.
- “Likewise, cabinet-level agencies will be able to make five noncareer SES appointments and other agencies can institute up to three such appointments, which is standard. Such appointments must be made by Feb. 15 and also can only last for 30 days.”

From the judicial front,

Bloomberg informs us,
- “The US Supreme Court agreed [today] to review a lower court ruling that found some Obamacare coverage requirements for preventative services unlawful, but kept them enforceable nationwide.
- “In an order Friday, the court said it will hear the Biden administration’s appeal of that decision by the US Court of Appeals for the Fifth Circuit holding the structure of the US Preventive Services Task Force unconstitutional under the Appointments Clause.
- “The task force is charged with recommending some of the medical services health insurers must cover free-of-charge under the Affordable Care Act.
- “Task force members “are principal officers under Article II of the Constitution who must be—yet have not been—nominated by the President and confirmed by the Senate,” the Fifth Circuit said.”
FEHBlog note: It drives the FEHBlog nuts that the Biden Administration or Congress failed to moot the 5th Circuit opinion by making USPSTF recommendations subject to approval by the Centers for Disease Control and Prevention’s director.

From the public health and medical research front,

The CDC did not have time to update its weekly respiratory illnesses report due to the unexpected federal holiday for President Carter’s Day of Mourning yesterday. This week’s report will be posted on Monday January 13.

The University of Minnesota’s CIDRAP relates, “A first dose of COVID-19 vaccine accelerated relief of long-COVID symptoms such as fatigue and muscle aches in UK adults, but flu vaccination did not, suggests an observational University College London–led study published yesterday in the Journal of Infection.”

Per MedPage Today, “Hospitals doing fewer operative vaginal deliveries (OVDs) had higher rates of adverse perinatal outcomes for these cases than higher volume centers did, according to a population-based retrospective cohort study from California.”

The NIH Director, Dr Monica Bertagnolli, writes in her blog,
- “Millions of people in the U.S. have an autoimmune disease, from type 1 diabetes to inflammatory bowel disease, in which the immune system attacks the body’s own organs, tissues, or cells to cause damage. While treatments that tamp down the immune system can help, they can increase risk for infection or cancer due to systemic immune suppression. Similarly, for people who’ve received an organ or tissue transplant, immunosuppressants used to prevent rejection can leave the whole body vulnerable. What if there was a way to suppress the immune system only right where it’s needed, in tissues or organs at risk for immune attack?
- “An NIH-supported study reported in Science describes a way to do just that by using a cell-based therapy approach. The therapeutic approach involves taking a blood sample from a patient, modifying certain immune cells in the laboratory, and then reintroducing the engineered cells back into the body. Such cell-based therapeutics can be designed to recognize specific molecules to target tissues. This approach is already used to treat many cancers, utilizing a patient’s own engineered immune cells, known as CAR T cells, to attack and kill their cancer. Inspired by the success of the CAR T-cell example, the researchers behind this new work see the technology they’re developing as a potential platform for tackling many types of immune dysfunction.” * * *
- “While much more study is needed, the researchers suggest that such synthetic suppressor T cells could serve as a readily customizable platform to potentially treat many autoimmune conditions. Engineered immune suppressor cells could also be used to fine-tune CAR T-cell therapies for cancer so that they only attack tumors and not normal tissues, making them less toxic. This paves the way for a future in which there may be many more possibilities for precisely tamping down the immune system in ways that could prove life-changing for transplant recipients and those with type 1 diabetes, as well as many other autoimmune conditions.”
Per BioPharma Dive,
- “Pfizer on Friday said its PD-1 inhibitor sasanlimab, when combined with standard therapy in people with bladder cancer, delayed death and disease complications longer than standard therapy alone. The Phase 3 trial could give Pfizer’s subcutaneous immunotherapy an edge over rival drugs, like Merck & Co.’s Keytruda and Bristol Myers Squibb’s Opdivo, which are approved to treat people with more advanced disease. Pfizer tested sasanlimab with an immunotherapy called Bacillus Calmette-Guérin in people whose cancer hadn’t spread beyond the bladder lining after surgery. If sasanlimab wins Food and Drug Administration approval, it could be the fourth PD-1 or PD-L1 inhibitor cleared as an under-the-skin shot. The FDA has already approved subcutaneous versions of Roche’s Tecentriq and Opdivo, and Merck has positive Phase 3 data in hand for under-the-skin Keytruda”

From the U.S. healthcare business front,

Beckers Hospital Review identifies “100 great neuro and spine programs.”

The Wall Street Journal reports,
- AbbVie on Friday said it will post a $3.5 billion impairment charge related to last year’s $8.7 billion bet on Cerevel Therapeutics following the failure of the deal’s key drug candidate.
- AbbVie in November said the Cerevel drug, emraclidine, missed the key goal in a pair of mid-stage studies in schizophrenia, prompting the North Chicago, Ill., biopharmaceutical company to begin an evaluation of the emraclidine intangible asset for impairment.
- AbbVie, in announcing the Cerevel deal in late 2023, said it believed emraclidine had the potential to transform the schizophrenia treatment landscape and represented a multibillion-dollar peak sales opportunity.

The American Hospital Association News tells us,
- “Prices for the top 25 brand-name Medicare Part D drugs have increased by an average of 98% since entering the market, according to a report released Jan. 9 by the AARP Public Policy Institute. That price growth has often exceeded yearly rates of inflation, the organization said. The drugs highlighted in the report have not yet been selected for the Medicare Drug Price Negotiation program. The drugs accounted for nearly $50 billion in total Part D spending in 2022.”

Healthcare Dive informs us,
- “Walgreens’ first quarter earnings were notably better than Wall Street feared, though the retail pharmacy operator continues to suffer heavy losses as it works to right the ship.
- “On Friday, Walgreens posted financial results that beat analyst expectations with revenue of $39.5 billion, up 7.5% year over year. Still, Walgreens reported a net loss of $265 million, larger than its $67 million loss same time last year, mainly due to costs stemming from ongoing store closures and asset sales.
- “Walgreens’ market value has plummeting in recent years, leading the company to explore a private equity buyout, according to the Wall Street Journal. Executives didn’t address the speculation on a call with investors Friday morning, but said Walgreens made progress on its $1 billion cost-cutting initiative in the quarter, including a pending sale of beleaguered medical chain VillageMD and closures of 70 underperforming retail stores.”

Thursday Report

David Ermer–CDC, CMS, Congress, FDA, Generative AI, Medical / Rx research, Obesity, Rx coverage, Telehealth, U.S. Healthcare–January 9, 2025January 9, 2025

From Washington, DC

Tammy Flanagan, writing in Govexec, discusses, “The Social Security Fairness Act: What we know so far. It may take time to implement this new law — here’s what you should know for now.”
- “It will undoubtedly take time to implement this new law as it impacts about two million beneficiaries who have their earned Social Security benefits reduced because of the WEP, and close to 750,000 individuals who have had spousal and widow’s benefits payable based on the Social Security work record of their current, former or deceased spouse.
- “The repeal of the WEP and GPO will increase the Social Security benefit entitlements of the government worker or retiree who is receiving a pension from work not covered by Social Security. For most of you reading today’s column, this would be the CSRS employees and retirees who are married or were married to a spouse who paid Social Security taxes and the CSRS employee or retiree who earned their own Social Security retirement benefit in addition to receiving a CSRS retirement benefit.
- “The WEP can also affect CSRS Offset employees and retirees as well as some employees or retirees who transferred to FERS after more than five years of creditable service under CSRS.”

The American Hospital Association News tells us,
- The Centers for Medicare & Medicaid Services will host a webinar Jan. 16 at 1 p.m. ET to provide an update on the No Surprises Act Good Faith Estimate requirements for uninsured and self-pay patients. Experts will discuss the recent GFE FAQs with a focus on implications for providers and facilities. REGISTER NOW”

From the public health and medical research front,

Per Medical Economics,
- Screening for physical inactivity during routine medical visits can play a pivotal role in the identification of patients at risk for chronic diseases, according to a study published in Preventing Chronic Disease, a journal of the U.S. Centers for Disease Control and Prevention (CDC). Using the Exercise Vital Sign (EVS), researchers found that patients screened for physical activity had healthier profiles and fewer comorbid conditions than those who were not screened.

WTW Consulting informs us,
- More and more evidence show that GLP-1 medications are good for losing weight and reducing the amount of metabolic disease in people with obesity. But only about 52% of employers currently cover these drugs for obesity, and these employers are facing rising costs.
- Previous research has shown that the cost of these drugs will exceed any medical cost savings, as is true for most medical interventions. For example, medical plans don’t save money by treating cancer or providing dialysis for patients with kidney failure.
- JAMA Network Open recently published a study that showed that healthcare spending could decrease based on the type of weight loss seen with use of GLP-1 medications. However, the study demonstrates once again that even with their impressive impacts on patient weight and health, an employer-sponsored health insurance plan should not expect net medical savings from these medications.
- The researchers looked at medical claims from over 13,000 commercially insured adults from the Medical Panel Expenditure Survey from 2001 to 2020 and found that medical spending was lower in those who weighed less. Therefore, cost effectiveness of an effective weight loss drug would be much higher in those with higher BMIs, especially in those with diabetes.
- However, the study didn’t evaluate people who had lost weight, but rather examined differences in costs based on BMI. Those who lose weight won’t necessarily have the same lower level of expense as those who weren’t previously obese. Even if their estimate of cost “savings” is correct, the net cost of semaglutide or tirzepatide is around $9,000 annually, which is more than the delta in costs for a person with diabetes who loses 25% of their body weight.
- Implications for employers:
  - An employer-sponsored health insurance plan should not expect net medical savings from these medications, even with their impressive impacts on patient weight and health.
  - The decision to cover these medications should be based on the benefit they offer, and not the hope of lower medical expenses. Lower prices would allow more people to benefit from these medications.

The Wall Street Journal warns us,
- Wildfires in California aren’t all wild anymore. They often burn in urban areas, creating a toxic soup of smoke, ash and noxious substances that can be dangerous, even deadly.
- In Los Angeles this week, wildfires have burned buildings and roadways. Incinerating the plastics, metals and other materials that these structures are built from releases hazardous chemicals and gases into the air, doctors and public-health experts say.
- Wildfires which tear through urban landscapes release chemicals from human-made fuels, construction materials, household products and generate emissions which are chemically different from wildland fires, according to a 2022 report from the National Academies of Sciences, Engineering and Medicine. About 70,000 communities and 43 million homes are at risk from fires that could burn through both wild and urban landscapes, the report stated.
- “The combination of wildfire smoke in conjunction with human elements might be even more dangerous,” said Dr. Sanjay Rajagopalan, chief of cardiovascular medicine at University Hospitals Harrington Heart & Vascular Institute in Cleveland. “When you burn plastic, for instance, or you burn rubber, you get some pretty nasty stuff.”
- Smoke from the Los Angeles wildfires could have far-reaching effects. Depending on weather patterns and geographic conditions, smoke can travel vast distances. Tens of thousands of Los Angeles County residents have already been ordered to evacuate.

BioPharma Dive points out,
- “An experimental menopause drug from Bayer succeeded in a late-stage trial in women taking drugs to treat or prevent breast cancer, the company said Thursday.
- “Bayer said the drug, elinzanetant, significantly reduced the frequency of hot flashes and improved sleep for women with breast cancer, or who are at high risk of developing it, and whose symptoms are caused by hormone therapy. The study randomized 474 women to receive treatment or a placebo and measured the effects after four and 12 weeks.
- “The announcement represents the fourth positive late-stage study result for elinzanetant, but the first that isn’t in menopausal women. Bayer has already submitted the drug for U.S. approval in postmenopausal women, and the Food and Drug Administration accepted its application in October. If cleared by regulators, the drug would compete with Astellas Pharma’s Veozah.”

Per Fierce Pharma,
- “Trailing Johnson & Johnson’s powerhouse Darzalex by roughly five years in its development timeline has made it challenging for Sanofi’s Sarclisa—the only other CD38 antibody on the market for multiple myeloma—to compete in the indication.
- “But with an on-body delivery system (OBDS) to deliver its subcutaneous (SC) formulation of Sarclisa, Sanofi may be finding the edge it needs.
- “The company has taken a major step in the development of its OBDS as a phase 3 trial has met its primary co-endpoints, showing non-inferiority to intravenous (IV) Sarclisa. The company reported the trial result in a press release Thursday.”

From the U.S. healthcare business front,

Health Dive relates,
- “Blue Shield of California, one of the largest plans in the state, has revamped its corporate structure and named its first-ever female CEO.
- “Blue Shield created a parent company called Ascendiun to oversee the insurer, along with its managed Medicaid subsidiary and clinical services firm Altais, starting Jan. 1, the company announced Wednesday. Ascendiun also includes a newly created health services business called Stellarus, which aims to scale and sell Blue Shield’s pharmacy and technology offerings to other insurers.
- “Lois Quam, who has been Blue Shield’s president since last year, will step up as chief executive of the insurer. Quam will be the first woman to serve as Blue Shield’s CEO in the organization’s 86 years of operation. Paul Markovich, Blue Shield’s CEO for over a decade, will become president of Ascendiun and will also lead Stellarus on an interim basis.”
and
- “Amwell is selling its virtual psychiatric care business to fellow telehealth provider Avel eCare for about $21 million in cash, the company said Thursday.
- “The divestiture, which includes an additional earn-out payment for Amwell if the business meets financial targets, includes the psychiatric care segment’s technology and personnel along with Asana, a clinical network that employs and contracts with the unit’s clinicians.
- “Amwell CEO Ido Schoenberg said in a statement the sale strengthens the telehealth firm’s balance sheet and “fortifies our confidence” to reach positive cash flow in 2026.”

Kaufman Hall offers a report titled “Hospital and Health System M&A in Review: Despite Industry Stabilization, Numbers Reveal Ongoing Distress in 2024” as well as its November 2024 National Hospital Flash Report.

The American Hospital Association announced,
- “The AHA today released its 2025-2027 Strategic Plan, approved by the AHA Board of Trustees in November. The plan is rooted in four core disciplines — advocacy and representation, thought leadership, knowledge exchange, and agents of change. It also includes nine principles that serve as the foundation of the AHA’s work and strategies to help the field make progress on its mission of advancing health in America. View the 2025-2027 Strategic Plan for more information.”

Modern Healthcare notes,
- Oakland, California-based Kaiser Permanente led a $275 million Series F funding round for Innovaccer, a company that sells technology to unify patient data across health systems.
- Innovaccer said the round will help it introduce new artificial intelligence and cloud capabilities. The company also said the new capital will help it to continue scaling a developer ecosystem that can allow health systems to implement AI tools with other third-party vendors.

NCQA suggests “Health Care Trends to Watch in 2025.”

Per Fierce Healthcare,
- “A new report from Press Ganey highlights the close relationship between patient experience and health plan star ratings.
- “Researchers polled 450,000 people across 200 plans and combined those survey results with its database of 5.5 million patient encounters. It found that people who gave poor scores for safety and privacy in surveys following a visit to their primary care providers also frequently awarded their health plan one star on quality and access to needed care on Medicare consumer services.
- “The report noted these are critical data for plans to consider, as they have traditionally focused on making improvements to customer service, benefit design and patient engagement. It suggests they should also be considering ways to address safety.
- “In addition, the survey found that patients expect easy access to primary care, but their ability to reach specialists is a key differentiator. Plans that earned four or more stars connected a higher proportion of their members with specialty care.”

MedTech Dive points out “five medtech trends to watch in 2025. After a busy 2024, experts called out competition in soft tissue robotics, uncertainty from a Trump White House and continued success for pulsed field ablation as trends to watch this year.”

Midweek Report

David Ermer–CMS, Congress, FDA, Generative AI, Medical / Rx research, NIH, U.S. Healthcare–January 8, 2025January 8, 2025

From Washington, DC

FedScoop informs us,
- “President Joe Biden on Saturday signed into law the Government Service Delivery Improvement Act, legislation that targets improving customer service interactions with the government.
- “The bill (H.R. 5887) was first introduced by Reps. Ro Khanna, D-Calif., Byron Donalds, R-Fla., Barry Loudermilk, R-Ga., and William Timmons, R-S.C., in October 2023. Now as law, it requires the Office of Management and Budget to choose a senior official as a “Federal Government Service Delivery Lead” to coordinate government service delivery improvement within agencies.
- “That service delivery lead would also work with new agency-appointed senior officials, who must be named within a year of the bill’s enactment, to oversee their organizations’ delivery improvements.”

Per an HHS press releases,
- “Today, U.S. Department of Health and Human Services Secretary Xavier Becerra announced he would delegate the authority vested in the HHS under the Dr. Emmanuel Bilirakis and Honorable Jennifer Wexton National Plan to End Parkinson’s Act to the National Institutes of Health, with support from the HHS Office of the Assistant Secretary for Health.”
and
- “Today, the White House Initiative on Asian Americans, Native Hawaiians, and Pacific Islanders (WHIAANHPI) unveiled Rising Together, its final report to President Joe Biden. The report showcases how the Biden-Harris Administration has leveraged the full force of the federal government to make real the promise of America for Asian American, Native Hawaiian, and Pacific Islander (AA and NHPI) communities. Read the full report at wh.gov/whiaanhpireport2025 – PDF“
and
- “Today, the U.S. Department of Health and Human Services (HHS) announced seven winners of the KidneyX Sustainability Prize, designed to incentivize development of solutions to reduce water or power usage during dialysis care.” * * *
- “HHS congratulates the winners of the KidneyX Sustainability Prize, who will each receive an equal share of the $7.25 million prize purse:
  - “Kuleana Technology Inc. Advancing Hemodialysis Sustainability: Dialysate Regeneration via Uremic Toxin Photo-Oxidation. “Kuleana Technology’s Dialysate Regeneration Module enables hemodialysis with just 2 liters of water per treatment, making dialysis portable and accessible while saving 300 billion liters of water per year worldwide.”
  - “Micro Nano Technologies Inc. Handheld Water-Free and Battery-Powered Renal Replacement System. “The proposed technology mimics kidney filtration, eliminating the need for water and operating on a laptop-sized battery for 8 hours, ensuring dialysis access during disasters without traditional infrastructure.”
  - “Particle4X. SMART-PD: Sustainable Home Dialysis Revolution. “SMART-PD is an advanced home dialysis system that produces sterile PD fluid from tap water, reclaims effluent, and employs AI-powered monitoring to enhance sustainability and patient safety.”
  - “Qidni Labs Inc. Qidni/D: A Novel Sorbent Platform for Dialysis. “The Qidni/D is a portable and nearly waterless hemodialysis system that can offer accessible and sustainable access to care anywhere.”
  - “Stephen Ash. Sorbent Regeneration of Dialysate with Improved Ammonium Capacity. “We have developed a sorbent with high capacity for NH4+ (from urea) and minimal binding of Ca++ and Mg++, which should make regeneration of dialysate simpler, smaller and more practical.”
  - “University of Minnesota. Decentralized Dialysis Fluid Production: Enhancing the Sustainability of Dialysis Care. “Our innovation enables decentralized production of peritoneal dialysis fluids, reducing dialysis energy and water consumption by 48% and 66%, respectively, increasing supply chain resilience, and improving patient outcomes worldwide.”
  - “Wearable Artificial Organs Inc. Green dialysis on batteries using only 300ml of water. “A 2 lb. miniaturized Wearable Artificial Kidney (WAK) powered by rechargeable batteries, continuously regenerates dialysate water and delivers continuous dialysis 24 hours a day, 7 days a week.”
- Kudos to the prize winners.
The American Hospital Association News tells us,
- “The Centers for Medicare & Medicaid Services Jan. 8 announced 23.6 million consumers have signed up for a 2025 Health Insurance Marketplace plan. Of that total, approximately 3.2 million are new consumers. Open enrollment continues until Jan. 15 for the 31 states that use HealthCare.gov and most state-based marketplaces for coverage beginning Feb. 1.”
Kevin Moss, writing in Federal News Network, answers the question “If someone is on Federal Health Benefits, what happens when they turn 65 and become eligible for Medicare, and what happens when their spouse turns 65 and is also eligible for Medicare?” It’s worth adding that OPM regulations grant special FSHB/PSHB open enrollment period to employees and annuitants who turn 65:
- On becoming eligible for Medicare. An employee [or an annuitant] may change the enrollment from one plan or option to another at any time beginning on the 30th day before becoming eligible for coverage under title XVIII of the Social Security Act (Medicare). A change of enrollment based on becoming eligible for Medicare may be made only once. 5 CFR Secs 890.301(k), 890.306(p)

Stars and Stripes gives us an update on the “pilot program aimed at helping Department of Defense civilian employees [based in Japan] find health care from Japanese providers is up and running, according to the DOD. The program, which aims to connect the civilians with local health care providers without paying large, upfront service fees, among other advantages, began Jan. 1, according to a fact sheet emailed to employees Wednesday by the U.S. Army Civilian Human Resources Agency. The program complements existing health insurance coverage for eligible DOD employees.”

From the judicial front,

Bloomberg Law reports,
- “A trade group representing consumer credit reporting companies and a Texas-based credit union association sued to block the Consumer Financial Protection Bureau’s new rule barring most medical debt from credit reports.
- “The CFPB overstepped its authority in eliminating medical debt from credit reports and banning creditors from considering medical debt in lending decisions, the Consumer Data Industry Association and the Cornerstone Credit Union League said in a complaint filed Tuesday in the US District Court for the Eastern District of Texas.
- “Only Congress has the power to determine whether information can or can’t be included in credit reports, the complaint said.
- “The ban will make it harder for lenders, employers, and rental housing providers to make informed decisions about the creditworthiness of borrowers, the industry groups said.
- “Knowing whether a consumer has debt is an important element of underwriting, and unilaterally eliminating consideration of coded medical debt information erodes the predictive nature, and therefore the value, of consumer reports,” the complaint said.
- “The suit came on the same day the CFPB finalized its medical debt rule.”

From the Food and Drug Administration front,

Fierce Pharma lets us know,
- “The FDA will require GSK and Pfizer to include on the label of their respiratory syncytial virus (RSV) vaccines a warning about the risk of developing Guillain-Barré syndrome (GBS), a rare neurological condition that can cause paralysis.
- “The ruling will affect GSK’s Arexvy and Pfizer’s Abrysvo, both of which were approved by the agency in May of 2023 for adults 60 years or older and realized booming sales in their first year on the market.
- “Seven months ago, however, the sales potential for both shots declined significantly when the Centers for Disease Control and Prevention (CDC) recommended that they only be used by adults aged 75 and older and those 60 and older who have a high risk of severe disease due to underlying medical conditions.
- “In narrowing the population with its revised recommendation, the CDC cited the potential link between the vaccines and GBS.
- “On Tuesday, the FDA explained that its new guidelines come after the agency conducted a post marketing observational study and evaluated the results of clinical trials and reports to its Vaccine Adverse Event Reporting System (VAERS).”

Per Healthcare Dive,
- “The Food and Drug Administration’s device center clarified how manufacturers should approach artificial intelligence in a draft guidance issued on Monday.
- “The document outlines recommendations for design, development and maintenance to ensure AI-enabled devices are safe and effective. In particular, the guidance outlines how device makers should address transparency and bias and when post market monitoring is needed.
- “Troy Tazbaz, director of the FDA’s Digital Health Center of Excellence, said the agency has authorized more than 1,000 AI-enabled devices to date.
- “As we continue to see exciting developments in this field, it’s important to recognize that there are specific considerations unique to AI-enabled devices,” Tazbaz said in a statement.”

Per MedTech Dive,
- “Johnson & Johnson said Wednesday it paused all U.S. Varipulse caseswhile the company investigates the cause of four reported neurovascular events.
- “J&J said the cases were part of an external evaluation in the U.S. The pause was initiated on Jan. 5. J&J completed more than 130 cases across 14 sites as of Jan. 3.
- “An external evaluation is a limited rollout intended to collect physician feedback on a new technology before a full release, a J&J spokesperson said in an email to MedTech Dive.
- “Because the evaluation used a unique platform configuration, the pause does not affect the rollout of Varipulse outside of the U.S., where more than 3,000 commercial cases have been completed, J&J said.
- “The pause of U.S. cases comes two months after J&J received Food and Drug Administration approval for Varipulse, becoming the third device company to offer a PFA system in the U.S.”

From the public health and medical research front,

The National Cancer Institute released its Cancer Information Highlights concerning “Targeted Therapy for Head and Neck Cancer & CAR T-Cell Therapy for Brain Cancer.”

MedPage Today informs us,
- A study of older adults showed that 6% had depression, with higher prevalences in certain groups, including women, those who were unmarried, and those with chronic medical conditions. (Journal of the American Geriatrics Society)
- A single 25-mg dose of synthetic psilocybin significantly improved depressive symptoms by week 3 among participants with severe treatment resistance in a small single-arm open-label trial. (American Journal of Psychiatry)
- Older adults with major depressive disorder displayed riskier driving compared with those without depression, according to a prospective longitudinal cohort study. (JAMA Network Open).

MedPage Today adds, “Two types of Wicklow Gold cheddar cheese sold in five states were recalled due to potential contamination with Listeria monocytogenes, Abbey Specialty Foods said [last Friday].”

From the U.S. healthcare business front,

Healthcare Dive expects that “Health insurers will step off the roller coaster in 2025. After a turbulent year, things should calm for payers with the advent of a business-friendly Trump administration — though challenges will persist.”

MedCity News discusses
- How Can Employers Manage Rising Healthcare Costs in 2025? Multiple reports indicate that employers can expect rising healthcare costs in 2025. To address these costs, employers are holding their vendor partners accountable and evaluating their health plan and PBM partners.
and
- “Biopharma in 2025: Outlook for Obesity Meds, Drug Prices, Regulation & More. Metabolic medicines dominated life sciences headlines in 2024, a trend expected to continue into the new year. Other things to look for include more widespread adoption of artificial intelligence technologies and the IPO market’s return to normal levels.”

STAT News reports
- “Next week brings the return of the J.P. Morgan Healthcare Conference, and with it another fabled opportunity for companies in the industry to court possible mergers, acquisitions, and licensing deals. This year, there will be even greater pressure to make a good match, as the pharmaceutical industry, which drives more than $1 trillion in economic activity and thousands of jobs, faces one of the largest patent cliffs in recent history.
- “Between now and 2033, the patents on dozens of brand-name medications will expire, allowing generic drugmakers to begin selling cheaper versions. Drug companies stand to lose more than $400 billion in revenue as patents expire for Keytruda, Eliquis, Jardiance, Opdivo, and other blockbuster therapies. (By comparison, the last major patent cliff that hit the industry, in 2011, jeopardized around $250 billion in drug revenue.)
- “One of the few tried-and-tested methods for navigating a patent cliff is to acquire startups and new drugs — and lots of them. As a result, many experts anticipate pharma ramping up M&A activity in 2025, starting at the J.P. Morgan conference.
- “We always have a handful of deals announced around JPM. But the real work is the meetings that happen at JPM, that start the discussions.… I think people need to buckle up, because it’s already twice as frothy and could get even more,” said Charles Ruck, an attorney at Latham Watkins who specializes in M&A.”

Per Fierce Healthcare,
- “Two-thirds of insured Americans say they would trust a health insurer’s artificial intelligence copilot to accurately inform them about a health plan’s benefits, a survey conducted by virtual care navigation platform Pager Health and market research firm The Harris Poll reveals.
- “Of the respondents, 66% believe AI can correctly personalize digital healthcare with the goals and needs of the member. Even more respondents think AI can find doctors accepting new members and schedule appointments.
- “The survey, shared exclusively with Fierce Healthcare, provide insights into how members want insurers to offer a better customer experience, sometimes through AI. However, health plans do not fully capitalize on this opportunity.
- “Only 41% of people say they receive personalized messages, while 17% don’t receive health plan recommendations at all. About one-third of respondents say an insurer’s wellness programs would be more enticing if they received progress alerts, biometric information or claims data.
- “Only health plans that fully leverage the power of AI to analyze the wealth of health data available will be able to meet this demand and, in the process, boost member engagement and satisfaction,” said Rita Sharma, chief product officer at Pager Health, in a news release.”

The Wall Street Journal reports,
- “Novo Nordisk expanded a deal with Valo Health, a U.S. company, to discover and develop treatments for obesity, type 2 diabetes and cardiovascular disease using human data and artificial intelligence.
- “The deal extends an agreement signed in 2023 and will see Valo become eligible for increased payments and funding.
- “Under the original deal, the companies agreed to develop up to 11 drug programs, primarily focused on cardiovascular disease, with Valo eligible to receive up to $2.7 billion in milestone payments, plus research and development funding and potential royalty payments.
- “The new agreement set out Wednesday expands the scope to put a stronger focus on obesity and type 2 diabetes and includes near-term payments to Valo of up to $190 million.
- “A further $4.6 billion in potential milestone payments will be made for up to nine new drug programs and Valo will also be eligible for more research and development funding and potential royalty payments.
- “The companies will continue to use Valo’s drug discovery and development platform that uses patient data and AI to generate new insights and translate them into potential therapeutics.”

Per Healthcare Dive,
- “Transcarent, a healthcare platform for self-insured employers, will acquire benefits navigator Accolade for about $621 million, the companies announced Wednesday.
- “The deal will combine Transcarent’s offerings — including an artificial intelligence-backed information and navigation service, health benefits guidance and virtual care — with Accolade’s services, like providing virtual primary care and specialist consultations, as well as patient advocates and care navigation.
- “The acquisition will net Accolade stockholders $7.03 per share in cash, an approximately 110% premium over the company’s closing stock price on Tuesday. Transcarent’s CEO, noted entrepreneur and investor Glen Tullman, will head up the combined organization, according to a spokesperson.”

Cybersecurity Saturday

David Ermer–Cybersecurity, Generative AI–January 4, 2025January 4, 2025

From the retrospection front,

Bleeping Computer reflects on the fourteen “biggest cybersecurity and cyberattack stories of 2024.

Dark Reading queries “What Security Lessons Did We Learn in 2024?”

From the cybersecurity policy and law enforcement front.

Beckers Hospital Review highlights
- “six things the proposed changes to HIPAA would require of [HIPAA covered entities and business associates:
  - 1. “Encrypt electronic protected health information “with limited exceptions.”
  - 2. “Implement multifactor authentication “with limited exceptions.”
  - 3. “Deploy antimalware software.
  - 4. “Establish written procedures to restore EHR systems and data within 72 hours of a cyberattack.
  - 5. “Notify certain regulators within 24 hours when an employee’s electronic access to EHR data or systems is changed or terminated.
  - 6. “Develop and revise an inventory and network map that illustrates the movement of EHR data through the organization’s systems at least once every 12 months.”

Dark Reading summarizes themes of the proposed HIPAA Security Rule amendments (some of which are overkill in the FEHBlog’s opinion) and notes
- “The changes to the security rule will cost approximately $9 billion in the first year and $6 billion for years two to five, said Anne Neuberger, deputy national security adviser for cyber and emerging technology, during a Dec. 27 press briefing.
- “The cost of not acting is not only high, it also endangers critical infrastructure and patient safety, and it carries other harmful consequences,” Neuberger said.
- “Stakeholders have 60 days after the nearly 400-page proposal is published to submit comments (early March 2025). HHS will issue the final version of the rule afterward, although a specific date has not yet been set, followed by a compliance date of 180 days. It is also not clear whether work on the changes will continue under the new presidential administration. Even so, healthcare organizations should review proposed requirements and evaluate their existing security programs to prepare.”

Another Dark Reading article goes into more detail about proposed rule which is fitting for a “nearly 400-page proposal.”

Dark Reading also reports,
- “A US Army soldier was reportedly arrested Dec. 20 in Texas and charged with two counts of unlawful transfer of confidential phone records.
- “Cameron John Wagenius, 20, is suspected of leaking presidential call logs belonging to AT&T and Verizon under an online alias of “Kiberphant0m.”

From the cybersecurity breaches and vulnerabilities front,

The Wall Street Journal reports,
- “The Treasury Department told lawmakers Monday [December 30, 2024] that a state-sponsored actor in China hacked its systems, accessing several user workstations and certain unclassified documents.
- “The Treasury was informed on Dec. 8 by a third-party software service provider, BeyondTrust, that a threat actor used a stolen key to remotely access certain workstations and unclassified documents, according to a letter reviewed by The Wall Street Journal.
- “Once alerted, the department said it immediately contacted the Cybersecurity and Infrastructure Security Agency and has since worked with law enforcement partners across the government to assess the incident.
- “The compromised BeyondTrust service has been taken offline and there is no evidence indicating the threat actor has continued access to Treasury systems or information,” a spokesperson said.
- “In response, the Chinese embassy in Washington, D.C., denied the Treasury Department’s allegations, and said that its government opposes what it described as U.S. smear tactics without any factual basis.”

Per Cybersecurity Dive,
- “Weeks after BeyondTrust disclosed an attack spree against a limited number of customers, more than 8,600 instances of the company’s Privileged Remote Access and Remote Support products remain exposed, according to a blog post released Thursday [January 2, 2025] by Censys.
- “BeyondTrust in December warned that an attacker gained access to a limited number of Remote Support SaaS instances utilizing a compromised API key. This week, the U.S. Department of Treasury said a suspected state-linked attacker gained access to a number of workstations and stole unclassified information using a BeyondTrust key.
- “Censys researchers, in the Thursday [January 2, 2025] blog, indicated that not all of the exposed instances are considered vulnerable, because the firm does not have access to the versions involved.”

The Cybersecurity and Infrastructure Security Agency added one known exploited vulnerability its catalog this week.
- “December 30, 2024
- “CVE-2024-3393. Palo Alto Networks PAN-OS Malformed DNS Packet Vulnerability”

Palo Alto Network offers details on this CVS at this link.

An ISACA commentator cautions “Overreliance on Automated Tooling is A Big Cybersecurity Mistake.”

A Dark Reading commentator warns,
- “Despite never-ending data breaches and ransomware attacks, too many companies still rely on the outdated “trust but verify” cybersecurity strategy. This approach assumes that any user or device inside a company’s network can be trusted once it has been verified. The approach has clear weaknesses: Many businesses are putting themselves at additional risk by verifying once, then trusting forever.
- “There was a time when “trust but verify” made sense, namely when networks were self-contained and well-defined. But at some point, perhaps due to the overwhelming volume of devices on a network, the number of patches needing to be applied, user demands, and resource constraints in the cybersecurity team, things began to slip. Initial verification meant the asset was trusted, but no additional verification ever took place.”

From the ransomware front,

Cybersecurity Dive lets us know,
- “Rhode Island officials said a ransomware group has begun to leak stolen information from a state social services database following a December attack.
- “In a Monday [December 30, 2024] press conference, Rhode Island Gov. Daniel McKee said the state was informed by Deloitte, which manages the RIBridges program, that hackers had begun to release data on a dark web leak site.
- “The contents of those files are still being analyzed by experts,” McKeetold reporters during the briefing. “Identifying what is in those files is a complex process, but they’re working right now to make those identifications.”
- “RIBridges is a state program that administers several social services programs, including Medicaid, Temporary Assistance for Needy Families and other programs.” * * *
- “A threat group called Brain Cipher previously claimed credit for the attack, which was disclosed Dec. 5. The group has been active since June 2024 and leverages the LockBit 3.0 payload for their ransomware payloads, SentinelOne previously told Cybersecurity Dive.
- “The group often uses phishing campaigns to gain initial access to targeted organizations, thus tricking users into downloading malicious files, according to Jon Miller, co-founder and CEO of Halcyon.
- “Once inside, they leverage tools and exploits to move laterally across networks, frequently targeting Windows domain administrator credentials to maximize their reach,” Miller said via email.
- “Researchers from Sophos confirmed Brain Cipher posted detailed information on a leak site claiming credit for the RIBridges database incident.”

Per Security Week,
- “The Richmond University Medical Center in New York has been investigating a ransomware attack since May 2023 and it recently determined that the incident resulted in a data breach affecting more than 670,000 people.
- “The healthcare facility, which serves residents in Staten Island, New York, suffered significant disruptions in May 2023 after being targeted in a ransomware attack. It took the organization several weeks to restore impacted services.
- “An initial forensic investigation showed that the hospital’s electronic health record systems were not compromised, but it was later determined that other files may have been accessed or exfiltrated from Richmond University Medical Center’s network in early May.
- “Once the investigation determined what files may have been accessed or removed from our network, we located a copy of each file and then undertook a manual review process of those files to determine whether they contained any sensitive personal information or personal health information,” the hospital said in a security incident notice.”

Healthcare IT News adds,
- “Ransomware attacks are having a severe impact on U.S. healthcare organizations, with an alarming escalation in incidents and their consequences, according to a Comparitech report.
- “The study found that, since 2018, 654 ransomware attacks have targeted healthcare providers, with 2023 standing out as a record-breaking year, logging 143 incidents.
- “These attacks compromised over 88.7 million patient records during this period, with more than 26.2 million breached in 2023 alone.
- “Each day of downtime due to ransomware costs healthcare organizations an average of $1.9 million, culminating in an estimated $21.9 billion in downtime losses over six years.
- “On average, medical organizations experienced 17 days of downtime per incident, with the highest disruptions reported in 2022, averaging 27 days.”

From the cybersecurity defenses front,

A Dark Reading commentator explains how to get the most out of your cybersecurity insurance policy.
- “As cyber threats continue to evolve, so must our approach to mitigating them. Bolster your cybersecurity posture in a holistic manner — self-assessing your risk profile, addressing vulnerabilities, and striving for continuous improvement — and you can better safeguard your organization against threats and control your cyber-insurance costs.
- “Prepare for increasingly rigorous risk assessments from [insurance] providers moving forward. Underwriters now have access to extensive data about cyber threats and protections. Expect them to ask more granular questions and do deeper inspections into the efficacy of controls, especially those around identity-related risks, such as privileged access and credential theft. Anticipate their questions, and be prepared with comprehensive, up-to-date answers.
- “Cyber insurance should augment your cybersecurity strategy, not replace it. Prioritize implementing robust, ongoing cyber practices that protect your organization.”

Cybersecurity Dive informs us,
- “Most cyber leaders are bullish on generative AI despite governance concerns, according to a CrowdStrike survey published in December. Nearly two-thirds say their organization would overhaul tooling in order to leverage better generative AI capabilities.
- “Leaders expect generative AI adoption to bring ROI through cost optimization, easier tool management, reduced incidents and shorter training cycles, according to the survey of more than 1,000 cybersecurity leaders and practitioners.
- “Respondents said the leading concern when weighing a generative AI purchase is how applications or services integrate with current tools. Around 70% intend to purchase access to the technology in the next year.”

Dark Reading discusses “6 AI-Related Security Trends to Watch in 2025. AI tools will enable significant productivity and efficiency benefits for organizations in the coming year, but they also will exacerbate privacy, governance, and security risks.”

Here is a link to Dark Reading’s CISO Corner.

Monday report

David Ermer–Generative AI, Medical / Rx research, Mental health care, NIH, Obesity, OPM, SDOH, U.S. Healthcare–December 30, 2024December 30, 2024

Thanks to Justin Casey for sharing their work on Unsplash.

From Washington, DC

Per a press release,
- “OPM joins the nation in mourning the passing of President Jimmy Carter. President Carter showed that public service isn’t just a line of work – it is life’s calling. From a young naval officer to a political leader, to leading as a humanitarian building homes and curing diseases, President Carter answered the call to public service. He set an example for every American to give back to their communities. He will truly be missed.”

The Washington Post reports,
- Memorial services for former president Jimmy Carter are expected to span several days and include public events in Atlanta and Washington.
- Carter’s state funeral will be held Jan. 9 at 10 a.m. inside Washington National Cathedral after a procession from Georgia and a ceremony in which his body will lie in state in the U.S. Capitol, according to a news release from the Joint Task Force-National Capital Region.
- “The 39th president will then be buried in a private ceremony in his hometown, Plains, Georgia.”
Govexec adds,
- “President Biden issued an executive order on Monday to close federal agencies and offices next month in recognition of former President Jimmy Carter, who died Sunday at 100 in his home in Plains, Georgia.”
- In accompanying guidance, Office of Personnel Management acting Director Rob Shriver said all federal employees would be excused from duty Jan. 9 “except those who, in the judgment of the head of the agency, cannot be excused for reasons of national security, defense, or other essential public business.”
- The day off applies to federal employees nationwide and will be treated like a holiday for purposes of pay and leave, the memorandum said.

From the public health and medical research front,

The Wall Street Journal reports,
- “When President Jimmy Carter was diagnosed in 2015 with cancer in his liver and brain, he said that he would like to see the last Guinea worm die before he did.
- “That just about came true.
- “There were 3.5 million cases of the parasitic worm disease in 1986, when the 39th U.S. president took up the cause of eradicating it. In 2023, there were 14 human cases, and 11 from January through early December 2024, according to a provisional count.
- “We’re not there yet, but thanks to him we’re very close,” said Dr. Donald R. Hopkins, former vice president of health programs and now special adviser on Guinea worm eradication to the Carter Center, the human-rights nonprofit the former president founded in 1982 with his wife, Rosalynn Carter.”

The Washington Post reports,
- “Cases of the illness known as norovirus — which induces miserable bouts of vomiting and diarrhea — are surging across the United States, according to the Centers for Disease Control and Prevention. Ninety-one outbreaks of the gastrointestinal bug were reported the week of Dec. 5, the latest period for which data is available. That’s 22 more outbreaks than in the last week of November.
- “While sometimes referred to as the stomach flu, the disease is not caused by the influenza virus, which results in respiratory illness.
- “There are about 2,500 reported outbreaks each year in the United States, happening most frequently between November and April. When new strains of norovirus emerge, case counts usually rise, according to disease trackers.
- “This year, the number of reported norovirus outbreaks have exceeded the numbers that we’ve seen recently and in the years before the pandemic,” according to the CDC.”
- The article delves into signs and symptoms, treatment options, etc.

The American Medical Association tells us what doctors wish their patients knew about depression.

Neurology Advisor adds, “One in 6 women experienced symptoms of postpartum depression 2 months after cesarean delivery, according to study findings published in the American Journal of Obstetrics and Gynecology.“

The Wall Street Journal tells us about a 24 year old man who is trying to “outrun” schizophrenia.
- “For the past four years, Kevin has been part of a living experiment. Shortly after he began hallucinating, during his junior year at Syracuse University, his doctors recommended him for an intensive, government-funded program called OnTrackNY. It provided him with therapy, family counseling, vocational and educational assistance, medication management and a 24-hour hotline.
- “Such programs — there are around 350 in the United States — challenge the old idea that psychotic disorders are degenerative, a long slide to permanent disability. They operate on the notion of a golden hour. By wrapping a young person in social supports early on, the theory goes, it may be possible to prevent the disorder from advancing.” * * *
- “But now, after four years, his time in the program was up. An estimated 100,000 people experience a first episode of psychosis every year, roughly four times the number of spots available in early intervention programs. So in December, it would all go away: the team of five providers and the hotline and the therapist who reminded him of his mother.
- “What would happen to him without their support? Even as enthusiasm for early intervention builds, long-term studies are casting doubt on whether its benefits last after discharge. For Kevin, leaving the program meant a sudden blast of autonomy and a million questions about what his future, with schizophrenia, would look like.
- “The training wheels are coming off,” he said.”

Per MedPage Today,
- “There was “low but improving uptake” of reporting about the diversity of participants in summary documents for FDA-cleared pulse oximeters after voluntary guidance was issued in 2013, an analysis of public FDA records found.” * * *
- “The most important finding is that although there were more mentions of skin color descriptors in performance testing after the FDA’s guidance, a majority of the public clearance documents for pulse oximeters did not include any mention of testing in diverse individuals,” Ferryman told MedPage Today in an email.
- “Clinicians who work in hospital settings often do not get to choose which pulse oximeter device they use with their patients,” Ferryman said. “Because this research is based on the public record, it suggests that even if clinicians wanted to do their own research on the performance of pulse oximeters across diverse populations, the majority of FDA-cleared device records do not include any information about testing in different skin tones.”
- Pulse oximeter readings in patients with darker skin tones tend to overestimate oxygen saturation, a long-standing issue described in multiple studies and discussed by an FDA advisory committee. * * *
- “Newer FDA guidance on pulse oximeter testing that’s under development may correct some of these problems, but no single change in guidance “is likely to be sufficient to fully correct the problems of development, marketing, and dissemination of fully equitable pulse oximeters,” the [researchers] wrote.”

Per National Institutes of Health press releases,
- “A study of nearly 10,000 adolescents funded by the National Institutes of Health (NIH has identified distinct differences in the brain structures of those who used substances before age 15 compared to those who did not. Many of these structural brain differences appeared to exist in childhood before any substance use, suggesting they may play a role in the risk of substance use initiation later in life, in tandem with genetic, environmental, and other neurological factors.
- “This adds to some emerging evidence that an individual’s brain structure, alongside their unique genetics, environmental exposures, and interactions among these factors, may impact their level of risk and resilience for substance use and addiction,” said Nora Volkow M.D., director of NIDA. “Understanding the complex interplay between the factors that contribute and that protect against drug use is crucial for informing effective prevention interventions and providing support for those who may be most vulnerable.”
- “Among the 3,460 adolescents who initiated substances before age 15, most (90.2%) reported trying alcohol, with considerable overlap with nicotine and/or cannabis use; 61.5% and 52.4% of kids initiating nicotine and cannabis, respectively, also reported initiating alcohol. Substance initiation was associated with a variety of brain-wide (global) as well as more regional structural differences primarily involving the cortex, some of which were substance-specific. While these data could someday help inform clinical prevention strategies, the researchers emphasize that brain structure alone cannot predict substance use during adolescence, and that these data should not be used as a diagnostic tool.”
and
- “Among people with dialysis-dependent kidney failure, a form of psychological therapy called pain coping skills training reduced how much pain got in the way of their daily lives, also known as pain interference. The clinical trial, funded by the National Institutes of Health (NIH), found that training people on how to manage pain reduced the extent to which pain affected their work and social activities, mood, and relationships. The pain coping skills training, which was adapted for people undergoing long-term dialysis, also improved other effects of pain, including the intensity of pain, depression, anxiety, and quality of life. Pain coping skills training is an approach widely used for chronic pain, but it had not previously been tested for people treated with dialysis.
- “Very few interventions have been shown to improve the quality of life for people with end-stage kidney disease being treated with dialysis,” said Dr. Paul Kimmel, program director at NIH’s National Institute of Diabetes and Digestive and Kidney Diseases (NIDDK), which led the study. “For example, opioids, which have been a main treatment for pain in this population, have side effects that can be more pronounced in the presence of kidney failure, making pain management challenging.” * * *
- “The study results indicate that pain coping skills training may be an appealing alternative or complement to pain medications. Although the effect of the pain coping skills training on the overall cohort was modest, its high acceptability, tolerability, and safety and its observed benefits to pain, anxiety, depression, and quality of life support further research on developing nonpharmacologic, non-invasive strategies for managing pain in dialysis populations.
- “Future work will focus on how to prolong the favorable effects of pain coping skills training and how to broadly implement this intervention in clinical practice,” said lead author Dr. Laura M. Dember, nephrologist and clinical investigator at the University of Pennsylvania Perelman School of Medicine, Philadelphia. “Based on the successful results of this study, our hope is that this intervention can be made available broadly to patients receiving dialysis.”

The Wall Street Journal offers a quiz about the FDA’s latest guidance on whether a particular food is healthy. For what it’s worth, the FEHBlog scored 100.

From the U.S. healthcare business front,

Fierce Pharma offers a “2025 forecast: After Novo, Lilly expansion sprees, ‘positive signals’ emerge around future supply of GLP-1 drugs.”

The Washington Post informs us,
- “They don’t get fruitcakes or Christmas cards from grateful patients, but for decades robots have been helping doctors perform gallbladder removals, hysterectomies, hernia repairs, prostate surgeries and more. While patients lie unconscious on the operating table, robotic arms and grippers work on their bodies at certain stages in these procedures ― all guided by doctors using joystick-like controllers, a process that minimizes human hand tremor.
- “Now, a team of Johns Hopkins University and Stanford University researchers has reported a significant advance, training robots with videos to perform surgical tasks with the skill of human doctors.
- “The robots learned to manipulate needles, tie knots and suture wounds on their own. Moreover, the trained robots went beyond mere imitation, correcting their own slip-ups without being told ― for example, picking up a dropped needle. Scientists have already begun the next stage of work: combining all of the different skills in full surgeries performed on animal cadavers.
- “A new generation of more autonomous robots holds the potential to help address a serious shortage of surgeons in the United States, the researchers said.

Check this out!
- “As 2025 nears, healthcare is undergoing unprecedented transformation, particularly with headlines about artificial intelligence (AI) technologies shifting away from grandiose promises as the dust starts to settle around the potential of Generative AI (GenAI). These innovations and others aim to reshape how healthcare is delivered.
- “To shed light on anticipated trends, challenges and opportunities in healthcare technology in 2025, leading experts from Wolters Kluwer Health offer their outlook on 2025 across a variety of topics. Diffusing the hype, the predictions offer an eye-opening look at what’s ahead and lead us toward a smarter, more resilient future in healthcare technology.”

Cybersecurity Saturday

David Ermer–Cybersecurity, Generative AI–December 28, 2024December 28, 2024

From the cybersecurity retrospection and predictions front as we approach New Year’s Day,

CSO lists the “top 7 zero-day exploitation trends of 2024,” and “IT leaders’ top 9 takeaways from 2024.”

Dark Reading points out “Emerging Threats & Vulnerabilities to Prepare for in 2025. From zero-day exploits to 5G network vulnerabilities, these are the threats that are expected to persist over the next 12 months.”

Federal News Network offers a “2024 review: ‘Typhoons’ bookend [the Change Healthcare breach in a] busy year in cyber. From Volt Typhoon to Salt Typhoon, major cyber incidents in 2024 shined a spotlight on how agencies are managing cyber threats to critical infrastructure.”

Healthcare Dive recounts “seven of the biggest healthcare cyberattack and breach stories of 2024 Cyberattacks targeting the healthcare industry continued to rise this year. Here are some of the largest incidents, from Change Healthcare to Ascension.”

From the cybersecurity policy front,

Yesterday the Health and Human Services Department’s Office for Civil Rights announced its proposed amendments to the HIPAA Security Rule which is intended to protect electronic personal health information. The public comment deadline is March 7, 2025, sixty days from January 6, 2025, the date that proposed rule will be published in the Federal Register.

Here is a link to the OCR’s fact sheet for the proposed rule. The HIPAA Security Rule dates back to 2003, and its hallmark was flexibility in implementation. To that end, the HIPAA Security rule set forth required standards and addressable standards. Because a lot has changed since 2003, I expected standard changes, but I did not expect OCR to do away with the required / addressable standard distinction in favor of exceptions. Like many other regulations issued by the current administration, the proposed amendments are loaded with new paperwork and oversight requirements. Hopefully the next administration will pull back the proposed rule so that the changes focus on requiring tools that are known to work, e.g., multi factor authentication, encryption, adequate backups.

Cybersecurity Dive lets us know,
- “Lax security controls played a significant role in allowing a China-government sponsored threat group to gain broad and full access to U.S. telecom networks, a senior White House official said Friday.
- “From what we’re seeing regarding the level of cybersecurity implemented across the telecom sectors, those networks are not as defensible as they need to be to defend against a well-resourced, capable, offensive cyber actor like China,” Anne Neuberger, deputy national security advisor for cyber and emerging technology, said during a Friday media briefing.
- “Neuberger’s remarks came as the White House confirmed a ninth telecom company was among those compromised by Salt Typhoon’s widespread intrusion of U.S. telecom networks. The unnamed company recently determined it was impacted after reviewing threat hunting and hardening guidance provided by the U.S. government, Neuberger said.
- “Earlier this month, U.S. officials said at least 8 U.S. telecom providers or infrastructure companies were compromised in a campaign that went undetected for months and has been underway for up to two years.”

Per Federal News Network,
- “The DoD’s big cybersecurity program advanced earlier this month. It’s a big rule to carry out if it becomes effective. For what the rule means and what comes next in the Cybersecurity Maturity Model Certification Program, Deltek cybersecurity researcher Michael Greenman joined the Federal Drive with Tom Temin for details.”
- The article offers a transcript of this interview

From the cybersecurity breaches, ransomware, and vulnerabilities front,

The Cybersecurity and Infrastructure Security Agency (CISA) added one known exploited vulnerability to its catalog this week.
- December 23, 2024
  - CVE-2021-44207 Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability

Here is a link to a Security Affairs explanation of the vulnerability.

Bleeping Computer pointed out on December 24,
- The Clop ransomware gang started to extort victims of its Cleo data theft attacks and announced on its dark web portal that 66 companies have 48 hours to respond to the demands.
- The cybercriminals announced that they are contacting those companies directly to provide links to a secure chat channel for conducting ransom payment negotiations. They also provided email addresses where victims can reach out themselves.
- In the notification on their leak site, Clop lists 66 partial names of companies that did not engage the hackers for negotiations. If these companies continue to ignore, Clop threatens to disclose their full name in 48 hours.
- The hackers note that the list represents only victims that have been contacted but did not respond to the message, suggesting that the list of affected companies may be larger.
- “The Cleo data theft attack represents another major success for Clop, who leveraged leveraging a zero-day vulnerability in Cleo LexiCom, VLTransfer, and Harmony products to steal data from the networks of breached companies.” * * *
- “The zero-day flaw exploited this time is now tracked as CVE-2024-50623 and it allows a remote attacker to perform unrestricted file uploads and downloads, leading to remote code execution.
- “A fix is available for Cleo Harmony, VLTrader, and LexiCom version 5.8.0.21 and the vendor warned in a private advisory that hackers were exploiting it to open reverse shells on compromised networks.”
and
- “The North Korean hacker group ‘TraderTraitor’ stole $308 million worth of cryptocurrency in the attack on the Japanese exchange DMM Bitcoin in May.
- “In a short post, the FBI attributed the attack to the state-affiliated threat actor TraderTraitor, also tracked as Jade Sleet, UNC4899, and Slow Pisces.
- “The crypto heist occurred in May 2024 and forced the platform to restrict account registration, cryptocurrency withdrawals, and trading until the completion of the investigations.”

From the cybersecurity defenses front,

Netxgov/FCW alerts us that “Government and private sector organizations have begun to recognize that physical and virtual assets must be protected from cyber threats in the same way as IT.”

Dark Reading discusses “Defining & Defying Cybersecurity Staff Burnout. Sometimes it feels like burnout is an inevitable part of working in cybersecurity. But a little bit of knowledge can help you and your staff stay healthy.”

Here is a link to Dark Reading’s CISO Corner, which was updated this week.

Midweek update

David Ermer–CMS, Congress, FDA, Generative AI, Medical / Rx research, Obesity, U.S. Healthcare, Uncategorized–December 18, 2024December 18, 2024

From Washington, DC,

The Wall Street Journal reports,
- “President-elect Donald Trump said he opposes the bipartisan deal struck by congressional leaders to avoid a partial government shutdown this weekend, insisting that lawmakers tear up the agreement and pass a narrower bill.
- “Trump’s comments upended efforts to pass a stopgap spending bill to keep the government funded through mid-March, while also providing more than $100 billion in disaster and farm aid. Trump said Congress should craft a new deal that keeps the aid but leaves out other measures, and couple that with immediately raising the federal debt ceiling, ahead of a deadline on the nation’s borrowing limit looming next year.” * * *
- “To keep the government funded, a bill must pass both chambers of Congress and be signed into law by President Biden before Friday’s midnight deadline.”

Politico identifies the winners and losers in Tuesday night’s CR, FYI.

Federal News Network tells us,
- “The Senate passed a defense bill Wednesday that authorizes significant pay raises for junior enlisted service members, aims to counter China’s growing power and boosts overall military spending to $895 billion while also stripping coverage of transgender medical treatments for children of military members.
- “The annual defense authorization bill usually gains strong bipartisan support and has not failed to pass Congress in nearly six decades, but the Pentagon policy measure in recent years has become a battleground for cultural issues. Republicans this year sought to tack on to the legislation priorities for social conservatives, contributing to a months-long negotiation over the bill and a falloff in support from Democrats.
- “Still, the bill passed comfortably 85-14, sending it to President Joe Biden. Eleven senators who caucus with Democrats, as well as three Republicans, voted against the legislation.”

Modern Healthcare informs us,
- “The House Bipartisan Task Force on Artificial Intelligence [AI] has issued a comprehensive report outlining policy recommendations for AI’s in healthcare.
- “AI development in healthcare has outpaced regulation of the technology, leaving the industry to create its own guidelines. Congressional leaders from both the Senate and House of Representatives have conducted hearings to learn how insurers and providers use AI, but they have not passed significant legislation to regulate it.
- “A bipartisan group of 12 Republican and 12 Democratic lawmakers led by co-chairs Rep. Ted Lieu (D-Calif.) and Rep. Jay Obernolte (R-Calif.) authored the report. The task force, formed in February, looked at AI in healthcare along with several other industries.”
The American Hospital News lets us know
- “The Centers for Medicare & Medicaid Services today announced Michigan, New York, Oklahoma and South Carolina state Medicaid agencies were selected to participate in its state-based Innovation in Behavioral Health Model. The eight-year IBH Model is intended to improve care quality and behavioral and physical health outcomes for Medicare- and Medicaid-enrolled adults with moderate to severe mental health conditions and substance use disorders. The pre-implementation period will begin Jan. 1, 2025, when states will begin to conduct outreach and recruit specialty behavioral health practices to participate in the model.”

Modern Healthcare points out,
- “The U.S. spent $4.9 trillion on healthcare in 2023, a 7.5% increase from the prior year, according to a report the Centers for Medicare and Medicaid Services Office of the Actuary published in the journal Health Affairs on Wednesday.
- “National health expenditures, including the public and private sectors, constituted 17.6% of gross domestic product last year. That’s slightly higher than 17.4% in 2022 and 17.5% in 2019 — prior to the COVID-19 pandemic — but lower than 19.5% in 2020 and 18.3% in 2021 amid the public health crisis.
- “The Office of the Actuary, which is independent from CMS leadership, mainly attributes the growth in 2023 to greater utilization and intensity. Hospital care, physician and clinical services, and retail prescription drugs were the three biggest categories of higher spending.
- ‘Expenditures increased at a greater rate last year than during the prior two years, when pandemic-era funding flexibilities began to expire, according to the actuaries. Healthcare expenditures rose 4.6% in 2022 and 4.2% in 2021 after spiking 10.4% in 2020 because of COVID-19.”

In Food and Drug Association News,

Per Cardiovascular Business,
- “The U.S. Food and Drug Administration (FDA) has announced that Boston Scientific is recalling the catheters associated with its POLARx Cryoablation System due to a heightened risk of esophageal injury. The issue has been linked to seven patient injuries and four deaths.
- “The POLARx Cryoablation System is designed to treat recurrent, symptomatic atrial fibrillation that does not respond to treatment from medical therapy alone. It gained FDA approval back in August 2023.
- ‘The FDA has ruled that this is a Class I recall, which means it is associated with the highest possible risk level. However, this recall does not involve removing the devices from the market. Instead, Boston Scientific has updated the instructions for use and is urging customers to follow these updated instructions moving forward.
- “The recall includes both the POLARx and POLARx FIT cryoablation catheters.”

Per MedTech Dive,
- “Boston Scientific has recalled a group of Accolade pacemakers because of a malfunction that can permanently put devices in safety mode, limiting functionality and preventing devices from properly treating patients. The Food and Drug Administration said devices that permanently enter safety mode must be replaced.
- “The recall has been tied to two deaths. Boston Scientific did not specify the number of injuries in its December recall notice. The FDA posted an alert for the recall on Monday.
- “The subset of affected Accolade devices includes Accolade, Proponent, Essentio and Altrua 2 standard life and extended life pacemakers, as well as Visionist and Valitude cardiac resynchronization therapy pacemakers, according to the FDA’s notice.”

From the public health and medical research front,

The Washington Post reports,
- “An individual in Louisiana has the first severe illness caused by bird flu in the United States, federal health officials said Wednesday.
- “The patient, who is hospitalized, had been in contact with sick and dead birds in backyard flocks on their property, the Centers for Disease Control and Prevention said. It’s the first case of H5N1 bird flu in the United States that has been linked to exposure to a backyard flock, and news of the infection comes the same day California officials declared a state of emergency to confront the outbreak spreading among dairy cows.” * * *
- “Emma Herrock, a spokeswoman for the Louisiana Health Department, said in an emailed statement Wednesday the patient is over 65 and has underlying medical conditions. She declined to describe the person’s symptoms or severity of illness. Citing patient confidentiality, she said there would be no updates about the patient’s condition at this time.”
The New York Times adds,
- “The virus, H5N1, cannot yet spread easily among people, and it still poses little danger to the average American. Pasteurized dairy products are still safe to consume.
- “But the past few weeks have brought a steady drumbeat of cases in people, dairy cattle, birds and other animals. Each infection gives the virus a chance to take on a form that could cause a pandemic, experts warned.
- “All these infections in so many species around us is paving a bigger and bigger runway for the virus to potentially evolve to infect humans better and transmit between humans,” said Dr. Nahid Bhadelia, the director of the Boston University Center on Emerging Infectious Diseases.
- “That represents an escalation in the situation, even if risk to general population remains low,” she said.
- “California has borne the brunt of the outbreak in cattle.
- “The first herds in the nation infected with the bird flu virus, H5N1, were identified in March. California identified its first infected herd in late August.
- “But since then, the state’s agriculture department has found the virus in 645 dairies, about half of them in the past 30 days alone.
- “California has also recalled raw milk products from two companies after the virus was detected in samples.”

STAT News informs us,
- “A major report on alcohol’s health effects — which will inform the 2025 Dietary Guidelines for Americans — found moderate drinkers had lower all-cause mortality, and a lower risk of death from cardiovascular disease, than those who never drank. The findings are sure to cause a stir, especially once a separate panel of experts releases its own alcohol report in coming weeks.
- “For years, researchers and public health officials have been taking a harder stance on alcohol as evidence has emerged of its associations with various diseases, including certain cancers and liver disease. The head of the National Institute on Alcohol Abuse and Alcoholism, George Koob, has said there are “no health benefits to alcohol.” The new 230-page report, released Tuesday by the National Academies of Sciences, Engineering, and Medicine, seems to undermine those assertions.
- “The “Review of Evidence on Alcohol and Health” from NASEM does not make recommendations. Instead, it summarizes the available evidence published in the past five to 15 years on how moderate alcohol consumption is linked to lactation, weight, cancer, cardiovascular disease, neurocognition and all-cause mortality. Moderate drinking is defined as two drinks per day for men, or one drink per day for women. The committee’s conclusions are based on associations, so the report doesn’t explain whether alcohol consumption is directly responsible for the outcomes.
- “Recommendations will be made by the main dietary guidelines committee next year, using NASEM’s review and another, from a separate panel in the Department of Health and Human Services. That report has not been released yet but is expected by next month.”

Here are links to “2024 NIH Research Highlights: An End-Of-Year Review” and the National Cancer Institute’s publication about “Ending Cancer, Supportive Care for Young People, and Pancreatic Cancer Research.”

From the U.S. healthcare business front,

Beckers Payer Issues names the “four health insurers earned a spot on the latest list of the 250 best-managed companies, as ranked by the Drucker Institute.”

BioPharma Dive reports,
- “Merck & Co. has made its first big move in obesity treatment, announcing Wednesday it is paying Hansoh Pharma $112 million for rights outside China to a preclinical pill that works similarly to the popular injection Wegovy.
- “Per deal terms, China-based Hansoh could receive up to $1.9 billion in additional payouts based on reaching clinical, regulatory and commercial milestones. Hansoh has an option to co-promote or solely commercialize the pill, code-named HS-10535, in China.
- “Merck was one of the few big U.S. drugmakers that didn’t have an experimental obesity drug in development, and investors were therefore closely watching whether it would make a deal.”

Beckers Hospital Review ranks weight loss drugs by recent price changes for us.

Also, per BioPharma Dive,
- “Almost 15 years ago, in the midst of an opioid epidemic that would kill more than half a million people in the U.S., a startup formed with the aim of creating new, non-addictive pain drugs.
- “This goal could have been seen as noble. But for most investors, it was far too risky. Pain research was known to be exceedingly difficult and, even if successful, any resulting products would have to compete in a healthcare system that opioid makers had already gamed.
- “The startup, SiteOne Therapeutics, has stayed afloat in the years since mostly through small grant funds. Yet, in a major reversal of fortune, it recently began to receive a huge influx of investment. The company on Wednesday announced the closing of a $100 million fundraising round,and plans to put the cash toward human studies designed to show its drugs work as intended.
- “Pain has really been out of favor in the industry up until very recently,” said John Mulcahy, SiteOne’s cofounder and CEO. “Now is the time to add additional resources to really ramp things up.
- “SiteOne’s research focuses on a kind of protein that’s embedded, by the thousands, in the perimeter of cells. Aptly named “ion channels,” these microscopic tunnels allow cells to communicate with one another through the rush of electrically charged particles. They are essential. Without them, our bodies wouldn’t be able to move muscles, sense surroundings or fight against germs.
- “These functions also make ion channels attractive targets for drug researchers, who have already found ways to use them to combat seizures, infections, and problems with the heart and blood pressure. And over the past couple decades, technological advances have led to a better understanding of these proteins, such that some pharmaceutical companies now believe the field will, before too long, produce new treatments for pain, epilepsy, depression and many more neurological conditions.”

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.