Cybersecurity Saturday

Generative AI

Cybersecurity Saturday

David ErmerCybersecurity, Generative AI

From the cybersecurity policy and law enforcement front,

  • Cybersecurity Dive reports,
    • “The Trump administration late Thursday removed the scandal-plagued acting director of the Cybersecurity and Infrastructure Security Agency, injecting fresh uncertainty into the operations of an agency already grappling with a morale crisis as it tries to protect the U.S. from sophisticated hacking threats.
    • “The Department of Homeland Security reassigned Madhu Gottumukkala, the deputy CISA director who had led the agency in an acting capacity since last May, to a position at DHS headquarters. Nick Andersen, the executive assistant director for CISA’s Cybersecurity Division and one of the few remaining political appointees at the agency, will step in as acting director.”
  • Federal News Network adds,
    • “Sen. Ron Wyden (D-Ore.) is blocking the Trump administration’s nominee to lead both U.S. Cyber Command and the National Security Agency. Wyden said Lt. Gen. Joshua Rudd, who currently serves as the deputy commander of U.S. Indo-Pacific Command, lacks the experience needed to immediately step into the dual leadership role. The lawmaker added that when it comes to U.S. cybersecurity, “there is simply no time for on-the-job learning, the threat is just too urgent for that.”
  • Gov Info Security relates,
    • “A bipartisan group of senators called on the federal government to update the regulations governing healthcare cybersecurity through a Thursday vote sending a bill aimed at bolstering sector resilience to the full Senate.
    • ‘The Senate Health, Education, Labor and Pensions Committee voted 22 to 1 to advance the Health Care Cybersecurity and Resiliency Act, a bill that requires publishing cybersecurity guidance for rural medical practices and improved coordination between federal agencies.
    • It has the backing of a healthcare cybersecurity working group that includes committee Chair Bill Cassidy, R-La.
    • “The legislation would additionally bolster an apparently stalled effort to update the HIPAA Security Rule that the Department of Health and Human Services published during the final weeks of the Biden administration (see: What’s in HHS’ Proposed HIPAA Security Rule Overhaul?).
    • “The bill would enforce many of the proposed rule’s updates, including requiring HIPAA-covered organizations and business associates to adopt multifactor authentication and encryption, to conduct audits, including penetration testing. It additionally calls for “other minimum cybersecurity standards” to be determined by the HHS secretary, “in consultation with private sector organizations, based on landscape analysis of emerging and existing cybersecurity vulnerabilities and consensus-based best practices.”
    • “The fate of the Biden administration’s proposed HIPAA overhaul is uncertain at this point. The HHS Office of Civil Rights is expected to make some kind of decision in May on whether it will move forward with the proposals, or perhaps issue a revised version of proposed rulemaking.”
  • Cyberscoop notes,
    • “An ex-L3 Harris executive was sentenced to over seven years in prison Tuesday after pleading guilty to selling eight zero-day exploits to a Russian broker in exchange for millions of dollars.
    • “Peter Williams, 39, admitted to two counts of theft of trade secrets in U.S. District Court in Washington, D.C., last year, acknowledging he took at least eight exploits or exploit components while working at Trenchant, a specialized cybersecurity unit owned by L3Harris. Prosecutors said the materials were intended for restricted use by the U.S. government and allied partners.
    • “Authorities said Williams sold the stolen information to a broker that advertised itself as a reseller of hacking tools and described it as serving multiple customers, including the Russian government. In court, the government referred to the buyer as “Company 3,” but details read aloud during the plea hearing pointed to Operation Zero, a Russian exploit broker that publicly markets itself online as a platform for purchasing zero-day vulnerabilities.”

From the cybersecurity breaches and vulnerabilities front,

  • Cybersecurity Dive reports,
    • “Federal agencies have until Friday evening [February 27] to update certain Cisco networking devices that are vulnerable to compromise, the Cybersecurity and Infrastructure Security Agency said on Tuesday [February 24].
    • “In an emergency directive about Cisco’s Software-Defined Wide-Area Networking (SD-WAN) systems, CISA said it was “aware of a cyber threat actor’s ongoing exploitation” of two vulnerabilities in Cisco Catalyst SD-WAN Manager and Catalyst SD-WAN Controller devices and called the activity “an imminent threat to federal networks.”
  • and
    • “The Cybersecurity and Infrastructure Security Agency on Thursday warned that a malware variant previously used in attacks against Ivanti Connect Secure environments may remain undetected on systems. 
    • “In March 2025, CISA issued an alert about the malware, dubbed Resurge, in connection with exploitation of CVE-2025-0282, a stack-based buffer overflow vulnerability in certain versions of Ivanti Connect Secure and other Ivanti products. 
    • “The agency has since analyzed three samples from a critical infrastructure provider’s Ivanti Connect Secure device after hackers exploited the flaw to gain initial access. The analysis shows that Resurge can remain latent on a device until a remote hacker attempts to contact the device.” 
  • Cyberscoop adds,
    • “Would-be attackers spent 2025 swimming in a sea of more than 40,000 newly published vulnerabilities, VulnCheck said in a report released Wednesday, but only 1% of those defects, just 422, were exploited in the wild.
    • “As the deluge of vulnerabilities grows every year, and CVSS ratings lose significance for vulnerability management prioritization, some defenders are turning to research on known exploited vulnerabilities to narrow their scope of work and place more emphasis on verified risks. 
    • “The growth in CVE volume is ludicrous, not necessarily unfounded, but it’s large. Defenders don’t know what to pay attention to,” Caitlin Condon, vice president of security research at VulnCheck, told CyberScoop. “Prioritization is still a huge problem.”
    • “Too many defenders and researchers are paying attention to defects and unsubstantiated exploit concepts that aren’t worth their time, Condon added. “The indicators of risk that used to be semi reliable, now no longer are.”
  • and
    • “Cyberattacks reached victims faster and came from a wider range of threat groups than ever last year, CrowdStrike said in its annual global threat report released Tuesday, adding that cybercriminals and nation-states increasingly relied on predictable tactics to evade detection by exploiting trusted systems.
    • “The average breakout time — how long it took financially-motivated attackers to move from initial intrusion to other network systems — dropped to 29 minutes in 2025, a 65% increase in speed from the year prior. “The fastest breakout time a year ago was 51 seconds. This year it’s 27 seconds,” Adam Meyers, head of counter adversary operations at CrowdStrike, told CyberScoop.
    • “Defenders are falling behind because attackers are refining their techniques, using social engineering to access high-privilege systems faster and move through victims’ cloud infrastructure undetected.”
  • Cybersecurity Dive points out,
    • “Hackers are increasingly integrating artificial intelligence into all phases of the cyberattack life cycle, with the technology regularly analyzing target information, generating phishing emails and providing coding assistance, security firm ReliaQuest said in a report published on Tuesday [February 24].
    • “Other recent reports from IBM and cyber insurer Resilience similarly highlight how AI has changed the threat landscape.
    • At the same time, a new Sophos report said it was important to put in perspective AI’s ‘capabilities and impact.”
  • LinkedIn informs us,
    • “One of the largest data breaches in U.S. history is even bigger than was known. The Conduent cyberattack has now affected more than 25 million Americans, according to a recent update. The January 2025 incident exposed Social Security numbers, medical records and other sensitive information. Conduent is one of the largest contractors for the U.S. government, providing mailroom, printing and payment processing services for state government benefit offices — meaning it manages “a large amount of personal information belonging to a large swath of the United States,” per TechCrunch.”
  • Cybersecurity Dive adds,
    • “Hackers working for the Chinese government broke into more than 50 telecommunications companies and government agencies in 42 countries, in a campaign that exploited cloud platforms’ legitimate features to hide the attackers’ tracks.
    • “The attacker was using API calls to communicate with [software-as-a-service] apps as command-and-control (C2) infrastructure to disguise their malicious traffic as benign,” researchers at Google’s Threat Intelligence Group and Mandiant said in a report on Wednesday.
    • “Google said the “prolific, elusive” China-linked hacker team, which it tracks as UNC2814, “has a long history of targeting international governments and global telecommunications organizations across Africa, Asia, and the Americas.”

From the ransomware front,

  • The Mississippi Clarion Ledger reports,
    • “Officials with the University of Mississippi Medical Center stated the hospital system is “getting closer to full functions” following a cyberattack on Feb. 19 that disrupted operations.
    • “UMMC issued a statement Friday, Feb. 27, stating after being able to access patient records, clinics statewide will resume normal operations and scheduled appointments on Monday, March 2.
    • “UMMC also stated that on March 2, clinics will begin reaching out to patients to reschedule appointments that were cancelled. Officials added that UMMC clinics will reopen with extended hours and additional days in order to accommodate patients as soon as possible.
    • “All hospitals and emergency departments located in Jackson, Madison County, Holmes County and Grenada remain open.”
  • Cybersecurity Dive relates,
    • “UFP Technologies, a Massachusetts-based medical device maker, said it is investigating a cyberattack in mid-February that led to some of its company data being stolen or potentially destroyed, according to a regulatory filing
    • “The company said the attack, which was detected Feb. 14, impacted most of its IT network, as well as its billing and label-making capabilities for customer deliveries. The company said it was able to continue operations using data backups and implementing contingency plans.
    • “This was a classic ransomware attack that appeared to have impacted many, but not all, of our IT systems,” Ronald Lataille, chief financial officer at UFP Technologies, said Wednesday on a quarterly conference call with analysts. “Data was taken and then destroyed.”
    • “The company is still trying to figure out how much sensitive information, including personally identifiable data, may have been impacted by the attack, according to the 8-K filing with the Securities and Exchange Commission. However, the company does not currently believe the attack will have a material impact on its financial condition.”
  • The Hacker News adds,
    • “The North Korea-linked Lazarus Group (aka Diamond Sleet and Pompilus) has been observed using Medusa ransomware in an attack targeting an unnamed entity in the Middle East, according to a new report by the Symantec and Carbon Black Threat Hunter Team.
    • “Broadcom’s threat intelligence division said it also identified the same threat actors mounting an unsuccessful attack against a healthcare organization in the U.S. Medusa is a ransomware-as-a-service (RaaS) operation launched by a cybercrime group known as Spearwing in 2023. The group has claimed more than 366 attacks to date.
    • “Analysis of the Medusa leak site reveals attacks against four healthcare and non-profit organizations in the U.S. since the beginning of November 2025,” the company said in a report shared with The Hacker News.”
  • The Register informs us,
    • “Ransomware payments cratered in 2025, but it seems like the cybercrooks launching the attacks didn’t get the memo.
    • “That’s the headline from Chainalysis’ 2026 Crypto Crime Report, which shows total on-chain ransomware payments falling for a second straight year, even as victim counts and leak site pressure continue to climb.
    • “Ransomware gangs pulled in about $820 million in 2025, roughly 8 percent less than the year before, as the share of victims paying dropped to an all-time low of 28 percent. That drop might sound like progress if the wider picture weren’t so bleak: the median ransom demand jumped from $12,738 in 2024 to $59,556 in 2025, and the number of publicly claimed attacks climbed along with it.
    • “Despite the relative stability in total payments, ransomware attacks surged across multiple vectors in 2025, with eCrime.ch data showing a 50 percent YoY increase in claimed ransomware victims, marking the most active year on record,” Chainalysis said.”
  • Help Net Security adds,
    • Intrusions continue to center on credential access and timed execution outside standard business hours. The Sophos Active Adversary Report 2026 analyzes 661 incident response and managed detection and response cases handled between November 1, 2024 and October 31, 2025, spanning organizations in 70 countries.
    • “The dataset examines how attackers gain access, how quickly they reach key systems, and when ransomware and data theft occur.” * * *
    • “Timing patterns show that the most disruptive stages of ransomware incidents often occur when organizations are operating with reduced staffing. In 88% of ransomware cases, encryption was deployed during non business hours.
    • “Data exfiltration followed a similar pattern, with 79% of theft activity also occurring outside the typical workday.
    • “Off hours deployment increases the likelihood that encryption or large scale data transfers proceed without immediate interruption. It places emphasis on monitoring coverage that extends beyond standard schedules.”

From the cybersecurity business and defenses front,

  • Dark Reading reports,
    • “The cybersecurity venture capital market experienced unprecedented activity in 2025, driven primarily by the rush to AI-native security solutions and a massive surge in mergers and acquisitions that reached record levels.
    • “In 2025, VC firms invested $119 billion in cybersecurity businesses, with 400 M&A transactions accounting for the majority of funding and another 820 financing deals totaling nearly $21 billion, according to data from Momentum Cyber, a cybersecurity investment bank. The total value of M&A, financing, and IPO activity in 2025 nearly tripled that of deals in the previous year.”
  • and
    • “Cybersecurity experts are calling for a major shift in how companies handle data breaches and security failures, arguing that greater transparency and specific detail disclosure about how and why they occur is essential if the industry hopes to effectively reduce cyber-risk.
    • “At the upcoming RSAC Conference, threat research experts Adam Shostack and Adrian Sanabria will make the case for greater incident transparency and the need for structured feedback loops in cybersecurity, in a session aptly titled “A Failure Is a Terrible Thing to Waste: The Case for Breach Transparency,”scheduled for Monday, March 23.”
  • Cybersecurity Dive informs us,
    • “The AI era is transforming what CISOs do and how they do it, the enterprise software firm Splunk said in a report published on Tuesday [Feburary 24].
    • “Nearly all CISOs have been assigned to manage their organizations’ AI governance responsibilities, the report found, a significant expansion of “their already overwhelming mandates.”
    • CISOs interviewed in the report expressed both an awareness that they needed to use AI and a range of concerns about its potential harms.”
  • Dark Reading relates,
    • “As one ransomware community shutters in RAMP, two more pop up to take its place. 
    • “Rapid7 today published an analysis of that ransomware ecosystem after US authorities seized infrastructure tied to the notorious RAMP cybercrime forum last month. For years, RAMP has been the primary vehicle for acquiring ransomware-as-a-service (RaaS) affiliates, but the Jan. 28 interagency sting led by the FBI forced many cybercrime outfits to find a new means to sell their wares. 
    • “Rapid7’s Alexandra Blia and Efi Sherman in this week’s blog post identified two potential forums where attackers might go next. The bigger takeaway, however, is that the cybercrime ecosystem is fragmenting, and defenders will need to adapt.”
  • and
    • A newly developed method for gauging the impact of an OT cybersecurity incident could pave the way for more accurate measurement and response to an event, and also shine light on risk and business ramifications.
    • The Operational Technology Incident (OTI) Impact Score — which will be unveiled today [February 24] at the ICS/OT industry’s S4x26 Conference in Miami — aims to provide rapid clarity on the actual effects of OT cyber incidents, which often get over- or under-hyped, according to Dale Peterson, co-creator of the OTI model and head of ICS/OT consulting and research firm Digital Bond.
    • The OTI model, inspired by the Richter Scale used for measuring earthquake intensity and impact, is meant for OT business executives, governments, cyber insurers, the media, and the general public, according to Peterson, who is the founder and program chair of S4.
  • Here is a link to Dark Reading’s CISO Corner.

Friday report

David ErmerCDC, CMS, FDA, Generative AI, Medical / Rx research, Medicare, NCQA, Telehealth, U.S. Healthcare

From Washington, DC

  • Fierce Healthcare reports,
    • “The Trump administration has proposed flat rates in Medicare Advantage (MA) for 2027, and insurers argue in new commentary that those levels do not reflect the realities of the program.
    • “In late January, the Centers for Medicare & Medicaid Services (CMS) released its annual proposed advance notice governing MA and Part D. 
    • “The proposal includes a net payment rate increase of 0.09% in MA, meaning levels will be essentially flat if the plan becomes final.
    • “The proposed rule drew immediate ire from the industry, which is already navigating significant financial challenges in this market. Multiple leading players have elected to exit certain MA markets. 
    • “In official comments (PDF) submitted Wednesday to the CMS, the AHIP said the proposed rule “risks undermining CMS’ goal of providing beneficiaries with stable, affordable choices during the annual enrollment period.”
    • “At a time of sharply rising medical costs and high utilization of medical services, the combined effect of the proposed policy changes and growth rates will not keep pace with the cost of caring for seniors in 2027,” the organization, which is the largest lobbying group representing insurers, said in its comment letter.”
  • MedPage Today relates,
    • A top health official at the Centers for Medicare & Medicaid Services (CMS) [Chris Klomp] hedged on payment reform, but committed to helping physicians address prior authorization challenges, during the American Medical Association’s (AMA) National Advocacy Conference.”
  • Per Beckers Health IT,
    • “CMS has rolled out an app directory for Medicare recipients as part of the agency’s push to digitize healthcare.
    • “The Medicare App Library seeks solutions that fall under one of three use cases: “kill the clipboard,” conversational AI assistants, or diabetes and obesity prevention and management.
    • “We are calling on health app developers, tech-enabled organizations, and innovators to voluntarily align around a shared framework for data and access that empowers people, improves care, and accelerates progress,” CMS stated Feb. 23. “This is a movement, not a mandate. It is a call to action, not a regulation. Let’s show what’s possible when we work together — and finally bring healthcare into the modern era.”
  • Federal News Network tells us
    • “Tens of thousands of federal employees at U.S. Customs and Border Protection are expected to continue receiving pay during the Department of Homeland Security’s current funding lapse, according to an email viewed by Federal News Network.
    • “CBP, a component of DHS, plans to use discretionary funding from the One Big Beautiful Bill Act to exempt and continue paying more than 57,600 agency employees who have been working throughout the partial shutdown this month. Details of the agency’s decision come from an email sent this week by the National Treasury Employees Union, obtained by Federal News Network.
    • “Under the current shutdown, CBP will “exempt” and provide pay to a large portion of its workforce, including law enforcement personnel and certain civilian agency employees. Some other CBP employees, however, are still considered “excepted” and will not receive pay until after the shutdown ends.”
  • MedTech Dive informs us,
    • “The Trump administration is imposing a six-month moratorium on Medicare enrollment for certain suppliers of durable medical equipment, prosthetics and orthotics, or DMEPOS, as part of a broader plan to combat fraud in healthcare.
    • “The administration said Wednesday that the nationwide halt on enrollment would give the government time to consider more actions “to further mitigate longstanding instances of fraud, waste, and abuse perpetrated by certain DMEPOS companies.”
    • “The temporary freeze applies to all applications for initial enrollment and changes in majority ownership for medical supply companies.
    • “Durable medical equipment includes items such as walkers, wheelchairs, oxygen equipment, hospital beds, continuous positive airway pressure machines and blood sugar monitors.”
  • NCQA, writing in LinkedIn, announced its “Advanced Primary Care Pilot Program” and invited readers to “Meet Our Primary Care Partners!”
  • The Labor Department’s Employee Benefits Security Administration let us know about extending the public comment period on its proposed Improving Transparency Into Pharmacy Benefit Manager Fee Disclosure rule to April 15, 2026.

From the Food and Drug Administration front,

  • MedTech Dive tells us,
    • “The Food and Drug Administration on Tuesday posted a warning letter sent to Beta Bionics in late January.
    • “The letter raised concerns with how the diabetes tech company handled complaints of severe low and high blood sugar associated with its automated insulin delivery system. The FDA also flagged problems with the company making modifications to its device without notifying regulators.
    • “In an annual report filed Tuesday, the company said it has already taken several corrective actions, including improvements to the processes identified in the warning letter. The company is also preparing a written response to the letter.”
  • Cadiovascular Business informs us,
    • Cara Medical, a medtech company focused on advanced imaging technologies, has secured U.S. Food and Drug Administration (FDA) clearance for its new platform that noninvasively visualizes a patient’s cardiac conduction system.
    • “The CARA System, which previously earned the FDA’s breakthrough device designation, was designed to help interventional cardiologists and electrophysiologists plan ahead before procedures and then guide them during treatment. It can be used for structural heart interventions such as transcatheter aortic valve replacement (TAVR) as well as pacing procedures.
    • “The newly cleared system includes two primary components. The CARA Metis Simulator is a preprocedural planning software that identifies the cardiac conduction axis on CT angiography results and generates a 3D map of the patient’s conduction system. The CARA Atlas Navigator, meanwhile, overlays that map onto live fluoroscopic images to assist with intraprocedural guidance. 
    • “Artificial intelligence (AI) algorithms play a role in both components, extracting metadata and detecting the user’s catheter for visualization, but all AI calculations can still be confirmed by a physician.”

From the public health and medical / Rx research front,

  • The Centers for Disease Control and Prevention announced today,
    • “Seasonal influenza activity remains elevated nationally. RSV activity is elevated and increasing in some areas of the country. Emergency department visits and hospitalizations for RSV are highest among infants and children less than 4 years old. COVID-19 activity is decreasing nationally but remains elevated in some areas of the country.
    • “COVID-19
      • “COVID-19 activity is decreasing nationally but remains elevated in some areas of the country.
    • “Influenza
      • “Seasonal influenza activity remains elevated nationally. Influenza A activity is decreasing while influenza B activity is increasing nationally and in most areas of the country.
      • “Additional information about current influenza activity can be found at: Weekly U.S. Influenza Surveillance Report | CDC
    • RSV
      • “RSV activity is elevated in many areas of the country, including emergency department visits and hospitalizations among infants and children 4 years and younger.
    • Vaccination
      • “National vaccination coverage for COVID-19, influenza, and RSV vaccines remains low for children and adults. COVID-19, influenza, and RSV vaccines can provide protection against severe disease. It is not too late to get vaccinated this season. Talk to your doctor or trusted healthcare provider about what vaccines are recommended for you and your family.”
  • The University of Minnesota’s CIDRAP tells us,
    • “The US Centers for Disease Control and Prevention (CDC) has ended its investigation into the recent multistate infant botulism outbreak traced to ByHeart powdered formula and lowered the total case number by three. In a Public Health Alert issued earlier this week, California, CDC, and Food and Drug Administration scientists reported 51 infections, but yesterday the CDC said it has excluded three suspected cases, for a total of 48 (28 confirmed, 20 probable) in November and December 2025. While the outbreak is over, investigators continue to probe how Clostridium botulinum bacteria got into the formula, the CDC said.
    • “A report published yesterday in the CDC’s Morbidity and Mortality Weekly Report describes how officials used artificial intelligence (AI) to identify contaminated ice in a beer cooler as the source of a 2024 Salmonella enterica outbreak at a county fair. Ice is an uncommon vehicle for Salmonella spread at public events, noted author Katherine Houser, RN, of the Brown County Health Department in Mount Sterling, Illinois. The outbreak sickened 13 people (seven confirmed, six probable cases). AI tools helped synthesize background information to support and contextualize the environmental health team’s assessment, Houser said.”
  • The CDC also announced today,
    • “As of February 26, 2026, 1,136 confirmed* measles cases were reported in the United States in 2026. Among these, 1,130 measles cases were reported by 28 jurisdictions: Arizona, California, Colorado, Florida, Georgia, Idaho, Illinois, Kentucky, Maine, Minnesota, Nebraska, New Mexico, New York City, New York State, North Carolina, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, South Carolina, South Dakota, Texas, Utah, Vermont, Virginia, Washington, and Wisconsin. A total of 6 measles cases were reported among international visitors to the United States. 
    • “There have been 10 new outbreaks** reported in 2026, and 90% of confirmed cases (1,023 of 1,136) are outbreak-associated (152 from outbreaks starting in 2026 and 871 from outbreaks that started in 2025).”
  • MedPage Today informs us,
    • “Identical stool samples sent to seven direct-to-consumer microbiome testing companies produced substantially different bacterial profiles and health assessments.
    • “Across 18 commonly reported microbial genera, no company’s results matched the consensus; and only three genera of 1,208 identified taxa appeared in every report.
    • “Researchers attributed the discrepancies to differences in laboratory methods and analysis pipelines, and say the results underscore the need for standardized testing and quality controls.”
  • The Wall Street Journal considers
    • “Why All The Fuss About Bone Density?
    • “Like most of my peers, I’m being bombarded daily with hectoring advice about my bones. What’s a 40-something woman to do?” * * *
    • “For guidance, [the journalist] consult[s] with Dr. Karen Tang, the author of “It’s Not Hysteria: Everything You Need to Know About Your Reproductive Health (but Were Never Told),” who offers a more measured take.” 
  • Medscape adds,
    • “A low-dose, single pill that combines three antihypertensive treatments is as effective as standard-dose monotherapy — in some cases even better — for treating mild-to-moderate hypertension, according to the first phase 3 double-blind trials comparing the medications.
    • “Investigators for the HM-APOLLO-301 and HM-APOLLO-302 phase 3 clinical trials, which were published in the Journal of the American College of Cardiology, contend there is now concrete evidence to support the efficacy of the single-pill therapy.
    • “They argue that starting with the traditional single-agent therapy and then titrating up can delay blood pressure control, increase the possibility of adverse effects, and affect patient adherence.”
  • The University of Minnesota’s CIDRAP relates,
    • “The results of a randomized controlled trial (RCT) indicate that meningococcal B vaccine is not effective at preventing gonorrhea infection in high-risk groups.
    • “The results, presented this week at the Conference on Retroviruses and Infections by a team of Australian researchers, show that among gay and bisexual men with a history of gonorrhea infection who received either the 4CMenB vaccine or placebo, gonorrhea incidence was essentially the same—roughly 48% in both arms.
    • “The 4CMenB vaccine is designed to protect against four serogroups of Neisseria meningitidis, which can cause invasive meningococcal disease. But in recent years, observational studies have suggested 4CMenB might also provide moderate cross-protection against Neisseria gonorrhoeae, the bacterium that causes gonorrhea—one of the most common sexually transmitted infections (STIs) worldwide.” 
  • Genetic Engineering and Biotechnology News reports,
    • “CAR T cell therapy has revolutionized the treatment of many blood cancers, but has shown little success against solid tumors, which account for more than 85% of all cancers.
    • “Columbia University researchers have now developed a new form of highly sensitive CAR T cells, known as HIT T cells, that aims to overcome one of the biggest barriers in solid tumor immunotherapies, which is the way that solid tumors lack a single, widely shared surface target.
    • “Headed by Michel Sadelain, MD, PhD, director Columbia Initiative in Cell Engineering and Therapy (CICET), the researchers engineered an ultra-sensitive and highly selective chimeric antigen receptor called an HLA-independent T cell (HIT) receptor, which is capable of detecting even the smallest amounts of the protein CD70 on tumor cells.”

From the U.S. healthcare business front,

  • Healthcare Dive reports,
    • “Elevance is consolidating control of its health insurance businesses under Felicia Norwood, its head of government benefits, as the company looks to improve coordination across its Medicaid, Medicare and commercial plans and — hopefully — bolster waning profits.
    • “Mark Kaye, Elevance’s CFO, will also take on leadership of health services division Carelon as current president Peter Haytaian leaves to spend more time with his family, according to a press release Thursday announcing the executive changes.
    • “Haytaian will leave the role effective May 4 and stay on as an advisor through the end of the year. The executive first joined Elevance in 2012 through its acquisition of Amerigroup before becoming president of Carelon in 2021.”
  • Beckers Payer Issues adds,
    • “Longtime UnitedHealth Group executive Heather Cianfrocco is leaving the company.
    • Ms. Cianfrocco has served as executive vice president of governance, compliance and information security at UnitedHealth since April 2025. She briefly served as CEO of Optum from 2024 to 2025 before being succeeded by Patrick Conway, MD, who previously led Optum Rx. 
    • “After 24 years, I am saying goodbye to the team at UnitedHealth Group,” she wrote on LinkedIn Feb. 27. “I am leaving with so much pride in what we have accomplished together. I’ve had the privilege of working alongside some of the most talented, mission-driven people who show up every day determined to make health care easier to navigate, more affordable and more human.”
  • Beckers Hospital Review notes,
    • “CVS Caremark is expanding its use of Surescripts’ Touchless Prior Authorization platform to accelerate approvals for select specialty medications.
    • “The prior authorization technology connects directly to patients’ EHRs to gather required clinical data and match it with prior authorization criteria, according to a Feb. 25 news release. When requirements are met, CVS Caremark can approve medications automatically in as little as 22 seconds.
    • “The platform is currently used for select specialty drugs, including Vivitrol and Epidiolex, which treat substance use disorder and epilepsy. These medications typically require complex approvals because of their high impact and specialized clinical use cases.”
  • Healthcare Dive tells us,
    • “Teladoc Health projects membership in its business-to-business integrated care unit will decline this year, in part due to the expiration of enhanced Affordable Care Act subsidies, management said during a fourth-quarter earnings call Wednesday.
    • “The company expects 97 million to 100 million members in U.S. integrated care in 2026, down from 101.8 million at the end of last year. 
    • ‘Teladoc expects the decline will be driven by enrollment reductions at some client health plans in government programs, which were impacted by the lapse of more generous financial assistance for ACA coverage, CEO Chuck Divita said on the call.”
  • Fierce Healthcare adds,
    • “Walgreens is wading into the self-pay GLP-1 space, going head-to-head with telehealth subscription offerings.
    • “The retail pharmacy giant launched a digital weight management service to offer access to personalized, clinician-guided support for weight loss. The service expands Walgreens’ virtual healthcare platform and provides patients with access to licensed doctors and nurse practitioners, FDA-approved medication options and ongoing virtual support, according to the company in a press release.
    • “Virtual visits through the weight management service cost $49 with no requirement for a monthly subscription. The program, currently available in 28 states, is intended for eligible overweight and obese adults ages 18-64 who plan to self-pay for their GLP-1 medication.”
  • Healthexec summarizes news from “the 2026 ViVE conference, part of HLTH, [which] just wrapped up in California. On the show floor, people from across the healthcare and health IT space gathered for four days of events, thought leader insights and product showcases on the floors of the Los Angeles Convention Center. 

Tuesday report

David ErmerCongress, Employee Wellness Programs, FDA, Generative AI, NIH, No Surprises Act, Obesity, U.S. Healthcare

From Washington, DC

  • Bloomberg Law reports,
    • “Another reconciliation bill represents a “tremendous opportunity”for Republicans to pass key policy priorities before the midterm elections, a House GOP tax-writer said Monday.
    • “Rep. Beth Van Duyne (R-Texas), a member of the House Ways and Means Committee, said at a Bloomberg Government roundtable that Republicans want a second shot at passing several provisions that were axed from their first reconciliation bill passed last year.
    • “It was a heavy lift to do reconciliation 1.0,” Van Duyne said. “But I think there’s a lot of parts of that bill that got washed out in the Byrd bath that we would like to be able to see put in reconciliation 2.0.” * * *
    • “Republican leaders including Ways and Means Chairman Jason Smith (R-Mo.) along with President Donald Trump have been cool to the idea of starting work on a second party-line bill given how challenging it was to pass the first bill, though a number of rank-and-file GOP lawmakers have clamored for it.
    • “There’s a lot of very strong bills that would be productive to be able to have passed and the only way that we can do that is put it in reconciliation,” Van Duyne said.”
  • and
    • “More than three dozen employers, insurers, and patient advocacy groups are askingthe Trump administration to intervene in the arbitration process for surprise medical bills. 
    • “Dysfunction under the No Surprises Act has flooded the courts with cases of alleged fraud on both sides. Insurers accuse providers of knowingly submitting ineligible claims to the arbitration process, while providers allege insurers are misleading arbitrators on key payment metrics.
    • “Health insurance companies and employers are losing the vast majority of cases under the law. Data from the Centers for Medicare & Medicaid Services, which oversees the arbitration process, show that providers are winning 88% of the time. But courts are largely siding with insurers when providers allege they aren’t paying up, saying that enforcement resides with the CMS.
    • “The Office of Management and Budget is reviewing a final rule to improve the independent dispute resolution process, which requires arbitrators to settle out-of-network bills between doctors and insurers. The rule has languished since the Department of Health and Human Services first proposed it in November 2023 as a series of legal challenges from the Texas Medical Association unfolded in the courts.
    • “More transparency and accountability is needed for companies that oversee arbitration, the ERISA Industry Committee, American Benefits Council, Business Group on Health, Elevance Health, union 32BJ Health Fund, and others said in a letter Tuesday.”
  • FEHBlog note — With regard to transparency, one of the factors that the arbitrators consider is patient acuity. A health plan can only guess at that factor. That’s unreasonable. The arbitration process should better align with American Arbitration Association rules for baseball arbitration.
  • Mobihealth News relates,
    • “Dr. Mehmet Oz, administrator of the Centers for Medicare and Medicaid Services (CMS), said during an Action for Progress event focused on addiction and mental health that AI avatars are the best way to help rural communities access mental healthcare.
    • “We do not have enough practitioners for mental health support in these areas,” Dr. Oz said during the event.
    • “I’m telling you right now. There’s no question about it – whether you want it or not – the best way to help some of these communities is going to be AI-based avatars.”
    • “He proposed using agentic AI with the ability to conduct early mental health intakes, customize support to a patient’s needs and understand what a patient is “up to.”  
    • “[These tools] will pick up subtle little nuances in how you’re saying things – if you do it on purpose, it’s actually cool to find out – that will alert the avatar, but more importantly, the doctor they are going to report to that there is something going on,” Oz said. “And there will always be a doctor.”
    • “He framed the use of AI avatars to be used in conjunction with clinicians as, he said, humans are biologically designed to interpret facial cues, such as happiness, boredom, excitement and more, before a person verbalizes it.
    • “The key question is how do we use AI thoughtfully in that setting? If we do it right, we’ll build a much more sustainable healthcare system around mental health issues,” Oz said.”  

From the Food and Drug Administration front,

  • Fierce Pharma reports
    • “Four years after the FDA issued its most heavy-handed form of a rejection to the prior company behind pegzilarginase, the U.S. regulator has now given the treatment a thumbs-up.
    • “Scoring the accelerated nod is Immedica Pharma for Loargys as a therapy for hyperargininemia in the ultrarare genetic disorder Arginase 1 deficiency (ARG1-D). The approval covers patients age 2 and older, with the therapy to be used in conjunction with a protein-restricted diet. 
    • “Loargys, which is also known as pegzilarginase, is a recombinant human enzyme designed to lower levels of arginine in patients who are unable to break down the amino acid. It is the first treatment to address the elevated levels of plasma arginine associated with the disorder.”
  • and
    • “Sanofi and Regeneron’s megablockbuster immunology drug Dupixent has gained yet another FDA approval, this time in allergic fungal rhinosinusitis (AFRS).
    • “The U.S. regulator signed off on the drug as a treatment for adults and children ages 6 and older with AFRS based on late-stage trial data showing Dupixent reduced nasal signs and symptoms and systemic corticosteroid use or surgery compared to placebo, according to a Feb. 24 press release.” * * *
    • “Harmony Biosciences is rounding out the U.S. patient pool eligible for its sleep disorder pill Wakix after notching a pediatric nod from the FDA that positions the drug as a treatment for cataplexy in people ages 6 and older with narcolepsy.
    • “The new addition to Wakix’s label makes it the only non-scheduled treatment for both adult and pediatric narcolepsy patients in the U.S. with or without cataplexy. That non-scheduled classification represents an “important distinction that supports its clinical utility,” Harmony’s CEO, Jeffrey Dayno, M.D., commented in a press release. Cataplexy is a common symptom of narcolepsy that involves a sudden weakening of muscles, often when triggered by a strong emotion.” * * *
    • “Two months after Johnson & Johnson’s Rybrevant Faspro picked up its first FDA approval, the subcutaneous lung cancer drug has scored a label expansion to be given monthly.
    • “On Tuesday, J&J touted a “simplified” monthly dosing regimen for the drug’s combination with lazertinib for the first-line treatment of epidermal growth factor receptor EGFR-mutated advanced non-small cell lung cancer. Previously, the combo was approved as an every-two-week regimen.”
  • and
    • “Just three months after further scaling back its support for the struggling hemophilia A gene therapy Roctavian, the company is walking away altogether by pulling the treatment from the market. 
    • “The move follows a “comprehensive effort” to identify a potential buyer for the therapy, BioMarin explained Monday in its fourth-quarter earnings press release.” 

From the public health and medical / Rx research front,

  •  Health Day relates,
    • “You don’t need to look buff or tough, but muscle strength can influence how long you’ll live, a new study says.
    • “Older women with greater strength had a significantly lower risk of death during an eight-year follow-up, researchers recently reported in JAMA Network Open.
    • “The study measured women’s grip strength and ability to rise from a seated to standing position — two tests commonly used to determine seniors’ strength levels.
    • “Women had a 12% lower death rate for every 15 additional pounds of grip strength they exhibited during testing, researchers found.
    • “Likewise, they had a 4% lower death rate for every 6 seconds faster they could complete five sit-to-stand chair raises, results showed.”
  • and
    • “Teens who use weed are twice as likely to develop psychotic or bipolar disorders, a new study says.
    • “They also are more likely to have depression and anxiety, researchers reported Feb. 20 in JAMA Health Forum.
    • “As cannabis becomes more potent and aggressively marketed, this study indicates that adolescent cannabis use is associated with double the risk of incident psychotic and bipolar disorders, two of the most serious mental health conditions,” researcher Dr. Lynn Silver said in a news release. She’s a program director at the Public Health Institute in Oakland, California.
    • “More than 10% of 12- to 17-year-olds in the U.S. have used weed within the past year, researchers said in background notes. By their senior year in high school, about 26% of U.S. teenagers have tried it.”
  • and
    • “Side effects like nausea or vomiting are common among folks taking Ozempic/Wegovy, but they’ll grin and bear it if they think they’re losing weight, a new study finds.
    • “The drugs’ perceived effectiveness — lost weight, less appetite, fewer food cravings — outweigh GI side effects, researchers reported recently in the Journal of Medical Internet Research.”
  • MedPage Today informs us,
    • “Hepatitis B vaccination rates among U.S. newborns have fallen by more than 10 percentage points over the past 2 years.
    • “Those rates climbed steadily for 6 years, peaking at 83.5% in February 2023 before dropping to 73.2% by August 2025.
    • “The drop began months before the CDC’s Advisory Committee on Immunization Practices voted in December to stop universally recommending the birth dose.”
  • and
  • Per an NIH news release,
    • “A study funded by the National Institutes of Health (NIH) reduced new HIV cases by 70% in rural Kenya and Uganda by pairing digital tools with tailored HIV services delivered by community health workers and clinicians. This successful strategic implementation of existing healthcare infrastructure and available HIV prevention and treatment options could become a model for reducing HIV incidence in other countries, including the United States. The findings were presented today at the 33rd Conference on Retroviruses and Opportunistic Infections (CROI 2026) in Denver.”  
  • Here’s a link to the latest edition of NIH’s Research Matters which covers the following topics:

From the U.S. heathcare business and artificial intelligence front,

  • The Wall Street Journal reports,
    • Novo Nordisk NOVO.B plans to slash U.S. list prices for its popular weight-loss and diabetes drugs Wegovy and Ozempic by up to half starting next year.
    • Under the changes, both Ozempic and Wegovy will list for $675 a month, effective Jan. 1, 2027. That is half of the current price tag for anti-obesity therapy Wegovy and a 34% cut for diabetes treatment Ozempic. The price cuts also will apply to pill versions of both injections, including one sold as Rybelsus.
    • The reductions escalate a price war with rival Eli Lilly LLY -1.40% in one of the fastest-growing, most hotly contested categories in pharmaceuticals.
  • Optum Rx, writing in LinkedIn, discusses the next phase of the GLP-1 revolution.
  • STAT News relates,
    • “In the last year and a half, direct-to-consumer telehealth company Hims & Hers has become a leading voice in the debate over compounded GLP-1 weight loss medications. On Monday, it announced earnings from the last quarter of 2025 after a whirlwind month that raised questions about the regulatory risks of the company’s compounding model and the threat of an investigation. 
    • “In the call, Hims & Hers CEO Andrew Dudum addressed the increased scrutiny on compounded GLP-1s and its impact on the business’s bottom line, emphasizing Hims’ other medications, including for weight loss. “We believe there’s a really durable weight business,” said Dudum, “even if you think you’re kind of in a draconian scenario of compounding GLP-1s not being there.”
  • Fierce Healthcare tells us,
    • “Employers are spending more on women’s and family health, but that is not always being felt by employees, a new report finds.
    • “The Maven Clinic released its fifth annual State of Women’s & Family Health Benefits report, which is based on responses from over 2,000 HR leaders and nearly 5,000 full-time employees across the U.S., U.K., Canada and India. The report highlights how rising healthcare costs are reshaping how employees seek care and what actions employers are considering to help address those costs.
    • “Though employers reported a 39% average increase in women’s and family health benefits offered year-over-year, the share of employees who felt their benefits support them “very well” dropped 10% on average. Globally, across all benefits, employers were slightly more likely to add or enhance benefits in the next year compared to those in the U.S.”
    • “From Maven’s perspective, all the report’s findings highlight the need for an integrated approach to benefits and care delivery.
    • “We think that the category continues to show importance, and that is a positive,” Stephanie Glenn, chief commercial officer at Maven, told Fierce Healthcare. 
    • “But the gap in what’s being offered and what employees are feeling exists because of a lack of thoughtful integration, she added. “Unless it’s a coordinated offering, if you get a one-time email about a new benefit, it’s very disjointed. You don’t understand what it looks like,” she said.”
  • Healthcare Dive tells us,
    • “Thirty-one thousand Kaiser Permanente nurses and other healthcare professionals in California and Hawaii ended a major strike Tuesday after about a month on the picket lines. 
    • “In a statement Monday, the workers’ union, the United Nurses Associations of California/Union of Health Care Professionals, said “significant movement” at the bargaining table over the past two days prompted leaders to end the strike.
    • “Returning members to their patients and their livelihoods is the clearest path to securing a final agreement and building on the progress achieved during the strike,” the UNAC/UHCP said.”
  • and
    • “Home health and hospice provider Enhabit has agreed to be taken private by private equity firm Kinderhook Industries in a deal worth $1.1 billion.
    • “Under the deal terms announced Monday, shareholders will receive $13.80 in cash per share, representing an almost 25% premium over Enhabit’s closing stock price on Feb. 20. 
    • “The Dallas-based provider — which has almost 250 home health locations and over 115 hospice locations in 34 states — will cease trading on the New York Stock Exchange when the deal closes, which the companies expect to happen in the second quarter this year.”
  • Beckers Hospital Review notes,
    • “For the first time, women now make up the majority of physicians in U.S. training programs, according to the Association of American Medical Colleges’ annual report on residency trends. 
    • “In the 2024-25 academic year, women accounted for 50.2% of residents and fellows across all specialties and subspecialties, per the report. The figure marks a stark contrast from the 1970s, when women comprised less than 10% of physicians, and reflects decades of steady growth in female representation in medical schools and training programs.”
  • and
    • “If healthcare IT were golf, CIOs would take a few mulligans.
    • “Choosing and installing an EHR is often one of the biggest, most complicated decisions IT leaders will ever make, and some executives told Becker’s they would do things differently if they could go back in time.”
  • Per MedTech Dive,
    • “Medtronic on Tuesday priced a planned initial public offering for its MiniMed diabetes spinoff at up to $784 million.
    • “MiniMed plans to price its IPO between $25 and $28 per share across 28 million shares. Underwriters will also have the option to buy an additional 4.2 million shares at the IPO price.
    • “Medtronic first announced plans to spin out its diabetes business into a separate, publicly traded company in May. The new firm would be the only company in the market that sells both insulin pumps and continuous glucose monitors.”

Monday report,

David ErmerCDC, CMS, Congress, FDA, Generative AI, Medical / Rx research, Medicare, OPM, U.S. Healthcare

From Washington, DC,

  • The Hill reports,
    • “Lawmakers return to Capitol Hill this week facing an uphill climb to fund the Department of Homeland Security (DHS) as Republicans see an opening after President Trump’s State of the Union address on Tuesday despite few signs that Democrats are willing to compromise on their demands.”
  • The Congressional Budget Office tells us,
    • “The Congressional Budget Office regularly updates the Congress on our projections of the Hospital Insurance (HI) Trust Fund’s financial position as well as changes in our outlook on that position. This blog post serves as that update.
    • “The HI trust fund is used to pay for benefits under Medicare Part A, which covers inpatient hospital services, care provided in skilled nursing facilities, home health care, and hospice care. The fund derives its income from several sources. Over the next 30 years, about three-quarters of its annual income comes from the Medicare payroll tax and roughly one-eighth comes from income taxes on Social Security benefits. The rest comes from other sources.” * * *
    • “The year in which the HI trust fund’s balance is exhausted in our current projections, 2040, is 12 years earlier than in our most recent estimate of that date, which was published in March 2025. Measured in relation to taxable payroll, the trust fund’s 25-year actuarial deficit is 0.17 percentage points greater in the current projections than in last year’s. (Measured in relation to GDP, the actuarial deficit is 0.07 percentage points greater than we projected last year.) Those changes are driven largely by projections of less income to the fund. Projections of greater spending also contribute to the changes.”
  • STAT New reports,
    • “More evidence is starting to show the government’s arbitration process to settle out-of-network bills has morphed into a cash cannon for doctors and medical groups.
    • Jinghong Chen of Payer Perspectives sifted through the latest federal data covering the arbitration process created by the No Surprises Act and found that not only are medical groups winning nearly nine out of every 10 cases, they are also getting paid more than anyone can imagine.
    • “The NSA’s arbitration process encouraged the use of the “qualifying payment amount” — essentially the average in-network rate that providers in a given area have agreed to — as a benchmark for disputes. How quaint. Instead, medical groups have fought for, and won, astronomically higher amounts. 
    • “Radiologists are winning offers that are, on average, almost 500% of the typical in-network rate, according to Chen’s analysis. Surgeons are getting payments for contested services that are a median 1,320% above the in-network rate. Neurology and neuromuscular procedures have median winning offers of nearly 2,400% above the in-network average.”
  • Govexec informs us,
    • “Federal supervisors are poised to soon face limitations on how many employees they can rate as above average in their annual performance reviews after the Trump administration on Monday proposed upending the process for evaluating civil servants. 
    • “The Office of Personnel Management’s proposed rule would implement the first major overhaul of the federal employee performance management system in decades. The Trump administration is aiming to correct for what it views as inflated ratings within the federal workforce. 
    • “The rule, which OPM will formally release on Tuesday, largely mirrors a draft version Government Executive exclusively obtained and reported on in December.”
  • The Affordable Care Act regulators announced today their decision to extend the public comment period for the proposed rule that appeared in the Federal Register on December 23, 2025, titled “Transparency in Coverage” from February 23, 2026, to March 2, 2026.
  • The New York Times reports,
    • “Adding to a rapid shake-up of the leadership at federal health agencies, the Centers for Disease Control and Prevention announced on Monday that Dr. Ralph Abraham had resigned as the agency’s principal deputy director.
    • “His departure thins the ranks of vaccine skeptics at the agency’s helm, a sign of the administration’s pivot away from the agenda pursued thus far by Health Secretary Robert F. Kennedy Jr. and his appointees.
    • “Dr. Abraham’s resignation, which comes less than three months into the job, was effective immediately, the agency said in a statement on its website.” 

From the Food and Drug Admininstration front,

  • Beckers Hospital Review tells us,
    • “Eli Lilly has launched a multidose version of its blockbuster weight loss drug Zepbound that gives patients a month’s worth of treatment in a single injection pen.  
    • “On Feb. 23, the drugmaker said the FDA approved a label expansion for Zepbound (tirzepatide) to include the four-dose, single-patient-use KwikPen. The device contains four weekly doses, reducing the number of pens patients need each month compared with single-dose injectors.
    • “The KwikPen will be available by prescription for self-paying patients through LillyDirect, Eli LIlly’s direct-to-consumer platform. Prices start at $299 per month for the lowest dose. Patients choosing the self-pay option can access all approved doses in either the multidose pen or single dose vial at the same price, the company said.”
  • Per an FDA news release,
    • “The U.S. Food and Drug Administration today issued draft guidance for sponsors seeking approval for targeted individualized therapies by generating substantial evidence of effectiveness and safety when randomized controlled trials are not feasible due to small patient populations. 
    • “The draft guidance, issued by the Center for Biologics Evaluation and Research and Center for Drug Evaluation and Research, specifically discusses genome editing and RNA-based therapies such as antisense oligonucleotides but leaves open the potential that this framework may apply to additional tailored therapeutics provided they directly address the underlying specific cause of the disease.” * * *
    • “The draft guidance, Considerations for the Use of the Plausible Mechanism Framework to Develop Individualized Therapies that Target Specific Genetic Conditions with Known Biological Cause, is available for public comment. Comments must be submitted within 60 days of publication in the Federal Register at Regulations.gov.”
  • Per Fierce Pharma,
    • “Vanda Pharmaceuticals is riding a regulatory roller coaster over the last few months. December brought an FDA thumbs up for its new motion sickness drug Nereus. Then in January, the U.S. regulator re-upped its rejection of Vanda’s Hetlioz for jet lag disorder.
    • “Now in February, the agency has issued another new drug approval to Vanda, signing off on Bysanti as a first-line treatment for schizophrenia or for manic or mixed episodes associated with bipolar I disorder. 
    • :The atypical antipsychotic tablet, also known as the chemical compound milsaperidone, has demonstrated in clinical trials its bioequivalence to Vanda’s Fanpat (iloperidone), which has been approved in the same two indications.”
  • and
    • “Only a month after Jazz Pharmaceuticals said it had signed a deal to sell an FDA priority review voucher (PRV) for $200 million, a new PRV transaction involving Fortress Biotech and an unnamed buyer shows that the trend of rising voucher prices is still going strong.
    • “Monday morning, Fortress said its subsidiary, Cyprium Therapeutics, has entered into an agreement to sell a recently received rare pediatric disease priority review voucher for $205 million. Cyprium got its hands on the PRV as part of the FDA’s recent approval of injected copper replacement therapy Zycubo as the first treatment approved in the U.S. for the rare neurodegenerative disorder Menkes disease.
    • “While another company, Sentynl Therapeutics, is handling development and commercialization of Zycubo under a 2023 agreement, the deal called for Sentynl to transfer the PRV back to Fortress/Cyprium after the approval.”  

From the public health and medical / Rx research front,

  • STAT News reports,
    • “Women’s bodies are different from men’s in ways that medicine is still learning. Meanwhile, their risk of serious cardiovascular events can be underestimated if their distinct risk profiles are blurred with men’s. 
    • “The latest example of important sex differences centers on the plaque burden in coronary arteries — a measure of fat and cholesterol deposits that also accounts for blood vessel size. 
    • “Women tend to have lower volumes of plaque than men, but their total plaque burden is higher because the fatty deposits take up a larger fraction of their smaller coronary arteries. Their risk for a heart attack or hospitalization for chest pain emerged when their plaque burden was lower than men’s, and their risk climbed more steeply, too, a new study published Monday in Circulation: Cardiovascular Imaging concluded.”
  • The Washington Post relates,
    • “Obstetrician Jeanne Conry has long paid attention to the “1,300-day window”— the months before conception through a child’s second birthday. Studies show nutrition and lifestyle during this period can shape pregnancy outcomes and the long-term health of the babies. Conry began to wonder if such factors could also influence autism.
    • “She is now helping lead an educational push aimed at alerting women to their exposure to toxins, stress and infections during this narrow and consequential window — guided by the idea that what happens then may subtly shape eggs or sperm, and in turn, influence a child’s development long before pregnancy begins.
    • “The more we research, the more we see links between different chemical exposures and autism so if we reduce those links we will ideally reduce cases,” Conry said.”
  • STAT News also informs us,
    • “Novo Nordisk’s next-generation weight loss drug CagriSema, one of the company’s key hopes to help it regain its footing in the increasingly competitive obesity market, failed in a key study that compared it to rival Eli Lilly’s tirzepatide, Novo said Monday. 
    • “The open-label REDEFINE 4 study was designed to test whether CagriSema could help patients lose the same amount of weight as those who received tirzepatide, which is sold as Zepbound and Mounjaro. But over 84 weeks, patients in the CagriSema arm saw a weight loss of 20.2%, versus 23.6% for those getting tirzepatide. Statistically, the results did not show that CagriSema performed equivalently to Lilly’s drug — what’s known as non-inferiority.” 
  • The Hill adds,
    • “An ingredient in the prescription diabetes drug Mounjaro was found to reduce alcohol intake in rodents, according to a recent study. 
    • “In the study, published in early January in the medical journal eBioMedicine, researchers in Sweden, South Carolina and Brazil looked at how the ingredient, tirzepatide, affected rodents. The researchers found that alcohol’s “rewarding properties” were lessened by the ingredient and that behaviors including the voluntary consumption of alcohol and binge drinking dropped.
    • * * * “In summary, our findings indicate that tirzepatide influences alcohol-related responses in ways that appear to have clinical potential. Tirzepatide consistently reduced alcohol intake across different drinking paradigms and both sexes without signs of tolerance development,” the researchers wrote.
    • “Perhaps more significantly, tirzepatide’s effects on relapse behaviours suggest it might help decrease relapse vulnerability, a finding that could prove important for therapeutic applications,” they added.”
  • The American Medical Association lets us know “What doctors wish patients knew about food allergies.”
    • “Milk, eggs, peanuts, tree nuts, fish, shellfish, wheat, soy and sesame are the “Big Nine” food allergies. Two allergists share more about food allergies.”
  • NPR adds,
    • “Ultra-processed foods are industrially manufactured products that contain ingredients rarely found in your kitchen, such as preservatives, artificial sweeteners, colorings, natural flavors and emulsifiers. Numerous studies have shown that these foods increase the risk of a host of health problems, including diabetesheart diseasedepression and obesity.
    • “When people ask me about ultra-processed foods, they’re often most confused about grains, carbohydrates and starches,” says Dr. Dariush Mozaffarian, who leads the Food is Medicine Institute at Tufts University. These foods include breads, crackers, pretzels, pea snaps, veggie straws, pastas and puffed rice or corn. “People want to know how to choose more healthful versions of these products,” he says.
    • “So Mozaffarian gives his patients two practical rules of thumb to follow when selecting grains and starches: the 10 to 1 test and the water test.”
  • Cardiovascular Business points out,
    • “The risk of death following percutaneous coronary intervention (PCI) remains incredibly low, according to new findings published in The American Journal of Cardiology.[1] When it does occur, acute myocardial infarction (AMI), cardiac arrest and infection are two of the most common reasons.
    • “Estimating the risk of periprocedural mortality after percutaneous coronary intervention (PCI) is crucial for risk stratification and quality assessment,” wrote Dimitrios Strepkos, MD, a researcher with the Minneapolis Heart Institute Foundation, and colleagues. 
    • “Strepkos et al. examined data from the PROGRESS-COMPLICATIONS registry, focusing on more than 22,000 patients who underwent PCI from 2014 to 2024 at one of two high-volume U.S. facilities. The overall technical success rate was 78.3%. While 14.8% of patients underwent atherectomy as part of the procedure, 6.1% underwent intravascular lithotripsy.”

From the U.S. healthcare business and artificial intelligence front,

  • The Wall Street Journal reports,
    • Merck MRK is shaking up the leadership of its main pharmaceutical unit as the U.S. drugmaker braces for sales pressure later this decade.
    • “The Rahway, N.J.-based company said Monday it will split its human-health business into two divisions. One will house its cancer drugs, including the blockbuster Keytruda. The immunotherapy accounts for nearly half of total Merck sales but is due to lose U.S. patent protection in 2028, exposing it to lower-cost copycat competition.
    • “The second new division—the specialty, pharma and infectious-diseases business unit—will sell noncancer products, including the HPV vaccine Gardasil, diabetes drug Januvia and newer products such as lung-disease treatment Winrevair. 
    • “Merck is counting on this unit to generate big sales growth to offset the expected Keytruda sales decline.” 
  • Beckers Hospital Review reports,
    • “Nacogdoches (Texas) County Hospital District is eyeing a new lease agreement with Dallas-based Tenet Healthcare that would merge Nacogdoches Memorial Hospital with Nacogdoches Medical Center, ABC affiliate KTRE reported Feb. 19.
    • “Under the proposed deal, the two hospitals would operate under unified management.
    • “Consolidating the hospitals would help the district sustain care for the community’s underserved population while benefiting from the resources and support of a larger health system, David Schaefer, vice president of the hospital district’s board, told the media outlet.” 
  • MedTech Dive notes,
    • “Guardant Health has acquired MetaSight Diagnostics for $59 million in upfront cash to bolster its multi-disease detection pipeline, the company said Thursday. The deal includes up to $90 million in payments tied to future commercial performance and regulatory approvals.
    • “MetaSight uses mass spectrometry multi-omics technology to find biomarkers associated with acute and chronic diseases in serum samples. Tests for colorectal cancer, an area of focus for Guardant, and liver disease-associated fibrosis were MetaSight’s two most advanced programs just before the acquisition.”  
  • Fierce Healthcare points out,
    • “As providers rapidly adopt artificial intelligence technology for clinical documentation, there is a demand for AI clinical assistants that meet the needs of specialty medicine practices.
    • “Health tech company Nextech recently launched its next-generation AI assistant, called Cora, along with its clinical documentation feature, Cora Scribe, to provide AI technology that was designed with specialty workflows in mind, according to the company.
    • “Nextech provides electronic medical record and practice management software to specialty physician practices as well as revenue cycle management (RCM), customer relationship management (CRM) and other software systems. The company supports 16,000 physicians, more than 5,500 practices and 60,000 office staff members in the clinical specialties of dermatology, ophthalmology, orthopedics, plastic surgery and medical spa practices.”
  • The American Hospital Association News adds,
    • “The AHA responded to a request for information today from the Department of Health and Human Services on the adoption and use of artificial intelligence in clinical care. The AHA urged HHS to synchronize and leverage existing AI policy frameworks to avoid redundancy, remove regulatory barriers that inhibit the development and deployment of AI tools, adopt policies ensuring the safe and effective use of AI, and align incentives and address infrastructural factors necessary to expand AI in health care.  
    • “The AHA’s comments build upon previous responses to RFIs on regulation and reimbursement for AI, including an RFI from the Office of Science Technology Policy on ways to reduce regulatory burden for AI, an RFI from the Food and Drug Administration on measuring and evaluating AI-enabled medical devices, and RFIs from the Centers for Medicare & Medicaid Services on payment for AI tools through the calendar year 2026 Outpatient Prospective Payment System proposed rule and CY 2026 Physician Fee Schedule proposed rule.”

Cybersecurity Saturday

David ErmerCybersecurity, Generative AI

From the cybersecurity policy and law enforcement front,

  • Cyberscoop reports from its Cybertalks event held earlier this week.
    • “Department of Health and Human Services official said Thursday that HHS is devoting a lot of attention to the security of third-party service providers after the 2024 Change Healthcare cyberattack.
    • “That attack, which is widely regarded as the biggest ever in the sector — including by HHS’s Charlee Hess, who spoke Thursday at CyberTalks presented by CyberScoop — began with hackers exploiting the lack of multifactor authentication set up on a remote access portal at Change Healthcare.
    • “It wasn’t a hospital, it was a company most people have never heard of and had major impacts on our sector and threatened the liquidity of our entire health care system,” said Hess, director of the healthcare and public health sector cybersecurity at the Administration for Strategy Preparedness and Response division. “We recovered from that, but we realized there are third-party risks lurking in our health care system, and we don’t even know they’re there. Where are those entities or systems that will have an outsized impact on our sector?”
  • and
    • “A top FBI cyber official said Salt Typhoon, the Chinese cyber espionage group behind the widespread compromise of U.S. telecommunications infrastructure in 2024, continues to pose a broad threat to both America’s private and public sectors.
    • “Michael Machtinger, deputy assistant director for cyber intelligence at the FBI, touted improved partnerships between the telecommunications industry and government in the wake of the campaign while speaking at CyberTalks, presented by CyberScoop, in Washington D.C. Thursday.
    • Companies who engaged with the FBI and federal agencies like CISA early after the campaign went public “have been without a doubt the most successful in mitigating the impact of the Salt Typhoon intrusions,” he claimed.”
  • and
    • “The Trump administration wants to boost the use of artificial intelligence for security in a way that doesn’t increase the number of targets for adversaries to attack, a top official with the Office of the National Cyber Director said Thursday.
    • “The administration will “promote the rapid implementation of AI enabled cyber defensive tools to detect, divert and deceive threat actors who continue targeting our vital systems and sectors,” Alexandra Seymour, principal deputy assistant cyber director for policy, said at CyberTalks, presented by CyberScoop. “We want to ensure that as Americans, companies and agencies deploy AI to defend themselves, they are not inadvertently making themselves more vulnerable by widening the attack surface.”
    • “Overall, “We’re working with our interagency and White House colleagues to promote AI-driven success while addressing concerns about AI security and countering AI abuse by adversaries,” she said.
    • “The focus on AI is expected to get further attention from a forthcoming national cyber strategy and the implementation of that strategy due to follow.”
  • Federal News Network adds,
    • “The National Institutes of Standards and Technology is launching a new project around standards for artificial intelligence agents, with NIST positioning the project as key to advancing agentic AI innovation.
    • “NIST’s Center for AI Standards and Innovation (CAISI) announced the “AI Agent Standards Initiative” this week. The project aims to foster “industry-led technical standards and protocols that build public trust in AI agents, catalyze an interoperable agent ecosystem, and diffuse their benefits to all Americans and across the world,” NIST said in a release this week.
    • “AI agents can now work autonomously for hours, write and debug code, manage emails and calendars, and shop for goods, among other emerging use cases,” NIST added. “While the productivity promise is enticing, the real-world utility of agents is constrained by their ability to interact with external systems and internal data. Absent confidence in the reliability of AI agents and interoperability among agents and digital resources, innovators may face a fragmented ecosystem and stunted adoption.”
    • While NIST’s press release positioned the project around innovation, the initiative’s opening products are centered on security. Since AI agents can take actions autonomously, tech experts say they present significant safety and security concerns.
    • “The initiative’s initial outputs includes a request for information on “AI agent security.” The deadline for responses to the RFI is March 9.”
  • Per February 19, 2026, HHS news release,
    • “[T]he U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) announced a settlement with Top of the World Ranch Treatment Center (TWRTC), a substance use disorder treatment provider in Illinois, for a potential violation of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule.” * * *
    • “The settlement resolves an investigation of TWRTC that OCR initiated after receiving a breach report that TWRTC filed in March 2023. TWRTC reported that, as a result of a successful phishing attack, an unauthorized third party accessed ePHI through a workforce member’s email account. TWRTC concluded that the ePHI for 1,980 patients was compromised by the attack. OCR’s investigation found evidence that TWRTC failed to conduct an accurate and thorough risk analysis to determine the potential risks and vulnerabilities to the confidentiality, integrity, and availability of the ePHI TWRTC holds as required by the HIPAA Security Rule.
    • “Under the terms of the resolution agreement, TWRTC agreed to implement a corrective action plan that OCR will monitor for two years, and paid $103,000 to OCR.” * * *
    • “The resolution agreement and corrective action plan may be found at: https://www.hhs.gov/sites/default/files/ocr-ra-cap-twrtc.pdf [PDF, 249 KB]
  • Cyberscoop reports,
    • “A Ukrainian national who ran multiple operations to aid the North Korean government’s expansive scheme to  hire remote IT workers at U.S. companies was sentenced to five years in prison, the Justice Department said Thursday.
    • “Oleksandr Didenko stole U.S. citizens’ identities and created more than 2,500 fraudulent accounts on freelance IT job forums, money service transmitters, email services, and social media platforms to sell the proxy identities to North Korean workers. The 29-year-old pleaded guilty to multiple crimes related to the six-year scheme in November 2025.” * * *
    • “U.S. law enforcement has racked up some wins by seizing stolen cryptocurrency and targeting U.S.-based facilitators who provide forged or stolen identities for North Korean operatives. 
    • “Yet, the regime’s scheme runs deep. North Korean nationals have infiltrated many top global companies, and researchers continue to uncover evidence of new tactics and techniques operatives have used to evade detection.”

From the cybersecurity vulnerabilities and breaches front,

  • Bleeping Computer tells us,
    • “PayPal is notifying customers of a data breach after a software error in a loan application exposed their sensitive personal information, including Social Security numbers, for nearly 6 months last year.
    • “The incident affected the PayPal Working Capital (PPWC) loan app, which provides small businesses with quick access to financing.
    • “PayPal discovered the breach on December 12, 2025, and determined that customers’ names, email addresses, phone numbers, business addresses, Social Security numbers, and dates of birth had been exposed since July 1, 2025.
    • “The financial technology company said it has reversed the code change that caused the incident, blocking attackers’ access to the data one day after discovering the breach.
    • “On December 12, 2025, PayPal identified that due to an error in its PayPal Working Capital (“PPWC”) loan application, the PII of a small number of customers was exposed to unauthorized individuals during the timeframe of July 1, 2025 to December 13, 2025,” PayPal said in breach notification letters sent to affected users.”
  • The Cybersecurity and Infrastructure Security Agency (CISA) added eight known exploited vulnerabilities to its catalog during this shutdown week.
    • February 17, 2026
      • CVE-2008-0015 Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability
      • CVE-2020-7796 
      • CVE-2024-7694 TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability
      • CVE-2026-2441 Google Chromium CSS Use-After-Free Vulnerability
        • Cybersecurity News discusses the MS Windows KVe here.
        • The Hacker News discusses the other three KVEs here.
    • February 18, 2026
      • CVE-2021-22175 GitLab Server-Side Request Forgery (SSRF) Vulnerability
      • CVE-2026-22769 Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability
        • DeV discusses the Gitlab KVE here.
        • Bleeping Computer discusses the Dell KVE which demands immediate attention.
    • February 20, 2026
      • CVE-2025-49113 RoundCube Webmail Deserialization of Untrusted Data Vulnerability
      • CVE-2025-68461 RoundCube Webmail Cross-site Scripting Vulnerability
        • The Hacker News discusses these KVEs here.
  • Cybersecurity Dive reports,
    • “A critical vulnerability in BeyondTrust Remote Support is facing an increase in threat activity, with hackers deploying SparkRAT and vShell backdoors and using remote management tools to conduct reconnaissance, according to a blog post released Thursday by Palo Alto Networks’ Unit 42. 
    • “Multiple BeyondTrust Remote Support users have been confirmed targets, and a range of industries have been impacted, including financial services, technology, higher education, legal services and healthcare among others. 
    • “The vulnerability, tracked as CVE-2026-1731, is an operating system command injection flaw that also impacts some older versions of BeyondTrust Privileged Remote Access. 
    • “The flaw was originally discovered by researchers at Hacktron and disclosed to BeyondTrust.”
  • Per an HHS announcement,
    • “The Department of Health and Human Services (HHS) encourages Healthcare and Public Health (HPH) sector organizations to review and address a critical vulnerability identified in BeyondTrust Remote Support and Privileged Remote Access solutions in light of rising cyber attacks affecting the sector.
    • “BeyondTrust published Security Advisory BT26-02 regarding a critical pre-authentication remote code execution vulnerability, identified as CVE-2026-1731, affecting Remote Support and older versions of Privileged Remote Access. The vulnerability carries a CVSSv4 score of 9.9 and may be triggered through specially crafted client requests, potentially allowing an unauthenticated remote attacker to execute operating system commands in the context of the site user. 
    • “The vulnerability affects Remote Support version 25.3.1 and prior and Privileged Remote Access version 24.3.4 and prior, with remediation available through specific patches or by upgrading to fixed versions. BeyondTrust issued patches on February 2, 2026, which were automatically deployed to instances with the update service enabled and fully applied to Software as a Service environments. BeyondTrust applied patches to all SaaS customers as of February 2, 2026, and instructed self-hosted customers to manually apply updates or upgrade to supported versions where necessary. For additional information, organizations are encouraged to review the BeyondTrust Security Advisory.”
  • Dark Reading relates,
    • “New data suggests a cyber espionage group is laying the groundwork for attacks against major industries.
    • “The “React2Shell” vulnerability is already almost a few months old, but it’s far from over. An unknown but possibly state-sponsored threat actor has been using a newly discovered, maturely named toolkit — “ILovePoop” — to probe tens of millions of Internet protocol (IP) addresses worldwide, looking for opportunities to exploit React2Shell. A report from WhoisXML API, shared with Dark Reading, suggests the threat actor might be out for big game: government, defense, finance, and industrial organizations, among others, around the world but particularly in the United States.
    • “A few months later, the situation has yet to calm down, Pham says. “There are still tens of thousands of vulnerable instances exposed on the internet, and additional botnets have added React2Shell to their arsenals. It has also been confirmed in ransomware campaigns,” she says. 
    • The big difference now is that the attacks have gotten more sophisticated, as the attackers have had more time to gameplan. “The post-exploitation tradecraft has gotten more sophisticated over time. We are seeing things like PeerBlight’s use of the BitTorrent DHT as a resilient C2 fallback, which is a technique designed specifically to survive traditional domain takedowns,” Phams says.” * * *
    • “Patching a deep-rooted vulnerability like React2Shell isn’t as simple as clicking an “Update” button.”
  • and
    • “When Hillai Ben Sasson and Dan Segev set out to hack AI infrastructure two years ago, they expected to find vulnerabilities — but they didn’t expect to compromise virtually every major AI platform they targeted.
    • “The two researchers — who work in offensive and defensive research, respectively, at cloud-security firm Wiz — wanted to experiment with how they could attack the AI infrastructure being deployed as part of foundational models, AI services, and in-house AI projects. Yet, what started as simple attacks on the AI supply chain — such as abusing the widely used Pickle format to run arbitrary code — evolved into a comprehensive threat assessment spanning five distinct layers of the AI stack.
    • “They plan to present the lessons learned over their two years of research at the upcoming RSAC Conference in March. Perhaps the most important lesson: Focus on the infrastructure used to to train, run, and host AI services, and not on prompt-injection attacks, says Segev, a security architect in the Office of the CTO at Wiz.”
  • and
    • “A growing phishing-as-a-service (PhaaS) tool reliably undermines traditional methods for detecting phishing attacks, both technical and psychological.
    • “Starkiller,” described this week by researchers at Abnormal AI, is packaged and sold with a sleekness comparable to legitimate software-as-a-service (SaaS) platforms. It’s got a clean, retrofuturist dashboard, sporting real-time campaign analytics. It gets periodic updates, and even allows its cybercriminal users to log in using two-factor authentication (2FA).
    • “It’s got substance to back up its style, too. Its website advertises “enterprise-grade phishing infrastructure” for “campaigns that bypass modern security systems.” Though its self-reported 99.7% success rate is almost certainly fictional, it really does help attackers bypass many of the traditional phishing security techniques so many enterprises rely on, according to Abormal AI’s research.”
  • Cybersecurity Dive notes,
    • “The vulnerability of the “connective tissue” of the AI ecosystem — the Model Context Protocol and other tools that let AI agents communicate — “has created a vast and often unmonitored attack surface” that is making it easier for hackers to use AI to launch cyberattacks, Cisco said in a report published Thursday [February 19].
    • “Cisco said AI tools’ increasing ability to “execute processes, access databases, and push code on behalf of humans” has become the dominant AI risk and warned companies not to give AI “unsupervised control over critical business functions.”
    • “The new report also described nation-state hackers’ use of AI and warned businesses about potential AI supply-chain crises.”

From the ransomware front,

  • Bleeping Computer reports,
    • “The University of Mississippi Medical Center (UMMC) closed all its clinic locations statewide on Thursday [February 19] following a ransomware attack.
    • “UMMC has over 10,000 employees and, as one of the largest employers in Mississippi, operates seven hospitals, 35 clinics, and more than 200 telehealth sites statewide. The medical center includes the state’s only children’s hospital, only Level I trauma center, only organ and bone marrow transplant program, and the only Telehealth Center of Excellence, one of two across the United States.
    • “As revealed on Thursday afternoon, the cyberattack took down many of its IT systems and blocked access to the Epic electronic medical records. While UMMC cancelled outpatient and ambulatory surgeries/procedures and imaging appointments, officials said hospital services continue via downtime procedures.”
  • The HIPAA Journal points out ransomware attacks against three other healthcare entities.
    • “Issaqueena Pediatric Dentistry in South Carolina, Enhabit Home Health & Hospice in Texas, and AltaMed Health Services in California have announced that patient data has potentially been compromised in ransomware attacks.”
  • Per an Arctic Wolf news release,
    • “Arctic Wolf®, a global leader in security operations, today [February 17] published the 2026 edition of its Threat Report, which analyzes hundreds of real‑world incident response engagements and threat intelligence findings from the past year. The report reveals a continued rise in data‑theft‑driven extortion, sustained pressure from ransomware groups, and a significant increase in attacks that leverage remote access tools rather than technical exploits.
    • “In 2025, ransomware, business email compromise (BEC), and data incidents once again dominated Arctic Wolf’s caseload, accounting for 92% of all incident response engagements. While ransomware remained the most common category, data‑only extortion incidents surged 11x year over year, signaling a strategic shift as threat actors adapt to improved organizational recovery capabilities. The report also finds that 65% of non‑BEC intrusions stemmed from abuse of remote access technologies like RDP, VPN, and RMM tools; which is a dramatic rise that underscores attackers’ preference for low‑friction entry points.
    • “Attackers continue to rely on operational efficiency – logging in instead of breaking in, stealing data instead of encrypting it, and exploiting trusted tools rather than complex vulnerabilities,” said Ismael Valenzuela, vice president, Labs, Threat Research & Intelligence, Arctic Wolf. “Organizations that invested in visibility, identity security, and disciplined remote access controls were far more resilient throughout the year.”
  • Cybersecurity Dive adds,
    • “Hackers are using ransomware to accelerate the timeline for cyberattacks, moving on average four times faster than just a year ago, according to an incident response report released Tuesday by Palo Alto Networks. 
    • “AI is being used for reconnaissance, phishing and scripting, and operational execution in many cases. In the most efficient attacks, groups exfiltrate data just 72 minutes after initial access. 
    • Identity is a primary element in attacks, showing up in 90% of incident response cases. Threat groups are increasingly using stolen identities and tokens to gain entry without triggering security warnings.  
    • “Once an attacker has legitimate credentials, they’re not breaking in, they’re logging in,” Sam Rubin, a senior vice president at Palo Alto Networks’ Unit 42, told Cybersecurity Dive. “When an adversary blends into normal traffic, detection becomes incredibly challenging for even mature defenders.”
    • “The report is based on analysis of more than 750 incident response casesacross the globe that involved Unit 42 analysts and researchers.” 
  • Qualsys assesses “What Is Black Basta Ransomware and How to Mitigate Attack.”
  • IT Brew considers how a ransomware attacker thinks.
    • “When it comes to ransomware criminals, the answers can vary. Some organizations are sophisticated businesses where hackers are treated as employees with HR departments and paid time-off, while others are more ramshackle.
    • “But they’re all dangerous—and after your data. Mike Puglia, general manager of cybersecurity labs at Kaseya, told IT Brew that financial motivation has been the constant motive of ransomware attackers. The tactics are much the same between groups: gaining access, exploiting vulnerabilities, escalating privileges, and deploying an encrypter to hold the data for payment.
    • “It’s Whac-a-Mole, or a game of cat and mouse, between defenders and attackers, and as soon as one hole is closed, suddenly the next wave comes,” Puglia said.”
  • Per an HHS announcement,
    • “The National Institute of Standards and Technology (NIST) hosted a virtual event titled Resources for Ransomware Risk Management on January 28, 2026. The event focused on ransomware as a persistent risk to organizations of all sizes and sectors and emphasized the need for cross-sector collaboration to develop practical resources for reducing ransomware risk. Speakers from NIST, the Center for Internet Security, and the Institute for Security and Technology (IST) provided an overview of available ransomware risk management resources designed to help organizations establish foundational safeguards and build effective strategies. Featured resources included the NIST Ransomware Risk Management Cybersecurity Framework 2.0 Community Profile, published as an initial public draft, and the IST and Ransomware Task Force Blueprint for Ransomware Defense, which offers an actionable framework tailored for small to medium-sized enterprises. Presenters described the development and use of these resources and discussed ongoing and future efforts in ransomware risk management, with the session allowing time for audience questions and discussion. For additional details, refer to the Ransomware Risk Management webinar.”

From the cybersecurity business and defenses front,

  • The Wall Street Journal reports,
    • Palo Alto Networks PANW lifted its full-year revenue outlook after recording a jump in second-quarter profit driven by continued demand for cybersecurity services.
    • “However, the company issued per-share earnings guidance for its current quarter below Wall Street expectations, in part as it contends with higher costs for memory and storage. It plans to raise prices later in the fiscal year to offset the increases.
    • “The stock, which has dropped 11.2% to start the year, fell 8% in late trading Tuesday to $150.46.
    • “The Santa Clara, Calif.-based company on Tuesday [February 17] said it now expects full-year revenue to come in between $11.28 billion and $11.31 billion, up from a range of $10.5 billion to $10.54 billion.
    • “The raised revenue view came after Palo Alto reported a profit of $432 million, or 61 cents a share, for its fiscal second quarter, compared with a profit of $267.3 million, or 38 cents a share the prior year.”
  • Cybersecurity Dive adds,
    • “As investors worry that existing software and services could be rendered obsolete, Palo Alto Networks CEO Nikesh Arora said the rapid acceleration of AI should not be considered a threat to cybersecurity. 
    • “Arora addressed the concerns on Tuesday during the company’s fiscal second-quarter conference call, where the surge in AI dominated much of the discussion. 
    • “As AI becomes more pervasive across the enterprise, it expands the attack surface area, more infrastructure, more machine-to-machine activity and new classes of risk that simply didn’t exist before,” Arora said. “In that environment, security cannot sit on the sidelines.”
    • “Arora said despite the current sentiment about software and AI, the company believes that security is the enabling layer “that allows innovation to move forward safely and at scale.”
  • and
    • “Businesses need to pay attention to identity security and third-party risk management to avoid falling prey to hackers whose techniques have evolved, the risk intelligence company Dataminr said in a threat report published on Wednesday [February 18].
    • “2025 marked a clear shift from ‘frequent but contained’ cyber losses toward fewer events with materially larger financial and mission impact,” the report said, attributing the shift to “multi-vector attacks” leveraging stolen credentials, data theft, operational disruptions and regulatory exposure.
    • “Dataminr’s report contains several high-priority recommendations for enterprises, including about supply chain security and the need to look beyond a vulnerability’s severity score.”
  • Dark Reading offers “A CISO’s Playbook for Defending Data Assets Against AI Scraping.”
    • “Discover a strategic approach to govern scraping risks, balance security with business growth, and safeguard intellectual capital from automated data harvesting.”
  • Cyberscoop relates,
    • “Anthropic is rolling out a new security feature for Claude Code that can scan a user’s software codebases for vulnerabilities and suggest patching solutions.
    • “The company announced Friday that Claude Code Security will initially be available to a limited number of enterprise and team customers for testing. That follows more than a year of stress-testing by the internal red teamers, competing in cybersecurity Capture the Flag contests and working with Pacific Northwest National Laboratory to refine the accuracy of the tool’s scanning features.
    • “Large language models have shown increasing promise at both code generation and cybersecurity tasks over the past two years, speeding up the software development process but also lowering the technical bar required to create new websites, apps and other digital tools.
    • “We expect that a significant share of the world’s code will be scanned by AI in the near future, given how effective models have become at finding long-hidden bugs and security issues,” the company wrote in a blog post.”
  • Tech Target shares a “CISO’s guide to demonstrating cyber resilience.”
    • “Elevating cybersecurity to a state of resilience requires a security team to adapt and strengthen defenses. The result should be that a future attack is less likely to succeed.”
  • Here is a link to Dark Reading’s CISO Corner.

Cybersecurity Saturday

David ErmerCybersecurity, Generative AI

From the cybersecurity policy front,

  • Per a February 11, 2026, Cybersecurity and Infrastucture Security Agency news release,
    • “The Cybersecurity and Infrastructure Security Agency (CISA) unveiled its 2025 Year in Review today, spotlighting bold achievements that strengthened the nation’s cyber and physical security in 2025. The report underscores CISA’s commitment to innovation, resilience, and collaboration. This report is a snapshot of goals achieved for this past year. Year over year CISA’s goals change as the threat landscape evolves and as we lean into core mission objectives as determined by the Administration’s policies. 
    • “The Year in Review is more than a report – it’s proof of CISA’s unwavering commitment to protecting the infrastructure and systems Americans count on every day,” said CISA Acting Director Madhu Gottumukkala. “From safeguarding federal networks to equipping communities with tools to reduce risk, our team delivered measurable results in 2025. And we’re not slowing down – we will lead with innovation, resilience and partnership to stay ahead of tomorrow’s threats.”
  • Federal News Network reports,
    • “Sen. Ron Wyden (D-Ore.) is pledging to keep his hold on the nominee to lead the Cybersecurity and Infrastructure Security Agency. Wyden said he will continue to object to Sean Plankey’s nomination until CISA releases a 2022 report on security flaws in the U.S. telecommunications system. Wyden previously held up Plankey’s nomination for much of last year over the same issue. (Sen. Ron Wyden (D-Ore.) floor remarks – Congress.gov)”
  • Cyberscoop tells us,
    • “A recent attempt at a destructive cyberattack on Poland’s power grid has prompted the Cybersecurity and Infrastructure Security Agency to publish a warning for U.S. critical infrastructure owners and operators.
    • Tuesday’s alert follows a Jan. 30 report from Poland’s Computer Emergency Response Team concluded the December attack overlapped significantly with infrastructure used by a Russian government-linked hacking group, and that it targeted 30 wind and photovoltaic farms, among others.
    • “CISA said its warning was meant to “amplify” that Polish report. In particular, CISA said the attack highlighted the threats to operational technology and industrial control systems, most commonly used in the energy and manufacturing sectors.
    • ‘And CISA’s alert continues a recent agency focus on securing edge devices like routers or firewalls, after a binding operational directive last week to federal agencies to strip unsupported products from their systems.”
  • Cybersecurity Dive relates,
    • “The Cybersecurity and Infrastructure Security Agency wants critical infrastructure partners’ feedback on the scope of its cyber-incident reporting regulation as the agency homes in on a final version of the long-awaited rule.
    • “In a notice set for publication in the Federal Register on Friday [January 13], CISA announced a series of town hall meetings where different sectors will be able to share their thoughts about the pending rule, which Congress required in the 2022 Cyber Incident Reporting for Critical Infrastructure Act.
    • A draft version of the CIRCIA rule, published in April 2024, gave covered infrastructure operators 72 hours to report substantial cyber incidents to the government. Business groups and some lawmakers objected to the scope of the information that companies would need to report, as well as to the breadth of companies covered under the regulation.
    • “In its new announcement, CISA said it “appreciates stakeholders’ interest and concern that CISA implement CIRCIA to maximize its impact on improving our nation’s cybersecurity posture while minimizing unnecessary burden to entities in critical infrastructure sectors.”
    • “The agency wants infrastructure operators to share “specific, actionable improvements” to CIRCIA that “clarify or reduce” the burden of the planned reporting requirement while still giving the government ample information about the cyber-threat landscape.”
    • The virtual town hall meeting for the Emergency Services Sector, Government Facilities Sector, Healthcare and Public Health Sector is scheduled for March 17, 2026.
  • Federal News Network reports,
    • “The Cybersecurity and Infrastructure Security Agency plans to designate 888 of its 2,341 employees as excepted during a shutdown. All of those employees would go without pay during a shutdown.
    • “A shutdown forces many of our frontline security experts and threat hunters to work without pay— even as nation-states and criminal organizations intensify efforts to exploit critical systems that Americans rely on—placing an unprecedented strain on our national defenses,” Acting CISA Director Madhu Gottumukkala toldlawmakers this week.
    • “The cyber agency’s core responsibilities include defending federal agency networks and working with critical infrastructure to strengthen their security.
    • “Gottumukkala said that a shutdown would delay the deployment of new cyber services to federal networks and the sharing of guidance with critical infrastructure partners. It would also likely delay CISA’s work to finalize a landmark cyber incident reporting rule.

From the cybersecurity vulnerabilities and breaches front,

  • CISA added eleven known exploited vulnerabilities to its catalog this week.
    • February 10, 2026
      • CVE-2026-21510 Microsoft Windows Shell Protection Mechanism Failure Vulnerability
      • CVE-2026-21513 Microsoft MSHTML Framework Security Feature Bypass Vulnerability
      • CVE-2026-21514 Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability
      • CVE-2026-21519 Microsoft Windows Type Confusion Vulnerability
      • CVE-2026-21525 Microsoft Windows NULL Pointer Dereference Vulnerability
      • CVE-2026-21533 Windows Remote Desktop Services Elevation of Privilege Vulnerability
        • SecPod discusses these KVEs here
    • February 12, 2026
      • CVE-2024-43468 Microsoft Configuration Manager SQL Injection Vulnerability
      • CVE-2025-15556 Notepad++ Download of Code Without Integrity Check Vulnerability
      • CVE-2025-40536 SolarWinds Web Help Desk Security Control Bypass Vulnerability
      • CVE-2026-20700 Apple Multiple Buffer Overflow Vulnerability
        • Nopsec discusses the MS Configuration KVE here.
        • WNEsecurity discusses the Notepad++ KVE here.
        • Rapid7 discusses the Solarwinds KVE here.
        • Bleeping Computer discusses the Apple KVE here.
    • February 13, 2026
      • CVE-2026-1731 BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability
        • The Hacker News discusses this KVE here.
  • Cybersecurity Dive informs us,
    • “Security researchers warn that threat groups are exploiting critical vulnerabilities in SmarterMail, a business email and collaboration server that small to medium-sized businesses use as an alternative to Microsoft Exchange. 
    • “A China-linked threat actor, tracked as Storm 2603, has exploited an authentication bypass vulnerability tracked as CVE-2026-23760 to deploy Warlock ransomware, according to a blog released Monday by researchers at Reliaquest. 
    • “The hacker abuses legitimate administrative functions to hide its activity from security teams. It then installs a digital forensic tool called Velociraptor to maintain access in preparation for potential ransomware attacks, according to Reliaquest. 
    • “SmarterTools, the parent company behind SmarterMail, confirmed in a Feb. 3 blog post that its own network was impacted by a Jan. 29 breach.” 
  • and
    • “More than 80% of exploitation activity targeting critical vulnerabilities in Ivanti Endpoint Manager Mobile were traced to a single IP address hiding behind a bulletproof hosting infrastructure, according to a report released Tuesday by GreyNoise. 
    • Researchers warn that several of the most shared indicators of compromise linked to the current threat campaign indicate no activity linked to Ivanti EPMM. The concern is that security teams may therefore be looking for the wrong information, as current IoCs indicate scanning for Oracle WebLogic instead, according to GreyNoise researchers.”
  • Cyberscoop notes,
    • “A new report from Google found evidence that state-sponsored hacking groups have leveraged AI tool Gemini at nearly every stage of the cyber attack cycle.
    • “The research underscores how AI tools have matured in their cyber offensive capabilities, even as it doesn’t reveal novel or paradigm shifting uses of the technology.
    • J”ohn Hultquist, chief analyst at Google’s Threat Intelligence Group, told CyberScoop that many countries still appear to be experimenting with AI tools, determining where they best fit into the attack chain and provide more benefit than friction.
    • “Nobody’s got everything completely worked out,” Hultquist said. “They’re all trying to figure this out and that goes for attacks on AI, too.
    • “But the report also reveals that frontier AI models can build speed, scale and sophistication into a myriad of hacking tasks, and state-sponsored hacking groups are taking advantage.”
  • Bleeping Computer points out,
    • “Threat actors are abusing Claude artifacts and Google Ads in ClickFix campaigns that deliver infostealer malware to macOS users searching for specific queries.
    • “At least two variants of the malicious activity have been observed in the wild, and more than 10,000 users have accessed the content with dangerous instructions.
    • “A Claude artifact is content generated with Antropic’s LLM that has been made public by the author. It can be anything from instructions, guides, chunks of code, or other types of output that are isolated from the main chat and accessible to anyone via links hosted on the claude.ai domain.”
  • and
    • “A set of 30 malicious Chrome extensions that have been installed by more than 300,000 users are masquerading as AI assistants to steal credentials, email content, and browsing information.
    • “Some of the extensions are still present in the Chrome Web Store and have been installed by tens of thousands of users, while others show a small install count.
    • “Researchers at browser security platform LayerX discovered the malicious extension campaign and named it AiFrame. They found that all analyzed extensions are part of the same malicious effort as they communicate with infrastructure under a single domain, tapnetic[.]pro.”
  • and
    • “A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers with cryptocurrency-related tasks.
    • “The activity has been ongoing since at least May 2025 and is characterized by modularity, which allows the threat actor to quickly resume it in case of partial compromise.
    • “The bad actor relies on packages published on the npm and PyPi registries that act as downloaders for a remote access trojan (RAT). In total, researchers found 192 malicious packages related to this campaign, which they dubbed ‘Graphalgo’.
    • “Researchers at software supply-chain security company ReversingLabs say that the threat actor creates fake companies in the blockchain and crypto-trading sectors and publishes job offerings on various platforms, like LinkedIn, Facebook, and Reddit.”
  • TechRadar advises
    • “If you’re using an older Android phone, Google has a message you probably don’t want to hear.
    • “More than 40% of Android devices worldwide no longer receive critical security updates, leaving over 1 billion phones exposed to malware and spyware attacks, according to the company.
    • “The problem isn’t a sudden flaw but a slow drift. Android adoption data shows most users are still running software versions that Google no longer fully supports. While recent confusion around Google Play system update dates has raised concerns, Google says that the issue is cosmetic.
    • “The real issue is simpler and more serious: phones running Android 12 or older are now outside the security safety net.”

From the ransomware front,

  • The HIPAA Journal reports,
    • “A new record was set for ransomware attacks last year, with disclosed ransomware attacks increasing by 49% year-over-year to a record-high of 1,174 attacks, according to Black Fog’s 2025 State of Ransomware Report. There was also a 37% year-over-year increase in undisclosed attacks, with 7,079 victims added to dark web data leak sites in 2025. The figures indicate that globally, 86% of ransomware attacks are not disclosed by victims.
    • “Data theft almost always occurs with ransomware attacks. In 2025, 96% of attacks involved data exfiltration prior to file encryption, which results in greater organizational harm. Data exfiltration has contributed to the significant increase in breach costs, as data theft results in greater reputational harm and increased regulatory exposure. In 2025, the average cost of a data breach was $4.44 million globally, and $7.42 million for healthcare data breaches. Healthcare retained its position as the sector most targeted by ransomware groups in 2025, accounting for 22% of disclosed attacks. All sectors experienced an increase in attacks in 2025, apart from education, which saw a 13% year-over-year decrease in attacks.
    • “The breakup of large ransomware groups has led to a fragmentation of the ransomware ecosystem, and the number of active ransomware groups continued to increase in 2025. Black Fog tracked 130 different ransomware groups in 2025, of which 52 were new groups that emerged in 2025, a 9% increase from 2024. Several groups that emerged in 2025 have disproportionately targeted the healthcare sector, including Sinobi, Insomnia, and Devman. Devman issued the largest ever ransom demand of $91 million in 2025 for its attack on China’s real estate development company Shimao Group Holdings. World Leaks, widely believed to be a rebrand of Hunters International, has also claimed several healthcare victims, as have all of the top three most prolific and dangerous ransomware groups of the year: Qilin, Akira & Play.”
  • Cybersecurity Dive adds,
    • “Ransomware attacks on the IT sector were higher in each quarter of 2025 than in the same quarters of 2024, with the sector ranking third behind manufacturing and commercial facilities on hackers’ target lists, according to a new report from the Information Technology Information Sharing and Analysis Center.
    • “Nearly half of all ransomware attacks that the IT-ISAC tracked occurred in the U.S., far surpassing the totals in other countries.
    • “The food and agriculture sector also saw a significantly higher number of ransomware attacks in 2025 than it did in 2024, according to a new report from that sector’s ISAC, which shares leadership with the IT-ISAC.”
  • The Federal Trade Commission has issued its own 2025 ransomware report according to Executivegov.
    • “The Federal Trade Commission has reported that ransomware and other malware-based attacks represent only 2.23 percent of all fraud complaints submitted to the agency.
    • “In the 2025 Ransomware Report published Friday, the FTC shared that, between July 2023 and June 2025, tech support scams were among the most reported fraud types.
    • “About 1 percent of the 42,972 reports the FTC received that allegedly originate from China are ransomware. The majority of the complaints are related to online shopping fraud.
    • “Complaints tied to Russia, Iran and North Korea are relatively rare, with the three countries accounting for only 0.05 percent of all fraud reports the FTC received from 2023 to 2025.”
  • Morphisec calls attention to
    • “Ransomware isn’t slowing down. It’s scaling, adapting, and finding new ways to slip past defenses that many organizations still trust implicitly.  
    • “The Ransomware Reality Check 2026 infographic paints a clear, data-driven picture of the risk landscape ahead: from skyrocketing demands to sophisticated execution methods that beat traditional detection technologies.”  
  • Per Security Week,
    • “Mere data exfiltration is no longer a lucrative approach for ransomware groups, and threat actors may increasingly rely on encryption to regain leverage, Coveware notes in a new report.
    • “Following a series of highly successful data-exfiltration-only attacks conducted by known groups such as Cl0p, other ransomware groups adopted the trend, stealing victims’ data without encrypting it.
    • “The campaigns targeting MOVEitCleo, and Oracle E-Business Suite (EBS) customers are proof that the approach no longer delivers return on investment, Coveware says.
    • Cl0p, it explains, started this trend with a simple strategy: it acquired an exploit for a zero-day vulnerability in a popular enterprise file transfer or data storage product, hacked as many instances as possible for data exfiltration, and extorted each compromised entity into paying a ransom.
    • I”n 2021, the group likely made tens of millions of dollars using this tactic in the Accellion campaign, when over 25% of the impacted organizations likely paid a ransom. Roughly 20% of the entities impacted by the GoAnywhere MFT hack also paid a ransom.
    • “In the subsequent campaigns, however, the victims’ willingness to pay dropped significantly: less than 2.5% of those affected by the MOVEit breach paid, and almost none paid in the Cleo and Oracle EBS incidents, Coveware says in its latest ransomware trends report.”
  • Per Cyberscoop,
    • “Ransomware groups crop up like weeds, angling for striking positions in a crowded field rife with turnover, infighting and unbridled competition. Yet, they rarely emerge, as 0APT did late last month, claiming roughly 200 victims out of the gate.
    • “Researchers have thus far seen no evidence confirming 0APT attacked any of its alleged victims, which includes high-profile organizations. Alleged victim data samples and the structure and size of placeholder file trees published by 0APT place further doubt on the group’s supposed criminal escapades. 
    • “Most signs suggest the group is running a massive hoax, but at least some of the threat 0APT poses is grounded in truth. The group’s inflated pretense may be a ruse to create a sense of momentum, gain recognition and attract affiliates.
    • “While 0APT is probably bluffing about the victims it has already compromised, it is not bluffing on the technical capabilities of its actual ransomware,” Cynthia Kaiser, senior vice president at Halcyon’s ransomware research center, told CyberScoop.”

From the cybersecurity business and defenses front,

  • The Wall Street Journal reports,
    • The European Union approved Google’s $32 billion acquisition of cybersecurity startup Wiz, a win for the Alphabet unit’s GOOGL  * * *
    • “Google announced the all-cash deal in March 2025, betting that bringing Wiz under its cloud business would help it fast-track improvements in cloud security and enhance its ability to use multiple clouds, both trends that have gathered pace in the artificial-intelligence era.
    • “Wiz provides cybersecurity software for cloud computing and has presences in New York; Arlington, Virginia; London and Tel Aviv.
    • “The deal—cleared by U.S. antitrust authorities in November last year—was flagged to the EU’s merger watchdog for screening in January.”
  • Cyberscoop relates,
    • “Proofpoint announced Thursday [February 12] it has acquired Acuvity, an AI security startup, as the cybersecurity company moves to address security risks stemming from widespread corporate adoption of agentic AI.
    • “The acquisition strengthens Proofpoint‘s capabilities in monitoring and securing AI-powered systems that are increasingly handling sensitive business functions across enterprises. 
    • “Financial terms of the deal were not disclosed, but Ryan Kalember, Proofpoint’s chief strategy officer, told CyberScoop that the acquisition was beyond a pure “technology acquisition,” with Acuvity’s engineering team slated to join the California-based company. 
    • “Acuvity specializes in visibility and governance for AI applications, including the ability to track how employees and automated systems interact with external AI services and protect custom AI models developed within organizations. The startup’s platform monitors AI usage across multiple deployments, from web browsers to specialized infrastructure including Model Context Protocol (MCP) servers and locally installed AI tools.”
  • Per a February 13 CISA news release,
    • “For years, CISA has responded to an unending wave of cyber incidents targeting edge devices embedded in the Nation’s federal networks and critical infrastructure. The common culprit? 
      • Unsupported hardware and software residing on the edge of organizational networks that vendors are no longer maintaining.
    • Nation-state adversaries have seized these weak points, exploiting them to gain unauthorized access, maintain persistence, and compromise sensitive data. These neglected devices are more than just vulnerabilities; they threaten the Nation’s security, privacy, and resilience. 
    • As the operational lead for federal cybersecurity, CISA recently took a large step toward addressing this systemic risk by issuing Binding Operational Directive (BOD) 26-02, a mandate for federal civilian agencies to identify and replace end-of-support (EOS) edge devices, stay current with software updates, and patch known vulnerabilities. While directed to federal agencies, we strongly encourage all organizations to adopt similar actions. 
    • However, we as a community can and must do more. Managing the lifecycles of hardware and software products can quickly become a daunting, resource-intensive task—especially without an efficient way to determine the EOS status for hardware and software. 
    • Enter OpenEoX: a machine-readable, international standard that transforms how product lifecycle information is exchanged across software, hardware, services, and AI models. By introducing much-needed standardization and automation, OpenEoX brings transparency, efficiency, and unity to asset management. By integrating OpenEoX across the community, both hardware and software producers and consumers can together turn the tide on one of the most serious cyber threats facing the Nation: EOS hardware and software.” * * *
    • Additional Resources
  • Meritalk relates,
    • The FBI Cyber Division’s latest initiative, Operation Winter SHIELD, is growing as more field offices join the cybersecurity defense campaign that aims to turn lessons from investigations into high-impact actions that organizations can take to strengthen their defenses. 
    • The bureau launched Operation Winter SHIELD on Jan. 28 as a two-month effort that spotlights one of 10 “high-impact actions” each week. The initiative is designed to help organizations reduce common breach pathways and harden critical infrastructure systems against nation-state and criminal cyber threats. 
    • Since its announcement, numerous FBI field offices across the nation have voiced their support for the operation – some of the latest field offices to join this week include SeattlePhiladelphia, and Anchorage
    • In a video announcement, FBI Cyber Division Assistant Director Brett Leatherman said the campaign distills insights from real-world investigations into practical steps that organizations can take immediately. 
    • “Every winter storms test our infrastructure. Power grids, water systems, and supply chains are pushed to their limits, but the most critical threats to infrastructure don’t come from the weather. They come through our networks,” Leatherman said. 
      • The 10 actions outlined by the FBI include: 
      • Adopt phish-resistant authentication 
      • Implement a risk-based vulnerability management program 
      • Track and retire end-of-life technology on a defined schedule 
      • Manage third-party risk 
      • Protect security logs and preserve them for an appropriate time period 
      • Maintain offline immutable backups and test restoration 
      • Identify, inventory, and protect internet-facing systems and services 
      • Strengthen email authentication and malicious content protections 
      • Reduce administrator privileges 
      • Exercise your incident response plan with all stakeholders 
  • Per Dark Reading,
    • “Microsoft Under Pressure to Bolster Defenses for BYOVD Attacks
    • “Threat actors are exploiting security gaps to weaponize Windows drivers and terminate security processes in targeted networks, and there may be no easy fixes in sight.”
  • Here is a link to Dark Reading’s CISO Corner.

Monday report

David ErmerCDC, CMS, FDA, Generative AI, Medical / Rx research, OPM, Rx coverage, U.S. Healthcare

From Washington, DC,

  • The Hill reports,
    • “The Trump administration on Monday proposed stripping the power of an independent board to review challenges from fired federal workers while barring employees from taking the matter to court.
    • “The new proposed rule would impact federal workers fired through a Reduction in Force (RIF), the process used at 22 different agencies last year as the Trump administration conducted widespread layoffs.
    • “If finalized, any federal worker fired in a future RIF would not be able to plead their case before the quasi-judicial Merit Systems Protection Board (MSPB), which last year found that some agencies had “engaged in a prohibited personnel practice” in firing the workers. 
    • “Instead, any challenges would be reviewed by the Office of Personnel Management (OPM), which last year alongside the Office of Management and Budget instructed agencies to begin RIFs.”
  • Per a CMS news release,
    • “Today, the Centers for Medicare & Medicaid Services (CMS) proposed regulations to lower health care costs, promote competition, and strengthen program integrity in the Federal and State-Based Health Insurance (Exchanges). The proposed Notice of Benefit and Payment Parameters for 2027 would crack down on fraud and misleading practices by agents and brokers, restore accountability for taxpayer-funded subsidies, and remove federal barriers that have limited plan innovation and driven up premiums—helping ensure coverage is more affordable and works better for consumers, taxpayers, and states.” * * *
    • “To review the proposed rule, visit https://www.federalregister.gov/d/2026-02769
    • “Public comments must be submitted by March 11, 2026
    • “To review the proposed rule fact sheet, visit https://www.cms.gov/newsroom/fact-sheets/hhs-notice-benefit-payment-parameters-2027-proposed-rule.” 
  • Bloomberg Law adds,
    • “The Notice of Benefit and Payment Parameters from the Centers for Medicare & Medicaid Services would allow certain plans that offer preset dollar amounts for care—such as indemnity plans—to meet the requirements of a “qualified health plan” under the ACA if they demonstrate a sufficient number of doctors would accept the plan’s payment terms.” * * *
    • “The rule likewise expands hardship exemptions to permit more individuals to buy “catastrophic” plans with the lowest level of cost-sharing and coverage, and allows catastrophic plan issuers to offer multi-year terms. The proposal would also permit plans with low deductibles and higher out-of-pocket costs
    • “The rule also reverses changes made under the Biden administration, including requiring insurers to offer standardized plan options that were meant to simplify choices.”
  • Healio observes,
    • “A voluntary program designed to help Medicare Part D beneficiaries manage drug costs[, which took effect last year,] could provide considerable benefit to people with cancer, according to study results.
    • “The Medicare Prescription Payment Plan (M3P) provides flexibility that may ease financial distress — particularly for those with limited or fixed incomes — and reduce the potential for cost-related treatment nonadherence, researchers concluded.”
    • “However, many patients and health care professionals are unaware of the program, according to Aryana Sepassi, PharmD, MAS, assistant professor of clinical pharmacy at UC San Diego Skaggs School of Pharmacy and Pharmaceutical Sciences.”

From the Food and Drug Administration front,

  • MedTech Dive reports,
    • “The Food and Drug Administration’s breakthrough program has made a steady start to the 2026 financial year, granting designations at the same pace as in the two prior years.
    • “After years of growth that peaked in 2021, designations have settled at a lower rate in recent years. The agency awarded 164 to 166 designations per financial year three times from 2022 to 2025.
    • “The FDA is on course to grant a similar number of breakthrough designations in its 2026 financial year. After one quarter, the agency had awarded 42 designations, a pace that would result in 168 breakthrough statuses if maintained across the full financial year.”
  • MedPage Today tells us,
    • “Oncology specialists should inform patients about a risk of serious toxicity related to dihydropyrimidine dehydrogenase (DPD) deficiency and should test for DPYD variants before starting treatment with capecitabine (Xeloda) and fluorouracil, the FDA announced.
    • “In a safety update communicationopens in a new tab or window, the agency noted that DPYD encodes DPD, which breaks down more than 80% of fluorouracil. Certain homozygous or compound heterozygous DPYD variants result in complete or near-complete absence of DPD activity, increasing the risk for serious, potentially fatal toxicities when exposed to capecitabine or fluorouracil, which are widely used in cancer treatment. Potential adverse reactions include mucositis, diarrhea, neutropenia, and neurotoxicity. The reactions also can occur in patients who have partial DPD activity.
    • “Capecitabine and fluorouracil, or 5-FU, are routinely used in treatment regimens for breast, colorectal, gastric, and pancreatic cancers.”
  • STAT New informs us,
    • “The Food and Drug Administration has rejected a rare-disease gene therapy from Regenxbio, the company said Monday. 
    • “The one-time treatment, called RGX-121, is designed to replace a malfunctioning gene that causes mucopolysaccharidosis type II, also known as Hunter syndrome, an ultra-rare disorder that causes physical and cognitive impairments.”
    • “Regenxbio had applied for accelerated approval, a type of conditional market clearance, based on RGX-121’s ability to significantly reduce in the short term a specific biomarker in cerebrospinal fluid believed to correlate with longer-term cognitive improvements in patients with the severe form of Hunter syndrome. 
    • “But the FDA, in its letter rejecting the therapy, raised questions about the appropriateness of using the surrogate biomarker, called CSF HS D2S6, as a predictor of clinical benefit. The agency also questioned the eligibility criteria  Regenxbio used to enroll patients into its clinical trial and the use of a natural history comparator arm, the company said.”  

From the judicial front,

  • Bloomberg Law reports,
    • “Medical providers are testing a new legal strategy to recoup unpaid arbitration awards as health insurers rack up victories in surprise billing disputes.
    • “The shift underscores the difficulties both sides face in arbitration under the No Surprises Act, which requires doctors and insurers to settle most unexpected out-of-network bills themselves rather than balance-billing the patient. The volume of disputes has exposed cracks in the system, leading to a series of lawsuits around ineligible claims, fraud, and unpaid awards.
    • “Courts have largely concluded that the law doesn’t grant doctors the right to sue over unpaid awards in most circumstances. Most recently, the US Supreme Court denied two air ambulance companies’ petition to hear their case after the US Court of Appeals for the Fifth Circuit ruled against them.
    • “Providers are now adapting their legal strategy by arguing insurance companies are guilty of improper denial of benefits under the Employee Retirement Income Security Act and unjust enrichment under common law. Hundreds of cases in the US District Court for the District of New Jersey were paused last month pending a decision on the amended claims in Rowe Plastic Surgery of NJ LLC v. Aetna Life Insurance Co .
    • “But the doctors are likely to face problems, at least in overcoming ERISA preemption on their unjust enrichment claims, said Leslie Howard, co-founder of Cohen Howard, a firm representing out-of-network providers.”
  • The American Hospital Association News relates,
    • “The 5th U.S. Circuit Court of Appeals Feb. 9 affirmed a district court ruling upholding Louisiana’s 340B contract pharmacy law. The state law prohibits drug companies from denying hospitals the same 340B discounts for drugs dispensed at community pharmacies that would be provided via in-house pharmacies. Three drug companies — AbbVie, PhRMA and AstraZeneca — challenged the law, arguing that it was unconstitutional in several ways. “Rejecting those arguments, the appeals court held that Louisiana’s law was not preempted by federal law, did not violate the Fifth Amendment’s Takings Clause, did not violate the Constitution’s Contract Clause and was not unconstitutionally vague. “States regulate pharmacies — and the distribution of drugs to those pharmacies — every day,” the 5th Circuit explained. “Act 358 fits comfortably within that tradition.
    • “The AHA filed friend-of-the-court briefs supporting Louisiana’s law last year.” 
  • The Society for Human Resource Management notes,
    • “On Feb. 6, a federal appeals court vacated a preliminary injunction of two executive orders (EO) — EO 14151 on “Ending Radical and Wasteful Government DEI Programs and Preferencing” and EO 14173 on “Ending Illegal Discrimination and Restoring Merit-Based Opportunity” — finding they were not unconstitutional on their face. The court had previously stayed the injunction, pending appeal. This ruling was the first by a federal appeals court to find the two EOs facially constitutional. Both EOs focused on infrastructure inside the federal government with an emphasis on contracts and grants.
    • “EO 14173, issued Jan. 21, 2025, “was the most significant EO for the private sector” last year, said W. John Lee, an attorney with Morgan Lewis in Philadelphia. Established on May 19, 2025, the U.S. Department of Justice’s Civil Rights Fraud Initiative “is a direct result of the EO and is a prominent example of how it is reshaping federal enforcement of civil rights law.” EO 14151, issued Jan. 20, 2025, set the tone for EO 14173. EO 14173 reshaped compliance obligations for federal contractors and grantees. It also revoked EO 11246, ending EO-based affirmative action programs for women and minorities.
    • “On Jan. 21, 2025, U.S. Equal Employment Opportunity Commission (EEOC) Chair Andrea Lucas made it clear that the EEOC’s enforcement priorities had shifted in alignment with President Donald Trump’s EOs.
    • “While the 4th U.S. Circuit Court of Appeals vacated the injunction, it sent the case back to the district court for further proceedings and left open the possibility of challenges based on individual application of the EOs.”
  • The Wall Street Journal points out,
    • “A lawsuit that drugmaker Novo Nordisk filed on Monday against telehealth firm Hims & Hers shows how fierce the maneuvering over the booming obesity-drug market has become.
    • “In the lawsuit filed in a federal court in Delaware, Novo Nordisk accused Hims & Hersof violating the patents covering its Ozempic and Wegovy drugs used for weight loss by trying to sell custom-made versions of those medicines.
    • “The pill from Hims & Hers threatened to undermine Novo Nordisk’s efforts to recapture momentum in the $70 billion weight-loss drug market by providing a lower-cost alternative to a Wegovy pill the Danish company recently launched.
    • “Novo Nordisk has been pulling out the stops to reclaim the momentum it lost to Eli Lilly in the booming market.” 

From the public health and medical / Rx research front,

  • Health Day tells us,
    • “Americans could be facing an uphill battle when it comes to protecting their heart health as they age, a new Cleveland Clinic poll reveals.
    • “Nearly 3 of 4 Americans (72%) feel confident in their ability to maintain heart health as they age, the survey found.
    • “But nearly as many (69%) also report that they have at least one known risk factor for heart disease.
    • “Worse, nearly 1 in 4 (24%) aren’t sure whether they are at increased risk for heart disease, according to the survey.
    • “Healthy aging is about prevention,” said Dr. Samir Kapadia, chair of cardiovascular medicine at the Cleveland Clinic.
    • Heart disease often develops silently over decades, which is why staying active, understanding your risk factors, and addressing them early can make a profound difference in both quality of life and longevity,” Kapadia said in a news release.”
  • The American Medical Association lets us know “what doctors wish patients knew about the shingles virus.”
    • “If you’ve ever had chickenpox, then the virus that causes shingles is present in your body and can resurface at some point in the future. Find out more.”
  • The New York Times relates,
    • “If you think your daily doses of espresso or Earl Grey sharpen your mind, you just might be right, new science suggests.
    • “A large new study provides evidence of cognitive benefits from coffee and tea — if it’s caffeinated and consumed in moderation: two to three cups of coffee or one to two cups of tea daily.
    • “People who drank that amount for decades had lower chances of developing dementia than people who drank little or no caffeine, the researchers reported. They followed 131,821 participants for up to 43 years.
    • “This is a very large, rigorous study conducted long term among men and women that shows that drinking two or three cups of coffee per day is associated with reduced risk of dementia,” said Aladdin Shadyab, an associate professor of public health and medicine at the University of California, San Diego, who wasn’t involved in the study.”
  • NBC News relates,
    • “Bad,” or LDL, cholesterol is a major risk factor for heart disease and most people are screened for it as part of their yearly physicals.
    • There’s another marker in the blood that may be a better predictor of heart disease risk, a recent large review suggests. But it’s not part of routine blood testing.
    • “Apolipoprotein B (apoB) is a protein that attaches to harmful fat particles in the blood. The apoB protein is found on the surface of harmful lipoproteins like low density lipoprotein, or LDL, that contribute to heart disease. Since each one of the harmful particles contains one apoB molecule, testing for it essentially captures the overall number of harmful plaque-producing compounds.” * * *
    • “ApoB testing is hot among health influencers and increasingly touted in the commercial blood testing market. Recently, the Sweetgreen salad chain — which has tied itself to anti-seed-oil influencers — launched a collaboration with the testing company Function Health and is promoting apoB screening along with its menus.
    • “Dr. Michael Shapiro, a preventive cardiologist and the chair of the American Heart Association Council on Lipidology, Lipoprotein, Metabolism & Thrombosis, said that he typically uses an apoB test in select patients.” * * *
    • “In some cases, insurance may cover the test. If not, it typically costs around $70 at a lab.
    • “There aren’t clear guidelines for what target apoB levels should be. In healthy people, apoB values less than 90 mg/dL are typically considered acceptable, with some saying lower targets closer to 70 mg/dL may be more optimal for preventing heart disease.”
  • MedPage calls attention to
    • “Most women said they preferred clinic-based cervical cancer testing over at-home self-sampling, with demographics and life experiences shaping those preferences, a cross-sectional study indicated.
    • “In a nationally representative survey, 20.4% of women said they would prefer to do their own at-home self-sampling for cervical cancer screening, while 60.8% said they prefer clinic-based testing and 18.8% said they were uncertain on their preference, reported Sanjay Shete, PhD, of the University of Texas MD Anderson Cancer Center in Houston, and colleagues in JAMA.
    • “The survey showed that women who had experienced prejudice or discrimination while receiving medical care had higher odds of preferring self-sampling at home (adjusted OR 1.94, 95% CI 1.16-3.22), while Black women had lower odds of preferring at-home self-sampling compared with their white peers (aOR 0.45, 95% CI 0.21-0.96).
    • “When women were asked why they preferred at-home self-sampling, privacy was the most common reason (54.9%), followed by time constraints (35.1%) and fear of embarrassment (33.4%).”
  • and
    • “The CDC’s Advisory Committee on Immunization Practices recently voted to stop recommending a universal dose of the hepatitis B vaccine at birth.
    • “An evidence review found that universal hepatitis B vaccination at birth is safe, effective, and protective for individual and public health.
    • “There was no improvement in safety or effectiveness with a delayed first dose of the hepatitis B vaccine.”
  • Per Genetic Engineering and Biotechnology News,
    • “In a study using gut microbiome samples from over 11,000 people across 39 countries, a single group of bacteria (CAG-170) has been found in higher numbers in the gut microbiomes of healthy people. CAG-170 remain unculturable in the lab, and are only identifiable from their genetic fingerprints.
    • “Further analysis of CAG-170 revealed the bacteria have the capacity to produce high levels of Vitamin B12 and enzymes that break down a wide range of carbohydrates, sugars, and fibers in our gut. The researchers suggest that Vitamin B12 supports other species of gut bacteria, rather than supporting the humans whose guts it is being produced in. CAG-170 could, in the future, be used as an indicator of our gut microbiome health or serve as the basis for the development of probiotics specifically designed to support and maintain healthy levels of CAG‑170 in the gut.”
  • Per Cardiovascular Business,
    • “An oral PCSK9 inhibitor from Merck is associated with significant reductions in low-density lipoprotein (LDL) cholesterol, according to new data published in The New England Journal of Medicine.[1] All PCSK9 inhibitors on the market today are injectable—an oral option that does not require needles could make a major impact on patient care. 
    • “Fewer than half of patients with established atherosclerotic cardiovascular disease currently reach LDL cholesterol goals,” lead author Ann Marie Navar, MD, PhD, an associate professor of cardiology at the University of Texas Southwestern Medical Center in Dallas, said in a statement. “An oral therapy this effective has the potential to dramatically improve our ability to prevent heart attacks and strokes on a population level.”
    • “Back in November, researchers presented initial findings from this study at the American Heart Association’s Scientific Sessions 2025 conference. Now, however, the analysis can be read in full.
    • “The CORALreef Lipids trial focused on nearly 3,000 heart patients with high LDL cholesterol who were randomized to either receive enlicitide, Merck’s experimental oral PCSK9 inhibitor, or a placebo. Two patients received the new drug for every one patient treated with a placebo.”
  • Per Radiology Business,
    • “A new MRI-specific artificial intelligence tool could significantly improve the diagnosis of neurological conditions in busy settings. 
    • “Developed by researchers at the University of Michigan, the tool can read brain scans in just seconds. The tool, named Prima, is a video language model that can simultaneously process video, images and text in real time. Experts involved in its development are hopeful it can help address the rising imaging volumes.
    • “As the global demand for MRI rises and places significant strain on our physicians and health systems, our AI model has potential to reduce burden by improving diagnosis and treatment with fast, accurate information,” said senior study author Todd Hollon, MD, a neurosurgeon at U-M Health. 
    • “Researchers trained Prima using more than 200,000 MRI exams collected at the university over several decades. Imaging data were included alongside patients’ medical histories and clinical indications for the scans. The team tested the model on more than 30,000 brain studies over a one-year period. Unlike earlier AI tools that focus on just one disease, Prima was designed to analyze all available imaging and clinical information at once, similar to how a radiologist reviews a case, giving it broad applicability.” 

From the U.S. healthcare business front,

  • Healthcare Dive reports,
    • “Kaiser Permanente nearly tripled its operating income last year, even as the integrated healthcare conglomerate weathered rising expenses.
    • “Kaiser, which recorded results alongside its subsidiary Risant Health, recorded operating income of $1.4 billion last year, up from $569 million in 2024 as the nonprofit continued to invest in operational improvements, according to earnings results released last week. 
    • “Still, expenses rose by more than $11 billion last year as Kaiser said rising medication costs and other line items made providing care more expensive.”
  • Beckers Hospital Reviews identifies eleven rapidly growing health systems.
  • BioPharma Dive relates,
    • “Eli Lilly will acquire biotechnology startup Orna Therapeutics, saying Monday it will pay up to $2.4 billion to buy the privately owned company and a technology able to reprogram immune cells within the body.
    • “The Indiana-based drugmaker didn’t disclose how much upfront cash it’s shelling out for Orna, which specializes in “circular” RNA medicines that are believed to be more stable and easier to pair with the lipid nanoparticles used for delivery. But it noted in its statement that it intends to use Orna’s technology to develop cell therapies for autoimmune conditions.
    • “In announcing the deal, Lilly cited its interest in Orna’s lead project, which instructs immune cells to latch onto B cells that are attacking patients’ tissue in inflammatory diseases. The company presented data from preclinical studies at the American Society for Hematologymeeting in December that it’s using to support advancing into Phase 1 studies.”
  • and
    • “Japan’s largest drug company is teaming up with an artificial intelligence specialist to find new medicines for cancer and other diseases, through a deal that could be worth more than $1.7 billion.
    • “Announced Monday, the multiyear collaboration grants Takeda Pharmaceutical access to two technologies at Iambic Therapeutics. The first is an AI-driven platform used to discover and develop new drugs. The second is a model meant to predict how proteins will interact with certain receptors.
    • “The companies haven’t disclosed the deal’s upfront cost, nor any specific disease targets. The focus, though, will be on small molecule drugs for cancers and conditions rooted in the digestive or immune systems. Iambic will get milestone payments based on the partnership’s level of success, and is also eligible to receive royalties on net sales of any products it generates.”
  • Per Beckers Payer Issues,
    • “Patients who take advantage of zero-cost preventive screenings see better health outcomes and reduced spending, according to January research from BCBS Association and Blue Health Intelligence.
    • “The groups reviewed claims data of BCBS members with breast or colorectal cancer. The research pointed to lower likelihood of invasive tests and treatment.
    • “Eighty-one percent of members who were diagnosed with colorectal cancer through a preventive screening were classified in an early stage, compared to a 73% rate overall. For breast cancer, that figure was 86% during preventive screening. The early-stage rate was 82% overall.” 
  • Per an Institute of Clinical and Economic Review news release,
    • “The Institute for Clinical and Economic Review (ICER) today posted its revised Evidence Report assessing the comparative clinical effectiveness and value of sibeprenlimab (Voyxact®, Otsuka Holdings Co., Ltd.), atacicept (Vera Therapeutics, Inc.), and delayed-release budesonide (“Nefecon”, Tarpeyo®, Calliditas Therapeutics AB) for IgA nephropathy.
    • “IgA nephropathy has historically been thought of as a relatively benign form of kidney disease, but it has become increasingly recognized that it frequently progresses to end-stage kidney disease,” said ICER’s Chief Medical Officer, David Rind, MD. “Management of progressive disease has typically included treatments targeted at B-cells, but such therapies, such as systemic glucocorticoids, have serious side effects. New therapies offer the possibility of better outcomes with fewer harms.”
    • “This Evidence Report will be reviewed at a virtual public meeting of the CTAF on February 26, 2026. The CTAF is one of ICER’s three independent evidence appraisal committees comprising medical evidence experts, practicing clinicians, methodologists, and leaders in patient engagement and advocacy.
    • Register here to watch the live webcast of the virtual meeting.”

Cybersecurity Saturday

David ErmerCybersecurity, Generative AI, Uncategorized

From the cybersecurity policy front,

  • The Wall Street Journal reports,
    • “After months of partisan wrangling, a temporary extension on Tuesday of legislation aimed at encouraging firms to share cyberattack intelligence with Washington might be too little, too late for corporate cybersecurity leaders. 
    • “The seesaw effect we saw last year has eroded the trust that intel sharing needs to be built on,” said Timothy Youngblood, an investor who led cybersecurity teams at T-MobileMcDonald’s and Kimberly-Clark. Before providing sensitive details of a data breach or ransomware attack, companies need to be assured “they will not have the information used against them,” Youngblood said.
    • “The Cybersecurity Information Sharing Act, or CISA, provides liability and antitrust protections for companies that share attack data with federal agencies. Created in 2015 with a 10-year sunset clause, the act lapsed twice over the past four months as lawmakers clashed over proposed revisions. It was extended this week [to September 30, 2026] as part of a broader spending bill approved by Congress and signed by President Trump.  
    • “But an eight-month shelf life—and on-again off-again status—is unlikely to encourage hacked companies to risk legal or reputational damage by sharing sensitive data, especially in the wake of costly downtime, cybersecurity experts said. Staffing and resource cuts over the past year at the federal Cybersecurity and Infrastructure Security Agency, which shepherds private-public intelligence sharing, is adding to their concerns, they said.
    • “Temporary extensions are Band-Aids,” said Kevin Greene, public sector chief cybersecurity technologist at security firm BeyondTrust. Prolonged uncertainties, he said, will “absolutely create some friction in information sharing.”
  • Cyberscoop relates,
    • “The Trump administration needs help from industry to reduce the cybersecurity regulatory burden and to back important cyber legislation on Capitol Hill, among other areas, National Cyber Director Sean Cairncross said Tuesday.
    • “You know your regulatory scheme better than I do: Where there’s friction, where there’s frustration with information sharing, what sort of information is shared, the process through which it’s shared,” he said. “It is helpful for us to hear that and have that feedback so that we can address it, engage it and try to make it better.”
    • “The Trump administration is interested in being a partner with industry rather than a “scold,” Cairncross said at an Information Technology Industry Council event. The Biden administration sought to impose more cybersecurity rules on the private sector than prior administrations.”
  • Cybersecurity Dive adds,
    • “Cairncross’s comments come as the White House prepares to unveil its five-page national cybersecurity strategy, which will focus heavily on streamlining regulations to reduce the burden on industry, including critical infrastructure organizations.
    • “The White House wants to revise the current patchwork of cybersecurity regulations “so that form follows function rather than [the rules being] a compliance checklist,” said Cairncross, who has led the relatively new Office of the National Cyber Director since August.” * * *
    • “Cairncross did not provide a timeline for the strategy’s release, but he said the White House would publish it “sooner rather than later.” The goal of the brief document, he explained, is “to point a direction for the USG to go so resources and effort can be lined up.”
  • and
    • “Governments should work closely with the private sector when designing and detailing their national cybersecurity strategies, a prominent think tank said in a report published on Monday.
    • “Active participation from the private sector, particularly large technology, telecommunications, and cybersecurity firms, is critical throughout the strategy’s development,” the Center for Cybersecurity Policy and Law (CCPL) said in its white paper. “The private sector can help not only support but also deliver on the government’s cybersecurity objectives and is key to a secure and resilient nation.”
  • and
    • “The Trump administration is making progress on creating an information sharing and analysis center for the AI industry to improve its ties with the government as AI cyber threats proliferate, a U.S. official said on Tuesday.
    • “The administration is absolutely committed to making sure that we’re supporting this industry, making sure that we’re going to foster information sharing,” Nick Andersen, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency, said during a talk at an event hosted by the Information Technology Industry Council. “We just want to make sure we take the opportunity to get that relationship right.”
  • Federal News Network shares five updates on the Trump Administration’s cybersecurity agenda.
    • Six-pillar national cyber strategy
    • CIRCIA update
    • AI-ISAC in development
    • AI security policy framework
    • CIPAC replacement coming soon?
  • DefenseScoop notes,
    • “Marine Corps Maj. Gen. Lorna Mahlock was confirmed by the Senate on Friday evening [January 30] as deputy commander of U.S. Cyber Command, where she could have an outsized influence as the organization prepares for new leadership and other major changes.
    • “She was nominated for the position by President Donald Trump.
    • “Her Senate confirmation, which happened via voice vote, means she’ll also pin on a third star and become a lieutenant general.
    • “Mahlock brings deep cyber knowledge and background to her new role.”
  • Per Cybersecurity Dive,
    • “The Federal Communications Commission is warning telecommunications companies to regularly patch their systems, enable multifactor authentication and segment their networks to avoid falling victim to ransomware attacks.
    • “Recent events show that some U.S. communications networks are vulnerable to cyber exploits that may pose significant risks to national security, public safety, and business operations,” the FCC’s Public Safety and Homeland Security Bureau said in a Jan. 29 alert.”

From the cybersecurity vulnerabilities and breaches front.

  • Cyberscoop reports,
    • “Cybersecurity and Infrastructure Security Agency order published Thursday [February 4, 2026] directs federal agencies to stop using “edge devices” like firewalls and routers that their manufacturers no longer support.
    • “It’s a stab at tackling one of the most persistent and difficult-to-manage avenues of attack for hackers, a vector that has factored into some of the most consequential and most common types of exploits in recent years. New edge-device vulnerabilities surface frequently.
    • “Under the binding operational directive CISA released Thursday, federal civilian executive branch (FCEB) agencies must inventory edge devices in their systems that vendors no longer support within three months, and replace those on a dedicated list with supported devices within one year.”
  • The American Hospital Association News tells us,
    • “The National Institute of Standards and Technology Feb. 2 published details on a critical vulnerability that impacted Notepad++, a free, open-source text and source code program widely used by several industries, including health care. The vulnerability impacted an update component affecting iterations of the program prior to version 8.8.9, and allowed attackers to gaining access to and disrupt the update process. According to the program’s developer, attacks that occurred from June to November 2025 were likely executed by a sophisticated nation-state threat actor.”
  • Cybersecurity Dive informs us,
    • “Cybercrime “began its shift toward an AI-driven future” in 2025, the security firm Malwarebytes said in a report published Tuesday that charted AI’s influence on the rapidly growing hacking ecosystem.
    • “AI is making cyberattacks faster and more effective through deepfakes, vulnerability discovery, autonomous ransomware attacks and growing connectivity between AI models and penetration testing tools, according to the report.
    • “Malwarebytes urged businesses to “shrink their attack surfaces, harden identity systems, close blind spots, accelerate remediation, and adopt continuous monitoring.”
  • and
    • “Hackers working for an Asian government have breached at least 70 government agencies and critical infrastructure organizations in 37 countries over the past year as part of an espionage campaign likely aimed at collecting information about rare earth minerals, trade deals and economic partnerships, Palo Alto Networks said in a reportpublished on Thursday.
    • “While this group might be pursuing espionage objectives,” researchers with the company’s Unit 42 group wrote in the report, “its methods, targets and scale of operations are alarming, with potential long-term consequences for national security and key services.”
    • “The security firm provided indicators of compromise and described the threat actor’s techniques and infrastructure.”
  • CISA added six known exploited vulnerabilities to its catalog this week.
    • February 3, 2026
      • CVE-2021-39935 GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability
        • Cyber Press discusses this KVE here.
      • CVE-2025-40551 SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
        • Cybersecurity Dive discusses this KVE here.
      • CVE-2019-19006 Sangoma FreePBX Improper Authentication Vulnerability
      • CVE-2025-64328 Sangoma FreePBX OS Command Injection Vulnerability 
        • The Hacker News discusses these KVEs here.
    • February 5, 2026
      • CVE-2025-11953 React Native Community CLI OS Command Injection Vulnerability
        • Security Wek discusses this KVE here.
      • CVE-2026-24423 SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability
        • Bleeping Computer discusses this KVE here.
  • Dark Reading points out, “CISA Makes Unpublicized Ransomware Updates to KEV Catalog
    • “A third of the “flipped” CVEs affected network edge devices, leading one researcher to conclude, ‘Ransomware operators are building playbooks around your perimeter.'”
  • Cyberscoop adds,
    • “Attackers are again focusing on a familiar target in the network edge space, actively exploiting two critical zero-day vulnerabilities in Ivanti software that allows administrators to set mobile device and application controls. 
    • “The vulnerabilities — CVE-2026-1281 and CVE-2026-1340 — each carry a CVSS rating of 9.8 and allow unauthenticated users to execute code remotely in Ivanti Endpoint Manager Mobile (EPMM). Ivanti did not say when the earliest known date of exploitation occurred but warned that a “very limited number of customers” were attacked before it disclosed and addressed the defects Thursday [January 29, 2026]. * * *
    • “The Cybersecurity and Infrastructure Security Agency has flagged 31 Ivanti defects on its known exploited vulnerabilities catalog since late 2021. At least 19 defects across Ivanti products have been exploited in the past two years. 
    • “The agency added CVE-2026-1281 to the catalog Thursday, but not CVE-2026-1340. Both defects have been exploited, according to watchTowr. Yet, a spokesperson for Ivanti said the vulnerabilities have not been chained together for exploitation.
    • “The latest code-injection vulnerabilities demonstrate attackers are focusing on EPMM in particular of late. Ivanti disclosed a separate pair of vulnerabilities in the same product in May 2025.” 
  • Cybersecurity Dive informs us,
    • “Two months after a critical vulnerability was disclosed in React Server Components, researchers warn of a significant change in threat activity targeting the flaw. 
    • “The original vulnerability, tracked as CVE-2025-55182, allows an unauthenticated attacker to achieve remote code execution due to unsafe deserialization of payloads. 
    • “The initial wave of attacks in December led to hundreds of systems being compromised as state-linked threat groups and other actors engaged in widespread exploitation. The vulnerability, dubbed React2Shell, has been targeted in a wide range of industries since it was discovered in late November.
    • “Researchers from GreyNoise on Monday reported a distinctive change over the prior seven days, as more than half of the threat activity now emanated from only two IP addresses, according to a blog post. Before the change, there were 1,083 unique sources linked to threat activity, according to researchers.
    • “GreyNoise said its sensors detected more than 1.4 million attempts to exploit CVE-2025-55182 during the seven-day period.
    • “Researchers warned the exploitation appears to be focused on the developer community.” 
  • Per Dark Reading,
    • “Threat actors are using a forensic tool’s Windows kernel driver to kill security products, despite the fact the driver’s digital certificate was revoked more than a decade ago.
    • “In a blog post Wednesday, security researchers at Huntress detailed how the company responded to an intrusion earlier this month in which the threat actor used compromised SonicWall SSL VPN credentials for initial access to the victim’s network. But the real kicker was how the attacker avoided detection: they weaponized the Windows kernel driver of a legitimate forensic toolset called EnCase to disable security products across the network.”
    • “The attack technique is known as bring-your-own-vulnerable-driver (BYOVD), which involves taking advantage of the elevated privileges and kernel-level access of a driver to terminate security processes before an intrusion is detected. Threat actors have increasingly used drivers to disable endpoint detection and response (EDR) platforms, often in ransomware attacks; these tools are commonly known as EDR killers.”  
  • Per SC Media,
    • “More than 300 malicious OpenClaw skills hosted on ClawHub spread malware including the Atomic macOS Stealer (AMOS), keyloggers and backdoors, Koi Security reported Sunday.  
    • OpenClaw, formerly known as Moltbot and Clawdbot, is an open-source AI agent that has recently gained significant popularity as a personal and professional assistant.
    • “ClawHub is an open-source marketplace for OpenClaw “skills,” which are tools OpenClaw agents can install to enable new capabilities or integrations.
    • “Koi Security Researcher Oren Yomtov discovered the malicious skills in collaboration with his own OpenClaw assistant named Alex, according to Koi Security’s blog post, which is written from Alex’s perspective.
    • “Yomtov and Alex audited all 2,857 skills available on ClawHub at the time of their investigation, and discovered that 341 were malicious, with 335 seemingly tied to the same campaign.”
  • Per Security Week,
    • “The big takeaway from 2026 onward is the arrival and increasingly effective use of AI, and especially agentic AI, that will revolutionize the attack scenario. The only question is how quickly.
    • ‘Michael Freeman, head of threat intelligence at Armis, predicts, “By mid-2026, at least one major global enterprise will fall to a breach caused or significantly advanced by a fully autonomous agentic AI system.”
    • “These systems, he continues, “use reinforcement learning and multi-agent coordination to autonomously plan, adapt, and execute an entire attack lifecycle: from reconnaissance and payload generation to lateral movement and exfiltration. They continuously adjust their approach based on real-time feedback. A single operator will now be able to simply point a swarm of agents at a target.”

From the ransomware front,

  • Bleeping Computer reports today,
    • “A major U.S. payment gateway and solutions provider says a ransomware attack has knocked key systems offline, triggering a widespread outage affecting multiple services.” * * *
    • “BridgePay Network Solutions confirmed late Friday that the incident disrupting its payment gateway was caused by ransomware.
    • “In an update posted Feb. 6, the company said it has engaged federal law enforcement, including the FBI and U.S. Secret Service, along with external forensic and recovery teams.
    • “Initial forensic findings indicate that no payment card data has been compromised,” the company said, adding that any accessed files were encrypted and that there is currently “no evidence of usable data exposure.”
  • The Rhode Island Current tells us,
    • “A state vendor and major provider of workers’ compensation insurance in Rhode Island confirmed it was the victim of a cyberattack in January.   
    • “The Beacon Mutual Insurance Company posted about the Jan. 14 incident to its website around noon Thursday, following inquiries from Rhode Island Current earlier in the day. The requests for comment were prompted by Beacon’s appearance on public websites that list and track recent reports of ransomware — a genre of malware characterized by making users’ files encrypted and inaccessible unless they pay a price.
    • “Yes, this was a ransomware attack,” Michelle N. Pelletier, the assistant vice president of marketing and communications at the Warwick company, confirmed over email late Thursday afternoon.
    • “But Pelletier added that not all was lost, and that the company’s production environment — or the live systems that users interact with directly — remained safe from harm.  
    • “Fortunately, our production environment was not encrypted, and we were able to resume normal operations on January 20,” Pelletier wrote.”  
  • Security points out,
    • “If battling ransomware isn’t challenging enough, these attacks have undergone a significant metamorphosis, with attackers shedding their encryption-based model for one of pure exfiltration. The result? A more stealthy, discreet approach that successfully bypasses traditional defenses to snatch sensitive data and employ a double or triple extortion scheme. 
    • “With pure exfiltration, businesses don’t realize they’re a victim until it’s too late.” 
  • Security Week adds,
    • “Data allegedly pertaining to over 5 million Panera Bread customers has emerged online after hackers failed to extort the US bakery-cafe chain.
    • “The ShinyHunters extortion group has claimed the theft of roughly 14 million records from Panera Bread, after compromising a Microsoft Entra single-sign-on (SSO) code.
    • “The attack falls in line with recent ShinyHunters attacks that rely on voice phishing (vishing) and SSO authentication to access victim organizations’ cloud-based software-as-a-service (SaaS) environments.
    • “Last week, ShinyHunters published on its Tor-based leak site a 760GB archive allegedly containing the sensitive information stolen from Panera Bread.
    • “According to the data breach notification site Have I Been Pwned, the data was leaked after the hackers failed to extort the food chain.
    • “The archive includes 5.1 million unique email addresses and likely impacts as many Panera customers. Associated information such as names, addresses and phone numbers was also present in the leak.”
  • Security.com lets us know,
    • “A recent Black Basta attack campaign was notable because the ransomware contained a bring-your-own-vulnerable-driver (BYOVD) defense evasion component embedded within the ransomware payload itself.
    • “Normally the BYOVD defense evasion component of an attack would involve a distinct tool that would be deployed on the system prior to the ransomware payload in order to disable security software. However, in this attack, the vulnerable driver (an NsecSoft NSecKrnl driver) was bundled with the ransomware itself. 
    • “BYOVD is by far the most frequently used technique for defense impairment these days. Generally, attackers will deploy a signed vulnerable driver to the target network, which they then exploit to elevate privileges and disable security software. Since the vulnerable drivers operate with kernel-mode access, they can be used to terminate processes, making them an effective tool for disrupting security measures. In most cases, the vulnerable driver is deployed along with a malicious executable, which will use the driver to issue commands.”
  • Bleeping Computer relates,
    • “Ransomware operators are hosting and delivering malicious payloads at scale by abusing virtual machines (VMs) provisioned by ISPsystem, a legitimate virtual infrastructure management provider.
    • “Researchers at cybersecurity company Sophos observed the tactic while investigating recent ‘WantToCry’ ransomware incidents. They found the attackers used Windows VMs with identical hostnames, suggesting default templates generated by ISPsystem’s VMmanager.
    • “Diving deeper, the researchers discovered that the same hostnames were present in the infrastructure of multiple ransomware operators, including LockBit, Qilin, Conti, BlackCat/ALPHV, and Ursnif, as well as various malware campaigns involving RedLine and Lummar info-stealers.”
  • Per Dark Reading,
    • “The operators of DragonForce, a ransomware-as-a-service outfit that first surfaced in 2023, appear to be drawing heavily from the organized crime playbook, creating a cartel and attempting to bring mafia-style territorial organization — and a bit of muscle — to the ransomware ecosystem.
    • “A detailed analysis by LevelBlue showed the group has recently shifted its business model to one where customers — or affiliates — of its service can create their own brands while still operating under a blossoming DragonForce cartel umbrella.” * * *
    • DragonForce has established itself as a relatively major player in the ransomware ecosystem since launching activities in 2023. Though not as big as rivals like Akira and Qilin, it has commanded some attention for its aggressive marketing and outreach. As of July 2025, the company had notched at least 250 victims based on its data leak site, according to Check Point Research.”

From the cybersecurity defenses front,

  • Cyberscoop reports,
    • “Following a series of high-profile cyberattacks, boards of directors are now requiring their organizations to take greater responsibility for the risks posed by enterprise resource planning (ERP) systems pose after a series of high-profile cyberattacks. The Jaguar Land Rover (JLR), incident in Sept. 2025 illustrates the severe consequences of such attacks. The cyberattack forced JLR to halt production for six weeks, making it the costliest cyberattack in Britain’s history. The company’s revenue declined 24 percent that quarter, accounting for potentially over a  $1.2 billion drop in earnings, and subsequently reported a 43.3% wholesale sales volume drop the following quarter.
    • “For decades, organizations have treated ERP systems like SAP as back-office workhorses. However, the JLR incident—carried out by executed by the cybercrime group ShinyHunters —has thrust ERP systems into the spotlight. That shift in attention is critical: today, 90% of the Fortune 500 use SAP, making these systems “crown jewel” assets that require the highest level of protection.
    • “The threat is escalating. A recent Google Cloud Security report forecasts that ransomware operations specifically designed to target critical enterprise applications such as ERP systems will emerge in 2026, forcing organizations to make quick ransom payments and sacrifice business resilience. 
    • “In our roles as board members, advisers, and cybersecurity CEOs, we’re witnessing a fundamental shift in how organizations approach ERP security: the conversation has moved from compliance to survival. Organizations are grappling with critical question: Who owns the risk? What is our recovery time? Can we patch critical ERP vulnerabilities within 72 hours? Do we have visibility inside the application?”
  • Help Net Security explains where NSA zero trust guidance aligns with enterprise reality.
  • This HHS Inspector General’s report points out “Security Controls to Enhance Its Ability to Prevent and Detect Cyberattacks.”
  • Tech Target describes “five steps to ensure HIPAA compliance on mobile devices.”
  • Here is a link to Dark Reading’s CISO Corner.

Friday report

David ErmerCDC, Congress, COVID-19, FDA, Generative AI, Rx coverage, U.S. Healthcare

From Washington, DC

  • The Wall Street Journal reports,
    • “Mehmet Oz arrived on Capitol Hill last week to pitch Republicans on an idea to codify into law President Trump’s drug-pricing model, which ties U.S. pharmaceutical costs to lower prices typically paid abroad.
    • “Oz, the Centers for Medicare and Medicaid Services administrator, could sense the skepticism from GOP senators—members of the Finance Committee—as they raised concerns about industry backlash and a potential chilling effect on innovation.
    • “You read the room,” Oz said in an interview. “When’s the right time to tell them they need to do something different?”
    • “The move marked the opening effort of the administration’s push to advance the president’s planahead of the midterm elections, as healthcare costs have become a top voter concern. While Trump has proposed sending money directly to Americans through Health Savings Accounts to ease those costs, that discussion was absent from Oz’s talks with Republicans, he said.
    • “That’s not the most important issue for us,” said Oz, the former television host and celebrity surgeon widely known as Dr. Oz. He emphasized making sure that pricing deals reached under Trump with more than a dozen pharmaceutical companies endure beyond his time in office.”
  • and
    • “The White House on Thursday launched its drug-pricing website, dubbed TrumpRx, the culmination of efforts by the administration to bring down pharmaceutical costs for some consumers.
    • “When it launched, it had roughly 40 drugs available, including obesity treatments Novo Nordisk’s Wegovy and Eli Lilly’s Zepbound and infertility treatments such as Gonal-F from EMD Serono. The prices for the drugs on TrumpRx were generally much lower than their sticker price, with President Trump touting some discounts of hundreds of dollars a month. The website, TrumpRx.gov, allows customers to search for specific medicines and purchase them through a manufacturer’s direct-to-consumer site, or in some cases gives users coupons that they can present at certain pharmacies.” * * *
    • “The website likely won’t have a substantial impact on the amount most Americans pay for their prescriptions, as most of Americans are insured—either through private or government plans—and are likely to get a better deal on the drugs via their coverage. The roughly 27 million Americans who are uninsured are those most likely to benefit from the direct-to-consumer offerings.” 
  • Here is a link to the White House’s fact sheet on TrumpRx.
  • Govexec tells us,
    • “The U.S. Postal Service on Thursday reported that it experienced a net loss of nearly $1.3 billion in the first quarter of fiscal 2026, as there continues to be a lack of consensus among postal leaders, stakeholders and lawmakers about how to fix the agency’s longstanding financial challenges. 
    • “Officials attributed the loss to a $634 million increase to workers’ compensation, among other spending hikes, paired with a $264 million reduction in operating revenue. In comparison, USPS saw a net income of $144 million during the first quarter of fiscal 2025. 
    • USPS, however, experienced a net loss of $9 billion in fiscal 2025, and officials have projected that the postal agency will continue to operate in the red for fiscal 2026. 
    • “At a USPS Board of Governors meeting on Thursday, Postmaster General David Steiner and the board reiterated their argument that legislative and administrative reforms, such as raising the postal agency’s $15 billion statutory debt limit, are necessary to reverse these losses.”

From the Food and Drug Administration front,

  • Fierce Pharma reports,
    • “With online health and wellness company Hims & Hers opening a new front in the GLP-1 compounding showdown Thursday, the United States’ top drug regulator has taken notice.
    • “FDA will take swift action against companies mass-marketing illegal copycat drugs, claiming they are similar to FDA-approved products,” FDA commissioner Marty Makary, M.D., said in a Feb. 5 post on X. “The FDA cannot verify the quality, safety, or effectiveness of non-approved drugs.”
    • “Makary’s comments mark a clear and sharp rebuttal to Hims’ announcement earlier in the day that it had launched a compounded version of Novo Nordisk’s new Wegovy (semaglutide) pill for obesity, which starts at just $49 per month.”
  • and
    • “The FDA removed a prior “limitations of use” restriction it had placed on Gilead Sciences’ CAR-T Yescarta, allowing it to be used in patients with relapsed or refractory (R/R) primary central nervous system lymphoma (PCNSL).
    • “Yescarta is approved for R/R large B-cell lymphoma, but previously wasn’t permitted to treat those with the rare, fast-growing PCNSL subtype. Prognoses related to this disease, which originates in the brain, spinal cord, eye, or cerebrospinal fluid, are typically poor, with a five-year survival rate of about 30%. The cancer type has no standard-of-care treatment options and an estimated 1,500 cases are diagnosed annually in the U.S.
    • “Dana-Farber Cancer Institute ran a phase 1 study to evaluate the safety of Yescarta in patients with PCNSL, as those with the disease had previously been excluded from the clinical trials supporting Yescarta’s initial approval, global head of development at Gilead’s Kite unit, Gallia Levy, M.D., Ph.D. explained in a company release.” 
  • MedTech Dive relates,
    • “Johnson & Johnson is recalling certain Cerepak detachable coil systems due to a higher-than-expected failure to detach rate that has been associated with four serious injuries and one death. The events were reported as of Oct. 14.
    • “The failure to detach could result in hemorrhagic and ischemic stroke, procedural delays or the need for additional surgical intervention, according to the Food and Drug Administration, which posted the recall on Thursday.
    • “J&J issued a letter to customers on Oct. 2 recommending they remove certain Cerepak products from where they are used or sold.”
  • Cardiovascular Business tells us,
    • “Zydus Pharmaceuticals, a New Jersey-based distributor of generic drugs, has recalled nearly 23,000 bottles of its icosapent ethyl capsules due to leakage issues that may have weakened their effectiveness. The prescription-strength capsules were manufactured by Softgel Healthcare in India and are sold in the United States as a more affordable option to name-brand treatment options.
    • “Icosapent ethyl is primarily used to help treat patients with high triglyceride levels in their blood. Taken together with a statin, it can also help significantly reduce the risk of heart attack, stroke or other cardiac complications in certain patient populations.
    • “Use of the affected product may lead to inconsistent therapeutic effects and an increase in potential gastrointestinal side effects in some patients,” according to the Food and Drug Administration (FDA).”

From the judicial front,

  • Fierce Healthcare reports,
    • “The Department of Health and Human Services has officially backed down on its halted 340B Rebate Model Pilot Program, telling the courts this week that it plans to pull relevant notices and application approvals.
    • “Lawyers for the government and plaintiffs who sued to block the program—several hospitals and hospital groups including American Hospital Association (AHA)—filed Thursday afternoon in the U.S. District Court for the District of Maine a joint motion for vacatur and remand. 
    • “The filing acknowledged the preliminary injunction plaintiffs had secured and the government’s failed bid to have the the temporary pause overturned by the appellate court. Both reflected judges’ belief that the hospitals were likely to succeed on the merits of their claims based on at least two administrative issues—”a failure to provide a reasonable explanation or address significant reliance interests and a failure to consider relevant costs.” 
    • “As such, HHS does not believe providing more administrative documents to the court would change any decisions, according to the joint motion.”
  • The Wall Street Journal relates,
    • “Luigi Mangione will face murder and weapons charges in a Manhattan court in June for the killing of UnitedHealthcare CEO Brian Thompson, three months before jury selection in his federal trial for crimes related to the same killing.
    • “New York state court Judge Gregory Carro set a June 8 trial date during a snap hearing Friday, prompting an outburst from Mangione, who claimed he was being denied double-jeopardy protections.” * * *
    • “The Manhattan district attorney’s office argued the state case should go first because the killing occurred in Manhattan and local prosecutors—working with many NYPD detectives—led the investigation that resulted in Mangione’s arrest.
    • “The State has an overriding interest in trying this defendant for the cold-blooded execution of Brian Thompson on December 4, 2024. It resulted in the tragic death of a guest to our city on our streets,” Assistant District Attorney Joel Seidemann said in a letter to the judge.”

From the public health and medical / Rx research front,

  • The Centers for Disease Control and Prevention announced today,
    • “Seasonal influenza activity remains elevated nationally with most areas of the country reporting stable or decreasing trends. Emergency department visits are stable and highest among children 5-17 years. Hospitalizations trends continue to decrease overall and are highest among those 65 years and older. RSV activity is elevated in many areas of the country. Emergency department visits for RSV are highest among infants under 1 year and children 1-4 years old. RSV hospitalizations are highest among infants less than 1 year old.
    • “COVID-19
      • COVID-19 activity is elevated in some areas of the country.
    • “Influenza
      • “Seasonal influenza activity remains elevated nationally with most areas of the country reporting stable or decreasing trends; however, activity continues to increase in the Pacific Northwest.
      • “Additional information about current influenza activity can be found at: Weekly U.S. Influenza Surveillance Report | CDC
    • “RSV
      • RSV activity is elevated in many areas of the country, including emergency department visits among infants under 1 year and children 1-4 years old. Hospitalizations are highest among infants less than 1 year old.
    • “Vaccination
      • “National vaccination coverage for COVID-19, influenza, and RSV vaccines remains low for children and adults. COVID-19, influenza, and RSV vaccines can provide protection against severe disease this season. It is not too late to get vaccinated this season. Talk to your doctor or trusted healthcare provider about what vaccines are recommended for you and your family.
  • The University of Minnesota CIDRAP adds,
    • “The effectiveness of this season’s flu vaccine in Canada is 40% against medically attended infection with influenza A(H3N2) viruses, 37% against newly emerged and predominant subclade K of the H3N2 strain, and 31% against the H1N1 influenza A strain, an interim analysis estimates.
    • “Researchers from the Canadian Sentinel Practitioner Surveillance Network (SPSN) conducted the test-negative study, which evaluated samples from patients aged one year or older who had acute respiratory illness. Community-based sentinel health care providers in Alberta, British Columbia, Ontario, and Quebec collected the specimens from October 26, 2025, to January 10, 2026, and the findings were published yesterday in Eurosurveillance.”
  • The AP reports,
    • “During the early years of the COVID-19 pandemic, experts worried that disruptions to cancer diagnosis and treatment would cost lives. A new study suggests they were right.
    • “The federally funded study published Thursday by the medical journal JAMA Oncology is being called the first to assess the effects of pandemic-related disruptions on the short-term survival of cancer patients.
    • “Researchers found that people diagnosed with cancer in 2020 and 2021 had worse short-term survival than those diagnosed between 2015 and 2019. That was true across a range of cancers, and whether they were diagnosed at a late or early stage.
    • “Of course, COVID-19 itself was especially dangerous to patients already weakened by cancer, but the researchers worked to filter out deaths mainly attributed to the coronavirus, so they could see if other factors played a role.”
  • Healio informs us,
    • “As the number of home hazards increased, so did the effect of visual function on the odds of falling.
    • “Home safety evaluations and environmental adaptations could be helpful for adults with low vision.”
  • and
    • “Use of SGLT2 inhibitors was associated with lower 5-year risk for chronic kidney disease and AKI compared with GLP-1 receptor agonists for adults with type 2 diabetes, according to data published in JAMA Internal Medicine.”
  • Radiology Business lets us know;
    • “New research suggests that photon-counting computed tomography scans outshine conventional contrasted chest CT for follow-up imaging of lung cancer. 
    • “Patients who have been diagnosed with the disease require routine imaging to monitor treatment effectiveness and ensure their cancer has not progressed or recurred. This is typically done via standard contrast-enhanced CT scans. Though effective, the standard of care comes with caveats, including increased exposure to both radiation and contrast media. What’s more, image quality can vary based on patient size, which can negatively affect lesion detection and characterization. 
    • “Experts believe that emerging photon-counting technology can help address these shortcomings. Published in RSNA’s flagship journal, Radiology, a new paper details numerous benefits photon-counting CT scans have over conventional CTs, including reduced radiation exposure and enhanced lesion visualization. Experts involved in the study went as far as to suggest that the advanced technology could replace conventional CTs in certain settings soon.”
  • Genetic Engineering and Biotechnology News observes,
    • “If you zoomed in far enough on a new experimental HIV vaccine, you wouldn’t see the usual protein shell that most vaccines rely on. Instead, you’d find tiny geometric structures folded from strands of DNA—molecular origami designed not to be noticed at all. This “invisible” scaffold may be the key to awakening some of the rarest and most sought‑after cells in immunology: the B cells capable of maturing into broadly neutralizing antibody producers.
    • “Many next‑generation vaccines use virus‑like particles (VLPs)—nanostructures that mimic the outer shape of a virus but contain no genetic material. By displaying many copies of a viral antigen on their surface, VLPs can activate B cells far more effectively than free‑floating proteins. The paper is titled “DNA origami vaccines program antigen-focused germinal centers,” and was published recently in Science. 

From the U.S. healthcare business and artificial intelligence front,

  • Fierce Healthcare reports,
    • “Centene is “laser-focused” on improving the performance of its Medicaid business following a difficult 2025.
    • “CEO Sarah London told investors Friday morning on the company’s earnings call that the team made headway in this effort in later part of 2025, with it’s Q4 medical loss ratio of 93% on par with expectations set for analysts in October and showing notable improvement from the second quarter of 2025.
    • “She said that utilization trend patterns seen in the third quarter largely carried into Q4, with behavioral health as the largest driver. Home health services and high-cost pharmaceuticals were also key factors in cost and utilization trends seen in the back half of the year, she said.
    • “And while a spike in flu and other respiratory illnesses generated headlines late in the year, London said that utilization patterns in its Medicaid population were on par with expectations.
    • “As an organization, we have been laser-focused on restoring our Medicaid business to sustainable profitability while maintaining our focus on quality outcomes for our members and the communities we serve,” London said.”
  • and
    • “Molina Healthcare’s share price plunged on Friday as it posted a $160 million loss in the fourth quarter as well as guidance for 2026 that fell short of analysts’ expectations.
    • “Shares in the company were down by about 28% at 11:30 a.m. ET, with its stock tumbling out of the gate at market open on Friday. By comparison, Molina earned $251 million in profit for the fourth quarter of 2024.
    • “For the full year, Molina has posted $472 million in profit, down from $1.2 billion in 2024.
    • “In the earnings report, Molina revealed that it will exit the Part D space in the 2027 plan year due to financial pressure, including Medicare Advantage prescription drug (MAPD) plans. The company will focus on its existing dual-eligible business in Medicare, according to the announcement.”
  • Healthcare Dive relates
    • “Primary care physicians spend a significant amount of time on work in their electronic health records, even when they decrease the number of appointments they schedule with patients, according to new research published in Health Affairs.
    • “Physicians who cut back appointments saw their visit volume decline by 32.6% compared with other doctors. But their EHR time fell by just 21.2% — meaning the number of minutes spent in their records systems actually increased per visit by more than 20%, according to the study. 
    • ‘Primary care physicians need to handle a lot of tasks outside appointments, like responding to patient messages, researchers wrote. So reducing visits doesn’t necessarily eliminate a host of EHR tasks — though it does have repercussions for physicians’ pay and patients’ access to care, they noted.” 
  • and
    • “Epic rolled out an artificial intelligence tool this week that drafts clinical notes, setting up the nation’s largest electronic health record vendor as a major competitor in the ambient scribe market. 
    • “AI Charting, part of Epic’s AI tool called Art geared toward clinicians, listens during patients’ appointments with providers and can suggest orders based on the conversation. The product also allows clinicians to personalize the note’s structure using voice commands, like asking the tool to format current conditions as a bulleted list, according to a press release. 
    • “Epic plans to expand beyond documentation to make the tool “an active assistant in the room,” Corey Miller, Epic’s vice president of research and development, said via email. “This is really just the start for Art,” he said.”
  • Fierce Healthcare adds,
    • “Infinitus has launched a new suite of agentic artificial intelligence tools for healthcare payers that aim to improve member engagement through personalized communications.
    • “Infinitus is an AI company that helps call centers better handle inbound call volumes. For payer organizations, pressured to control costs as call volumes rise and ratings of members demand a modern consumer experience, AI is positioned to solve both issues. 
    • “With the Agentic AI Member Services Suite, health plan members have 24/7 access to an AI agent that can answer simple administrative questions, onboard members, triage questions and navigate care. Through messaging and calling capabilities, Inifinitus’ AI agents can proactively reach out to patients and scale member services without adding team members.”
  • and
    • “Aetna is continuing to build out its digital member experience with the launch of a new onboarding program designed to ease the process.
    • “The insurer said Thursday that the platform will be available to 4 million new members during the welcome period for their enrollment. The program leads on Rich Communication Services, or RCS, to support navigation and connect members with key information and resources they may need after enrolling in a new plan through text messaging.
    • “Nathan Frank, senior vice president and chief digital and technology officer for Aetna, told Fierce Healthcare that building trust with the member requires an end-to-end experience, and tech like the new onboarding program can play a key role in that effort.
    • “Onboarding isn’t just about administration and signing people up and making sure that you have the right information,” he said. “It’s the moment when members decide whether their health plan feels simple, or is it overwhelming?” 

Thursday report

David ErmerCongress, FDA, Federal employment benefits, Generative AI, Medical / Rx research, OPM, Rx coverage, U.S. Healthcare

From Washington, DC

  • Govexec reports,
    • “The House Oversight and Reform Committee on Wednesday unanimously advanced legislation aimed at updating the federal government’s buyout programs to encourage employees to leave.
    • “Voluntary Separation Incentive Payments are one of the government’s main tools for reducing agency headcounts, alongside Voluntary Early Retirement Authority and reductions in force. But VSIP offerings max out at $25,000, where the cap has sat since the 1990s.
    • “The Federal Workforce Early Separation Incentives Act (H.R. 7256), introduced by Rep. Nick Langworthy, R-N.Y., would remove the $25,000 hard cap on VSIP payments and replace it with a maximum of six months of a federal worker’s salary, subject to agency head approval. The new model is based off how federal agencies already calculate severance pay for laid-off feds.
    • ‘Langworthy said an update to the federal government’s buyout program was long-overdue, and that the changes will allow agencies to move more agilely—and humanely—in workforce planning.”
  • The Wall Street Journal relates,
    • “The Trump administration is planning to make it easier to discipline—and potentially fire—career officials in senior positions across the government, a move that would affect roughly 50,000 federal workers. 
    • “The U.S. Office of Personnel Management, which oversees the federal workforce, issued a final rule on Thursday that creates a category of worker for high-ranking career employees whose work focuses on executing the administration’s policies. Workers who fall into that category would no longer be subject to rules that for decades have set a high bar for firing federal employees.
    • “While political appointees at agencies are considered at-will employees who serve at the discretion of the president, career employees have long enjoyed strong job protections, including the ability to appeal firings, suspensions, or disciplinary action to an independent board. Workers that fall under the new category wouldn’t be able to appeal to the board.”
  • An OPM news release adds,
    • “The final rule was published for public inspection in the Federal Register on February 5, 2026, and will take effect 30 days after publication. Following the rule’s effective date, specific positions may be placed in Schedule Policy/Career by presidential executive order. Read Director Kupor’s blog post on the rule here.”
  • Tammy Flanagan, writing in Govexec, points out “the federal leave options employees can use when annual and sick time run out.”
    • “From unpaid leave to parental and military leave, federal workers have multiple options for time off under specific circumstances.”
  • STAT News informs us,
    • “President Trump on Thursday night is planning to announce the launch of TrumpRx, the website that he and his aides have touted for months as a platform aimed at lowering prescription drug prices. 
    • “The website, which uses technology from health care company GoodRx, is expected to display the cash prices — that is, the prices available when paying without insurance — for certain drugs and direct patients to other sites where they can buy the therapies. It’s part of Trump’s plan to lower drug prices in the U.S., but some experts are skeptical the platform will meaningfully affect affordability.” * * *
    • “TrumpRx will not sell medications. It is expected to be a searchable website that links to other sites through which patients can directly buy brand drugs. That might be a drug company’s own website, such as Eli Lilly’s LillyDirect or Novo Nordisk’s NovoCare Pharmacy, or an online pharmacy that partners with a drugmaker, such as Amazon Pharmacy and Truepill.”
  • The American Hospital Association News notes,
    • “The Assistant Secretary for Technology Policy/Office of the National Coordinator for Health Information Technology announced the selection of nine pilots as part of the Behavioral Health Information Technology Initiative to help improve behavioral health data exchange across care settings. The BHIT Initiative is a $20 million effort led by ASTP/ONC in coordination with the Substance Abuse and Mental Health Services Administration to support standard data elements and foster data exchange. The pilots, which will be completed by the end of this year, will be used to inform future standards, technical specifications, guidance and policy considerations. The pilots span across 45 exchange partners and eight states and Washington, D.C. The states are Colorado, Connecticut, Delaware, Florida, Massachusetts, North Carolina, Oregon and Rhode Island.”
  • Healthcare Dive calls our attention to the fact
    • “More than one-fourth of doctors enrolled in Medicaid didn’t actually deliver care to any Medicaid beneficiaries in 2021, according to new research adding to worries about low physician participation in the safety-net insurance program.
    • “Almost 28% of doctors enrolled in Medicaid were “ghost providers” and didn’t treat a single patient that year, the study published in Health Affairs on Monday found. Another 10% treated fewer than 10 patients, while the remaining 62.2% were standard or “core” providers treating the brunt of Medicaid enrollees.
    • “Participation varied widely by specialty, with psychiatrists most likely to be ghost providers and primary care physicians and cardiologists least likely to be ghost providers, the study found.”

From the Food and Drug Administration front,

  • STAT News reports,
    • “The nation’s top drug regulator said he wants to do away with pharmaceutical ads that employ “dancing patients, glowing smiles, and catchy jingles that drown out the fine print.” On Super Bowl Sunday, the drug industry will treat him to lounging football stars, a shouting DJ Khaled, and the soothing tones of Enya.
    • “Sunday’s game, the annual zenith of American advertising, is the first since Food and Drug Administration Commissioner Marty Makary began a self-described “crackdown” on drug marketing last year. And, based on the ads released in advance, little has changed in the eyes of the industry.” 
  • Per an FDA news release,
    • “Today, the U.S. Food and Drug Administration took additional steps to support the transition of our nation’s food supply from the use of artificial petroleum-based colors to alternatives derived from natural sources. Companies will now have flexibility to claim products contain ‘no artificial colors’ when the products do not contain petroleum-based colors. In the past, companies were generally only able to make such claims when their products had no added color whatsoever — whether derived from natural sources or otherwise.
    • “The agency sent a letter to industry providing notice of the FDA’s intent to exercise enforcement discretion related to these voluntary labeling claims.”

From the public health and medical / Rx research front,

  • The AP reports,
    • “Chronic exposure to pollution from wildfires has been linked to tens of thousands of deaths annually in the United States, according to a new study. 
    • “The paper, published Wednesday in the journal Science Advances, found that from 2006 to 2020, long-term exposure to tiny particulates from wildfire smoke contributed to an average of 24,100 deaths a year in the lower 48 states.
    • “Our message is: Wildfire smoke is very dangerous. It is an increasing threat to human health,” said Yaguang Wei, a study author and assistant professor in the department of environmental medicine at Icahn School of Medicine at Mount Sinai. 
    • “Other scientists who have studied the death toll from wildfire smoke were not surprised by the findings. 
    • “The estimates they’re coming up with are reasonable,” said Michael Jerrett, professor of environmental health science at the University of California, Los Angeles who was not involved in the study. “We need more of them. It’s only if we’re doing multiple studies with many different designs that we gain scientific confidence of our outcomes.”
  • Bloomberg Law tells us,
    • “Chris Womack is one of a dwindling number of Texas ranchers who can remember fighting the New World screwworm, a once-vanquished pest threatening to make an unwanted encore in the US after its recent return to northern Mexico. 
    • “You never forget the smell,” Womack, 60, said of his first encounter with a calf being devoured by screwworm maggots. It was one of many he and his father would treat in the early 1970s as an outbreak of the parasite — which can kill cattle in less than two weeks — devastated Texas ranchers.
    • “More than 50 years later, Womack and other Texas cattlemen are bracing for the screwworm’s potential comeback. Cases are proliferating in a Mexican state that borders Texas, with the pest having escaped containment by an international eradication program that banished it for decades. Texas Governor Greg Abbott issued a disaster declaration last week to open up state resources for the screwworm response.
    • “The pest’s resurgence would squeeze the $130 billion US cattle industry, which is already struggling with a record-low herd and rising costs. The screwworm prompted the US to ban cattle imports from Mexico for much of the last 14 months, crimping American beef producers at a time when record prices for the meat are adding to the pressure on shoppers angry about the cost of food.”
  • MedPage Today lets us know,
    • “New research challenged the longstanding belief that autism is much more common in males versus females.
    • “In a Swedish study of 2.7 million people, male-to-female ratios in autism diagnoses were nearly equal by age 20.
    • “Diagnosis rates peaked earlier for males, but females experienced a significant catch-up in adolescence.”
  • Genetic Engineering and BioTechnology News relates,
    • “Some types of CD8+ T cells (killer T cells) may play a role in the development of multiple sclerosis (MS). This is according to data from a new study published in Nature Immunology. Specifically, scientists found specific T cells that are abundant in people with MS, which also target the Epstein-Barr virus (EBV). They suggest that this points to a possible role for the virus in triggering the immune response seen in the autoimmune disease.   
    • “Full details are published in a paper titled “Antigen specificity of clonally enriched CD8+ T cells in multiple sclerosis.” For Joe Sabatino, MD, PhD, senior author on the study and an assistant professor of neurology at University of California, San Francisco’s Weill Institute for Neurosciences, “these understudied CD8+ T cells [connect] a lot of different dots.” That is because scientists have known for several years that EBV, a common virus carried by about 95 percent of adults, is present in virtually everyone who develops MS. This data “gives us a new window on how EBV is likely contributing to this disease,” he said.” 
  • Per BioPharma Dive,
    • “Bayer’s experimental blood thinner asundexian cut the relative likelihood of a repeat stroke by 26% without increasing the risk of internal bleeding, the company said Thursday, boosting hopes that the company might become a new option for “secondary treatment” of the disorder.
    • “The news could also elevate the outlook for medicines like asundexian, which are called Factor XIa inhibitors and are being advanced by a handful of the world’s largest pharmaceutical companies.
    • “Members of that drug class, including asundexian and a similar therapy from Bristol Myers Squibb and Johnson & Johnson, have previously suffered clinical setbacks in different types of cardiovascular illnesses. But asundexian’s success, first announced in November, lifted Bayer shares and indicated the drugs might be able to fulfill at least some of their commercial potential.
    • “The German drugmaker released full data from its positive study, “Oceanic-Stroke,” at the International Stroke Conference in New Orleans on Thursday.” 
  • Per the AP,
    • “A new kind of pill sharply reduced artery-clogging cholesterol in people who remain at high risk of heart attacks despite taking statins, researchers reported Wednesday.
    • “It’s still experimental but the pill helps rid the body of cholesterol in a way that today can be done only with injected medicines. If approved by the Food and Drug Administration, the pill, named enlicitide, could offer an easier-to-use option for millions of people.
    • “Statins block some of the liver’s production of cholesterol and are the cornerstone of treatment. But even taking the highest doses, many people need additional help lowering their LDL, or “bad,” cholesterol enough to meet medical guidelines.
    • “In a major study, more than 2,900 high-risk patients were randomly assigned to add a daily enlicitide pill or a dummy drug to their standard treatment. The enlicitide users saw their LDL cholesterol drop by as much as 60% over six months, researchers reported in the New England Journal of Medicine.”

From the U.S. healthcare business and artificial intelligence front,

  • Healthcare Dive reports,
    • “Cigna posted fourth quarter 2025 results Thursday morning that outperformed analysts’ consensus expectations, with adjusted revenue of $72.5 billion up more than 10% and adjusted operational income of $2.1 billion up 16%.
    • “Cigna Healthcare, the company’s insurance division, saw its revenue drop 16% in the quarter due to the sale of its Medicare Advantage business to Health Care Service Corporation. Cigna Healthcare’s operational income rose 44% year over year, however, after the company jacked up premiums for its stop-loss products after seeing those costs spike in the fourth quarter of 2024.
    • “But the lion’s share of attention on Thursday morning’s call was devoted to Express Scripts, and how the FTC settlement might impact the massive PBM’s profits.
    • “Short answer? It won’t, executives said.”
  • BioPharma Dive relates
    • “Hims & Hers Health is launching a copycat form of Novo Nordisk’s newly launched obesity pill, ushering in the latest contentious battle between the makers of branded weight loss medications and their drug-compounding counterparts. 
    • “Hims said Thursday that it’s now enabling healthcare providers to prescribe a compounded pill with the same active ingredient, semaglutide, as Novo Nordisk’s oral Wegovy. That treatment will be sold as part of treatment plans that begin at $49 for the first month — $100 lower than the price Novo is charging under a deal with the Trump administration. Hims also claimed that its treatment is formulated differently and involves a different delivery method to protect the active ingredient during digestion. 
    • “In a statement issued in response to Hims’ announcement, Novo spokesperson Ambre James-Brown called Hims’ move “illegal mass compounding and deceptive advertising” and threatened litigation. The compounder is “unlawfully” mass-marketing an “unapproved, inauthentic, and untested knockoff” of Novo’s medication, she said.” 
  • Modern Healthcare tells us,
    • “Adtalem Global Education has become Covista, the Chicago-based education company said, with a plan to expand its healthcare career network.
    • “Covista serves nearly 100,000 students and has a community of 385,000 alumni across its five accredited institutions.
    • “Covista touts it puts 24,000 new professionals annually into the healthcare workforce — more than any other U.S. institution — including 10% of America’s new nurses.”
  • Beckers Payer Issues lets us know,
    • “Participating Medicare Part D plans can officially begin covering weight-loss treatment in 2027. 
    • “The initiative falls under CMS’ voluntary “Better Approaches to Lifestyle and Nutrition for Comprehensive hEalth” — or BALANCE — model. The December news followed President Trump’s negotiations with Eli Lilly and Novo Nordisk to secure most-favored-nation pricing for drugs that treat obesity, diabetes and related conditions.
    • “To better understand Medicare usage and spending shifts, KFF analyzed CMS data from 2019 through 2024 [as discussed in the article].
  • and
    • “Here are 12 payer tools that achieved “Best in KLAS” recognition for 2026:
      • Care management solutions: Cognizant (TriZetto CareAdvance Enterprise) 
      • Claims & administration platforms: Cognizant (TriZetto Core Claims/Administration Solutions)
      • CMS payer interoperability: Edifecs (XEngine Server for FHIR)
      • Data analytics platforms: Innovaccer (Healthcare Data Platform)
      • “Payer/provider data exchange: Moxe (Digital ROI)
      • Post-payment accuracy & integrity solutions: Trend Health Partners (TRENDConnect) 
      • Pre-payment accuracy & integrity solutions: HealthEdge (Source)
      • Quality measurement & reporting: Inovalon (Converged Quality) 
      • Risk adjustment (coding, retrieval & compliance solutions): Datavant (Risk Adjustment Suite)
      • Risk adjustment (POC & in-home health assessments): Cozeva (PayerOne Risk)
      • “IT consulting services: Huron
      • Employer-sponsored healthcare services: Premise Health
    • “The full report is accessible from KLAS Research here.
  • Per Beckers Hospital Review,
    • “Chicago-based CommonSpirit Health now has 242 artificial intelligence applications live across its hospitals, up from 230 last year.
    • “We are expanding our use of AI across CommonSpirit by deploying new capabilities and scaling the most impactful of our existing tools,” CIO Daniel Barchi told Becker’s.
    • “In 2025, the health system generated more than $100 million in annual savings through its use of AI and robotic process automation tools across multiple areas of the organization. Mr. Barchi said the value generated in fiscal year 2026 is expected to exceed last year’s total.
    • “More important than the financial impact is the expanded clinical and operational value we are seeing from these tools — value that is not measured only in dollars,” he said. “Our sepsis surveillance tool has contributed to continued reductions in sepsis-related mortality. Screening tools for colon and breast cancer are helping us identify high-risk patients, leading to thousands of additional screenings. AI tools for imaging are reducing scan times by up to 50%, supporting a better experience for patients and providers.”
    • “As CommonSpirit expands its AI footprint, Mr. Barchi said the health system has also declined or scaled back AI tools that failed to deliver expected value.”