Cybersecurity Saturday

Generative AI

Cybersecurity Saturday

David ErmerCybersecurity, Generative AI

From the cybersecurity policy and law enforcement front,

  • Cybersecurity Dive reports,
    • “Congress has temporarily reauthorized a vital but recently expired cybersecurity law as part of a bill to reopen the federal government and end the longest shutdown in U.S. history.
    • “The spending legislation, which passed the House and received President Donald Trump’s signature on Wednesday [November 12, 2025] after passing the Senate on Monday [November 10, 2025], will revive the 2015 Cybersecurity Information Sharing Act through Jan. 30, 2026, giving Congress roughly two months to agree on a longer-term plan for the law.
    • “CISA 2015, as the program is known, gave companies liability protections for sharing indicators of cyber threats with federal agencies and one another. The law’s expiration on Sept. 30 has alarmed federal officials, industry executives and cyber experts who say the government may now be receiving less information about cyberattacks from businesses afraid of the legal risks.”
  • Security Week tells us,
    • “The US Department of Defense’s long-anticipated Cybersecurity Maturity Model Certification (CMMC) program officially entered its enforcement phase on November 10, 2025.
    • “Introduced as an amendment to the Defense Federal Acquisition Regulation Supplement (DFARS), the CMMC program requires defense contractors and subcontractors to implement specific cybersecurity measures to protect sensitive information. 
    • “The Department of Defense, also referred to as the Department of War, can now mandate CMMC compliance as a condition for new defense industrial base (DIB) contracts.
    • “The goal is to ensure that contractors and subcontractors can protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). FCI is information not intended for public release that is provided to or generated by a contractor. CUI is sensitive government information that is not classified but still requires protection from unauthorized disclosures.
    • “For the past eight years, contractors have been allowed to self-attest to cybersecurity compliance, but now some organizations will also need to undergo a formal assessment by a certified third-party assessor organization (C3PAO).”
  • [On November 14, 2025,] [t]he HHS Office of Inspector General issued a report to the National Institutes of Health about necessary steps to improve the cybersecurity of the All of Us Research Program to protect participant data.
  • Bleeping Computer informs us,
    • “The U.S. Department of Justice announced [on November 14, 2025] that five individuals pleaded guilty to aiding North Korea’s illicit revenue generation schemes, including remote IT worker fraud and cryptocurrency theft.
    • “As part of this, the U.S. authorities announced actions seeking the forfeiture of $15 million in cryptocurrency from heists carried out by the APT38 threat group, which is linked to the Lazarus hacking group.
    • “The facilitators, four Americans and one Ukrainian, used their own, false, or stolen (from 18 U.S. persons) identities to make it possible for DPRK agents to be hired by American firms for remote work.
    • “The latter then funneled their salaries, as well as, in some cases, stolen data, to the North Korean government.
    • “According to the DOJ’s announcement, the actions of the five individuals affected 136 companies nationwide and generated over $2.2 million in revenue for the DPRK regime.”
  • Cybersecurity Dive points out,
    • “The U.S. and eight other Western governments have jointly dismantled the computer infrastructure behind multiple popular cybercrime tools.
    • “In a three-day operation [announced on November 14, 2025], law enforcement authorities took down more than 1,000 servers and 20 domains associated with the Rhadamanthys infostealer, the VenomRAT remote access Trojan and the Elysium botnet. Greek police arrested VenomRAT’s suspected operator.
    • “The dismantled malware infrastructure consisted of hundreds of thousands of infected computers containing several million stolen credentials,” Europol, which coordinated the operation from its headquarters in The Hague, said in a statement. “The main suspect behind the [Rhadamanthys] infostealer had access to over 100,000 crypto wallets belonging to these victims, potentially worth millions of euros.”
    • “Australia, Canada, Denmark, France, Germany, Greece, Lithuania, the Netherlands and the U.S. participated in the takedowns, which were the latest phase of Operation Endgame, an ongoing multinational effort to cripple cybercrime gangs. Cybersecurity firms, telecom companies and independent research organizations, including CrowdStrike, Lumen and Shadowserver, provided support for the operation.
    • The law enforcement disruptions targeted infrastructure that Europol said “played a key role in international cybercrime.”

From the cybersecurity breaches and vulnerabilities front,

  • The Wall Street Journal reports,
    • “China’s state-sponsored hackers used artificial-intelligence technology from Anthropic to automate break-ins of major corporations and foreign governments during a September hacking campaign, the company said Thursday [November 13, 2025].
    • “The effort focused on dozens of targets and involved a level of automation that Anthropic’s cybersecurity investigators had not previously seen, according to Jacob Klein, the company’s head of threat intelligence.
    • “Hackers have been using AI for years now to conduct individual tasks such as crafting phishing emails or scanning the internet for vulnerable systems, but in this instance 80% to 90% of the attack was automated, with humans only intervening in a handful of decision points, Klein said.
    • “The hackers conducted their attacks “literally with the click of a button, and then with minimal human interaction,” Klein said. Anthropic disrupted the campaigns and blocked the hackers’ accounts, but not before as many as four intrusions were successful. In one case, the hackers directed Anthropic’s Claude AI tools to query internal databases and extract data independently.
    • “The human was only involved in a few critical chokepoints, saying, ‘Yes, continue,’ ‘Don’t continue,’ ‘Thank you for this information,’ ‘Oh, that doesn’t look right, Claude, are you sure?’ ”
    • “Stitching together hacking tasks into nearly autonomous attacks is a new step in a growing trend of automation that is giving hackers additional scale and speed.” 
  • Cybersecurity Dive adds,
    • “More than 80% of workers, including nearly 90% of security professionals, use unapproved AI tools in their jobs, according to a new report from the cyber risk monitoring vendor UpGuard.
    • “This unapproved AI use, which can introduce security vulnerabilities, is not just widespread but pervasive, with half of workers saying they use unapproved AI tools regularly and less than 20% saying they use only company-approved AI tools.
    • ‘Security leaders were more likely than the average employee to report using unapproved tools and far more likely to say they did so regularly, according to the report.”
  • Cybersecurity Dive adds,
    • “An advanced persistent threat actor has been targeting zero-day vulnerabilities in Cisco Identity Service Engine as well as Citrix, according to a blog post published Wednesday [November 12, 2025] by security researchers at Amazon.”
  • Per Tech Radar,
    • “Digital privacy is a growing concern these days, with millions turning to virtual private networks to shield their online activity.
    • “However, in a stark new warning, Google has confirmed that cybercriminals are exploiting this need for security by distributing malicious applications disguised as legitimate VPN services. This creates a dangerous situation where a tool meant to be a shield is, in fact, a weapon used to steal sensitive user data.
    • “The alert was issued as part of Google’s November 2025 fraud and scams advisory, which details the latest trends in online threats. Alongside warnings about AI-driven job scams and holiday-themed phishing schemes, the advisory specifically calls out the danger of fraudulent VPN apps and browser extensions.”
  • An ISACA commentator explains why more cyber tools can make you less secure.
    • “On his deathbed, the actor Edmund Kean famously said, “Dying is easy. Comedy is hard.”  Here’s my version for cybersecurity professionals: Buying is easy. Operating is hard.
    • “It all comes down to the unglamorous, disciplined work of process, by which I mean configuration, testing, documentation and ownership. That’s what creates resilience. No, that work doesn’t photograph well, and it doesn’t come with a vendor logo. But it’s the difference between a security program and a shopping list.
    • “Buying a tool gives you the illusion of safety. Running it well gives you the reality. My advice? Choose reality. Everything else is marketing.”

From the ransomware front,

  • Cyberscoop reports,
    • “Federal cyber authorities shared new details Thursday about the Akira ransomware group’s techniques, the tools it uses and vulnerabilities it exploits for initial access alongside the release of a joint cybersecurity advisory.
    • “Members of the financially motivated group, which initially appeared in March 2023, are associated with other threat groups, including Storm-1567, Howling Scorpius, Punk Spider, Gold Sahara, and may have connections with the disbanded Conti ransomware group, officials said. Akira uses a double-extortion model, encrypting systems after stealing data to amplify pressure on victims.
    • “Akira ransomware has claimed more than $244 million in ransomware proceeds as of late September, the FBI and Cybersecurity and Infrastructure Security agency said in the joint advisory. The group primarily targets small- and medium-sized businesses with many victims impacted in the manufacturing, education, IT, health care, financial and agriculture sectors.
    • “For the FBI, it is within the top five variants that we investigate,” Brett Leatherman, assistant director at the FBI Cyber Division, said during a media briefing Thursday. “It’s consequential. This group is very consequential that they fall likely within our top five.” * * *
    • “The joint advisory, which updates previous guidance around hunting for and defending against Akira, was not in response to any specific attack, said Nick Andersen, executive assistant director for cybersecurity at CISA.” 
  • and
    • “The Washington Post said it, too, was impacted by the data theft and extortion campaign targeting Oracle E-Business Suite customers, compromising human resources data on nearly 10,000 current and former employees and contractors.
    • “The company was first alerted to the attack and launched an investigation when a “bad actor” contacted the media company Sept. 29 claiming they gained access to the company’s Oracle applications, according to a data breach notification it filed in Maine Wednesday. The Washington Post later determined the attacker had access to its Oracle environment from July 10 to Aug. 22. 
    • “The newspaper is among dozens of Oracle customers targeted by the Clop ransomware group, which exploited a zero-day vulnerability affecting Oracle E-Business Suite to steal heaps of data. Other confirmed victims include Envoy Air and GlobalLogic.”
  • Bleeping Computer adds,
    • “Hardware accessory giant Logitech has confirmed it suffered a data breach in a cyberattack claimed by the Clop extortion gang, which conducted Oracle E-Business Suite data theft attacks in July.
    • “Logitech International S.A. is a Swiss multinational electronics company that sells hardware and software solutions, including computer peripherals, gaming, video collaboration, music, and smart home products.
    • “Today [November 14, 2025], Logitech filed a Form 8-K with the U.S. Securities and Exchange Commission, confirming that data was stolen in a breach.”
  • The Hacker News relates
    • 85 active ransomware and extortion groups observed in Q3 2025, reflecting the most decentralized ransomware ecosystem to date.
    • 1,590 victims disclosed across 85 leak sites, showing high, sustained activity despite law-enforcement pressure.
    • 14 new ransomware brands launched this quarter, proving how quickly affiliates reconstitute after takedowns.
    • LockBit’s reappearance with version 5.0 signals potential re-centralization after months of fragmentation.
  • Security Boulevard offers zero trust insights from the Ingram Micro ransomware attack.
    • “The Ingram Micro ransomware attack serves as a potent reminder that credential theft and internal propagation can cripple even the most robust enterprises. When attackers move freely within a trusted environment, it’s not just the perimeter that’s at risk. It’s every file, every system, and every partner connected to the network. The lesson is clear: true prevention requires more than detection or containment. It demands a mindset where every file, from every source, is verified safe before it’s allowed to move between channels, endpoints, and users.”

From the cybersecurity defenses front,

  • Healthcare Dive offers tips to improve healthcare system cybersecurity.
    • “Healthcare organizations should invest in post-attack recovery and carefully evaluate risks from vendors, according to industry experts who spoke at a Healthcare Dive virtual event.”
  • Cyberscoop reports,
    • “The phishing kit Lighthouse, which has aided text scams like those soliciting victims to pay unpaid road tolls, appears to have been hampered shortly after Google filed a lawsuit aimed at its creators.
    • “Google said on Thursday [November 13, 2025] that Lighthouse had been shut down. Two other organizations that have tracked the suspected Chinese operators of Lighthouse said they saw signs it had at least been disrupted.
    • “This shut down of Lighthouse’s operations is a win for everyone,” said Halimah DeLaine Prado, general counsel at Google. “We will continue to hold malicious scammers accountable and protect consumers.”
    • “Google filed its lawsuit in the U.S. District Court for the Southern District of New York. They allege that 25 unnamed individuals behind Lighthouse have violated racketeering, trademark and anti-hacking laws with their prolific SMS phishing, or “smishing,” platform.”
  • Bleeping Computer lets us know,
    • “Fortinet has confirmed that it has silently patched a critical zero-day vulnerability in its FortiWeb web application firewall, which is now “massively exploited in the wild.”
    • “The flaw was silently patched after reports that unauthenticated attackers were exploiting an unknown FortiWeb path traversal flaw in early October to create new administrative users on Internet-exposed devices.
    • “The attacks were first identified by threat intel firm Defused on October 6, which published a proof-of-concept exploit and reported that an “unknown Fortinet exploit (possibly a CVE-2022-40684 variant)” is being used to send HTTP POST requests to the /api/v2.0/cmdb/system/admin%3f/../../../../../cgi-bin/fwbcgi Fortinet endpoint to create local admin-level accounts.”
  • Cybersecurity Dive informs us,
    • “Businesses face a range of problems with their threat intelligence platforms, including difficulty assessing the accuracy of alerts and problems integrating the platforms with their existing tools, according to a report that Recorded Future published on Wednesday.
    • “The report, which assessed the state of threat intelligence in enterprises, found that 83% of companies have dedicated threat intelligence teams, a slight uptick from last year.
    • “Roughly half of companies (48%) pay for more than one threat intelligence service, while 41% pay for only one.”
  • Dark Reading relates,
    • “New survey data indicates that organizations are pushing hard for passwordless authentication.
    • “A significant chunk of online account passwords in 2025 remain basic and easy to crack — a fact that will surprise few. But last month, Dark Reading asked readers how their organizations are handling password security these days. The results were, perhaps surprisingly, optimistic.
    • “As we enter the second quarter of the 21st century, rather than applying new Band-Aids to the problem, organizations finally appear to be moving toward a future with few to no passwords at all.”
  • Dark Reading offers insights into Apple / Mac security tools.
  • Here’s a link to Dark Reading’s CISO Corner.

Midweek update

David ErmerCDC, Congress, FDA, Federal employment benefits, Generative AI, HIPAA Privacy and Security Rules, Medical / Rx research, Mental health care, OPM, U.S. Healthcare, Uncategorized

From Washington, DC,

  • The government shutdown is over. Per the Wall Street Journal,
    • “The GOP-led House passed a spending package reopening the government and President Trump signed it into law late Wednesday, drawing to a close a record-long 43-day shutdown driven by Democrats’ demands to extend expiring healthcare subsides.
    • “The House approved the measure 222 to 209, largely along party lines, two days after the bill cleared the Senate.”
  • The Washington Post reports,
    • “Federal paychecks will begin going out Saturday, a senior administration official said, speaking on the condition of anonymity to discuss personnel matters.
    • “The deal will fund the government through Jan. 30, pass three appropriations bills, reverse more than 4,000 federal layoffs the Trump administration attempted to implement earlier in the shutdown and prevent future layoffs through the end of January. It will appropriate funding for the Supplemental Nutrition Assistance Program, also known as SNAP or food stamps, through September 2026.”
  • The Wall Street Journal discusses the secret meeting that led to this outcome.
    • “A group of centrist Democrats and an independent senator initiated talks with Senate Republicans to end the government shutdown, negotiating without Senate Minority Leader Chuck Schumer.
    • “The negotiations led to an agreement to reopen the government, but it divided Democrats as it didn’t guarantee the extension of expiring Obamacare health-insurance subsidies.
    • “Eight Democrats ultimately supported the deal, providing the critical votes needed to advance the measure to reopen the government with a 60-40 vote.”
  • Beckers Health IT tells us,
    • “Sen. Bill Cassidy, R-La., is pushing to tighten protections for health information gathered by wearable devices and mobile health apps, citing growing privacy concerns as the technology becomes more common, Politico reported Nov. 11.”
  • Per a Senate news release,
    • “On Wednesday, November 19, [at 10 am ET] the Senate Health, Education, Labor, and Pensions (HELP) Committee will hold a hearing on the U.S. Organ Procurement and Transplantation Network (OPTN) and improving access to lifesaving organs.” * * *
    • “Click here to watch live.”
  • Per the Federal Register, the CDC’s Advisory Committee on Immunization Practices will meet on December 4 and 5, 2025.
    • “The agenda will include discussions on vaccine safety, the childhood and adolescent immunization schedule, and hepatitis B vaccines. The agenda will include updates on ACIP workgroups. Recommendation votes may be scheduled for hepatitis B vaccines. Vaccines for Children (VFC) votes may be scheduled for hepatitis B vaccines. Agenda items are subject to change as priorities dictate. For more information on the meeting agenda, visit https://www.cdc.gov/acip/index.html.” * * *
    • “The docket will be opened to receive written comments November 13 – 24, 2025. Written comments must be received no later than November 24, 2025.”
  • Neil Cain, writing in Govexec, discusses the Medicare Part B late enrollment penalty for folks enrolled in the FEHB program.

From the Food and Drug Administration front,

  • BioPharma Dive reports,
    • “The Food and Drug Administration is unveiling a new blueprint for the regulation of bespoke drug therapies, announcing on Wednesday a way for these treatments to quickly get to market if they meet certain standards.
    • “Called the “plausible mechanism” pathway, the new framework is designed to help accelerate treatments for serious conditions that are so rare they may only affect individuals or handfuls of people and can’t feasibly be tested in randomized clinical trials. It was announced through an article authored by FDA Commissioner Martin Makary and top deputy Vinay Prasad and published Wednesday in the New England Journal of Medicine.
    • “Critics may contend that there is no need for an alternative pathway and that existing FDA operations are able to address bespoke, transformative therapies,” they wrote. “Unfortunately, the FDA has heard from patients, parents, researchers, clinicians, and developers that current regulations are onerous and unnecessarily demanding, provide unclear patient protection, and stifle innovation. We share this view.”

From the public health and medical / Rx research front,

  • The University of Minnesota’s CIDRAP relates,
    • “Arizona and Utah reported an increase in measles case counts today, as did South Carolina, according to state dashboards. 
    • “The outbreak that straddles the Utah-Arizona border has now grown to 182 cases, and is the second largest measles outbreak this year following the West Texas outbreak, which sickened at least 762 people, with three deaths.” * * *
    • “The Upstate outbreak in South Carolina also grew, with eight more cases reported by the South Carolina Department of Public Health today. The state total is now 46.
    • “Six of the eight new patients are household members of previously identified patients. All new patients are in quarantine. 
    • “Two cases, however, occurred within the same household, but the source of infection is unknown.”
  • and
    • “A test-negative, case-control study across 14 hospitals in England finds that the respiratory syncytial virus (RSV) pre-F (Abrysvo) vaccine helps protect against related hospital admissions in older adults. 
    • “For the study, published in The Lancet Infectious Diseases, UK researchers identified 1,006 adults aged 75 to 79 hospitalized with acute respiratory illness (ARI) from October 2024 to March 2025. The participants were predominantly White, with a mean age of 80 years and had a high rate of chronic conditions such as heart and respiratory disease and immunosuppression. 
    • “The researchers noted that while the RSV vaccine has been shown to protect against all-cause RSV-associated hospital admissions, there’s limited data on the vaccine’s effectiveness against different RSV-associated illnesses and complications such as exacerbation of chronic illness.”
  • Per a November 11, 2025, City of Philadelphia news release,
    • “The Philadelphia Department of Public Health is notifying travelers and others who were at the Philadelphia International Airport Terminals A and B on Sunday, November 9, 2025, between 8:50 am and 4:00 pm of a possible measles exposure. The individual with measles was traveling through the airport. The Health Department is encouraging people who were exposed to check their vaccination status and watch for symptoms.”
  • Biopharma Dive reports,
    • “An antimalarial drug developed by Novartis could become the first novel treatment for the parasitic infection in more than two decades, following study results that showed it helped cure most people treated with it in a Phase 3 trial.  
    • “According to Novartis, the therapy, known in short as GanLum, was “non-inferior” to standard treatment in a trial evaluating it in 1,688 adults and children. By one analysis, the drug helped clear symptoms and signs of initial infection in 97% of recipients after 28 days, versus 94% among those receiving standard drugs. By another, that cure rate was as high as 99%. Novartis added that treatment appeared effective against drug-resistant parasites and was able to block disease transmission.
    • “The results cleared the World Health Organization’s 95% target and positions Novartis to seek approvals of GanLum “as soon as possible,” the company said in a statement Wednesday. If so, it would help combat growing resistance to a class of medicines, called “artemisinins,” that have been the gold standard for treating malaria since 1999.” 
  • The New York Times informs us,
    • “In a modern glass complex in Geneva last month, hundreds of scientists from around the world gathered to share data, review cases — and revel in some astonishing progress.
    • “Their work was once considered the stuff of science fiction: so-called xenotransplantation, the use of animal organs to replace failing kidneys, hearts and livers in humans.
    • “But as the scientists traded notes, it became ever more clear that it wasn’t fiction anymore. They were nearing breakthroughs that might help alleviate the shortage of donor organs plaguing every nation.
    • “Transplants with organs from genetically modified pigs, designed not to trigger rejection by the human body, have begun to show great promise. “The future is here,” said Dr. Muhammad M. Mohiuddin, the outgoing president of the International Xenotransplantation Association, which hosted the conference.”
  • Per Beckers Oncology,
    • “GLP-1 medication use was associated with lower mortality among colon cancer patients, according to a study published Nov. 11 in Cancer Investigation
    • “Researchers from the University of California San Diego used real-world clinical data from the University of California Health Data Warehouse to assess any association between GLP-1s and five-year mortality in 6,871 colon cancer patients.”
  • Per a JAMA Cardiology report,
    • “In this cross-sectional study among a nationally representative sample, chronic kidney disease (CKD) affected 1 in 7 US adults, yet fewer than 15% of adults with CKD were aware of their diagnosis. Although overall awareness increased modestly from 2011 to 2020, younger adults, women, and Hispanic adults experienced lowest awareness rates without improvement. These findings highlight a significant gap in CKD recognition and underscore the need for targeted strategies to improve awareness in the population.”
  • The Los Angeles Times reports,
    • “Food always powered Anahi Araiza through study sessions and cultural gatherings. But after putting on some weight in her college years, she decided to get serious about weight loss, often restricting her food consumption overall — and that’s when everything shifted.
    • “One day, I overate whatever calories or macros I established for myself,” says Araiza in a phone call. “Then it turned into a spiral where every single day I was unable to do anything but think about food.”
    • “After a while, she developed binge eating disorder (BED), which is defined as repeated episodes of binge eating, or eating large amounts of food quickly.””
    • “BED is the most common eating disorder in the United States, yet it is chronically underdiagnosed among Latino communities.”
  • Neurology Advisor lets us know that “Early Administration of Remote Electrical Neuromodulation Enhances Migraine Relief.”
  • Per Radiology Business,
    • “New research is raising questions pertaining to the effectiveness of a newer Alzheimer’s treatment that has been proven to reduce cognitive symptoms related to the disease. 
    • “Lecanemab, sold under the brand name Leqembi, was approved by the U.S. Food and Drug Administration in January 2023. The monoclonal antibody treatment treats early Alzheimer’s disease (AD) by essentially scrubbing the brain of amyloid-β (Aβ) plaques.   
    • “The drug’s approval was roundly celebrated at the time, as clinical trials suggested it could reduce Alzheimer’s-related cognitive decline by up to 27%. Post-approval data has been positive as well, but new research out of Osaka Metropolitan University in Japan is prompting new questions on the mechanisms that underlie the drug’s therapeutic effects. 
    • “Published in the Journal of Magnetic Resonance Imaging, the findings suggest lecanemab does not change the waste clearance function in the brains of AD patients in the short term. This could indicate that the medication does little to treat the nerve damage AD has inflicted on the glymphatic system, which clears waste from the brain, prior to starting the treatment.” “
  • Per Medscape,
    • “Statin therapy remains a cornerstone for primary and secondary prevention of major adverse cardiac events (MACEs) but prescribing based on patient phenotype identified through imaging may boost its effectiveness, according to a new study.
    • “While population-level primary-prevention trials have established the efficacy of statins, it remains unclear whether their benefit depends on the extent of underlying atherosclerotic disease. Our work addresses this evidence gap by assessing whether the treatment effect varies with disease characteristics,” lead investigator Bálint Szilveszter, MD, PhD, a researcher at the Semmelweis University Heart and Vascular Centre in Budapest, Hungary, wrote in an email to Medscape Medical News.
    • “Clarifying this relationship could enable more personalized and also intensified therapy,” Szilveszter added.”

From the U.S. healthcare business front,

  • Fierce Healthcare reports,
    • “Key provider performance metrics appear steady in aggregate but are showing stark differences between hospitals and practices at the top and bottom of their class, according to a pair of new reports from Kaufman Hall.
    • “For hospitals, the firm’s operating margin index was 2.9% across nine months of 2025 (including health system allocations for the cost of shared services), a slight uptick from the 2.5% reflected through eight months. Splitting the report’s 1,300 nationwide hospitals into quartiles, however, showed a 14.7% year-to-date operating margin index among the top 25% of hospitals and a -1.8% year-to-date operating margin for the bottom quartile of hospitals.
    • “The gap between strong performers versus struggling hospitals continues to widen,” said Erik Swanson, managing director and data and analytics group leader with Kaufman Hall, said of the trend in a release.
    • “Broadly speaking, the overall margin improvement from August to September stemmed from greater volumes and per-adjusted-admission revenue gains and was partially mitigated by higher supply and drug costs, according to the firm’s monthly report. On a month-over-month basis, daily net operating revenue rose 4%, daily total expense rose 3% and daily adjusted discharges increased 2%.”
    • “As for practices, Kaufman Hall’s quarterly check-in highlighted, for the first time since the COVID-19 pandemic, a sequential decline in the median investment/subsidy per provider in medical groups. That metric—net patient service revenue minus total expense, then divided by provider full-time equivalents—was $237,911 in Q3, a 1% year-over-year increase but a minor dip from Q2’s $239,338.
    • “Similar to hospitals, however, Kaufman Hall found a disparity within the report’s sample of 200,000 providers. The investment/subsidy per provider at the 25th percentile was $141,371, but $325,634 at the 75th percentile.”
  • and
    • “The country’s largest for-profit hospital chain isn’t sitting on its hands when it comes to artificial intelligence.
    • “Speaking Wednesday morning at the 2025 UBS Global Healthcare Conference, HCA Healthcare Executive Vice President and Chief Financial Officer Michael Marks offered an update on key clinical, operational and administrative deployments of AI tools across the 191-hospital system.
    • “Broadly, I’m pleased with where we are,” Marks said. “We’re in early innings with this effort. We’re trying to be judicious in our allocation of resources and making sure that we’re getting either a clinical or a financial return on these investments as we scale them.”
    • “Clinical use cases are the steepest hill for AI due to the “inherent risks” around patient safety, the executive said, and as such are taking longer to roll out. Still, HCA has multiple projects aimed at improving patient safety and quality outcomes, among which is a partnership with Google to tighten the roughly 400,000 weekly shift handoffs between the system’s nurses.”
  • MedCity News considers “What Are the Biggest Mistakes Employers Make When Introducing Digital Mental Health Solutions? At the Behavioral Health Tech conference, panelists said employers often rush to adopt digital mental health tools without tailoring them to employee needs or effectively promoting their use.”
  • HR Dive informs us,
    • “Employers significantly misjudge how well their benefit offerings are meeting employee demands: While 75% believe their workforce is satisfied with what they offer, only 65% of employees agree, according to Aflac’s 2025-2026 benefits trend report.
    • “One noticeable misunderstanding involves communication, spring surveys of 1,002 employers and 2,000 employees across the U.S. found. Nearly 2 in 5 (37%) of employees said they want to talk to a real person to help with benefits enrollment, but only 28% of employers offer this option. Similarly, 32% of employees said they want one-on-one access to a benefit consultant, but only 28% of employers provide it.
    • “Employers are also out-of-touch with employee concerns about medical bills: 78% believe employees can handle this financial burden, but 44% of workers say they couldn’t cover $1,000 in unexpected health expenses. Almost 1 in 5 (19%) said they wouldn’t be able to afford $500 in healthcare costs.”

Cybersecurity Dive

David ErmerCybersecurity, Generative AI, Uncategorized

From the cybersecurity policy and law enforcement front,

  • Cyberscoop reports,
    • “Congressional leaders are pressing federal agencies to provide more information on their plans to compete with China on a range of tech and cybersecurity issues, including a strategy for promoting American 6G telecommunications infrastructure and limiting Chinese tech in US supply chains.
    • “Representative Raja Krishnamoorthi, D-Ill., ranking member on the House Select Committee on the Chinese Communist Party, wrote to Secretary of State Marco Rubio last week asking for an update on the department’s work building international coalitions around 6G.
    • “In the letter, dated Oct. 30 and shared exclusively with CyberScoop, he called for the department to share details on how it is fighting to shape international norms, global technical standards and supply chains in favor of U.S. and non-Chinese companies and technologies, saying “diplomacy can, and must, play a key role in this strategy.”
    • “While it remains essential that we continue to address the threats posed by the Chinese Communist Party’s efforts to dominate 5G, we must also look forward to how we can outcompete the CCP in the next frontier of wireless competition,” he wrote.”
  • HIPAA Journal tells us,
    • “Two U.S. nationals have recently been indicted for using BlackCat ransomware to attack targets in the United States. A third individual is suspected of involvement but was not included in the indictment. All three individuals worked at cybersecurity companies and conducted the attacks while they were employed there.
    • “Ryan Clifford Goldberg was employed by the cybersecurity firm Sygnia as an incident response professional, and Kevin Tyler Martin and an unnamed co-conspirator were both employed by the Chicago-based cyber threat intelligence and incident response firm DigitalMint as ransomware threat negotiators.
    • “The two indicted individuals are alleged to have engaged in a conspiracy to enrich themselves by breaching company networks, stealing their data, using ransomware to encrypt files, and extorting the companies to obtain cryptocurrency payments. A medical device company was attacked on or around May 13, 2023, resulting in a $10 million ransom demand.  The medical device company negotiated and paid a $1,274,000 ransom payment.
    • “A pharmaceutical company was also attacked in May 2023, but the ransom demand was not disclosed. Then came a July 2023 attack on a doctor’s office in California, which included a $5,000,000 ransom demand. In October 2023, an engineering company was attacked and told to pay $1 million, then in November 2023, a drone manufacturer in Virginia was attacked, and the defendants allegedly demanded a $300,000 ransom payment. Only the medical device company paid the ransom.”
  • Cyberscoop adds,
    • “A 25-year-old Russian national pleaded guilty to multiple charges stemming from their participation in ransomware attacks and faces a maximum penalty up to 53 years in prison.
    • “Aleksei Olegovich Volkov, also known as “chubaka.kor,” served as the initial access broker for the Yanluowang ransomware group while living in Russia from July 2021 through November 2022, according to court records. Prosecutors accuse Volkov and unnamed co-conspirators of attacking seven U.S. businesses during that period, including two that paid a combined $1.5 million in ransoms. 
    • “The victims, which included an engineering firm and a bank, said executives received harassing phone calls and their networks were hit with distributed denial of service attacks after their data was stolen and encrypted by Yanluowang ransomware operators.”

From the cybersecurity breaches and vulnerabilities front,

  • Cyberscoop reports,
    • “A federal agency that supplies budget and economic information to Congress has suffered a cybersecurity incident, reportedly at the hands of a suspected foreign party.
    • “A spokesperson for the Congressional Budget Office (CBO) acknowledged the incident Thursday [November 6] after The Washington Post reported that the office was hacked, with the attackers potentially accessing communications between lawmakers and researchers at the agency.
    • “The Congressional Budget Office has identified the security incident, has taken immediate action to contain it, and has implemented additional monitoring and new security controls to further protect the agency’s systems going forward,” said the CBO spokesperson, Caitlin Emma.” 
  • and
    • “SonicWall said a state-sponsored threat actor was behind the brute-force attack that exposed firewall configuration files of every customer that used the company’s cloud backup service. 
    • The vendor pinned the responsibility for the attack on an undisclosed nation state Tuesday, after Mandiant concluded its investigation into the incident.
    • “SonicWall did not attribute the attack to a specific country or threat group and Mandiant declined to provide additional information. The vendor’s update, which lacked a root-cause analysis, was mostly an effort to put the attack behind it as leadership made pledges to improve SonicWall’s security practices.”
  • The Cybersecurity and Infrastructure Security Agency added two known exploited vulnerabilities to its catalog this week.
    • November 4, 2025
      • CVE-2025-11371 Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability
      • CVE-2025-48703 CWP Control Web Panel OS Command Injection Vulnerability 
        • The Hacker News discusses these KVEs here.
  • Cybersecurity Dive informs us,
    • “Critical flaws in Microsoft Teams can be used to allow an attacker to manipulate messages, spoof notifications and even impersonate executives, according to a report released Tuesday by Check Point Research. 
    • ‘Researchers found four vulnerabilities that allow attackers, including external hackers and malicious insiders, to manipulate Teams messages, conduct business email compromise or forge identities in video calls or phone messages. 
    • “Researchers found that attackers could conduct four specific types of attacks:
      • “Attackers could edit Teams messages without leaving the “edited” label behind in the message.
      • “Message notifications could be manipulated so that they appeared to be from another sender. 
      • “Attackers could change the display name inside private chats.
      • “Caller identities could be altered in video and audio calls.” 
  • and
    • “A critical vulnerability in Cisco IOS XE is being exploited to install an implant called BadCandy in a renewed wave of attacks, according to warnings from Australian government authorities and multiple security researchers. 
    • “State-linked and criminal hackers have been abusing the vulnerability, tracked as CVE-2023-20198, to install BadCandy in targeted systems since 2023, and have periodically renewed those attacks in waves.” * * *
    • “Shadowserver Foundation on Monday warned that threat activity is widespread across the globe, with more than 15,000 devices with backdoor implants remaining visible.”
    • “The vulnerability, tracked as CVE-2023-20198, abuses the web user interface in Cisco IOS XE software and has a severity score of 10. It was previously disclosed as a zero-day in 2023, with more than 42,000 devices exploited.” 
       
  • Security Week lets us know,
    • “ClickFix attacks continue to evolve and the technique appears to be increasingly used against macOS users, with lures becoming ever more convincing. 
    • ClickFix has been widely adopted by both profit-driven cybercriminals and state-sponsored threat groups
    • ‘The social engineering tactic enables attackers to trick victims into inadvertently executing malicious commands, particularly ones that lead to the deployment of malware. 
    • “An attack involves a fake error message being displayed, informing the targeted user that in order to ‘fix’ the issue they need to click on a button and execute a series of operations. 
    • “When the user clicks the ‘fix’ or ‘verify’ button in the prompt, a malicious command is copied in the background to their clipboard. 
    • ‘On Windows, the victim is then instructed to press the Windows+R keys, which opens the Windows Run dialog box, then press Ctrl+V, which pastes the malicious command from the clipboard into the box, and finally press Enter to execute the command. The command typically runs silently in the background (often by leveraging a legitimate Windows utility such as PowerShell), downloading and installing a piece of malware.”
  • Per Cybersecurity Dive,
    • “Energy, healthcare, government and transportation saw the biggest surges in cyberattacks targeting Android devices between June 2024 and May 2025, the security firm Zscaler said in a report published on Wednesday.
    • “Agriculture, IT and education saw some of the biggest drops in attacks on Android devices, according to the report.
    • “Manufacturing, which also saw a significant increase in 2025, accounted for 26% of all cyberattacks on Android devices that Zscaler tracked.”
  • and
    • “Identity-related risks are the biggest danger facing enterprises’ cloud environments, according to a report that ReliaQuest published on Tuesday.
    • “Forty-four percent of valid alerts from cloud security tools “were rooted in identity-related weaknesses,” ReliaQuest said, while 33% of all alerts related to identity.
    • “Hackers prefer identity-based attacks because they rely on credentials available for cheap on the dark web, they can evade many detection tools and there are so many identities ripe for impersonation, according to the report.”
  • and
    • “Cyber threat actors have recently begun using AI to develop malware, in a dramatic evolution of the technology’s role in the hacking ecosystem, Google said on Wednesday.
    • “New strains of malware use AI to grow and change in real time during the attack phase, potentially making detection and defense much more difficult, Google’s threat intelligence researchers said in a report.
    • “The recent trend represents the latest phase in an AI arms race between attackers and defenders.”
  • Help Net Security adds,
    • Security leaders are staring down a year of major change. In its Cybersecurity Forecast 2026, Google paints a picture of a threat landscape transformed by AI, supercharged cybercrime, and increasingly aggressive nation-state operations. Attackers are moving faster, scaling their operations with automation.
    • “By 2026, AI will be a normal part of everyday attack and defense activity. Adversaries are already using it to automate phishing, clone voices, and shape disinformation.
    • “One of the fastest-growing threats is prompt injection, which manipulates AI systems to ignore safeguards and carry out hidden commands. As more companies deploy LLMs inside business processes, these attacks are becoming easier to launch and harder to detect.” * * *
    • “The report notes a growing reliance on AI agents, systems that act on their own to complete tasks. These agents will need distinct digital identities and strict access controls. Security programs built for human users will not be enough. Identity management will have to account for AI-driven decision making and temporary task-based privileges.
    • “AI is also reshaping security operations. Analysts will soon direct AI tools rather than manually sort through alerts. Instead of reviewing logs, they will examine case summaries and confirm automated containment steps. This shift enables faster response but also brings new oversight challenges.”

From the ransomware front,

  • Cybersecurity Dive reports,
    • “An August ransomware attack against the state of Nevada has been traced to a May intrusion, when a state employee mistakenly downloaded a malware-laced tool from a spoofed website, according to a forensic report the state released Wednesday.
    • “State officials refused to submit to a ransom demand and recovered 90% of the impacted data after a 28-day recovery period. The state had insurance coverage and pre-negotiated vendor agreements, which factored into the decision not to pay a ransom. 
    • “The threat actor deployed an attack aimed at taking state systems offline and left behind a note with instructions on how to recover the encrypted systems and data, in an attempt to extort the state,” Timothy Galluzzi, chief information officer and executive director of the Governor’s Technology Office, said in the report.” * * *
    • “The threat actor, whom the report did not identify, gained access to more than 26,400 files. Another 3,200 files were left exposed across multiple systems. The state incurred about $1.3 million in expenses related to recovery costs, as they engaged several major companies to help investigate and restore agency services, including Mandiant, Dell, Microsoft DART, Palo Alto Networks, Aeris and other firms.” 
  • TechCrunch informs us,
    • “The Washington Post has said that it was one of the victims of a hacking campaign tied to Oracle’s suite of corporate software apps.  
    • “Reuters first reported the news on Friday [November 7], citing a statement from the newspaper that said it was affected “by the breach of the Oracle E-Business Suite platform.” 
    • “A spokesperson for the Post did not immediately respond to TechCrunch’s request for comment.” * * *
    • “On Thursday [November 6], Clop claimed on its website that it had hacked The Washington Post, claiming that the company “ignored their security,” language that the Clop gang typically uses when the victim does not pay the hackers. 
    • “It’s not uncommon for ransomware or extortion gangs like Clop to publicize the names and stolen files of their victims as a pressure tactic, which can suggest that the victim has not negotiated a payment with the gang, or the negotiation broke down. 
    • ‘Several other organizations have confirmed they are affected by the Oracle E-Business hacks, including Harvard University and American Airlines subsidiary Envoy.”
  • The Hackers News tells us,
    • “Cybersecurity researchers have flagged a malicious Visual Studio Code (VS Code) extension with basic ransomware capabilities that appears to be created with the help of artificial intelligence – in other words, vibe-coded.
    • Secure Annex researcher John Tuckner, who flagged the extension “susvsex,” said it does not attempt to hide its malicious functionality. The extension was uploaded on November 5, 2025, by a user named “suspublisher18” along with the description “Just testing” and the email address “donotsupport@example[.]com.”
    • “Automatically zips, uploads, and encrypts files from C:\Users\Public\testing (Windows) or /tmp/testing (macOS) on first launch,” reads the description of the extension. As of November 6, Microsoft has stepped in to remove it from the official VS Code Extension Marketplace.
  • Tech Radar points out,
    • “[Ransomware gang] Rhysida spoofed Microsoft Teams ads on Bing to deliver malware via fake download pages
    • “Victims received OysterLoader and Latrodectus, which deploy ransomware, backdoors, and infostealers
    • “Group operates on RaaS model; past targets include airports, libraries, and U.S. school districts.”

From the cybersecurity business and defenses front,

  • Cyberscoop reports,
    • “Cloud security company Zscaler [November 3] announced Monday it has acquired SplxAI, an artificial intelligence security platform, in a move to strengthen its ability to protect enterprise AI assets.
    • “Terms were not disclosed. 
    • “Zscaler said the purchase is aimed at enhancing its zero-trust security offerings by integrating Splx’s technology for AI asset discovery, automated red-teaming, and governance. The company said these features will help secure AI applications and services during development and after deployment.
    • “AI is creating enormous value, but its full potential can only be realized when it can be secured,” Zscaler CEO Jay Chaudhry said in a statement.”
  • Security Week adds,
    • “Google and Wiz said the antitrust review initiated by the United States Department of Justice into their planned $32 billion acquisition has been cleared.
    • “The companies announced reaching an agreement on the terms of an acquisition in March 2025. 
    • “News of a Justice Department antitrust review into Google’s planned acquisition of the cloud security giant came to light in mid-June. The goal of the probe was to determine whether the deal would harm competition in the cybersecurity market.
    • “During the recent WSJ Tech Live California event, Wiz CEO Assaf Rappaport confirmed that his company had cleared the regulatory hurdle, noting they are “still in the journey between signing and closing.”
  • Dark Reading offers a commentary about “Closing the AI Execution Gap in Cybersecurity — A CISO Framework. CISOs must navigate five critical dimensions of AI in cybersecurity: augmenting security with AI, automating security with AI, protecting AI systems, defending against AI-powered threats, and aligning AI strategies with business goals. Neglecting any of these areas is a recipe for disaster.”
  • Here’s a link to Dark Reading’s CISO Corner.

Friday report

David ErmerCongress, FDA, Federal employment benefits, Generative AI, Medical / Rx research, Obesity, OPM, U.S. Healthcare

From Washington, DC,

  • The Wall Street Journal reports,
    • “Senate Minority Leader Chuck Schumer (D., N.Y.) proposed extending expiring healthcare subsidies for one year as part of a measure to reopen the government, in a move aimed at breaking the monthlong logjam.
    • “Under Schumer’s plan, which he has shared with Senate Democrats, lawmakers would then establish a bipartisan commission to devise changes to the Affordable Care Act, which Republicans have demanded as they seek to rein in federal healthcare spending.
    • “After so many failed votes, it’s clear we need to try something different,” Schumer said. After he spoke, Sen. Tammy Baldwin (D., Wis.) and other Democrats who had rejected a Republican-backed bill to fund the government through Nov. 21 said they could support the approach.
    • “But Senate Republicans quickly rejected the idea and said the offer was a sign that Democrats were caving. GOP lawmakers stuck to their position that negotiations on the subsidies could only occur after Democrats vote to end the shutdown. Democrats had originally sought a permanent extension of the subsidies, at a 10-year cost of roughly $350 billion.”
  • The Senate considered S. 3012, Senator Ron Johnson’s (R WI) bill to pay federal employees during this and any future shutdown. The bill failed to reach the 60 votes required for cloture (53 i favor and 43 opposed). The Senate adjourned at 6:45 pm ET and will resume it floor business tomorro at noon ET.
  • Federal News Network interviews NARFE Staff Vice President John Hatton about the Federal Benefits Open Season which begins next Monday. These comments from Mr. Hatton caught the FEHBlog’s eye:
    • “Terry Gerton: I’m speaking with John Hatton. He’s staff vice president of the National Association of Active and Retired Federal Employees. John, let’s come back to the OPM plans. They made some changes to default plans for folks whose coverage is going away. What do people need to know if they’re looking at an automatic enrollment? How is that process going to play out and what if it doesn’t fit their needs?
    • “John Hatton: Yeah, anytime your plan is dropping out, you’re defaulted into a different plan. So you don’t totally lose coverage. You don’t have to make an affirmative choice. That’s a good positive thing. This year, the NALC plan is dropping out of the federal side of the program. They’re still on the postal side. So if you’re a postal employee or retiree, you can still retain it. But that’s a significant number of people. OPM made the choice to not default into the lowest cost nationwide plan without a high deductible and without an association membership fee. That’s what the regulation says. Then it has another sentence that says they reserved the right to designate an alternate plan for automatic enrollments. So this year, the lowest cost nationwide plan would be the GEHA Elevate plan, but instead, they have designated the GEHA High plan. So in the past, you would be automatically enrolled into a low-premium plan. In this case, you’re automatically enrolled into a high-premium plan. So particularly if you had a consumer option in NALC, for example, you’re going to see a huge spike in increases if you just defaulted in and you don’t make an alternative choice. So we really encourage people to choose. I mean, maybe the high premium plan with more coverage is the right choice for you, but you may want to look at some other alternative plan, even with those low deductibles that might be cheaper because there are options, even with really low deductible plans that have lower premiums and kind of the main big dogs in the program. So really critical that you look and choose what’s best for you.”
  • OPM Director Scott Kupor posted the latest entry in his Secrets of OPM blog. The post concerns change to OPM’s process for making automatic interim annuity payments to retiree applicants. The Director concludes
    • “About 75% of retiree applicants are currently receiving automatic interim pay. This is up from 30-40% under our old process, and our goal is for 100% of retiring federal workers to receive that interim payment within 30 days as they wait for their application to be processed. We do that by taking this measured risk. Questioning old habits, comparing downside risk to upside opportunity is a mindset we are developing at OPM. It’s part of how we modernize: not just with new technology, but with new thinking.
    • “We recently published a new FAQ for retirees that explains what we’re doing to improve the retirement process as we prepare for a surge in applications. And as of last month, retirees can now track their retirement via the Retirement Processing Times page on the OPM website. It’s one more way we’re putting transparency and service at the center of everything we do.
    • “Sometimes progress means changing how we think about risk. And if that means moving a little faster to get people what they’ve earned, then that’s a risk worth taking. No more fighting the last battle.”

From the Food and Drug Administration front,

  • Cardiovascular Business reports,
    • “The U.S. Food and Drug Administration (FDA) has announced a new recall for the Tandem Mobi Insulin Pump from California-based Tandem Diabetes Care. 
    • “The battery-operated Tandem Mobi Insulin Pump can provide users with long-acting basal insulin doses or short-acting bolus insulin doses. It delivers insulin from a disposable cartridge, through an infusion set and into the patient’s tissue.
    • “The recall was put in place due to a possible software malfunction that could interfere with the delivery of insulin. According to the FDA, if this failure occurs, it could result in patients developing hyperglycemia.
    • “Unlike many recalls, this is not a product removal. However, the FDA has still determined this is a Class I recall, which means there is a risk of serious injuries or even death if customers do not follow company recommendations. 
    • “This recall covers nearly 18,000 insulin pumps distributed throughout the United States. The devices do not need to be returned, but Tandem Diabetes Care is urging customers to update their pump software immediately. The newest version of the pump software is 7.9.0.2. Customers can use their Tandem Mobi Mobile App to confirm their software version and update it if necessary.”
  • BioPharma Dive lets us know,
    • “A study volunteer who’d received an experimental gene-editing treatment from Intellia Therapeutics in a Phase 3 trial has died, the company said in its Thursday earnings report. Intellia voluntarily paused dosing in that study as well as another late-stage trial in late October, when that patient was hospitalized due to a spike in liver enzyme and bilirubin levels. The Food and Drug Administration formally put the two studies on hold days later. Intellia is now suspending guidance for the program, nexiguran ziclumeran or nex-z, pending alignment with regulators. The incident “clearly” complicates the path forward for nex-z, “heightens the safety overhang” and puts Intellia’s broader transthyretin amyloidosis program “at risk,” wrote Leerink Partners analyst Mani Foroohar. Intellia shares, which have already lost about 40% of their worth in recent weeks, tumbled to less than $10 apiece early Friday.”

From the public health and medical / Rx research front,

  • The Washington Post reports,
    • “Medicare is often seen as a universal safety net, a guarantee for older Americans that after decades of work — and having taxes withheld from their paychecks — the federal government will provide health insurance once they reach 65. But a new study found an increasing number of people are dying before they realize that promise.
    • “Premature deaths among 18-to-64-year-olds rose 27 percent, going from 243 to 309 deaths per 100,000 adults between 2012 and 2022, according to a study published Friday in JAMA Health Forum. Among Black adults, the study found the increase was about 10 percentage points higher compared to White adults.
    • “Medicare is often seen as a universal safety net, a guarantee for older Americans that after decades of work — and having taxes withheld from their paychecks — the federal government will provide health insurance once they reach 65. But a new study found an increasing number of people are dying before they realize that promise.
    • “Premature deaths among 18-to-64-year-olds rose 27 percent, going from 243 to 309 deaths per 100,000 adults between 2012 and 2022, according to a study published Friday in JAMA Health Forum. Among Black adults, the study found the increase was about 10 percentage points higher compared to White adults.”
    • Irene Papanicolas, a professor of health services, policy and practice at Brown University School of Public Health and lead author on the study, said it builds on two others she published earlier this year.
    • “One study found that preventable and treatable deaths — in which people younger than 75 whose deaths were driven by preventable conditions such as heart disease, substance-related deaths and chronic respiratory illness — increased in every U.S. state between 2009 and 2019. Meanwhile, such deaths are declining in 34 other high-income countries and increased in six, the study showed.”
    • “The other report, which was published in April in the New England Journal of Medicine, found that wealth generally confers health and longevity, with the richest Americans having about a 40 percent lower risk of death than the poorest. But those wealthy people in the United States still live shorter lives than Northern and Western Europeans who earn modest incomes or live in poverty, the study found.”
  • The AP relates,
    • “Doctor after doctor misdiagnosed or shrugged off Ruth Wilson’s rashes, swelling, fevers and severe pain for six years. She saved her life by begging for one more test in an emergency room about to send her home, again, without answers.
    • “That last-ditch test found the Massachusetts woman’s kidneys were failing. The culprit? Her immune system had been attacking her own body all that time and nobody caught it.
    • “I just wish there was a better way that patients could get that diagnosis without having to go through all of the pain and all of, like, the dismissiveness and the gaslighting,” she said.
    • “Wilson has lupus, nicknamed the disease of 1,000 faces for its variety of symptoms — and her journey offers a snapshot of the dark side of the immune system. Lupus is one of a rogues’ gallery of autoimmune diseases that affect as many as 50 million Americans and millions more worldwide – hard to treat, on the rise and one of medicine’s biggest mysteries.
    • “Now, building on discoveries from cancer research and the COVID-19 pandemic, scientists are decoding the biology behind these debilitating illnesses. They’re uncovering pathways that lead to different autoimmune diseases and connections between seemingly unrelated ones – in hopes of attacking the causes, not just the symptoms.
    • “While there’s still an enormous amount to learn, recent steps have some specialists daring to wonder if just maybe, ways to cure or prevent at least some of these diseases are getting closer.
    • “In dozens of clinical trials, scientists are harnessing some of patients’ own immune cells to wipe out wayward ones that fuel lupus and a growing list of other diseases. It’s called CAR-T therapy and early results with these “living drugs” are promising. The first lupus patient was treated in Germany in March 2021 and remains in drug-free remission, the researchers said last month.”
  • Per MedPage Today,
    • “Patients with plateaued weight loss or who reached their weight-related goals on a GLP-1 receptor agonist were able to maintain their improvements in weight, body composition, and metabolic improvements after they reduced the frequency of their dose, according to a recent case series. 
    • “Among 30 patients who reduced their dose frequency to anywhere between every 10 days to every 5-6 weeks, 26 of them remained at the weight they had reached before doing so, and some even lost another couple of pounds, Mitch Biermann, MD, PhD, from the Scripps Clinic Department of Internal Medicine and the Scripps Whittier Diabetes Institute in San Diego, reported at the ObesityWeek annual meeting.
    • “Patients also saw no subsequent worsening in blood glucose, lipids, blood pressure, or other metabolic measures, and some continued to improve. 
    • “My main conclusion is that, at least among patients that experience normalized metabolic syndrome parameters doing every week on these medications, if they are that type of successful patient, they’re likely to remain successful even if you reduce the frequency,” Biermann said. “The dose doesn’t have to be the maximum, and the frequency doesn’t even have to be every other week.”
  • The University of Minnesota’s CIDRAP tells us,
    • “The long-acting monoclonal antibody nirsevimab (Beyfortus) protects children younger than 2 years from respiratory syncytial virus (RSV) infection for up to 1 year but may not do so beyond that period, suggests a large real-world study published yesterday in the Journal of Infection.
    • “The researchers, however, cautioned that the small sample size of children who received nirsevimab at least 12 months before may have limited the ability to detect significant results past 1 year.” * * *
    • “The findings have implications for scheduling repeat dosing in eligible children, the study authors said. “Currently, the second dose of nirsevimab for eligible children with high-risk comorbidities is often administered during the second season, with a minimum interval of 5–6 months,” they wrote. “In some regions, the RSV epidemic is year-round, where repeat dosing of nirsevimab at 5–6-month intervals can be costly.”
    • “The results need to be interpreted with caution owing to the inability to identify children whose mothers were vaccinated against RSV during pregnancy, potential missing documentation of nirsevimab administration, and residual confounding factors after propensity score matching. 
    • “The authors called for future studies on the long-term effectiveness of nirsevimab against RSV hospitalization, intensive care unit admission, and death.” 
  • Genetic Engineering and Biotechnology News informs us,
    • “In a proof of concept that may reshape the treatment landscape for insulin-dependent diabetes, scientists have demonstrated that human stomach cells can be reprogrammed to secrete insulin—potentially paving the way for autologous cell-based therapies that eliminate the need for donor islets and systemic immunosuppression, as well as lifelong monitoring of blood sugar levels and insulin injections.
    • “The study, “Modeling in vivo induction of gastric insulin-secreting cells using transplanted human stomach organoids,” published in Stem Cell Reports and led by Xiaofeng Huang, PhD, of Weill Cornell Medicine and Qing Xia, MD, PhD, of Peking University, shows that human gastric tissue can be transformed in vivo into functional insulin-producing cells using a precision combination of defined genetic factors. The work builds on earlier findings in mice that the stomach’s cellular architecture can be coaxed into producing insulin and represents the first demonstration that this conversion can occur in human-derived tissues inside a living organism.”

From the U.S. healthcare business front,

  • The Wall Street Journal tells us about the founders of Metsera.
    • “Long before he found himself in the middle of a multibillion-dollar takeover battle for a coveted new weight-loss drug, Whit Bernard was a music nerd. He spent two years studying the role of musical activity in the nonviolent anti-Soviet uprisings of the Baltic States during the Perestroika era, publishing his research in English and Latvian. 
    • “After he got tired of working at a music nonprofit in Brooklyn, N.Y., he went to business school and became a consultant at McKinsey & Co. 
    • ‘His client was Clive Meanwell, a cancer researcher turned pharmaceutical executive who hired McKinsey to shore up costs and make other changes at his biotech Medicines Co. 
    • “The two hit it off, and Bernard left McKinsey to become Meanwell’s head of business development. They agreed to sell Medicines to Novartis for almost $10 billion in 2019, and looked to start another company. 
    • ‘Meanwell did what he does best—find the next big thing in medicine by looking for the biggest afflictions facing the most patients. Weight-loss drugs, he bet. Now, Bernard, 41, and Meanwell, 68, are about to pull off a big sale again. 
    • Pfizer PFE is locked in an unusually bitter fight to pay upward of $10 billion to buy Metsera MTSR and its stable of at least eight potential new drugs that can enter a global weight-loss market that analysts project will surpass $100 billion in 2030. 
    • The two stand to profit big from a transaction. Their firm Population Health Partners owns roughly 12% of Metsera shares, which would net it over $1 billion, assuming the final deal values Metsera at $10 billion or more.
  • Bloomberg adds,
    • Pfizer Inc. has submitted a sweetened bid for obesity drug startup Metsera Inc. as its fight against rival Novo Nordisk A/S continues to escalate, according to people familiar with the matter.
    • “The new offer improves upon Pfizer’s earlier proposal for $86.20 a share including milestone payments, said the people, who asked not to be identified discussing private information. Pfizer’s revised bid on Friday is the latest in its back-and-forth with Novo, which submitted a proposal topping Pfizer’s for the second time on Thursday.
    • “Under the terms of its merger agreement, Pfizer will win even if the companies offer the same amount. The bidding war could continue with Novo increasing its offer, the people added.”
  • Per MedTech Dive,
    • “Synchron has raised $200 million to support commercialization of its brain computer interface platform, the company said Thursday.
    • “The Series D round will fund preparations to launch Synchron’s first-generation platform, which translates brain activity into digital commands without open-brain surgery, and development of a new interface.
    • “Synchron’s funding moves investment in BCI companies in 2024 and 2025 beyond $1 billion, with the round adding to financings at Blackrock NeurotechNeuralink and Precision Neuroscience.”
  • Per Beckers Payer Issues,
    • “Baltimore-based Johns Hopkins is convening with health plans, health systems, policymakers and patients to further high-value care, according to a document shared with Becker’s on Nov. 7.
    • “The purpose of this convening proposal is to create sustainable improvements in healthcare value by aligning and synergizing the work of health systems, health plans and policymakers,” the grant application said. “We will bring together experts to collaboratively design meaningful metrics that increase quality, safety and value.” 
    • ‘The initiative, called Providers, Health Plans, Policymakers and Patients Aligned in Care Transformation, consists of three work groups. One will address hospital quality and process-based metrics, another will tackle ambulatory value-based care performance metrics and the third will focus on resource utilization management rules. Johns Hopkins Health Plan’s chief medical officer and associate chief medical officer are among the program’s leaders.”
  • Beckers Hospital Review offers a non-exhaustive list of “81 health systems with strong operational metrics and solid financial positions, according to reports from credit rating agencies Fitch Ratings and Moody’s Investors Service released in 2025,”
  • and informs us,
    • “Nearly 7 in 10 healthcare consumers will leave a review when texted or emailed, meaning a “passive reputation management strategy won’t cut it” for health systems, according to a Press Ganey report published Nov. 6. 
    • “Referrals historically defined a health system’s reputation, but now, reviews do.
    • “Press Ganey, a healthcare experience consulting firm, analyzed 6.5 million patient encounters across the U.S. and surveyed 1,000 healthcare consumers, which are defined as adults who researched healthcare providers online in the past year.”

From the artificial intelligence front,

  • Beckers Hospital Review shares the 10 best quotes on AI from Becker’s CEO + CFO Roundtable.
  • TechTarget reports,
    • “Recent headlines have warned that AI will decimate jobs and reshape work as we know it. But a new study from Yale University’s Budget Lab, “Evaluating the Impact of AI on the Labor Market: Current State of Affairs,” suggests the reality is less dramatic, at least for now.
    • “The study, conducted in partnership with the Brookings Institution, examined nearly three years of labor market data, beginning with the mainstream launch of ChatGPT in late 2022.
    • “Despite the rapid progress of generative AI, researchers found no clear evidence that the U.S. workforce has undergone widespread displacement. Instead, the occupational mix has remained strikingly stable.
    • “Despite how quickly AI has advanced, the labor market story over the past three years has been one of continuity over change,” said the study’s co-author, Molly Kinder, while speaking to the Financial Times.”
       
  • McKinsey and Co. considers what clinical trials will look like in 2035.
    • “The biopharmaceutical industry stands at a critical juncture, where rapid scientific advancements and increasing competition demand a fresh look at clinical trial delivery. As the industry hurtles toward 2035, the need for a transformative vision has never been more pressing. This article outlines a bold new direction for clinical trials, one that aspires to double trial speed and patient participation while enhancing outcomes and reducing costs. By examining the key drivers of change and the essential elements of a next-generation clinical development engine, we could unlock a future in which clinical trials are more efficient, more accessible, and more patient-centered.”

Thursday report

David ErmerCDC, CMS, Congress, FDA, Generative AI, Medical / Rx research, Medicare, Obesity, U.S. Healthcare, Uncategorized

From Washington, DC,

  • The Wall Street Journal reports,
    • “Senate Majority Leader John Thune (R., S.D.) told Senate Republicans Thursday that they should expect to vote on a new proposal Friday aiming to end the government shutdown, according to people familiar with the plan, indicating potential progress in resolving the monthlong impasse. 
    • “The proposal would combine a short-term spending measure with a package of three full-year funding bills, covering the legislative branch, agriculture, and military construction and veterans’ affairs. It was unclear whether the interim measure would keep the government open through mid-December or for a longer period. How Affordable Care Act subsidies, a central concern of Democrats, would figure into the plan also remained in flux. 
    • “The plan to vote on the revised proposal comes as the impact of the shutdown continues to grow. Government workers have gone without pay for weeks, and low-income families are seeing cuts in food aid and other assistance programs. On Thursday, airlines scrambled to review flight plans after federal officials revealed plans to reduce commercial air traffic starting Friday in response to the government shutdown.”
  • It is encouraging to see that the Senate will remain in session this week beyond today.
  • The Journal further reports,
    • “Airlines and travelers scrambled to review flight plans after U.S. transportation officials said they would throttle commercial air traffic starting Friday in response to the government shutdown.
    • “Transportation Secretary Sean Duffy said that traffic at 40 major airports would be reduced by as much as 10% as a safety measure. Air-traffic controllers and airport security agents aren’t being paid in the shutdown, which federal officials said has led to stretched staffing, flight delays and long security lines.
    • “The Federal Aviation Administration will start with a roughly 4% cut in flights this weekend at select airports, according to a Southwest Airlines internal memo reviewed by The Wall Street Journal. Some of the nation’s busiest airports are among those the FAA targeted for flight capacity cuts, including those in Atlanta, Chicago and New York.
    • “To put that in perspective, a 4% reduction in key markets represents approximately 100 flights, a level we routinely manage during standard weather or irregular operational events,” the memo said.”
  • and
    • “A federal judge has ordered the Trump administration to fully fund food-assistance benefits for November by Friday, criticizing the government’s efforts so far to make payments during the government shutdown. 
    • “Judge John McConnell said the administration violated the order he issued last weekthat required the government to tap emergency funds and “expeditiously” pay benefits under the Supplemental Nutrition Assistance Program, or SNAP.” * * *
    • “McConnell chided the government during a hearing on Thursday for its actions. “People have gone without for too long, not making payments to them for even another day is simply unacceptable,” said the judge, an Obama appointee.  
    • “He directed officials to release the full funding to states for November benefits by Friday. SNAP benefits, which cover roughly 42 million Americans, typically total about $8 billion a month. Since the contingency fund wouldn’t cover the full amount, he ordered them to use another source of money to make up the shortfall.” 
  • Tammy Flanagan, writing in Govexec, delves into OPM Director Scott Kupor’s blog entries about modernizing the federal retirement system.
  • Moving onto healthcare, BioPharma Dive relates,
    • “Novo Nordisk and Eli Lilly will sell their GLP-1 drugs for obesity and diabetes to some Medicare enrollees for $245 a month under an agreement hammered out with the Trump administration, the White House announced Thursday.
    • “Through the deal, the two companies will also offer some of the same drugs through an online government portal for about $350 a month. Lilly and Novo will additionally be required to sell starter doses of their coming oral obesity medicines, if approved by regulators, for $149 a month. They’ll have to offer all their weight loss drugs to state Medicaid programs at “most favored nation” prices, too.
    • “The new figures represent discounts to the list prices of Wegovy and Zepbound, which are $1,350 and $1,080 a month, respectively, as well as the $499 monthly charge on Lilly and Novo’s direct-to-consumer sites. But comparisons are different when weighed against the “net” prices that follow negotiations with insurers.” * * *
    • “[T]he Medicare price for GLP-1 drugs will be offered through a pilot program that will cover most beneficiaries, Novo said in a separate press release. That may be necessary, as the law that authorized Medicare coverage of prescription drugs specifically bars weight loss products. But it also likely limits which Medicare beneficiaries will qualify, and could have a fixed expiration date. Those that do benefit will have a $50 monthly copay.
    • “The agreement also won’t apply to the vast majority of people who receive their medications through commercial insurance.”
  • Fierce Pharma adds,
    • “The Trump administration is rolling out a new model that aims to bring most-favored nation pricing to the Medicaid space.
    • ‘The Centers for Medicare & Medicaid Services announced late Thursday the launch of the GENErating cost Reductions fOr U.S. Medicaid (GENEROUS) model, under which participating state Medicaid programs will be able to purchase certain drugs at prices that align with what is paid in other countries.
    • “The agency said the model, which launches in 2026, is designed around “allowing Americans to benefit from fairer, more competitive pricing.”
    • ‘CMS said that total gross spending in Medicaid on drugs in 2024 was $100 billion, up by $10 billion from 2022. Through the model, CMS will negotiate with participating pharmaceutical companies to bring down prices, while states that sign on will be able to implement coverage criteria that is uniform and transparent.”
  • The American Hospital Association News informs us,
    • “All 50 states have applied for the Rural Health Transformation Program, the Centers for Medicare & Medicaid Services announced Nov. 5. The program will fund $50 billion to states from fiscal year 2026 to FY 2030. Half of the funds will be awarded as baseline funding, and the other half will be distributed following a data-driven review that will assess each state’s initiatives and their alignment with the program. CMS said it would announce the recipients by Dec. 31.” 

From the Food and Drug Administration front,

  • Per an FDA news release,
    • “The U.S. Food and Drug Administration today announced six additional awardees under the Commissioner’s National Priority Voucher (CNPV) pilot program. This second cohort brings the total number of voucher recipients to 15, underscoring the agency’s commitment to accelerating the review of products with the potential to address key national priorities.” * * *
    • “The following products were selected following external applications and internal nominations from FDA review divisions:
      • Zongertinib for HER2 lung cancer
      • Bedaquiline for drug-resistant tuberculosis in young children
      • Dostarlimab for rectal cancer
      • Casgevy for sickle cell disease
      • Orforglipron for obesity and related health conditions  
      • Wegovy for obesity and related health conditions
  • HCP Live tells us,
    • “The US Food and Drug Administration (FDA) has approved Ironwood Pharmaceuticals’ linaclotide (Linzess) capsules for pediatric patients ≥ 7 years of age with irritable bowel syndrome with constipation (IBS-C), making it the first treatment approved for IBS-C in this patient population.
    • “The drug works by increasing intestinal fluid secretion and reducing pain-sensing nerve activity.
    • “Approval was based on adult data and a pediatric trial showing significant symptom improvement.
    • “Safety profiles were consistent across age groups, with diarrhea as the most common side effect.
    • “Linaclotide is contraindicated in children under 2 due to dehydration risks.”
  • Per BioPharma Dive,
    • “Johnson & Johnson won Food and Drug Administration approval to sell its drug Caplyta for patients suffering from major depressive disorder, a key step in its ambitions to make the medicine a $5 billion-a-year seller.
    • “Caplyta is already cleared to treat patients with schizophrenia and those suffering from bipolar I and II depression, conditions that affect some 13 million Americans combined. Major depressive disorder, also known as clinical depression, afflicts about 22 million Americans and two-thirds of that group don’t get enough relief from current medicines, J&J said Thursday.
    • ‘The latest FDA approval is based on research that showed Caplyta could significantly improve depression symptoms, as well as an open-label study that found that 80% of patients responded to treatment, with 65% achieving remission. At the same time, the drug didn’t cause the side effects such as low sexual desire or weight gain that often leads patients to drop off antidepressant treatments, J&J said.”
  • MedPage Today lets us know,
    • “The FDA sent 18 warning letters to websites that illegally market unapproved and misbranded botulinum toxin (Botox) products, the agency announced.
    • “The letters were addressed to sites with names like cosmo-korea.com, derma-solution.com, glamderma.com, and koreanfillers.com, among several others.” * * *
    • “The sites were reportedly based in South Korea, China, Panama, and the U.S., according to the letters.”

From the public health and medical / Rx research front,

  • The New York Times reports,
    • “Heavy drinking is tied to earlier and more severe brain bleeds, a new study found. The paper, published Wednesday in the journal Neurology, examined the link between alcohol and intracerebral hemorrhages — the deadliest, most disabling type of stroke.
    • “The researchers found that so-called heavy drinkers — people who had three or more drinks per day — developed a stroke on average 11 years earlier than those who had fewer than three drinks per day. They also had larger brain bleeds that were more difficult to manage.
    • “This data cannot prove that alcohol led to earlier, more severe brain bleeds. But it aligns with a wide body of research linking heavy alcohol use to damaged blood vessels and cardiovascular disease.
    • “Alcohol in high doses is toxic to brain cells,” said Dr. Bruce Ovbiagele, a professor of neurology at the University of California, San Francisco, who was not involved with the study.”
  • and
    • “Radiation has long played a role in the treatment of breast cancer, though doctors have used it more sparingly in early-stage disease in recent years, as advances in diagnostics and treatment have improved survival rates.
    • “Now a new study with an unusually long follow-up period has found that radiation to the chest wall made absolutely no difference in survival among women with early-stage breast cancer who had been treated with mastectomy, lymph-node surgery and advanced anti-cancer drugs.
    • “The results of the large, randomized clinical trial were published on Wednesday in The New England Journal of Medicine.”
  • MedPage Today points out,
    • “Observational data point to a relationship between the vascular system and epilepsy beyond the brain.
    • “Among people ages 40 and older, heart attack survivors had a disproportionately greater risk of incident late-onset epilepsy.
    • “Late-onset epilepsy may also be a marker of systemic vascular disease.”
  • Infectious Disease Advisor adds,
    • “Although the second dose of the inactivated influenza vaccine (IIV) significantly increases protection relative to a single dose among children younger than 3 years, this benefit is not observed when the study population is broadened to include children younger than 9 years, according to study findings published in JAMA Network Open.”
  • Per Healio,
    • “A multidisciplinary comprehensive obesity care model increased GLP-1 persistence at 1 year.
    • “Patients in the program also had clinically meaningful weight loss outcomes and lower fat-free mass loss.”
  • Cardiovascular Business notes,
    • “Researchers are working on a new stem cell patch designed to help patients recover after a heart attack. The patch is implanted through a tiny incision, making open-heart surgery unnecessary, and then held in place with a biocompatible adhesive. It then helps the heart recover over time, replacing dead tissue that would typically never be able to regenerate. 
    • “The group behind this new technology presented its latest findings in Acta Biomaterialia.
    • “For patients with severe heart failure, there are very few options beyond mechanical pumps or transplants,” senior author Wugiang Zhu, PhD, a researcher with Mayo Clinic in Arizona, said in a statement. “We hope this approach will offer a new way to repair their own hearts.”
    • “Zhu et al. tested their new patch on rats that were given surgically induced heart attacks. The early findings suggest this approach could provide significant value to heart patients everywhere if it can be fine-tuned and tested on human subjects. Researchers noted that the patch improved heart function and reduced both scarring and inflammation.” * * *
    • “Click here to read the full analysis.” 
  • Beckers Clinical Leadership identifies the 10 hospitals with the lowest number of birth complications and the 10 hospitals with the highest number of those complications.

From the U.S. healthcare business front,

  • Beckers Payer Issues tells us,
    • “Eighty-eight percent of Americans are content with their health coverage, yet nearly half rate the country’s overall system a “C” or worse, according to a Nov. 6 survey from health insurance marketplace eHealth.
    • ‘The survey collected input from 1,524 adults across the U.S.
    • “This new survey highlights the mixed feelings many Americans have about our health insurance system,” Whitney Stidom, vice president of consumer enablement at eHealth, told Becker’s. “While many people are satisfied with their coverage, out-of-pocket costs are often a burden, and navigating the various coverage options can be challenging for some. It is crucial consumers understand their health insurance options, as doing so can help them save time, potentially reduce costs and encourage access to quality care.”
  • The Wall Street Journal reports,
    • Pfizer PFE is preparing to sweeten its offer again for Metsera, the weight-loss drug startup at the center of a bidding war that also involves Novo Nordisk
    • New York-based Pfizer is making plans to deliver a fresh bid Wednesday, according to people familiar with the matter, ahead of a deadline it has to respond to Novo Nordisk’s latest proposal. 
    • Under the terms of its existing merger agreement with Metsera, Pfizer’s next likely step is to match Novo Nordisk’s offer, one of the people said. 
    • Metsera shares closed Wednesday at $71.38 and rose over 7% after-hours after The Wall Street Journal reported on Pfizer’s plans. Novo Nordisk’s offer valued the company at $86.20 a share, while Pfizer’s most recent offer valued it at $70 a share, Metsera said.
  • Per STAT News,
    • “In its latest bid to shake up the prescription drug market, the Mark Cuban Cost Plus Drug Company has reached a deal to sell a cheap, biosimilar version of Stelara, a widely prescribed treatment for chronic inflammatory and autoimmune conditions.
    • “The company plans to sell the lower-cost medication for $345 every three months, or $1,380 a year, for a 90-milligram dose, before shipping costs. This is significantly below the list price for the brand-name drug sold by Johnson & Johnson, which can vary depending on patient weight and the specific illness being treated.”
  • Per BioPharma Dive,
    • “AstraZeneca has exercised an option to acquire SixPeaks Bio, an obesity drug startup that it helped launch last year with Versant Ventures.
    • “AstraZeneca revealed the deal in its latest quarterly earnings report on Wednesday. According to that report, the British drugmaker on Oct. 22 paid $170 million for the shares in SixPeaks it didn’t already own. AstraZeneca will add another $30 million to the deal in two years and could shell out a further $100 million based on the achievement of certain regulatory milestones. 
    • “SixPeaks launched in 2024 with $30 million in funding and a collaboration that gave AstraZeneca the chance to acquire it at an agreed-upon price.” 
  • and
    • “Moderna again reported declining vaccine sales and tempered its 2025 revenue outlook, but expressed confidence in its plan to break even financially in a few years.
    • “In third-quarter earnings on Thursday, Moderna reported $1 billion in revenue, down roughly 45% from the same three-month period a year ago. The company also lowered the top end of its projected revenue forecast for 2025. It now expects between $1.6 and $2 billion, down from an expected range of $1.5 billion to $2.2 billion.
    • “Still, Moderna shares, which have lost more than half of their value over the last year, ticked up as much as 5% in early trading Thursday. One reason why is progress the company has made in cutting costs, with Moderna claiming that, so far, it’s ahead of its projected target for the year. 
    • “We give credit where it’s due, and [Moderna] is clearly making progress on cost control,” Leerink analyst Mani Foroohar wrote in a note to clients Thursday.” 
  • Modern Healthcare reports,
    • “Cambia Health Solutions plans to bring another Blue Cross Blue Shield insurer under its umbrella as it seeks to scale its technology and care management services. 
    • “The nonprofit, which operates Regence Blue Cross plans in Idaho, Oregon, Utah and Washington, announced Thursday that it plans to join forces with Arkansas Blue Cross and Blue Shield. The proposed strategic affiliation is Cambia’s second this year; in August, the company proposed a similar partnership with Blue Cross Blue Shield of North Dakota.
    • “By affiliating, the Blue Cross companies aim to pool their investments and administrative capabilities to develop new technology and care management services, Cambia President and CEO Jared Short said. Partnering could boost each organization’s struggling finances, although that is not the primary driver of the planned affiliations, he said.” 
  • Healthcare Dive informs us,
    • “Dr. Amy Flaster joined Cigna late last year as the CMO of the Connecticut-based company’s health insurance arm. But now, she’s stepping into an expanded role as CMO of the entire business, encompassing both Cigna Healthcare and health services division Evernorth.
    • “Starting Nov. 1, Flaster is leading Cigna’s efforts to improve clinical performance, including testing and introducing new care models, overseeing providers and determining where technology could be an asset.
    • “At Cigna, Flaster will report to COO Brian Evanko.
    • “Her appointment coincides with the departure of Dr. David Brailer, a longtime healthcare executive who served as Cigna’s chief health officer since 2022.” * * *
    • “Cigna also announced that Katya Andresen, Cigna’s chief digital and analytics officer, will oversee the company’s “excellence and transformation” efforts, which shapes customer engagement.”
  • Per MedTech Dive,
    • “Diabetes tech nonprofit Tidepool will collaborate with Ōura to launch a partnership for diabetes research, the companies announced Tuesday.
    • “With users’ consent, Tidepool will pair biometric data from the Oura Ring with data from diabetes devices, including continuous glucose monitors and insulin pumps.
    • “The companies plan to start recruitment in early 2026 through a study approved by an institutional review board. Participants who opt into the study will share their data with Tidepool’s Big Data Donation Project. With users’ consent, the de-identified data will be shared with academics, researchers and industry to accelerate diabetes research.”

From the artificial intelligence front,

  • Beckers Health IT reports,
    • “Rochester, Minn.-based Mayo Clinic has introduced a program to help other health systems adopt AI.
    • ‘Mayo Clinic Platform_Insights provides a “guided, affordable path” for healthcare organizations of all sizes to keep up with advances in the technology, the health system said.
    • “Digital solutions and artificial intelligence have enormous potential to transform healthcare but there are barriers to widespread adoption,” stated Maneesh Goyal, COO of Mayo Clinic Platform, the health system’s digital innovation arm, in a Nov. 3 news release. “When organizations partner with us, they gain access to proven clinical and administrative solutions and the technical framework to integrate them seamlessly.”

Weekend update

David ErmerCMS, Congress, FDA, Generative AI, Medical / Rx research, Medicare, U.S. Healthcare

From Washington DC

  • The Wall Street Journal reports
    • “Democratic senators again urged President Trump to get involved directly in talks to end the government shutdown as the impasse entered a crucial week, with the lapse set to become the longest ever while pain for American households and travelers is deepening. 
    • “Lawmakers indicated late last week that they were finally making progress on talks to reopen the government and begin discussions about how to address expiring enhanced Affordable Care Act subsidies, which are set to leave millions of Americans with sharply higher health-insurance bills. Democrats, who have repeatedly blocked a GOP measure to reopen the government, have made talks on healthcare a condition of voting to end the shutdown.
    • “Some travelers experienced abnormally long delays Sunday as a result of staffing shortages at major airports. Flights into Newark Liberty International Airport were delayed over three hours on average, according to Federal Aviation Administration data. People flying out of Houston’s George Bush Intercontinental Airport were warned that wait times could exceed 90 minutes.”
  • The Journal also offers advice to folks who are in the market for an Affordable Care Act plan during this open enrollment period.
  • Modern Healthcare explains,
    • “Doctors who treat Medicare beneficiaries are getting a 2.5% raise next year under a regulation the Centers for Medicare and Medicaid Services issued Friday.
    • “The 2026 Medicare Physician Fee Schedule final rule implements provisions from the tax law President Donald Trump enacted in July, which mandated a pay hike and reversed a multiyear trend of reimbursement cuts. CMS also spells out its plans for an “efficiency adjuster” that will reduce some payments, a lower back pain and heart failure payment model, and new flexibilities for telehealth coverage.
    • “The actions we are taking will improve seniors’ access to high-quality, preventive care that will help them to live longer, healthier lives,” CMS Administrator Dr. Mehmet Oz said in a news release. 
  • STAT News adds,
    • “Medicare on Friday followed through with its earlier proposal to reduce payment for surgeries, outpatient procedures, and other services it believes can be done more efficiently starting in 2026.
    • “The controversial move represents a significant change to how thousands of physician services are priced under Medicare. It’s a blow to the powerful physician lobby that has long controlled how procedures are priced and could help ensure more equitable pay among specialists and primary care doctors. 
    • “The so-called efficiency adjustment assumes that advances in technology and standardized workflows have cut down the time and expense necessary to perform certain procedures —  changes that reimbursement hadn’t accounted for. Those services will see a 2.5% cut to reimbursement beginning Jan. 1, 2026, while time-based services like office visits or behavioral health therapy will not. Telehealth and certain maternity services will also be unaffected.” * * *
    • “In response to comments on the proposal, Medicare will not apply the efficiency adjustment to payment codes that are new for 2026.” 

From the Food and Drug Administration front,

  • The Wall Street Journal reports,
    • “A Food and Drug Administration official who resigned on Sunday was sued by a Canadian pharmaceutical company, which accused him of soliciting a bribe and tanking its stock with false statements as part of a revenge campaign against a former colleague.
    • “Dr. George Tidmarsh was hired in July by FDA Commissioner Dr. Marty Makary to lead the agency’s drug division, a top role regulating much of the country’s pharmaceutical industry that gave Tidmarsh a prominent perch in the Department of Health and Human Services headed by Robert F. Kennedy Jr.
    • “Drugmaker Aurinia Pharmaceuticals filed a lawsuit in federal court in Maryland Sunday evening detailing its accusations against an official at an agency that this year has faced upheaval and uncertainty in the form of DOGE cutsleadership departures and a slew of new policies.
    • “A lawyer for Tidmarsh, Joseph Galda, said that he didn’t solicit a bribe.” * * *
    • “Secretary Kennedy expects the highest ethical standards from all individuals serving under his leadership and remains committed to full transparency,” the spokeswoman said.” 

From the public health and medical / Rx research front,

  • NPR Shots reports,
    • “In April, the future was looking bleak for an experimental Alzheimer’s drug called valiltramiprosate, or ALZ-801.
    • “Researchers had just released topline results of a study of more than 300 people age 50 or older, who were genetically predisposed to Alzheimer’s. Overall, those who got the drug did no better than those given a placebo.
    • “But in September, a closer look at the results revealed benefits for a subgroup of 125 people who had only mild memory problems when they started taking the drug.
    • “Those participants, initially diagnosed with mild cognitive impairment rather than mild dementia, “showed very meaningful responses,” says Dr. Susan Abushakra, chief medical officer of Alzheon, the drug’s maker.
    • “By one measure, the drug slowed cognitive decline by 52% in people with mild cognitive impairment. That result appears comparable with benefits from the two Alzheimer’s drugs now on the market: lecanemab and donabemab.”
    • Further studies are underway.
  • Medscape discusses ongoing advances in anti-obesity medication and separately notes
    • “Analysis of 35,213 patients with stage II-III colon cancer revealed that recurrence risk drops below 0.5% at 6 years post-surgery, supporting a practical definition of cure. Women showed a significantly lower recurrence risk with a hazard ratio (HR) of 0.58.” * * *
    • “From a scientific perspective, we still face challenges in the definition of cure in the adjuvant colon cancer setting. When answering patients’ questions about cure, we should use a restrictive definition of relapse-free survival, considering local and/or distant recurrence; this should be reported in adjuvant studies as a relevant secondary endpoint. In the setting of colon cancer, this leads us to advocate for 6 years after surgery free of relapse as constituting cure,” the authors of the study wrote.”
  • JAMA discusses “What to Know About the New Blood Pressure Guidelines” for adults released in August 2025.
    • “Some things haven’t changed in the new high blood pressure (BP) guideline for adults released this August by the American Heart Association (AHA) and the American College of Cardiology. The definitions of normal, elevated, and stage 1 and 2 hypertension are the same, for example. And the recommended first-line antihypertensives are unchanged from the 2017 guideline.
    • “But many updates with the potential to change patient care were included in the new guideline, which incorporates the latest data and emphasizes both earlier treatment and tighter control of BP.
    • “With heart health, brain health, kidney health…overall we have really great evidence that lower blood pressure is better,” said guideline coauthor Sadiya S. Khan, MD, MSc. “Start blood pressure treatment earlier and get to lower targets.”
    • “Plus, there’s much more attention on prevention in the new guideline—meaning recommendations even for people with normal BP.”

From the U.S. healthcare business front,

  • The Wall Street Journal reports
    • “The gloves are off in the obesity-drug fight. But Novo Nordisk NOVO.B might be swinging so hard it risks losing its balance.
    • “The maker of Ozempic has been losing ground to Eli Lilly LLY and a crop of copycat GLP-1 makers such as Hims & Hers Health HIMS. Novo’s new chief executive, Mike Doustdar, deserves credit for shaking up a once-stodgy Danish pharma with a move fast and break things mindset. He inherited a company rapidly ceding share, and his response has been urgent: layoffs to free up cash for reinvestment, and a dealmaking spree that included the acquisition of Akero Therapeutics, a company with a liver-disease treatment, for up to $5.2 billion.
    • Now, Novo’s bid to regain its footing has taken a form unthinkable under past leadership: an unsolicited $9 billion offer to pry Metsera MTSR, the developer of a monthly injection, away from Pfizer PFE, which had agreed to buy it in a deal valued at up to $7.3 billion. It is a bold move for a company that mostly shied away from dealmaking under past leadership.
    • In this case it also looks like a move born of frustration, one that is now making Novo investors uneasy. The stock skidded Thursday and Friday as investors questioned how confident the pharma company is in its own obesity-drug pipeline, said Will Sevush, a healthcare strategist at Jefferies.
    • On Friday, Pfizer sued Novo and Metsera, alleging that under the terms of the Pfizer-Metsera agreement, the offer from Novo can’t qualify as superior. Pfizer might have a point.” * * *
    • “Even so, Pfizer—which had recently been fending off an activist investor as patents on key drugs expire and Covid revenue fades—still has time to decide it is better to negotiate than fight. Metsera seems to be using Novo’s offer as leverage to extract a sweeter deal, and under the merger terms, Pfizer has until Tuesday to counterbid. Given how valuable GLP-1 drugs have become, a small bump in price could be worth it.”
  • TechTarget unveils a patient survey about their attitudes towards the use of artificial intelligence in healthcare.

Cybersecurity Saturday

David ErmerCybersecurity, Generative AI

From the cybersecurity policy and law enforcement front,

  • Federal News Network tells us,
    • “The Office of the National Cyber Director is looking to engage industry as it starts to develop a new national cybersecurity strategy.
    • “National Cyber Director Sean Cairncross, speaking at a conferenced hosted by Palo Alto Networks in Tyson’s Corner, Va., Thursday, said U.S. cyber efforts of the past have failed to “send a message” to China and other cyber adversaries.
    • “A failure to send a message creates an opening for a miscalculation, that opens the door for a larger problem,” Cairncross said. “And so, what we are looking to do is to change that posture, so that that message is clear.” * * *
    • “I’m not trying to bring CEOs in and beat them over the head and say, do this, or we’ll regulate, or this is a mandate coming down from on high,” he said. “What I’m looking to do is to say where, where are the regulatory friction points in this domain that you deal with, what’s redundant, what’s become too much of a compliance checklist.”
    • “Cairncross said the private sector should have to meet minimum standards for cybersecurity. But he says the White House wants to work with businesses to understand how cybersecurity could be better prioritized against existing regulations.”
    • “Working to harmonize that regulatory structure, it’s incumbent on us to do that and work with you all to do that, hopefully as rapidly as we can,” he said. “But I see this as a true partnership between government and industry, and I think if we can get that in a place where everyone is sort of speaking the same language, it will be incredibly useful for hardening our resiliency.”
    • “The Trump administration’s cyber strategy will also likely feature a focus on normalizing offensive cyber operations.”
  • NextGov/FCW informs us,
    • “Criminal hackers, who for years lacked the sophistication and resources of nation-state cyber adversaries, are now on near-equal footing with state-level powers like China and Russia, thanks to advances in artificial intelligence, the head of the FBI’s Cyber Division said Thursday.
    • “[AI] allows mid-tier actors to really asymmetrically scale in ways that they can’t have impact otherwise, meaning a lot of these cybercriminal groups now have nation-state-type capabilities that they would not otherwise have because they’re using generative AI,” Brett Leatherman said Thursday at the Palo Alto Networks public sector conference in Virginia.” * * *
    • “The FBI has not been as quick to adopt AI in its day-to-day operations because it handles sensitive data that requires stringent protections and oversight to maintain security and legal standards, he said.” * * *
    • “The FBI constantly views data logs and other intelligence collected from legal authorities that can help them track hackers and build computer forensic conclusions. Having AI available to quickly parse those logs would be a benefit, he said, although industry partners are already using their own AI instruments to scan data and report those findings to the FBI.” 
  • Fedscoop adds,
    • The Department of Energy is set to deploy a new artificial intelligence supercomputer at Oak Ridge National Laboratory early next year, bringing the machine online at “record speeds” thanks to a new public-private partnership the agency unveiled Monday.
    • The deal with Advanced Micro Devices will provide Oak Ridge with the company’s Lux AI cluster, giving the lab expanded “near-term AI capacity” that will accelerate its work on fusion, fission, materials discovery, advanced manufacturing and grid modernization, per a press release announcing the partnership. 
    • “Winning the AI race requires new and creative partnerships that will bring together the brightest minds and industries American technology and science has to offer,” Energy Secretary Chris Wright said in a statement. “That’s why the Trump administration is announcing the first example of a new commonsense approach to computing partnerships with Lux.”
    • Energy also announced plans for the 2028 launch of Discovery, a system built by HPE and powered by AMD processors and accelerators. Discovery, according to the DOE, will “far” outperform Oak Ridge’s Frontier machine — currently the world’s second-largest supercomputer. * * *
    • “The Tennessee lab has been ground zero for many of the country’s advances in AI — and the Trump administration has signaled that there’s more to come. In an RFP released earlier this month, the DOE solicited proposals for the buildout and maintenance of AI data centers and energy generation infrastructure at Oak Ridge.”
  • Dark Reading reports,
    • “As China, Iran, Russia, and the European Union signed onto a new global cybercrime treaty, the United States and a minority of other nations continue to voice concerns over the global agreement’s impact on human rights — and the expansion of covered crimes to including any “serious” offense enabled by information communications technology (ICT).
    • “On Monday, more than 70 nations signed on to the treaty — formally, the United Nations Convention Against Cybercrime — pledging to aid in the investigation and prosecution of any “criminal offences … committed through the use of information and communications technology systems,” according to a copy of the document. Signers of the agreement promise to cooperate on “serious” crimes, which includes any violation of law that has a maximum prison time of at least four years.” * * *
    • [M]any nations signing the treaty may not have such laudable goals. In 2019, Russia began the process to establish the treaty, when its delegates sponsored a resolution to create a framework for combatting cybercrime. The other signatories included a list of authoritarian countries: Belarus, Cambodia, China, Iran, Myanmar, Nicaragua, Syria, and Venezuela, with the highest-ranking country among the sponsors earning a 2.94 on The Economist’s 10-point Democracy Index for 2024. For comparison, the Index’s most democratic nation, Norway, scored a 9.81. The Nordic country did not sign the UN cybercrime treaty, either.
    • “Looking at the group of founders should make any policy watcher skeptical, especially with much of the cybercriminal activity coming from China and Russia, says Zach Edwards, a senior threat analyst with Silent Push, a cyberthreat intelligence firm. He pointed to massive economic costs caused by cybercriminals groups in China and Russia.”
  • Per Cyberscoop,
    • “A 43-year-old Ukrainian national allegedly involved in the Conti ransomware group pleaded not guilty in federal court Thursday to cybercrime charges that could land him in prison for up to 25 years, according to court documents.
    • “Oleksii Oleksiyovych Lytvynenko, also known as Alexsey Alexseevich Litvinenko, was arrested in Ireland in July 2023, extradited to the United States earlier this month and remains in federal custody in Tennessee where at least three of his alleged victims are based.” * * *
    • “Lytvynenko and his co-conspirators used Conti ransomware to attack more than 1,000 victims globally, ensnaring victims in 47 states, Washington, Puerto Rico and about 31 countries, according to the Justice Department. The FBI estimates Conti extorted more than $150 million in ransom payments from victims.”

From the cybersecurity vulnerabilities and breaches front,

  • Cybersecurity Dive reports,
    • “The Cybersecurity and Infrastructure Security Agency issued updated guidance on a critical vulnerability in Windows Server Update Service and urged security teams to immediately apply patches to their systems and check for potential compromise.
    • “The vulnerability, tracked as CVE-2025-59287, involves deserialization of untrusted data in WSUS, a tool widely used by IT administrators to deploy Microsoft product updates. 
    • Security researchers have been tracking a series of exploitation attemptsin recent weeks. An initial patch issued in mid-October fell flat, and Microsoft issued an emergency out-of-band security update late last week. 
    • “CISA on Wednesday [October 29] issued additional guidance on how to check for potential compromise and warned security teams to take the threat very seriously.
  • and
    • “At least 50 organizations have been impacted by attacks targeting a critical vulnerability in Windows Server Update Service, with most of them located in the U.S., according to researchers at cybersecurity firm Sophos. 
    • “The vulnerability, tracked as CVE-2025-59287, involves deserialization of untrusted data. A security update issued by Microsoft in mid-October failed to provide adequate protection, and Microsoft issued an emergency out-of-band patch late last week to address the problem. 
    • “Sophos’s own telemetry picked up six incidents linked to the exploitation activity, and additional intelligence gathered by researchers shows at least 50 victims, the company told Cybersecurity Dive.” 
  • CISA added four known exploited vulnerabilities to its catalog this week.
    • October 28, 2025
      • CVE-2025-6204 Dassault Systèmes DELMIA Apriso Code Injection Vulnerability
      • CVE-2025-6205 Dassault Systèmes DELMIA Apriso Missing Authorization Vulnerability
        • Security Week discusses these KVEs here.
    • October 30, 2025
      • CVE-2025-24893 XWiki Platform Eval Injection Vulnerability
      • CVE-2025-41244 Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability
        • NIST discusses the XWiki KVE here.
        • Bleeping Computer discusses the Broadcom KVE here.
  • Cyberscoop relates,
    • “F5 CEO François Locoh-Donou said on a company earnings call that there were two categories of impact on customers following a nation-state attacker’s long-term, persistent access to its systems: widespread emergency updates to BIG-IP software and hardware, and customers whose configuration data was stolen during the attack.
    • “We were very impressed frankly, with the speed with which our customers have mobilized resources to be able to make these upgrades and put them in production fairly rapidly,” Locoh-Donou said Monday. F5 helped thousands of customers install critical updates upon disclosure, he added.
    • “The vendor’s latest assessment of the prolonged attack, which it became aware of Aug. 9 and disclosed Oct. 15, indicates F5 remains optimistic it has contained and limited exposure from the breach, which prompted a rare emergency directive from federal cyber authorities when it was disclosed in a regulatory filing.”
  • Per Dark Reading,
    • “A researcher has demonstrated that Windows’ native artificial intelligence (AI) stack can serve as a vector for malware delivery.
    • “In a year where clever and complex prompt injection techniques have been growing on trees, security researcher hxr1 identified a much more traditional way of weaponizing rampant AI. In a proof-of-concept (PoC) shared exclusively with Dark Reading, he described a living-off-the-land attack (LotL) using trusted files from the Open Neural Network Exchange (ONNX) to bypass security engines.”
  • and
    • “A variety of old, abandoned projects, long considered dead, continue to rise up and undermine the cybersecurity posture of the companies who created them.
    • “From code to infrastructure to APIs, these so-called “zombie” assets continue to cause security headaches for companies, and sometimes, lead to breaches. Oracle’s “obsolete” servers, abandoned Amazon S3 buckets used by attackers to distribute malware, and the unmonitored API connecting Optus’ customer-identity database to the Internet are all variations of the zombies plaguing enterprises.
    • “The lack of attention to forgotten — dare we say, “undead” — services causes cybersecurity headaches in two ways, says Andrew Scott, director of product at cybersecurity firm Palo Alto Networks.
    • “If you’ve got a device that has been forgotten, you’re probably not looking after it, so if it were compromised, it may be hard for you to know,” he says. “And two: The longer that those things stay out there, stay unmanaged or not getting the TLC and patch cycles … the more likely that they are vulnerable to risks over time.”

From the ransomware front,

  • Health Exec reports,
    • “On Oct. 27, Russia-based cybercrime group Qilin posted to the dark web claiming it had successfully hacked pharmacy benefit manager (PBM) MedImpact, with the group releasing screenshots of documents that appear to be billing invoices.
    • “In reviewing the post, Cybernews said the snippets are “mostly financial operation details which don’t seem to contain extremely sensitive personal data.” The company later confirmed that what Qilin said was true, releasing a short statement about its ongoing investigation into the incident, which it said is being conducted with the “assistance of one of the nation’s leading cybersecurity firms and is notifying all applicable authorities.” 
    • “The PBM also confirmed that the attack involved the deployment of ransomware, and that at least part of its infrastructure is still down. It said it deployed containment measures upon noticing the breach, often involving taking all systems offline until the situation is assessed.
    • “MedImpact is currently working to restore impacted systems in a new environment that is segregated from the prior infrastructure and protected by multiple layers of defense. Due to these measures, as of today, pharmacy claims for all clients are now adjudicating,” the company wrote. 
    • “The company apologizes for any disruption this issue may cause its clients and partners,” it added.” 
  • Per Bleeping Computer,
    • “CISA confirmed on Thursday [October 30] that a high-severity privilege escalation flaw in the Linux kernel is now being exploited in ransomware attacks.
    • “While the vulnerability (tracked as CVE-2024-1086) was disclosed on January 31, 2024, as a use-after-free weakness in the netfilter: nf_tables kernel component and was fixed via a commit submitted in January 2024, it was first introduced by a decade-old commit in February 2014.
    • “Successful exploitation enables attackers with local access to escalate privileges on the target system, potentially resulting in root-level access to compromised devices.
    • As Immersive Labs explains, potential impact includes system takeover once root access is gained (allowing attackers to disable defenses, modify files, or install malware), lateral movement through the network, and data theft.
  • The HIPAA Journal reports,
    • “The ransomware remediation firm Coveware has reported a growing divide in the ransomware landscape, with larger enterprises facing increasingly targeted, high-cost attacks, whereas attacks on mid-market companies continue to be conducted in volume. Ransomware groups conducting high-volume attacks appear to have found the sweet spot, as while the ransom payments they receive are much lower, the attacks are easier to conduct, and a higher percentage of victims pay up. Attacks on larger companies require more effort, although attacks are far more lucrative when a ransom is paid. Coveware reports that larger organizations are increasingly resisting paying ransoms, having realized that there are few payment benefits, but has warned that these targeted attacks are likely to increase due to falling ransom payments.
    • “Across the board, there has been a sharp fall in both the average and median ransom payments from a 6-year high in Q2, 2025, to the lowest level since Q1, 2023. In Q3, 2025, the average ransom payment fell by 66% to $376,941, with the median ransom payment down 65% to $140,000. In Q1, 2019, 85% of victims of ransomware attacks chose to pay the ransom, compared to a historic low of 23% in Q3, 2025.”

From the cybersecurity business and defenses front,

  • The Wall Street Journal reports,
    • “Artificial intelligence and weakening federal demand had dual impacts on this week’s earnings reports from large cybersecurity companies, which generally posted stronger results than the same time last year.
    • “Security and network specialist F5 posted a fourth-quarter profit of $190.5 million on Monday, up from $165.3 million last year. Its full-year profit was $692.4 million, compared with $566.8 million last year.
    • “However, the company warned of potential sales disruptions stemming from a breach by nation-state hackers. The breach, which was disclosed by F5 in October, was serious: Attackers gained access to the production environment for the company’s most popular products and its database of known software flaws. F5’s products are widely deployed among Fortune 500 companies and the federal government, making the disclosure worthy of briefings by the U.S. Cybersecurity and Infrastructure Security Agency.” * * *
    • “Other cybersecurity companies posted encouraging results. Network security vendor Check Point Software Technologies posted a third-quarter profit of $358.7 million, up from $206.9 million last year. The Israeli company closed its acquisition of AI specialist Lakera last week and said it expects AI to inform its acquisition strategy going forward.” * * *
    • “Infrastructure security specialist Tenable Holdings swung to a $2.3 million profit in its third quarter from a $9.3 million loss the previous year. Co-Chief Executive Stephen Vintz said the company is seeing a shift in customer spending away from traditional defensive strategies toward more proactive technologies that identify weaknesses before they are exploited, largely due to the use of AI.
    • “AI is dramatically reshaping the threat landscape as attacks have become faster, more automated and more sophisticated,” he said on a call with analysts Thursday.
    • “Data protection provider Commvault Systems reported $14.7 million profit for its second quarter on Tuesday, though this slipped from $15.6 million in the same quarter last year. Rival data security company Varonis reported a loss of $29.9 million, wider than the $18.3 million loss the previous year.”
  • Cyberscoop points out,
    • “A new security-focused AI model released Thursday by OpenAI aims to automate bug hunting, patching and remediation.
    • “The model, powered by ChatGPT-5 and given the name Aardvark, has been used internally at OpenAI and among external partners. Currently offered in an invite-only Beta, it’s designed to continuously scan source code repositories to find known vulnerabilities and bugs, assess and prioritize their potential severity, then patch and remediate them.
    • “In a blog post published on the company’s website, OpenAI claims that Aardvark “does not rely on traditional program analysis techniques like fuzzing or software composition analysis.”
    • “Instead, it uses LLM-powered reasoning and tool-use to understand code behavior and identify vulnerabilities,” the blog stated. “Aardvark looks for bugs as a human security researcher might: by reading code, analyzing it, writing and running tests, using tools, and more.”
  • Here is a link to Dark Reading’s CISO Corner.

Cybersecurity Saturday

David ErmerCybersecurity, Generative AI

From the cybersecurity policy front and law enforcement front,

  • Federal News Network reports,
    • “For years, the influential Cyberspace Solarium Commission has advanced recommendations on cyber policy that have slowly but steadily been adopted by Congress and federal agencies.
    • “But now, commission leaders are confronting a new reality: progress is “stalling, and in several areas, slipping,” largely due to the Trump administration’s federal workforce cuts.
    • “In its latest annual report, the Cyberspace Solarium Commission 2.0 — the “2.0” because the commission no longer resides within Congress but at the Foundation for the Defense of Democracies — found that there had been a “reversal” on its recommendations for the first time in the commission’s five-year history.”
  • Dark Reading adds,
    • “Cyberattacks against US agencies were rising steadily even before Oct. 1, in anticipation of the shutdown. Researchers at the Media Trust then observed a spike of activity on its very first day.
    • “At this point, they’re projecting that the feds will experience north of 555 million cyberattacks by the end of the month [of October] — an 85% increase over the already more active than usual month of September.”
    • “To make matters worse, Media Trust CEO Chris Olson points out that those 555 million attacks aren’t the cheap phishing chum one might expect to dominate such a dataset.
    • “These are targeted digital attacks through websites, apps, and targeted advertising. What we are detecting are actual interactions with employees,” he says.”
  • Dark Reading also informs us,
    • “A massive seizure by the US government of cryptocurrency from a sprawling Southeast Asia cybercrime syndicate has raised hopes that coordinated actions against cybercriminal groups can help undermine their profits.
    • “On Oct. 14, the US Department of Justice — along with the Drug Enforcement Agency, the Department of State, and other agencies — announced the seizure of 127,271 bitcoin kept in “unhosted wallets” and the indictment of Chen Zhi, the founder and chairman of the Prince Holding Group, on charges of conspiracy to commit wire fraud and money laundering. The seized bitcoin, stored in 25 wallets, are worth more than $14 billion, and were valued at nearly $15 billion on the day of the announcement.” * * *
    • “Repeating the win will be difficult, however.
    • “While the US Department of Justice and government officials announced the seizure and indictment on Oct. 14, the actual investigation and enforcement actions occurred last year and the investigation took much longer. The seizure of the funds likely took place in June and July of 2024, when the wallets holding the bitcoin “suddenly lit up … suggesting coordinate[d] enforcement activity,” says TRM Labs’ Redboard.
    • “These operations are exceptionally hard to pull off,” he says. “They require cooperation across agencies and borders, and — critically — access to private keys. Investigators can map transactions forever, but they can’t move assets without those keys. The fact that the US was able to gain control here means that digital and physical evidence aligned, resulting in a great outcome.” * * *
    • “The successful seizure may also reverse a trend that blockchain experts have noted: Cybercriminals’ increasing dependency on bitcoin. While other cryptocurrencies exist — and stable coin has become popular among some investors — bitcoin’s self-custody attribute has been seen as a significant benefit, says Eric Jardine, cybercrimes research manager at Chainalysis, a crypto intelligence firm.” * * *
    • “Whether the seizure by the US government results in a movement away from bitcoin remains to be seen.”

From the cybersecurity vulnerabilities and breaches front,

  • Cybersecurity Dive reports,
    • “Security researchers are warning that cyber threat actors are abusing a critical vulnerability in Microsoft Windows Server Update Service. 
    • “The vulnerability, tracked as CVE-2025-59287, involves deserialization of untrusted data and could allow intruders to execute code without authorization.
    • “Researchers at Huntress said they have seen attackers exploiting the vulnerability in four different customers’ networks. 
    • “Senior security researcher John Hammond described the attack as a simple “point-and-shoot” technique, noting that the recent release of a proof of concept made the attack trivially accessible for any hacker to launch.” * * *
    • In an advisory released late Friday [October 24], CISA urged users to identify servers that are vulnerable to exploitation and immediately apply the upgrades. These servers have WSUS Server Role enabled, and ports open to 8530/8531, according to CISA.”
  • Cyberscoop adds,
    • “Last week, Cybersecurity and Infrastructure Security Agency officials spoke candidly about the challenges they faced tracking the use of F5 products across the civilian federal government. While CISA knows there are thousands of instances of F5 currently in use, it admitted it wasn’t certain where each instance was deployed. 
    • “The uncertainty came as the agency issued an emergency directive related to F5, instructing other government agencies to find and patch any F5 instances. The urgency stemmed from the fact that F5 itself had revealed a nation-state had gained a long-term foothold in its systems.
    • “One of the main goals of the directive: “help us identify the different F5 technology in the federal network,” as one official told reporters.
    • “CISA didn’t already have a complete picture of that despite the billions of dollars spent on a program, Continuous Diagnostics and Mitigation (CDM), designed for, among other things, “increasing visibility into the federal cybersecurity posture,” which CISA’s website for the program states is one of its main four goals.
    • “CISA’s lack of awareness about the extent of the F5 vulnerability’s presence in the federal government highlights a weakness in a program that is, by and large, a well-regarded one. But the fact that CDM did not automatically identify F5 prevalence is a circumstance of fast-changing technology and a shortcoming in the part of CDM that’s focused on keeping track of digital assets, according to current and former CISA officials and cyber industry professionals.”
  • CISA added the following known exploited vulnerabilities to its catalog this week,
  • Cybersecurity Dive relates,
    • “Critical flaws in TP-Link Omada and Festa VPN routers could allow attackers to take control of a device, according to a report released Thursday from Forescout Research – Vedere Labs. 
    • “One vulnerability, tracked as CVE-2025-7850, could enable OS command injection through improper sanitation of user input, according to the researchers. The flaw, which has a severity score of 9.3, in some cases can be exploited without requiring credentials to the device.
    • “A second vulnerability, tracked as CVE-2025-7851, allows root access via residual debug code, and has a severity score of 8.7. The flaw exposes hidden functionality that allows for root login via SSH, Forescout researchers told Cybersecurity Dive.
    • “TP-Link devices have been the target of exploitation activity in the past, including large botnets such as Quad7, says Daniel dos Santos, head of research at Forescout Research.” * * *
    • The researchers said they are not aware of any exploitation involving the newly found vulnerabilities but given that one is rated as critical and the other as high-severity, users should immediately apply new firmware updates issued by TP-Link.”
  • and
    • “Half of all organizations have been “negatively impacted” by security vulnerabilities in their AI systems, according to recent data from EY.
    • “Only 14% of CEOs believe their AI systems adequately protect sensitive data.
    • “AI’s new risks are compounding the difficulty of securing networks with a patchwork of cybersecurity defenses as organizations use an average of 47 security tools, EY found.”
  • Fierce Network adds,
    • “Beware. It’s that time of year when many employees are being told it’s open enrollment and they’re given a deadline to renew their health benefits. But if an unverified and unexpected message comes through SMS on your smartphone, it might be a smishing attack.
    • “Don’t click on the link, however tempting it may be.
    • “That’s one bit of advice from Chris Novak, VP of Global Cybersecurity Solutions at Verizon Business. He talked with Fierce about the latest Verizon Mobile Security Index that shows just how vulnerable mobile devices are to attacks. And guess what? AI isn’t helping matters. In fact, it’s putting devices more at risk.”
  • Cyberscoop notes,
    • “Researchers have uncovered a long-running phishing campaign that uses text messages to trick victims, and it’s both bigger and more complex than previously thought. The operation, dubbed Smishing Triad, is managed in Chinese and involves thousands of malicious actors, including dozens of active, high-level participants, Palo Alto Networks’ research unit told CyberScoop.
    • “Unit 42 has traced about 195,000 domains to the highly decentralized phishing operation since January 2024. Researchers say more than two-thirds of the malicious domains are registered through Hong Kong-based registrar Dominet (HK) Limited using China-based domain name system infrastructure.
    • “Most of the attack domains (58%) are hosted on U.S.-based IP addresses, while 21% are hosted in China and 19% reside in Singapore. The global phishing operation is designed to collect sensitive information, including national identification numbers, home addresses, financial details and credentials, according to Unit 42.
    • “The malicious domains, which include hyphenated strings followed by a top-level domain, trick victims into thinking they are visiting a legitimate site. These domains impersonate services across many critical sectors including toll road services, multinational financial service and investment firms, e-commerce markets and cryptocurrency exchanges, health care organizations, law enforcement agencies and social media platforms.”
  • HelpNetSecurity explains how “attackers turn trusted OAuth apps into cloud backdoors.”
  • Cybersecurity Dive points out that “social engineering gains ground as preferred method of initial access [for cyberattacks]. Senior executives and high-net-worth individuals are increasingly at risk as hackers use deepfakes, voice cloning and other tactics for targeted attacks.”

From the ransomware front,

  • The HIPAA Journal reports,
    • “Ransomware groups are conducting fewer attacks than a year ago and are increasingly adopting a more targeted approach using stealthy tactics to achieve more impactful results, according to the 2025 Global Threat Landscape Report from the network detection and response (NDR) company ExtraHop.
    • “Indiscriminate attacks are being dropped in favor of targeted, sophisticated attacks that allow ransomware actors to spend longer inside victims’ networks as they move undetected to achieve an extensive compromise before deploying their file-encrypting payloads. Attacks are designed to cause maximum damage and extensive downtime, which both increases the likelihood of a ransom being paid and allows them to obtain higher ransom payments.
    • “ExtraHop reports that in the space of a year, the average ransom demand has increased by more than one million dollars, from $2.5 million a year ago to $3.6 million, although ransom demands are higher for healthcare organizations and government entities. 70% of victims end up paying the ransom.
    • “Last year, ExtraHop tracked an average of 8 incidents per organization compared to 5-6 incidents this year. Ransomware actors typically have access to victims’ networks for almost two weeks before they launch their attack, during which time sensitive data is exfiltrated. It typically takes victims more than two weeks to respond to a security alert and contain an attack, with the attacks causing an average downtime of around 37 hours.”
  • CSO adds,
    • “Two in five companies that pay cybercriminals for ransomware decryption fail to recover data as a result, according to a survey of 1,000s SMEs by insurance provider Hiscox.
    • “The survey also revealed that ransomware remains a major threat, with 27% of businesses surveyed reporting an attack in the past year. Of those affected, 80% — which includes both insured and uninsured businesses — paid a ransom in an attempt to recover or protect critical data.
    • “But only 60% successfully recovered all or part of their data as a result, Hiscox’s Cyber Readiness Report found.”
  • and
    • “As ransomware attacks accelerate in speed and sophistication, 38% of security leaders rank AI-enabled ransomware as their top concern — the most frequently cited worry about AI-related security issues according to CSO’s new 2025 Security Priorities study.
    • “That concern appears to already be well founded, as a second study released today, CrowdStrike’s 2025 State of Ransomware Survey, provides a snapshot of how the ransomware threat is evolving, revealing cybersecurity pros’ fears surrounding the use of AI in ransomware attack chains, as well as the need to for CISOs to build better — and more intelligent — defenses to match AI-powered attackers.
    • “From malware development to social engineering, adversaries are weaponizing AI to accelerate every stage of attacks, collapsing the defender’s window of response,” Elia Zaitsev, CTO at CrowdStrike, said in announcing the survey’s findings. “The 2025 State of Ransomware Survey reinforces that legacy defenses can’t match the speed or sophistication of AI-driven attacks. Time is the currency of modern cyber defense — and in today’s AI-driven threat landscape, every second counts.”
  • Cybersecurity Dive seconds the CSO report,
    • “The vast majority of ransomware-as-a-service groups are using AI-powered tools, which are “almost certainly increasing the speed of ransomware attacks,” the security firm ReliaQuest said in a report published on Tuesday.
    • “One sign that automation is making a difference: Attackers’ breakout time — the measure of how long it took them to go from initial access to compromising other devices — dropped from 48 minutes in 2024 to 18 minutes in the middle of 2025, the company said.
    • “RaaS groups are offering AI-powered tools such as antivirus detection and “features to automatically kill software that prevents ransomware execution,” according to the report.”
  • Per Industrial Cyber,
    • “Trend Micro researchers identified the Agenda ransomware group, also known as Qilin, deploying a Linux-based ransomware binary on Windows hosts by exploiting legitimate remote management and file transfer tools. This cross-platform approach bypasses Windows-focused detections and conventional endpoint security solutions. The technique allows low-noise operations, including theft of backup credentials to disable recovery options and neutralization of endpoint defenses using BYOVD (Bring Your Own Vulnerable Driver) attacks.
    • “Since January 2025, Agenda ransomware has affected 591 victims across 58 countries, primarily in developed markets and high-value industries. Most victims were in the U.S., Canada, and the U.K., with manufacturing, technology, financial services, and healthcare among the hardest hit. Any environment using remote access platforms, centralized backup solutions, or hybrid Windows/Linux infrastructures is at risk. Enterprises are advised to restrict remote access tools to authorized hosts and continuously monitor for unusual activity.”
  • Per SC Media,
    • HackRead reports that U.S. multinational media and telecommunications conglomerate Comcast Corporation had 186.36 GB of compressed data, amounting to 834 GB of stolen information, exposed by the Medusa ransomware gang following its refusal to pay the $1.2 million ransom demand.
    • “Medusa has posted the data for download in 47 files, with most of the files sized at 4 GB. Earlier analysis of the data sample posted by Medusa in late September showed Excel files indicating claim data specifications, as well as multiple auto premium impact analysis-related Python and SQL scripts, according to Cybernews researchers.
    • “Comcast has yet to acknowledge Medusa’s posting. Such a development comes just weeks after Medusa was noted by Microsoft to have launched attacks leveraging the maximum severity GoAnywhere MFT flaw, tracked as CVE-2025-10035, to facilitate unauthenticated remote code execution.”

From the cybersecurity industry and defenses front,

  • Cyberscoop reports,
    • “Veeam announced Tuesday [October 21] it agreed to acquire Securiti AI for $1.725 billion, marking the data protection company’s largest acquisition and its entry into the artificial intelligence security market as enterprises struggle to deploy AI systems safely.
    • The deal, expected to close in early December, comes as organizations face mounting challenges in managing data across fragmented systems while attempting to launch AI initiatives.
    • “Securiti AI, based in San Jose, Calif., specializes in data security management and provides tools that help organizations understand what data they have, who can access it, and how it’s being used across hybrid cloud environments. The company uses a knowledge graph to map relationships between data assets, users, AI models and compliance requirements.
    • “Veeam, headquartered in Kirkland, Wash., makes software for backing up and recovering data after ransomware attacks and other breaches. The combination aims to address what both companies describe as a critical gap: enterprises cannot safely deploy AI without knowing whether the data feeding those systems is secure, properly governed and accessible only to authorized users.”
  • CIO explains why containment is the key to ransomware defense.
    • “Security leaders tasked with thwarting ransomware attacks must leverage containment techniques to prevent breaches from causing widespread chaos.
    • “Containment strategies reduce the blast radius of a cyberthreat by limiting or preventing the lateral movements of an intruder who succeeds in breaking into your network, a topic covered in a recent post.
    • “It’s a strategy that, when properly implemented, can all but eliminate the possibility of a catastrophic ransomware attack, says John Kindervag, chief evangelist at Illumio and the creator of Zero Trust.”
  • Cyberscoop lets us know,
    • “In recent years, the cybersecurity industry has made significant strides in securing endpoints with advanced Endpoint Detection and Response (EDR) solutions, and we have been successful in making life more difficult for our adversaries. 
    • “While this progress is a victory, it has also produced a predictable and dangerous consequence where threat actors are shifting their focus to the network perimeter, a domain often plagued by technical debt and forgotten hardware.
    • “The recent cyber espionage campaign by the China-linked group Salt Typhoon demonstrates this shift. It is the latest in a series of attacks that highlight a dangerous and common thread connecting them to other major adversaries, including Russia’s Static Tundra and various ransomware groups. 
    • “These groups are all exploiting the ghosts in our networks. Old, unpatched, and forgotten routers, VPNs, and firewalls that make up our network perimeter are making very attractive targets. * * *
    • “Not only does this represent an unprecedented level of tactical threat advancement, but it showcases a deep understanding from our adversaries of how U.S. and allied networks are being defended today. These attackers have shown us that they are now capable of operating invisibly within the systems built to protect against them, compromising our national resilience.
    • “This also highlights a critical lesson: a patch is not a time machine. It cannot undo a previous compromise. End-of-Life (EoL) devices forgotten in time are not forgotten by exploit writers after the patches stop. These “forgotten” devices may be out of sight for network administrators, but they are front and center for our adversaries. We must treat them as the critical risks they are.
    • “The path to a stronger national security posture lies in mastering the fundamentals that are too often neglected and establishing a proactive security program to anticipate and counter threats.”
  • Dark Reading points out,
    • “Most successful cyberattacks target end users through social engineering. They also exploit systems left vulnerable due to user errors. This is why securing the human element is crucial to managing cyber-risks in the modern era. 
    • “As recent headlines of data breaches, business disruptions, and threats demonstrate, the situation is dire. Despite the investment in security awareness training programs, many organizations are not receiving what they need. The average security awareness training program remains lackluster, at best, offering semi-annual cookie-cutter modules that drop a few factoids about security trends, hit users with a spot-the-phish game, or even surprise them with a simulation. As long as the click-through rates on phishing emails remain relatively low, the programs are considered successful. 
    • “The poor security outcomes should speak for themselves: This kind of training isn’t helping move the needle on risk.   
    • “Leading organizations are moving beyond the habits of ho-hum programs to deliver training that not only changes users’ insecure behaviors but also empowers them to take actions that boost the organization’s overall defense. One of the most fundamental shifts that effective security training programs are making is that they’re starting to dump the “awareness” label altogether.”
  • Here is a link to Dark Reading’s CISO Corner.

Friday report

David ErmerCDC, CMS, Congress, FDA, Federal employment benefits, Generative AI, Medical / Rx research, No Surprises Act, Obesity, U.S. Healthcare, Uncategorized

From Washington DC

  • The Wall Street Journal reports,
    • “Lawmakers are exploring options to end the government shutdown or mitigate its impact on federal workers and lower-income households.
    • “Some Republicans are considering stand-alone measures to pay specific groups of workers or fund certain programs during the shutdown.
    • “Democrats are facing increased pressure from constituents to end the shutdown, despite their stance on healthcare spending and federal workers.”
  • and
    • “The Pentagon said it received a $130 million donation from an anonymous private donor to cover military salaries during the government shutdown.
    • “The donation was accepted under the Defense Department’s “general gift acceptance authority” and is designated for servicemembers’ pay and benefits.
    • “President Trump announced the donation, calling the unnamed benefactor a “patriot,” as military members faced missing paychecks.”
  • Healthcare Dive tells us,
    • “Senators on both sides of the aisle expressed support for reforming the 340B drug discount program during a Thursday hearing of the Health, Education, Labor, and Pensions Committee — though lawmakers also cautioned that a careful approach is needed to ensure changes don’t harm rural hospitals and health centers.
    • “The hearing centered around concerns that 340B, although well-intentioned, has grown too large and may not ultimately benefit patients.” * * *
    • “Efforts are being led by a bipartisan working group formed in March, comprised of Sens. Jerry Moran, R-Kan.; Tammy Baldwin, D-Wis.; Shelley Moore Capito, R-W.V.; Tim Kaine, D-Va.; Markwayne Mullin, R-Okla.; and John Hickenlooper, D-Colo.” 
  • Per a Social Security news release,
    • “Social Security benefits and Supplemental Security Income (SSI) payments for 75 million Americans will increase 2.8 percent in 2026. On average, Social Security retirement benefits will increase by about $56 per month starting in January.
    • “Over the last decade the cost-of-living adjustment (COLA) increase has averaged about 3.1 percent.  The COLA was 2.5 percent in 2025.”
  • CMS announced today that “The Federal IDR Team released updates to the Federal IDR Portal’s Notice of IDR Initiation web form to improve the duplicate dispute validation process.” Duplicate arbitration requests were one on the principal concerns raised by the AHIP/BCBSA NSA survey noted in yesterday’s FEHBlog post.
  • Federal News Network adds,
    • “Starting in January 2026, many federal retirees will see a 2.8% cost-of-living adjustment (COLA) increase in their Social Security benefits and federal retirement annuities.
    • “That’s a higher rate than last year, and higher than projections set by AARP and the Senior Citizens League. About 75 million people, including retirees and individuals with disabilities, receive Social Security benefits.
    • “The annual COLA is meant to keep federal retirees’ and Social Security recipients’ benefits on pace with rising inflation. But not everyone will receive the full adjustment.
    • “Retirees in the Federal Employees Retirement System (FERS) usually receive a smaller cost-of-living adjustment each year for their annuities, based on the following formula:
      • “COLA is over 3%: FERS annuitants receive 1% less than the full COLA
      • “COLA is between 2% and 3%: FERS annuitants receive a 2% COLA
      • “COLA is less than 2%: FERS annuitants receive the full COLA
    • “According to those parameters, FERS retirees will receive a “diet” 2026 COLA of 2% for their retirement benefits, starting in January.”
  • FedWeek gives federal and postal employees and annuitants advice on how to approach the upcoming open season.

From the Food and Drug Administration front,

  • Fierce Pharma informs us,
    • “Following a slight delay earlier this year—and a world-first green light in the U.K. over the summer—Bayer has clinched an FDA nod to bolster the limited arsenal of nonhormonal treatments for some of the most common symptoms of menopause.
    • “Friday, the FDA approved Bayer’s dual neurokinin (NK) targeted therapy elinzanetant, which will now be marketed in the U.S. under the brand name Lynkuet, to treat moderate to severe vasomotor symptoms—comprising hot flashes and night sweats—in people with menopause.
    • “Lynkuet comes in a soft gel capsule and is taken once a day at bedtime, Bayer noted in an Oct. 24 press release. The drug is designed to target both the NK1 and NK3 receptors in the brain, which play a role in temperature regulation, the German drugmaker explained.”
    • “Bayer plans to launch Lynkuet in the U.S. starting next month.”
  • and
    • “Azurity Pharmaceuticals has scored an FDA approval for its blood pressure medicine Javadin. The oral solution was developed for patients who have difficulty swallowing tablets or capsules.
    • “Javadin becomes the first immediate-release, ready-to-use oral clonidine formulation for the treatment of hypertension. The berry-flavored treatment can eliminate the need for tablet cutting, compounding or the use of transdermal delivery products to lower blood pressure.
    • “According to the Massachusetts-based company, a recent study showed that more than a third of primary care patients have difficulty swallowing oral medications, with many resorting to splitting or crushing their tablets or opening their capsules to ingest them.”

From the public health and medical / Rx research front,

  • The American Hospital Association News informs us,
    • “Getting an annual flu vaccination is the best way to prevent flu and its potentially serious complications. 
    • “The Centers for Disease Control and Prevention recommends that anyone 6 months of age and older get vaccinated, particularly people who are at a high risk for flu complications. This includes people 65 years and older, young children, and people with chronic conditions such as asthma or heart disease. Individuals who care for or live with these high-risk populations also should get vaccinated.
    • “The 2024-2025 flu season was intense, with high levels of activity and hospitalizations across the country. Somewhere between 47-82 million people fell ill, causing an estimated 27,000-30,000 deaths. The flu vaccine is updated for the 2025-2026 season and is now available at many workplaces, hospitals, clinics, pharmacies and other locations.
    • “Making the case for the value of flu vaccination is easy, but individuals and communities must be proactive in committing to receive them. For 10 years, the AHA has been pleased to lead United Against the Flu, a collaborative effort by several national health care organizations to amplify the importance of getting the annual vaccine.”
  • BioPharma Dive adds,
    • “Sanofi on Friday reported a sharp decline in quarterly vaccine sales, a development the French company partially tied to lower immunization rates in the U.S.
    • “In its latest earnings report, Sanofi said that its overall vaccine sales fell by 7.8% to €3.4 billion, or $3.9 billion, between July and September. The pullback was largely driven by a slowdown in influenza shots, which, combined with the revenue Sanofi derives from Novavax’s COVID-19 vaccine Nuvaxovid, decreased by 16.8%, to €1.5 billion. Sanofi’s COVID-19 and influenza vaccine sales are down a total of 14% this year, the company said.” * * *
    • “It’s early. We’re still in October. But I think it’s fair that with the first few weeks that we observed a little bit of vaccination rate on the soft side when it comes to flu vaccination, particularly in the U.S.,” Thomas Triomphe, Sanofi’s head of vaccines R&D, told analysts.”
    • [Absent the shutdown, we would have had CDC info on this topic.] 
  • The University of Minnesota’s CIDRAP relates,
    • “New research suggests that nearly 1 in 5 urinary tract infections (UTIs) in Southern California may be caused by strains of Escherichia coli that originated in food-producing animals.
    • “For the study, a team led by scientists at George Washington University and Kaiser Permanente Southern California (KPSC) conducted molecular analysis of more than 5,700 extraintestinal pathogenic E coli (ExPEC) isolates collected from UTI patients and retail meat samples from stores in the neighborhoods where those patients lived. Using comparative genomic analysis and a model they developed to infer the host origin of each isolate, they found that 18% of the UTIs were linked to ExPEC strains that came from the meat.
    • “They also discovered that UTIs in patients from high-poverty neighborhoods were 60% more likely to be caused by these zoonotic (animal-to-human) ExPEC strains. 
    • “The findings were published yesterday in the journal mBio.
    • “These findings underscore the contribution of zoonotic ExPEC to the UTI burden in Southern California and the need for targeted interventions to reduce risk in vulnerable communities,” the study authors wrote.”
  • Per STAT News,
    • “Telehealth companies that have seized on the boom in weight loss drugs are playing a bigger role not just in treating patients with obesity but also shaping how the medical mainstream understands obesity.
    • “A dominant player in the field, Ro, said Friday it has launched a new questionnaire designed to measure “food noise,” a term that people with obesity often use to describe incessant and debilitating thoughts about food. One of the aims of the scale, which was developed by academic researchers with funding from Ro, is to help assess whether treatments can “quiet” patients’ level of food noise, a concept that has become more popular in recent years with the advent of new GLP-1 drugs Wegovy and Zepbound.
    • “The telehealth firm is already using the scale to track patients’ progress as they go through treatment, and it’s also licensing it out to pharma companies to use in clinical trials.
    • “WeightWatchers, which also provides telehealth care, earlier rolled out its own food noise scale.
    • “Proponents of these scales say that food noise anecdotally appears to be a common experience for people with obesity, so it’s important to measure it in an objective way to understand a range of questions — for instance, whether certain populations experience it more, how much of it is tied to a person’s weight, and ultimately, which interventions can help.”
  • Per Healio,
    • “Decreasing alcohol intake, even if an individual reports having two or fewer drinks per day, may have a positive impact on blood pressure, researchers reported.
    • “New data published in the Journal of the American College of Cardiology showed how small reductions in alcohol intake can lower BP for both men and women. 
    • “The implications are quite direct. For individuals with hypertension — as well as for the general adult population — stopping alcohol intake can be viewed as a practical, non-pharmacological strategy associated with lower BP,” Takahiro Suzuki, MD, MPH, clinical fellow at St. Luke’s International Hospital and PhD student at the Institute of Science Tokyo, told Healio. “Importantly, this recommendation should not be limited to heavy drinkers. Our findings demonstrate that even light to moderate drinkers can gain measurable benefit from stopping alcohol. A reduction of just 2 mm Hg in systolic BP can meaningfully decrease the risk of stroke and CV death at the population level. Thus, encouraging minimal alcohol intake for everyone could have significant population-level health benefits. … These results align with and support the 2025 American College of Cardiology/American Heart Association guidelines that include recommendations for alcohol abstinence or limiting intake.”
  • Per MedPage Today,
    • “A risk model showed promise for risk-stratifying women for breast cancer treatment-related heart failure or cardiomyopathy.
    • “The model achieved an overall accuracy of about 80% over 10 years.
    • “Older age, specific systemic therapies, and pre-existing cardiac risk factors contributed the most to the model.”

From the U.S. healthcare business front,

  • Beckers Hospital Review reports,
    • “Nashville, Tenn.-based HCA Healthcare reported a net income of $1.6 billion (8.6% margin) in the third quarter, a significant improvement on the $1.3 billion net income (7.3% margin) posted in the third quarter of 2024. HCA said the strong financial results were driven by higher revenue, improved earnings and growth in same-facility admissions.
    • “For the nine months ending Sept. 30, 2025, HCA reported a net income of $4.9 billion (8.7% margin) compared to $4.3 billion (8.3% margin) in the prior-year period. 
    • “Our teams continued to execute our agenda at a high level, and we remain disciplined in our efforts to improve care for our patients by increasing access, investing in advanced technology, and training our people,” CEO Sam Hazen said in an Oct. 24 earnings release. “Across many operational measures, including quality and key stakeholders’ satisfaction, outcomes were better.”
  • and
    • “More hospitals have closed in Pennsylvania than in any other state this year, reflecting a growing crisis in the state’s healthcare infrastructure. 
    • “Of the 22 hospital closures Becker’s has reported on in 2025, four were in Pennsylvania. One additional hospital — Sharon (Pa.) Regional Medical Center — closed in 2024 but was acquired and reopened in May by Tenor Health Foundation, a newly formed nonprofit.
    • “Pennsylvania’s hospital challenges are multifaceted, involving a combination of overextended acquisition strategies, reimbursement shortfalls, workforce shortages and a rising tide of high-severity malpractice settlements.
    • “According to Radha Savitala, co-founder and CEO of Tenor Health Foundation, part of the issue stems from Pennsylvania’s high number of hospitals — many of them rural — and the fact that some health systems likely overpaid for certain acquisitions in the state more than a decade ago.”
  • MedCity News interviews interviews Puneet Maheshwari, UHC senior vice president and general manager of Optum Real, about the new AI driven claims processing system.
  • Beckers Payer Issues adds,
    • “Elevance Health is deepening its use of artificial intelligence enterprise-wide, focusing on enhancements to its member services, clinical workflows and provider operations as part of long-term efforts to simplify care delivery and reduce costs.
    • “Chief Digital Information Officer Ratnakar Lavu told Becker’s the company’s goal is “to keep the patient at the center and a focus on the experience, not technology for the sake of technology.”
    • “Elevance’s strategy is among a broader industry shift among large insurers using AI not just for automation, but for personalization and decision support that spans both administrative and clinical processes.”
  • BioPharma Dive relates,
    • “Adverum Biotechnologies, a gene therapy developer, has agreed to sell all its outstanding shares to Eli Lilly for an upfront amount that is less than the company’s most recent closing stock price.
    • “Lilly, through an acquisition announced Friday, plans to pay $3.56 in cash for each share — reflecting a nearly 15% discount from the $4.18 price they traded at the day prior. Yet, Adverum investors would also receive so-called contingent value rights that may be worth up to $8.91 per share if the company’s most advanced therapy hits certain goals.
    • “Altogether, the deal value could reach roughly $261 million.
    • “Adverum, formerly named Avalanche Biotechnologies, has been working for nearly two decades to develop genetic medicines for sight-threatening eye diseases. The company raised $102 million in 2014 by going public, and changed its name not long after as part of a reverse merger. Its lead research program is evaluating whether a gene therapy known as “ixo-vec” can help patients with the “wet” form of a degenerative eye condition that affects millions of people in the U.S. alone.”

Thursday report

David ErmerCMS, Congress, FDA, Federal employment benefits, Generative AI, Medical / Rx research, Mental health care, Obesity, Patient safety, U.S. Healthcare

From Washington, DC,

  • The American Hospital Association News tells us,
    • “The government shutdown is expected to continue into next week as the Senate is expected to adjourn Oct. 23 with no plans to vote this weekend. The chamber Oct. 22 failed for a 12th time to advance the House-passed continuing resolution to extend government funding. The House remains out of session with no plans to return at this time. Lawmakers remain at an impasse.”
  • and
    • “The Senate Committee on Health, Education, Labor and Pensions Oct. 23 held a hearing discussing the 340B Drug Pricing Program and its growth and impacts on patients. The AHA provided a statement to the committee in support of the program and highlighted benefits for patients and hospitals, such as lowering drug costs and subsidizing chronic underpayments from Medicare and Medicaid.
    • The AHA also discussed the impact of 340B in rural communities. “Most rural hospitals lose money when providing critical medical services needed in their communities and therefore rely on 340B savings to remain operational and provide specialty care,” the AHA wrote. “If these services were unavailable in their communities, rural patients would be forced to drive far distances to access the same level of care, which for many would be impossible.”
  • The Senate did adjourn until Monday late this afternoon.
  • Federal News Network adds,
    • “A Republican measure to immediately pay federal employees who are working without pay under the shutdown failed to advance in the Senate on Thursday. But some lawmakers still appeared optimistic about reaching a bipartisan agreement on paying federal employees within the next few days.
    • “Democrats largely voted down the GOP’s “Shutdown Fairness Act,” resulting in a vote of 54-45 on the Senate floor. The Republicans’ motion on the bill failed to reach the 60 votes required to “invoke cloture” — a type of vote that limits debate to more quickly move legislation to a final vote.
    • “Three Democrats — Sens. John Fetterman (D-Pa.), Jon Ossoff (D-Ga.) and Raphael Warnock (D-Ga.) — voted alongside Republicans on the motion. Sen. Tim Sheehy (R-Mont.) did not vote.” * * *
    • “Despite Thursday’s failed votes, Sen. Ron Johnson (R-Wis.), the lead co-sponsor on the Shutdown Fairness Act, expressed optimism for reaching a bipartisan agreement to pay federal employees while the shutdown continues.
    • “We’re basically in agreement here,” Johnson told reporters. “I’m willing to add furloughed workers, and now it’s just kind of down to the reductions in force … I don’t want to completely constrain the President, but I don’t mind making sure that Congress has a say in this as well.”
    • “I’m actually quite hopeful — I think we can fix it over the weekend,” Johnson added. “This could open up a path to opening the government as well.”
  • and
    • “The Centers for Medicare & Medicaid Services is temporarily bringing furloughed employees back to work to help individuals sign up for health insurance plans during the open enrollment period.
    • “CMS told employees in an email obtained by Federal News Network that it is bringing back its furloughed employees, starting Monday, Oct. 27.
    • “The agency said it will repurpose some of its funding to ensure furloughed and excepted employees are paid on time for days worked during the open enrollment period.
    • “CMS said all these employees “will be paid for the days you work” or take approved leave, beginning on Oct. 27. Employees working these days will receive a partial paycheck on Nov. 7.”
  • The Wall Street Journal notes,
    • “Lawmakers failed to provide a last-minute reprieve for air-traffic controllers and other federal workers who are set to miss their next paychecks due to the government shutdown, with legislation failing in the Senate and Republicans warning they didn’t expect any financial rescue from the administration.
    • “The expected lapse in pay exacerbates concerns over possible shortages of air-traffic controllers, a job that requires long, intense hours and sophisticated training. But worries about air travel could also help drive Republicans and Democrats to find a way out of the funding impasse, now into its fourth week. Absenteeism and air-travel problems played a central role in bringing about the end of the record monthlong lapse in President Trump’s first term.” * * *
    • “In 2019, the strain on air-traffic controllers was widely seen as helping bring the government shutdown to an end, after staffing shortages and sick calls began disrupting flights. So far, U.S. flight cancellations and delays have stayed generally in line with their level during the same period last year, according to data from FlightAware.
    • “Union officials say hardships are growing for airport workers.”
  • Tammy Flanagan, writing in Govexec, lets us know that “the government shutdown has raised lots of questions about the retirement process, and retirement benefits, for federal employees while agencies remain closed. Here are some of the most pressing answers.”
  • AHIP and the Blue Cross Blue Shield Association has posted a No Surprises Act survey concluding that
    • “The Independent Dispute Resolution (IDR) process itself is costly, diverting funds plans could otherwise have spent on patient care or used to lower premiums and patient cost-sharing.
    • “The vast majority of out-of-network claims covered by the NSA are resolved through prompt payment without dispute or further negotiation.
    • “IDR is being overused by some providers who submit high volumes of disputes, many of which are ineligible, which adds costs to the health care system.”

From the Food and Drug Administration front,

  • Biopharma Dive reports,
    • “The Food and Drug Administration has approved GSK’s multiple myeloma drug Blenrep, officially ending the hiatus of a medication pulled from the U.S. market three years ago.
    • “Yet the agency on Thursday issued a mixed decision in clearing the drug’s return. It approved Blenrep’s use alongside one regimen involving another myeloma medicine, Velcade, but not in combination with another therapy called Pomalyst. It also cleared Blenrep in people whose multiple myeloma has returned, or hasn’t responded, after at least two prior lines of therapy, instead of one, as GSK had requested.
    • “Still, in a statement, GSK Chief Scientific Officer Tony Wood referred to the decision as a “significant milestone.” Wood added that “there is an urgent need for new and novel therapies, as nearly all patients with multiple myeloma experience relapse and re-treating with the same mechanism of action often leads to suboptimal outcomes.”
    • “The clearance completes a turnaround for Blenrep, which was initially approved in 2020 but traveled an unusual path since.”
  • Yahoo relates,
    • Coca-Cola has issued a recall of three of its most popular soda brands after discovering potential metal fragments in certain batches. If you’ve got a cold soft drink chilling in your kitchen, there are key batch codes you’ll want to check—especially since thousands of cans have already been pulled from store shelves. Read on to find out whether your soda is affected, what to do if it is, and how to stay safe. * * *
    • “According to a Coca-Cola spokesperson, the recall was limited to select regions of Texas, specifically the McAllen/Rio Grande Valley and San Antonio areas. The company confirmed that no products outside these locations were impacted.”

From the public health and medical / Rx research front,

  • The New York Times reports,
    • “A new analysis of a major clinical trial affirmed that Wegovy, the popular obesity drug, lowers the risk of major heart issues like heart attacks and strokes in some adults, but showed that weight loss could not fully explain the cardiovascular benefits.
    • “How else, exactly, the drug protects the heart remains a mystery.
    • “Obesity is intricately linked with poor heart health, and losing excess weight can blunt the risk of cardiovascular concerns. But the analysis, published on Wednesday in The Lancet, found that a shrinking waist size — a measure of shedding belly fat — was responsible for only around a third of the observed cardiovascular benefits in people who took Wegovy. In their first 20 weeks of taking the drug, patients experienced cardiovascular benefits no matter how much weight they lost.
    • “As it stands now, we do not know how to account for that other roughly two thirds of the benefit,” said Dr. Michael Lincoff, a professor emeritus of medicine in the department of cardiovascular medicine at the Cleveland Clinic and an author of the paper.”
  • BioPharma Dive adds,
    • “Shares of Ventyx Biosciences, a San Diego-based drug company, nearly doubled Thursday morning after the company said an experimental medicine it’s been studying in people with obesity showed significant effects on cardiovascular risk factors in a mid-stage trial.
    • “The medicine, code-named VTX3232, failed to help trial participants lose more weight when given alone or as an add-on therapy to semaglutide, the active ingredient in Novo Nordisk’s Ozempic and Wegovy. It did, however, significantly reduce biological markers of inflammation, fat levels and liver illness, Ventyx said late Wednesday.
    • “Analysts argue the results lend more support to Ventyx’s approach of fighting disease by focusing on an inflammasome known as NLRP3. Shares of a rival company also targeting NLRP3, BioAge Labs, jumped more than 30% in early trading Thursday.”
  • Per MedPage Today,
    • “Researchers estimated the long-term cardiovascular effects of sugar rationing in the United Kingdom dating back to World War II.
    • “Early life during this period of restricted sugar intake was tied to lower cardiovascular risks in adulthood after age 40.
    • “Risk reductions reached 20% for cardiovascular disease and 25% for myocardial infarction for people who spent the first 1,000 days after conception under sugar rationing.”
  • The American Medical Association lets us know what doctors wish patients knew about healthy eating.
  • Medscape lets us know what doctors wish patients knew about GLP-1 drugs and oral health.
  • Per Health Day,
    • “Poor blood sugar control in adolescents with type 1 diabetes (T1D) increases the risk for future complications, according to a study published in the October issue of Diabetes Research and Clinical Practice.
    • “Chris Moran, from Monash University in Australia, and colleagues examined the 30-year glycemic trajectory in children with early-onset T1D. The analysis included 30 children with T1D (1990 to 1992) participating in the Cognition and Longitudinal Assessment of Risk Factors study.”
  • Genetic Engineering and Biotechnology News relates,
    • “The link between an extra copy of chromosome 21 and Down syndrome (DS) has been well established for decades. What has not been clear was the genetic basis for the congenital heart defects that are associated with nearly half of babies born with Down syndrome. Now a new study in mice published in Nature describes how HMGN1 disrupts DNA’s packaging and regulation and how this impacts molecular levels in healthy heart development. Details of the work are published in a paper titled “Myocardial reprogramming by HMGN1 underlies heart defects in trisomy 21.”
    • “The work is the result of a collaboration involving scientists from Gladstone Institutes, Sanford Burnham Prebys, and elsewhere. As explained in the paper, the link to HMGN1 was made using human pluripotent stem cell and mouse models of Down syndrome. Specifically, “single-cell transcriptomics showed that trisomy 21 shifts human [atrioventricular canal] cardiomyocytes towards a ventricular cardiomyocyte state,” the scientists wrote. Then, “a CRISPR-activation single-cell RNA droplet sequencing screen of chromosome 21 genes expressed during heart development revealed that HMGN1 upregulation mimics this shift, whereas deletion on one HMGN1 allele in trisomic cells restored normal gene expression.” 
    • “According to Sanjeev Ranade, PhD, assistant professor in the Center for Cardiovascular and Muscular Diseases and Center for Data Science and Artificial Intelligence at Sanford Burnham Prebys, “what our paper did was address a major unresolved question: Yes, three copies of chromosome 21 causes DS, but why? What are the genes on chromosome 21 that are bad if you have them in three copies? How in the world do you try to find those genes?” Ranade is the first author on the paper and also a co-corresponding author. 
    • “While this study was done in mice, there are obvious benefits for research in people. Learnings from this study “could pave the way for treatments to help prevent heart malformations in people with Down syndrome and related heart defects, which would be a major win for patients and their families,” said Deepak Srivastava, MD, president and senior investigator at Gladstone, a pediatric cardiologist at University of California, San Francisco (UCSF). Srivastava is the senior author on the paper and one of its corresponding authors.”
  • and 
    • “Ewing sarcoma is one of the most common bone cancers seen in children, and if it spreads, it can be deadly. A study headed by researchers at the Institute of Mother and Child, Warsaw, have now found that combining first line therapy for Ewing sarcoma with a drug called pazopanib, which was originally developed for renal cell carcinoma, demonstrated striking success in treating a small group of young patients. 85% of the treated patients survived two years after diagnosis, and there was no disease progression for two-thirds of patients. The team calls for larger studies which can develop this treatment further.”
  • Beckers Hospital Review shares a survey of U.S. state based on the readiness to address the healthcare needs of their elderly populations.
    • “Hawaii is the most prepared state to address the healthcare needs of the U.S.’s aging population, while Oregon is the least, according to an analysis by Seniorly and CareScout. 
    • “Seniorly examined each state across three dimensions — population trends, financial readiness and healthcare capacity — to devise the ranking.”
  • The Washington Post answers reader questions about using artificial intelligence as a healthcare guide.
    • “Younger doctors, in particular, are turning to the technology for help with diagnosis and treatment decisions. Two medical educators told me that nearly all of their students and residents use OpenEvidence, a free AI tool trained on medical literature. Wolters Kluwer UpToDate, the gold-standard clinical reference used by as many as 90 percent of physicians, has also added AI features that generate tailored recommendations for specific patient scenarios.
    • “My advice is to frame your curiosity as collaboration, not challenge. You might say, “I was trying to learn more about menopause and found this information. What do you think of it?” You might even ask your doctor if she uses AI herself. That question can open the door to understanding whether the discomfort stems from the technology itself or from a deeper resistance to patients taking a more active role in their care.”

From the healthcare business front,

  • Beckers Hospital Review reports,
    • “GLP-1 prescribing in the US may have reached a plateau, new data suggests. 
    • “Prescribing rates remained stable from June to September, according to an analysis of EHR data from researchers at Truveta — a platform that includes de-identified patient data from more than 900 hospitals to support medical research advancements.
    • “In June, the overall prescribing rate for GLP-1s was 6.22%. By September, that figure was 6.5%, marking a 4.6% increase. The findings were published Oct. 14 in the preprint server medRxiv.
  • and
    • “Patient experience scores across U.S. hospitals are rebounding slowly after pandemic-era declines. 
    • “According to a Press Ganey analysis of 10.5 million patient encounters released earlier in 2025, “recommend the hospital” scores rose from 69 in 2024 to 70.4 in early 2025, signaling a modest uptick in trust and satisfaction. Scores at medical practices and ambulatory surgery centers have each increased by several points since 2019, while inpatient scores have fallen by 2.2 points in the same period.
    • “The analysis results suggest that while patient experience is improving overall, the biggest strides are occurring outside hospital walls. Outpatient environments are benefiting from targeted digital investments, streamlined access and better communication, while inpatient settings still struggle with coordination, predictability and information flow.”
  • Per an Institute for Clinical and Economic Review news release,
    • “The Institute for Clinical and Economic Review (ICER) today released its new “Launch Price and Access Report,” finding that drug launch prices continue to rise at a rate that exceeds inflation, gross domestic product (GDP) growth, and overall healthcare costs.
    • “ICER’s analysis focused on “net price,” or the actual price paid after rebates and discounts, offering crucial information to policymakers, given that most previous analyses of drug pricing trends focus on the publicly available “list price,” which does not always reflect the actual price paid.
    • “The report, using net prices, found that the inflation-adjusted median annual launch price of drugs increased by 51% from 2022 to 2024, while the annual list price increased 24% during the same period. Even after accounting for the differences in the mix of drugs approved each year (by holding certain characteristics constant, like the number of gene therapies approved), the annual net launch price increased by 33% per year.
    • “ICER also conducted an in-depth review of the 23 drugs in scope that had been previously reviewed by ICER. The analysis indicated that aligning the prices of these therapies with ICER’s Health Benefit Price Benchmark (HBPB) could have saved approximately $1.3 to $1.5 billion in the first-year post-approval alone – savings that could have been redirected to higher-value drugs and services.’
  • Healthcare Dive tells us,
    • “Molina cut its 2025 earnings guidance for the third time this year on Wednesday, citing doggedly high medical costs particularly in its Affordable Care Act plans.
    • The insurer now projects adjusted earnings per share of $14 this year, down from its prior estimate of “no less than” $19 from July. The earnings reduction is despite Molina now believing it will bring in higher premiums this year.
    • “Molina also posted third quarter results on Wednesday that beat analyst expectations on revenue but missed on earnings. The insurer’s stock plummeted 19% in aftermarket trading following the results.”
  • Fierce Healthcare informs us,
    • “Community Health Systems’ (CHS’) third-quarter performance blew past Wall Street’s expectations with year-over-year same-store gains and shareholder earnings that landed on the right side of zero.
    • “The Franklin, Tennessee-based company is the first of its for-profit peers to report this earnings season. Its stock is trading well above its closing value after hours—a change in pace from last quarter’s stumble.
    • “We were pleased with operating and financial results for the quarter, which generally met our expectations,” Kevin Hammons, president and interim CEO, said in Thursday afternoon’s release on the quarter’s performance.”
  • Per Fierce Pharma,
    • “Even as Roche executives on Thursday espoused confidence in the company’s resilience and growth potential over the next several years, a mix of exchange rate fluctuations and lackluster pharmaceutical sales led to a worse-than-expected third quarter for the Swiss drug giant.
    • “For the first nine months of 2025, Roche’s overall sales grew 7% year over year at constant currencies to 45.9 billion Swiss francs (nearly $58 billion), the company announced Thursday. The bulk of that growth can be attributed to the company’s pharmaceutical division, which has clocked sales growth of 9% at constant exchange rates over the nine-month stretch.
    • “As in previous earnings periods, Roche’s pharma momentum was attributed to the recent performance of Phesgo, Xolair, Hemlibra, Vabysmo and Ocrevus.”
    • “Roche’s earnings release reported the company’s sales performance from January through September, and in that span, all five of those franchises charted revenue increases. But looking at the period from July through September specifically, that shine lost some of its luster.”