Cybersecurity Saturday

Generative AI

Cybersecurity Saturday

David ErmerCongress, Cybersecurity, Generative AI

From the cybersecurity policy front,

  • Cyberscoop reports,
    • “The House Homeland Security Committee is digging into Anthropic’s AI model Mythos in a series of briefings and hearings, as questions proliferate on whether and how the federal government will make use of the technology touted for its ability to autonomously uncover cyber vulnerabilities.
    • “Wednesday [May 13] brought a closed-door briefing for the House Homeland Security Committee from Anthropic. The chairman of the panel’s cybersecurity subcommittee said he is planning to hold a hearing on the topic. And committee Democrats are requesting a classified briefing with Anthropic.
    • “A committee aide who attended the briefing said it included a live demonstration of Mythos, “allowing members to see firsthand how advanced AI can identify and reason through software vulnerabilities. What we saw reinforced the urgency of ensuring that federal agencies, including our civilian cyber defenders, can responsibly access and deploy the most advanced U.S. models to find and patch vulnerabilities before foreign adversaries or criminal actors exploit them.” * * *
    • “There’s a divide on which federal agencies are using Mythos thus far. For example: CISA reportedly isn’t, but the National Security Agency is.” 
  • GovCon Wire adds,
    • Anthropic’s Project Glasswing and Claude Mythos announcement may have sparked concerns across the cybersecurity community, but Pentagon technology leaders say the emergence of Mythos-style AI models could ultimately strengthen U.S. cyber defense capabilities rather than weaken them.
    • Katherine Sutton, DOW [Department of War] assistant secretary for cyber policy, emphasized that the focus should not solely remain on the offensive risks associated with advanced cyber AI, according to Breaking Defense. 
    • “I hear a lot of people talking about challenges and threats when they talk about Mythos,” Sutton said. “[But] there’s huge opportunity in these models. One of the foundational things that they’re going to enable is the development of secure code.”
  • Cyberscoop points out,
    • “Two of the most advanced artificial intelligence models — Anthropic’s Claude Mythos Preview and OpenAI’s GPT-5.5 — have significantly surpassed the already-accelerating pace at which AI systems are completing autonomous cybersecurity tasks, according to separate findings published Wednesday by the United Kingdom’s AI Security Institute (AISI) and Palo Alto Networks.
    • “The AISI, which conducts pre-deployment evaluations of frontier AI models on behalf of the British government, said both Claude Mythos Preview and GPT-5.5 have substantially exceeded the doubling trend the institute had been tracking since late 2024. Whether the results represent an isolated capability jump or the start of a new, faster trajectory remains unclear.”
  • Cybersecurity Dive relates,
    • “In February, a coalition that includes corporate titans JPMorgan Chase, Mastercard, AT&T and Berkshire Hathaway Energy launched the Alliance for Critical Infrastructure (ACI), vowing to take the lead in helping infrastructure sectors work more closely together to understand and mitigate the shared cybersecurity risks they face. Reading between the lines, the message was clear: The critical infrastructure community, increasingly alarmed at the Trump administration’s retreat from decades-long partnerships, is trying to fill the growing void of coordination and leadership.” * * *
    • “Government budget cuts and personnel losses have made it much harderfor agencies to support and advise infrastructure operators, and the White House has encouraged states to take over historically federal responsibilities for protecting local utilities. Amid those changes, infrastructure firms like the ones that founded the ACI say the private sector must step up.
    • “Ben Flatgard, the ACI’s chairman, noted that the private sector manages the vast majority of U.S. infrastructure. “We can’t outsource that responsibility or the risk management practices that come along with it,” he said in an interview with Cybersecurity Dive. “We need to own the solution for that as well.”
    • “Many experts say that while the government must retain a leadership role in protecting critical infrastructure, it’s a good sign that private companies want to assume more of the burden.”
  • Per a Cybersecurity and Infrastructure Security Agency (CISA) news release,
    • “CISA and the Group of Seven (G7) international partners—Germany, Canada, France, Italy, Japan, the United Kingdom, and the European Union—have released joint guidance, Software Bill of Materials for AI – Minimum Elements, to help public and private sector stakeholders improve transparency in their artificial intelligence (AI) systems and supply chains.
    • “A software bill of materials (SBOM) acts as an “ingredients list” for software that better positions organizations to understand their supply chains and make risk-informed decisions about how to protect their critical systems. The guidance builds on CISA’s previous work with federal and international partners to establish a shared vision for a software bill of materials and provides recommendations on minimum elements that should be included in an SBOM for AI. Because AI systems are software systems, these recommendations should be considered in addition to the general minimum elements for an SBOM
    • “While not exhaustive or mandatory, the supplemental minimal elements outlined in this guidance reflect the consensus of G7 experts and will expand over time to keep pace with the rapid advancement of AI technology.” 

From the cybersecurity breaches and vulnerabilities front,

  • Cybersecurity Dive lets us know,
    • “Seven out of every 10 organizations suffered at least one identity-related breach over the past year, according to a report released Tuesday [May 12] by Sophos. Organizations, on average, reported three separate identity-related incidents during that time.
    • ‘Two-thirds of ransomware victims said the cyberattack stemmed from an identity-related incident, said Sophos. The report is based on a survey of 5,000 IT and cybersecurity leaders across 17 countries. 
    • “The mean recovery cost was $1.64 million, read the report, and the median cost was $750,000. Seven of every 10 respondents reported recovery costs of more than $250,000.”
  • Bleeping Computer adds,
    • “Initial access broker KongTuke has moved to Microsoft Teams for social engineering attacks, taking as little as five minutes to gain persistent access to corporate networks.
    • “The threat actor tricks users into pasting a PowerShell command that ultimately delivers the ModeloRAT, which has been previously seen in ClickFix attacks [12].
    • “Initial access brokers (IAB) like KongTuke typically sell company network access to ransomware operators, who use it to deploy file-theft and data-encrypting malware.
    • “Cybercriminals have increasingly adopted Microsoft Teams in attacks, reaching out to company employees and pretending to be IT and help-desk staff.”
  • CISA added two known exploited vulnerabilities (KVEs) to its catalog this week.
  • Security Week reports,
    • ‘For the first time, Google has identified a zero-day exploit believed to have been developed using artificial intelligence.
    • “The company published a new report on Monday [May 11]. summarizing its observations on the use of AI in the cyber threat landscape, drawing on data collected recently by Gemini, Google Threat Intelligence Group (GTIG), and Mandiant. 
    • One of the most notable findings is that a prominent cybercrime group leveraged AI to develop a zero-day exploit designed to bypass two-factor authentication (2FA) on an open source web-based system administration tool. The exploit was implemented in a Python script.
    • The hacker group and the targeted tool have not been named, but Google said it worked with the impacted vendor to prevent mass exploitation, which appeared to be the threat actor’s plan.
    • “Although we do not believe Gemini was used, based on the structure and content of these exploits, we have high confidence that the actor likely leveraged an AI model to support the discovery and weaponization of this vulnerability,” Google explained.
  • Fand
    • “Linux distributions are informing users about a new kernel vulnerability that can be exploited by a local attacker to escalate privileges to root.
    • “Dubbed Fragnesia and officially tracked as CVE-2026-46300, the issue resides in the kernel’s XFRM ESP-in-TCP subsystem, allowing an unprivileged attacker to gain root permissions by overwriting sensitive system files. 
    • “A majority of Linux distributions are affected, and they have started releasing patches.
    • “A proof-of-concept (PoC) exploit is available, but there is no evidence that Fragnesia has been exploited in the wild.
    • “Similar to Dirty Frag, Fragnesia exploits a vulnerability in the XFRM ESP-in-TCP subsystem to achieve a memory write primitive in the kernel,” Microsoft’s threat intelligence team said.” 
  • The Wall Street Journal relates.
    • “Security researchers say they have discovered a new way of circumventing Apple’s AAPL 1.07%increase; green up pointing triangle state-of-the art security technology, using techniques they discovered while testing an early version of Anthropic’s M”ythos AI software in April.
    • “:The researchers with Calif, a Palo Alto-based security research company, say the software they wrote links together two bugs and a handful of techniques to corrupt the Mac’s memory and then gain access to parts of the device that should be inaccessible.
    • “It is what’s known as a privilege escalation exploit, and if it were chained together with other attacks it could be used by a hacker to seize control of the computer.
    • “The technique is noteworthy because Apple has put so much effort into locking down MacOS, said Michał Zalewski, a security researcher who formerly worked at Google and who reviewed the Calif research but wasn’t involved in the testing. 
    • “Apple, which is deploying and testing frontier AI models to test and patch vulnerabilities, is reviewing the Calif report to validate its findings. “Security is our top priority, and we take reports of potential vulnerabilities very seriously,” a company spokeswoman said.”

From the ransomware front,

  • Cyberscoop reports,
    • “Instructure, the company behind Canvas, said it reached an agreement with the cybercriminals who threatened to leak a trove of sensitive data they claim was stolen during a prolonged cyberattack on the widely used education tech platform.
    • “Pressure was mounting on the company as widespread outages left schools, students and teachers temporarily unable to access critical data late last week when the company took Canvas offline after the attackers defaced the platform’s login page. By Friday, the company said Canvas — a central hub for K-12 and university coursework, exams, grades and communication — was back online and fully operational. 
    • “ShinyHunters, a decentralized crew of prolific cybercriminals that researchers affiliate with The Com, claimed responsibility for the attack on its data leak site and was attempting to extort the company for an unknown ransom amount. 
    • “Instructure didn’t outright say it paid a ransom, but insisted the agreement provided all necessary assurances. “The data was returned to us. We received digital confirmation of data destruction (shred logs),” the company said in an update Monday [May 11]. * * *
    • “The House Homeland Security Committee on Monday published a letter to [Instructure CEO Steve] Daly seeking a briefing with him or a senior leader at Instructure by May 21. 
  • and
    • “Foxconn, one of the world’s largest manufacturers of electronics sold by major tech vendors, is recovering from a cyberattack that disrupted some of the company’s factories in North America.
    • :Nitrogen, a ransomware group that’s known for targeting organizations in the manufacturing, construction and technology sectors, claimed responsibility for the attack on its data leak site and said it stole 8 terabytes of data spanning more than 11 million files. 
    • “The threat group posted screenshots of some of the allegedly stolen data and claimed it compromised “confidential instructions, projects and drawings from Intel, Apple, Google, Dell, Nvidia and many other projects.” 
    • “Foxconn is famously known as the primary assembler of Apple iPhones. Apple and the other companies allegedly impacted by the attack did not respond to a request for comment.” ***
    • “Nitrogen was first observed in 2023, using ALPHV, one of the most prevalent ransomware variants at that time, Cynthia Kaiser, senior vice president at Halcyon’s Ransomware Research Center, told CyberScoop. The group started using stolen code from Conti, another formerly prolific ransomware variant, in 2024 to build its own custom attack tools to hit Windows and VMware server environments, she added.”
  • Cybersecurity Dive relates,
    • “West Pharmaceutical Services on Wednesday [May 13] said it has contained a ransomware attack it suffered earlier this month and is restarting critical systems, including manufacturing, receiving and shipping, at certain locations, according to an update on its website
    • “The Exton, Pa.-based company, one of the world’s leading makers of drug-delivery devices and solutions, confirmed that data was stolen and encrypted in the attack, in a Monday filing with the Securities and Exchange Commission.” * * *
    • “Palo Alto Networks Unit 42, handled incident response to the attack, according to an assurance letter shared by the pharmaceutical services company. The letter confirms that the ransomware attack was contained and any malicious binaries and unauthorized persistence mechanisms were neutralized.” 
  • The HIPAA Journal adds,
    • Ransomware groups have claimed responsibility for attacks on Advanced Family Surgery Center in Tennessee, Orem Eye Clinic in Utah, and Belmont Aesthetic & Reconstructive Plastic Surgery in Virginia/Washington D.C.
  • Dark Reading notes,
    • “A new threat campaign is using RubyGems as a dead drop to store exfiltrated data, but the attacker’s long-term plans are less clear. 
    • “Software development security vendor Socket published research concerning a campaign dubbed “GemStuffer,” where an attacker abused the RubyGemspackage registry “as a data transport mechanism rather than a conventional malware distribution channel,” according to a blog post. RubyGems is a package manager for the Ruby programming language, and acts as a way for developers to distribute Ruby programs or libraries, which are referred to as “gems.”
  • Checkpoint Research posted its first quarter 2026 ransomware report.
    • Key Findings
      • Consolidation after peak fragmentation: The top 10 ransomware groups accounted for 71% of all Q1 2026 victims, a sharp reversal from the fragmentation seen in Q3 2025. The ransomware ecosystem is once again consolidating around fewer, more dominant operators.
      • Volume stabilization at historically high levels: There were 2,122 victims posted on data leak sites (DLS), making this period the second-highest Q1 on record. The long growth trend is stabilizing.
      • Qilin’s sustained dominance: Qilin maintained its position as the most prominent ransomware operation for the third consecutive quarter, posting 338 victims.
      • The Gentlemen is the breakout story of Q1 2026 reaching the third place on the global ransomware list, increasing their victim count from 40 victims in Q4 2025 to 166 in Q1 2026.
      • LockBit 5.0 comeback confirmed: LockBit posted 163 victims in Q1 2026, climbing to fourth place.
  • Dark Reading adds,
    • “Tables Turn on ‘The Gentlemen’ RaaS Gang With Data Leak
    • “An OPSEC failure provides a window into what helped the ransomware group rise: a generous affiliate model, opportunistic TTPs, and an effective organizational structure.”
  • CSO discusses the economics of Ransomware 3.0.
    • “The uncomfortable truth your board needs to hear is this: The question is no longer whether your organisation will face a sophisticated threat actor. For any organisation of meaningful size, operating in a connected supply chain, with digital customer relationships, the question is how well-prepared you are when it happens. The economics of ransomware as a criminal enterprise have never been stronger. Attack-as-a-service platforms have lowered the barrier to entry. Ransom payment data is analysed and used to calibrate future demands. These groups study your financial filings.
    • “Investing in incident response capability — in people, process and technology — is not a cost centre decision. It’s the only bet that pays off in both the prevention scenario and the response scenario. Insurance pays out after the damage is done. A mature response architecture reduces the damage itself.
    • “The organisations that navigated the Cl0p MOVEit campaign of 2023 with the least disruption weren’t the ones with the biggest insurance policies. They were the ones who had mapped their data flows, limited unnecessary MOVEit exposure and had a response team that could move within hours rather than days.”

From the cybersecurity defenses front,

  • Cybersecurity Dive reports,
    • “OpenAI on Monday [May 11] launched a new cybersecurity initiative called Daybreak, which uses its large language models, Codex’s agentic capabilities and security partners to root out risk and call defense into action. The rollout is OpenAI’s answer to Anthropic’s Mythos model which debuted to limited preview last month and has highlighted weak security spots in software across various industries. 
    • “Like with Anthropic’s Project Glasswing, which sought tech vendors to support Mythos, OpenAI will work with industry and government partners to deploy cyber-capable models that are meant to build autonomous cyber defense capabilities into software from the start. Cloudflare, Cisco, CrowdStrike, Oracle and Zscaler are among a group of companies already using the technology, OpenAI said. Unlike Mythos, Daybreak is publicly available, and companies can request an assessment of their security risks.
    • “As AI providers compete for their share of the enterprise market with cybersecurity tools, tech leaders should experiment with all of their options, said Jeff Pollard, VP, principal analyst at Forrester, in an email to CIO Dive. “Take someone with responsibility for innovation in tech and cybersecurity and have them play with these capabilities to see what they offer,” he said.”
  • and
    • “Organizations are allocating more money for security against physical threats but the money is coming with more board oversight, and confusion remains over who has the lead role in physical security and how to blend physical security with cybersecurity, an EY survey finds. 
    • “Almost 80% of organizations say they increased the allocation for physical security over their last budget cycle, in some cases by as much as 50%, according to the EY Forensic & Integrity Pulse, based on responses from 250 executives and board members to a March survey.  
    • “Leaders are beginning to recognize gaps in crisis management and physical security preparedness as threats and risk evolve,” EY says in the report, released May 5.”
  • Dark Reading adds,
    • “AI Drives Cybersecurity Investments, Widening ‘Valley of Death’
    • “In a role reversal, investment dollars in security startups exceeded the value of mergers and acquisitions in 1Q26 by more than $1 billion, a rare occurrence.”
  • Security Week notes,
    • “Mythos Proves Potent in Vulnerability Discovery, Less Convincing Elsewhere
    • “Independent benchmarking finds Mythos highly effective for source code audits, reverse engineering, and native-code analysis, though its exploit validation and reasoning capabilities remain inconsistent.”
  • TechTarget explains how to implement zero trust for AI.
  • CSO informs us,
    • “Penetration tests of AI-based systems are revealing a greater percentage of high-risk flaws than those discovered in legacy systems.
    • “Security consultancy Cobalt’s annual State of Pentesting Report reveals that 32% of all AI and large language model (LLM) findings are rated as high risk — nearly 2.5 times the rate (13%) of severe flaws found in enterprise security tests more generally.”
  • Here is a link to Dark Reading’s CISO Corner.

Friday report

David ErmerCDC, CMS, Congress, COVID-19, FDA, Generative AI, Medical / Rx research, Medicare, Mental health care, Obesity, Rx coverage, U.S. Healthcare

From Washington, DC

  • Roll Call informs us,
    • “Republican leaders in Congress scored some victories this week in nominations and appropriations but struck out on easily advancing their partisan “reconciliation 2.0” proposal to fund immigration enforcement.
    • “The bill faces a hurdle in the form of the Senate Parliamentarian, who on Thursday evening advised that several provisions violate the Senate’s restrictive Byrd rule — and more could be coming. 
    • “This throws an obstacle in the way of the GOP’s efforts to provide some $72 billion in funding for immigration enforcement by President Donald Trump’s June 1 deadline, as Republicans will have to rewrite parts of the package to pass it with the filibuster-proof budget reconciliation process, requiring a simple-majority vote to pass, instead of the 60-vote threshold required for regular legislation.
    • “Republicans are expected to try to rewrite the legislation to remedy the violations or, if that’s not possible, remove the offending provisions ahead of a Homeland Security Committee markup of the title next week. 
    • “Senate Parliamentarian Elizabeth MacDonough was expected to hold a second “Byrd bath” Friday to hear arguments from Democratic and Republican Senate staff about the Judiciary Committee’s portion of the bill, including Secret Service money for security upgrades tied to Trump’s White House ballroom project.” 
  • Mercer Consulting reports,
    • “With the midterm congressional elections approaching and healthcare affordability top of mind for voters, lawmakers are actively considering new healthcare transparency reforms, including requirements for providers to show plainly what patients will have to pay and new billing standards for hospitals.
    • “Senate Health, Education, Labor and Pensions Committee Chairman Bill Cassidy, R-LA, highlighted such price transparency legislation — Patients Deserve Price Tags Act (S 2355/HR 5582) — during a field hearing in Louisiana during last week’s congressional recess. Cassidy’s interest could signal that the legislation, which has may cosponsors from both parties, could soon see action at the Committee. 
    • “The bill would codify and expand current hospital price transparency rules that were established in the first Trump administration by extending requirements to clinical diagnostic laboratories, imaging centers, and ambulatory surgical centers. It would also make the prices that hospitals post clearer by requiring actual dollar-and-cents amounts, not estimates, as well as sharply increase financial penalties for hospitals and insurers that fail to disclose their negotiated rates. In addition, group health plans and insurers would have to give patients upfront, personalized cost estimates through an online self-service tool, as well as paper or phone options, before care is provided. The bill also ensures group health plans have access to claims data and prohibits third-party administrators from restricting that access.
    • “While several plan sponsor trade groups publicly support the legislation, they are working with lawmakers to make certain provisions more workable and better aligned with the PBM-focused transparency rules enacted in the Consolidated Appropriations Act, 2026 and proposed by the Department of Labor.”
  • AHIP lets us know “What They Are Saying: Broad Range of Experts Agree on a Root Cause of Healthcare Cost Crisis.”
    • “The evidence continues to underscore that making healthcare more affordable requires policymakers to address the root causes of high costs head-on through common-sense solutions like cracking down on anti-competitive hospital mergers and implementing site-neutral payment reforms.
    • “To learn more about how rising hospital costs are driving premiums higher and what policymakers can do to address it, visit AHIP.org/CostConnection.”
  • Fierce Healthcare relates,
    • “A bipartisan group of lawmakers in both chambers of Congress has reintroduced a bill aimed at barring companies from owning both a pharmacy benefit manager and retail pharmacies.
    • “The bill, called the Patients Before Monopolies (PBM) Act, would force conglomerates that include a PBM to divest pharmacies that they own. The legislation has existed in some form since 2024, and since its first introduction, Arkansas has implemented a similar legislation at the state level.
    • “Last month, Tennessee legislators also passed a bill that would prevent PBMs from owning pharmacies, which the governor is expected to sign into law.”
  • Mercer adds,
    • “Several developments in 2026 signal that the Trump administration is committed to improving behavioral health benefits for group health plan participants and beneficiaries — but the administration intends to put its own stamp on enforcement of the Mental Health Parity and Addiction Equity Act and propose new rules interpreting the landmark law.”
  • Per an HHS news release,
    • “The Substance Abuse and Mental Health Services Administration (SAMHSA), a division within the U.S. Department of Health and Human Services (HHS), announced today that it has awarded $255 million to Vibrant Emotional Health (Vibrant) to administer the 988 Suicide & Crisis Lifeline. The 988 Lifeline is a national network of more than 200 local crisis contact centers managed by a SAMHSA-funded network administrator. The 988 Lifeline has received more than 25 million contacts via call, text, chat, and ASL videophone since its launch.”
  • Modern Healthcare notes,
    • “The Centers for Medicare and Medicaid Service solicited the healthcare industry on ways it can identify and prevent fraud.
    • “The anti-fraud push drew cautious support, with providers and insurers seeking clear guardrails.
    • “Providers and insurers urged CMS to target high-risk services and avoid sweeping actions that would hamper care.” * * *
    • “New policies should focus on high-risk activities and not burden the ”vast majority of healthcare providers that are honorable in pursuing a mission to provide high-quality healthcare,” wrote the American Health Care Association/National Center for Assisted Living, which represents long-term care providers.
    • “The agency should also be careful not to add administrative burden since hospitals “already operate under extensive oversight requirements,” the American Hospital Association wrote.”
  • Beckers Payer Issues explains the federal crackdown on healthcare fraud, waste and abuse.
  • Newfront brings us up to date on the 2026 PCORI fee, which applies to FEHB and PSHB plan carriers.
    • “IRS Notice 2025-61 adjusts the Patient-Centered Outcomes Research Institute (PCORI) fee to $3.84 per covered individual for health plan years ending on or after October 1, 2025 and before October 1, 2026, including 2025 calendar plan years. This represents a 37-cent increase from last year’s $3.47 PCORI fee.
    • Action Item: The annual PCORI fee must be reported and paid to the IRS by July 31, 2026, via the second quarter Form 720 (Rev. June 2026).”
  • HR Dive points out,
    • “The U.S. Equal Employment Opportunity Commission plans to end employee demographic data reporting, according to a proposal sent to the White House on Thursday.
    • “The agency wants to get rid of EEO-1, EEO-2, EEO-3, EEO-4 and EEO-5 reporting requirements. EEOC also wants to axe reporting requirements related to Title VII of the Civil Rights Act, the Americans with Disabilities Act, the Genetic Information Nondiscrimination Act and the Pregnant Workers Fairness Act.
    • “EEO-1 reporting has been a cornerstone of HR duties, required by firms with 100 or more employees and federal contractors with 50 or more employees that meet certain requirements. EEOC and analysts have used it to assess demographic data nationally, and — while the process is sometimes viewed as burdensome — employers have reportedly used the collected data for self-assessments regarding nondiscrimination and diversity.”
  • The Census Bureau notes,
    • “Since 2020, city centers of many major U.S. metro areas have had sluggish population gains, with some places even declining. But where growth did occur, it was mostly on the outer edges of these metro areas — with some exceptions.”

From the Food and Drug Administration front,

  • Fierce Pharma reports,
    • “With the ink barely dry on outgoing commissioner Marty Makary’s resignation, another top regulator may be heading for the exit at the FDA. 
    • “Tracy Beth Høeg, M.D., Ph.D.—who was named acting director of the agency’s Center for Drug Evaluation and Research (CDER) following the departure of veteran oncologist Richard Pazdur, M.D., last December—is now expected to depart in Makary’s footsteps, Reuters reported Friday, citing three sources familiar with internal plans at the regulator.” * * *
    • “Reuters clarified in its report that the CDER chief’s departure is likely, but that the decision has not yet been finalized.” 
  • and
    • “With the help of DNA testing company Natera and its personalized molecular residual disease (MRD) blood test Signatera, Roche’s PD-L1 inhibitor Tecentriq has chalked up its eleventh U.S. indication in the form of a new bladder cancer approval.
    • “Tecentriq and subcutaneous Tecentriq Hybreza can now be used as an adjuvant treatment for adult patients with muscle-invasive bladder cancer (MIBC) who have circulating tumor DNA molecular residual disease (ctDNA MRD) following a cystectomy, as identified by Signatera.” 
       
  • Biopharma Dive relates,
    • “The Food and Drug Administration has placed a clinical hold on Aardvark Therapeutics’ drug for Prader-Willi Syndrome, escalating a trial stoppage that began when signs of potential heart problems were detected in a study of healthy volunteers. 
    • “Aardvark said Thursday it will “unblind,” or reveal which enrollees in a late-stage trial received ARD-101, in order to help investigators and regulators determine whether the drug is safe and effective enough to continue testing in humans.
    • “The company has dosed 68 people in the placebo-controlled Phase 3 trial and another 19 in an open-label extension study, both which were intended to measure whether ARD-101 can address the “hyperphagia,” or insatiable hunger, distinctive to Prader-Willi. The cardiovascular concerns emerged from a safety trial in healthy people who’d received much higher doses than what was administered in the other studies.” 
  • Cardiovascular Business tells us,
    • “Stryker Sustainability Solutions, an Arizona-based division of Stryker focused on reprocessing single-use medical devices, has recalled certain lots of several reprocessed electrophysiology (EP) catheters. The recall, which covers more than 8,000 devices overall, was initiated after the company identified incomplete seals due to a process control issue.
    • “According to the U.S. Food and Drug Administration (FDA), this is a Class II recall. This means the agency believes the devices “may cause temporary or medically reversible adverse health consequences.”
  • The Wall Street Journal points out,
    • “Twenty people in Japan who took Amgen’s rare-disease drug Tavneos have died, and at least 22 developed a potentially fatal liver injury, according to Kissei Pharmaceutical, which sells the medicine in the country.
    • “Kissei told doctors Friday to stop prescribing the drug to new patients.
    • “The Japanese drugmaker said the 20 deaths occurred in people who had suffered a serious liver “impairment” and attributed 13 of the deaths to a condition, called vanishing bile duct syndrome, marked by the destruction of the ducts that carry bile out of the liver.
    • “Kissei said causal links to Tavneos hadn’t been confirmed in all 20 deaths.” * * *
    • “The medicine went on sale in Japan in 2022, according to Kissei. Also that year, Amgen bought the drug’s developer, ChemoCentryx, for $3.7 billion.
    • “In January, the FDA asked Amgen to voluntarily pull the drug from the U.S. market, but Thousand Oaks, Calif.-based Amgen refused.
    • “Then in March, the FDA said it had identified 76 global cases of serious liver injury linked to Tavneos, including eight deaths. Most were reported in Japan. Of the 76 global cases the FDA identified, seven involved the syndrome, and three of those patients died.
    • “In late April, the FDA moved to formally begin withdrawal proceedings.”

From the public health and medical / Rx research front,

  • The Centers for Disease Control and Prevention announced today,
    • “As of May 15, 2026, the amount of acute respiratory illness causing people to seek health care is very low.
    • “RSV activity started later than expected in most regions of the United States, though illness is not more severe compared with recent seasons. RSV activity has peaked in many regions of the country. This unusual timing means higher levels of RSV activity may continue into May for some regions.
    • “COVID-19 activity is low in most areas of the country.
    • “Seasonal influenza activity is low.”
  • The University of Minnesota’s CIDRAP reports,
    • “The Centers for Disease Control and Prevention (CDC) today confirmed 51 new measles cases in a nationwide outbreak that has now reached 1,893 infections. All but nine cases are locally acquired, with the rest related to international travel.
    • “The agency reported two new outbreaks, for a total of 27. Last year the nation saw 48 outbreaks and 2,288 cases for the entire year. The United States could top that total in the coming months.
    • “Of this year’s cases, 21% involve children younger than 5 years, and 76% involve kids and young adults up to 19 years. Among all 2026 patients, 92% have been unvaccinated or have an unknown vaccine status. Six percent of patients this year have been hospitalized, compared with 11% last year.”
  • The American Hospital Association News relates,
    • “A Centers for Disease Control and Prevention report released May 14 found that U.S.-reported dengue cases in 2024 increased 359% above the annual average from 2010-2023. Dengue is a mosquito-borne viral disease that can cause mild to severe illness and death. There were 3,798 cases reported to the CDC in 2024, compared to the average of 828 from 2010-2023. The report found that 97.2% of cases in 2024 were travel-associated and that 2.8% were acquired locally. Individuals age 50-59 accounted for 21.8% of cases, and 57.5% of cases occurred in Hispanic or Latino individuals. In addition, 36.1% of patients were hospitalized and a total of six patients died. Most travel-linked cases were acquired in the Caribbean (34.1%), North America (24.3%) and Central America (15.6%).” 
  • Health Day informs us,
    • People who have survived a heart attack appear to have a higher risk of brain decline into dementia, a new study says.
    • On average, heart attack survivors have a yearly 5% increased risk of developing cognitive impairment, researchers reported today in the journal Stroke.
    • “Having had a heart attack in the past may speed up the decline in memory and thinking over time,” said lead researcher Dr. Mohamed Ridha, an assistant professor of neurology at Ohio State University in Columbus.
    • “Given the rising burden of dementia and cognitive decline among Americans, it is important to understand how cardiovascular disease affects their brain health,” Ridha said in a news release. “This knowledge can help heart attack survivors take steps to improve their brain health as they age.”
  • and
    • “Offering sigmoidoscopy screening reduces colorectal cancer (CRC) incidence in men and women — with a greater reduction among men — and reduces CRC mortality in men, according to a study published online May 12 in the Annals of Internal Medicine.
    • “Edoardo Botteri, Ph.D., from the Norwegian Institute of Public Health in Oslo, and colleagues report on the benefits of sigmoidoscopy after 23 years in a randomized controlled trial involving persons aged 50 to 64 years. A total of 100,210 persons were randomly assigned to screening with once-only sigmoidoscopy with or without one fecal immunochemical test or to no screening. The intention-to-screen analyses included 98,654 persons: 20,552 in the screening group and 78,102 in the no-screening group.
    • “The researchers found that the 23-year cumulative risk for CRC was 4.3 and 6.0 percent in the screening and no-screening groups, respectively, among men. The corresponding risks were 4.2 and 4.7 percent among women. In men, the 23-year cumulative risk for CRC death was 1.4 and 2.2 percent in the screening and no-screening groups, respectively, while in women, the corresponding risks were 1.3 and 1.4 percent. The strongest effect was seen for rectosigmoid cancer. Screening benefits were not changed with the addition of fecal blood testing.”
  • Healio adds,
    • “The survival benefit conferred by lung cancer screening in real-world settings may be smaller than observed in the pivotal trial on which national screening guidelines are based, study results suggest.
    • “Veterans receiving primary care in the VA health system exhibited a threefold higher risk for all-cause mortality than participants in the randomized National Lung Screening Trial (NLST) who had similar age and tobacco history.
    • “This is one of the first times we have been able to directly compare people who were enrolled in the trial with people in a real-world cohort who are eligible for screening,” Alison S. Rustagi, MD, PhD, assistant professor in University of California San Francisco’s department of medicine, told Healio. “It is not often that we see hazard ratios on the order of 3 in observational analyses. This shows a profound difference between these two populations.”
  • Per Medscape.
    • “Orforglipron, an oral GLP-1 receptor agonist, helps maintain weight loss after injectable therapies like tirzepatide and semaglutide, offering a practical continuation option for patients. Cardiometabolic benefits are largely preserved despite some weight regain.”
  • Per an National Institutes of Health news release,
    • “A group of pediatric eye disease researchers supported by the National Institutes of Health (NIH) has launched an open-access tool designed to help manage pediatric cases of amblyopia, a condition in which the brain fails to properly develop normal vision in one or both eyes early in life. It is the leading cause of preventable single-eye (monocular) vision loss, affecting three of every 100 children in the nation. The tool is aimed at expanding access to evidence-based amblyopia clinical-decision-making expertise amidst a shortage of pediatric eye care specialists in the United States.
    • “This online tool quickly distills the relevant literature into individualized treatment advice for busy clinicians anywhere with internet access. Those without internet access can utilize the article figures as clinical reference sheets,” said article lead author, Allison Summers, O.D., associate professor, Oregon Health & Science University, Portland.” * * *
    • “Known as the Amblyopia Navigator Decision-Support Instrument (ANDI), the tool is designed to guide any eye doctor through the diagnosis of amblyopia. Once amblyopia is diagnosed, ANDI helps to guide the eye care clinician without specialty training in pediatric eye care through management options. The tool helps the eye doctor determine the best glasses prescription for the patient based on a few clinical findings. The tool also helps the doctor determine how long to monitor whether glasses alone are improving vision, which can work for up to a third of children without any further treatment.
    • “If glasses are not enough, ANDI walks the eye doctor through next steps: patching the stronger eye for a couple of hours a day, using atropine eye drops to temporarily blur the stronger eye, or considering newer digital treatments delivered through specially designed games or videos. If a child stops making progress, the tool advises whether to increase the intensity of treatment, switch approaches, reassess the glasses prescription, or refer to a specialist. It provides steps for follow-up visits and what signs of recurrence to watch for after treatment ends. The tool can be used at an initial visit, or any follow-up visit in their amblyopia care journey.
    • “ANDI was developed by PEDIG, an NIH-funded research network with over 400 investigators, and it draws on evidence from 147 published studies. To access ANDI, go to https://public.jaeb.org/pedig.”

From the U.S. healthcare business and artificial intelligence front,

  • Mercer consulting offers “bold strategies” for payers to better control high cost members.
    • “While stop-loss coverage can help mitigate risk, many employers are finding it’s no longer enough. Unsurprisingly, “more focused management of high-cost claimants” is the top priority of large US health plan sponsors in their strategic planning for the next few years. In this post, we’ll discuss four areas where focused efforts can help employers rein in costs.”
      • Understand your data: Analyzing claims to gain clarity. 
      • Strategic oversight of medical specialty pharmacy and gene/cell therapies. 
      • Take a peekaboo view into neonatal intensive care unit management. 
      • Outlier inpatient stays.
  • Fierce Healthcare reports,
    • “CVS’ Omnicare unit has secured court approval to sell its business to virtual care company GenieRx Holdings, the healthcare giant announced Thursday.
    • “GenieRx, which offers an array of virtual health and medication services, is a joint partnership between Milrose Capital, a private equity firm, and Integro Asset Management, a healthcare-focused investment firm. Per court documents, the deal includes $250 million in cash as well as certain other liabilities, such as payroll expenses.
    • “In the announcement, CVS said that in combining with GenieRx, Omnicare will “have the opportunity to strengthen its service.” It will also continue to support it current clients in the lead up to closure, which is expected later this year, pending needed regulatory approvals.”
  • Beckers Hospital Review discusses “three barriers to GLP-1 adherence — and how systems are overcoming them.
    • Patients discontinue therapy early
    • Care models incompatible with sustained support
    • Costs and side effects deter patients.
  • Fierce Pharma tells us,
    • Total prescriptions for Eli Lilly’s Foundayo reached 10,248 for the week that ended May 8, up from 7,335 the prior week, according to IQVIA data cited by Citi. While still on the rise, Foundayo’s growth pace continued to lag behind that of Novo Nordisk’s Wegovy pill during the same stage of their launch. 
    • Wegovy’s total scripts rose by 1.3% week over week to nearly 446,000, as its share in the obesity GLP-1 market climbed 0.1 percentage point to 40.5%, according to Citi.
    • However, Wegovy’s growth apparently didn’t come from its oral formulation. Wegovy pill scripts landed at about 137,000 for the week, down from roughly 143,000 the prior week, marking the first time that the pill’s scripts have fallen since the oral launch in early January.
    • Scripts from the Wegovy pill made up 31% of total Wegovy scripts for the period, down 2 percentage points from the previous week. Still, Citi analysts argued that this roughly one-third of share “suggests preferences for oral formulations.”
    • Even as Wegovy gained ground, Lilly’s Zepbound remained the obesity market leader, with 59.5% share, as its nearly 656,000 scripts marked 0.8% growth week over week. 
  • Beckers Payer Issues offers payer perspectives on artificial intelligence tools.
    • “Using AI solutions to augment the work done by humans is an attractive solution for many payers.
    • “Getting started with these technologies, however, can feel daunting.
    • “To learn more about what it takes for payers to successfully incorporate AI and support more members, Becker’s Healthcare recently spoke with Chris Caramanico, CEO of Elligint Health, Amy Qureshi, RN, executive vice president of product strategy at Elligint Health, and Steven Tolle, chairman of the board at Elligint Health. Mr Tolle has significant experience developing and implementing AI from his time at IBM, Merge and IgniteData and addition serves as Chief of AI Strategy at Elligint Health.”
  • Fierce Healthcare adds,
    • Nearly 80% of payers now prefer implementing vendor-built artificial intelligence tools rather than developing internal capabilities, a new survey from Innovaccer found.
    • The survey draws insights from 63 health insurer organization leaders, including regional health plans to national carriers, the healthcare technology and AI company said in a press release. Respondents were polled in mid-December 2025 to mid-January, and include senior and C-suite executives.
    • Innovaccer CEO and co-founder Abhinav Shashank told Fierce Healthcare that the shift to outsourced solutions reflects the focus of how to “truly operationalize AI.” 
    • “What we are seeing is an emergence of how do you have platforms that companies can effectively offer that allow for more agentic orchestration,” Shashank said. “Because the reality of it is the technology is going to be a massive addition to how payers operate.” 
  • NBC News relates,
    • “Over the past two years, medical providers across America have quietly embraced a new AI tool called OpenEvidence to help them make clinical decisions, brush up on medical knowledge and even prepare for their licensing exams. The service, a sort of chatbot for doctors, was used by about 65% of U.S. doctors across almost 27 million clinical encounters in April alone, the company told NBC News.
    • “Everyone is using it,” said Dr. Anupam Jena, an internal medicine physician at Massachusetts General Hospital in Boston and a professor of healthcare policy at Harvard. “Its growth really has been exponential.”
    • “NBC News spoke with over two dozen doctors, hospital administrators, medical students and healthcare researchers from Hawaii to Maine to explore the rise of OpenEvidence. Each individual said they either used it regularly themselves or knew someone who did.
    • “Almost two-thirds of physicians — or roughly 650,000 doctors — in the U.S. actively use OpenEvidence, while another 1.2 million use it internationally, OpenEvidence representatives said. With its quick and tailored replies, OpenEvidence has become an AI-era equivalent of consulting a colleague for their expert opinion, though the software can also write patient discharge notes and provide custom study tools for doctors’ medical exams.”

Tuesday report

David ErmerCMS, FDA, Generative AI, Medical / Rx research, Obesity, Patient safety, U.S. Healthcare

From Washington, DC,

  • The American Hospital Association News adds,
    • “The Department of Health and Human Services Administration for Community Living has launched the first phase of its Health at Home Challenge, a competition to support community care networks that have partnered with health care providers supporting dually eligible Medicare and Medicaid beneficiaries. Each phase of the competition offers up to $2 million in prize funding for winning teams. The first phase, currently underway and continuing through July, will reward up to 10 teams for implementation strategies to scale comprehensive services that reach high numbers of dually eligible and near-dually eligible beneficiaries. The second phase will reward up to five teams for accelerating implementation of winning strategies from the previous phase. Phase three will reward up to three teams for demonstrating the scale and impact of the winning programs selected from phase two.”
  • Federal News Network reports,
    • “Federal employee workplace disputes are coming under more scrutiny from a top committee Republican who argues that agencies have an “excessive reliance” on reaching case settlements rather than pursuing litigation.
    • “House Oversight and Government Reform Committee Chairman James Comer (R-Ky.) is raising concerns over what he described as high numbers of “sue-and-settle” cases involving federal employees. He suggested that if agencies litigated more cases, they would likely win more often.
    • “Comer’s letter, sent this week to the Office of Personnel Management, cited Merit Systems Protection Board data from fiscal 2005 to fiscal 2015 that showed during that time, 68% of federal employee cases reached settlements. And out of cases that were litigated, more than 80% of agency adverse action decisions were upheld.”

From the Food and Drug Administration front,

  • The Wall Street Journal reports,
    • “Food and Drug Administration Commissioner Marty Makary resigned Tuesday after months of policy fights with top officials in the Department of Health and Human Services and the White House.
    • “His departure became official after President Trump signed off last week on a plan to fire Makary, The Wall Street Journal previously reported. Makary offered his resignation, effective Tuesday.
    • “Everybody wants that job,” Trump said. “Marty is a terrific guy and he’s going to go on and lead a good life. He was having some difficulty.” He added on his Truth Social platform that Kyle Diamantas, the deputy commissioner for food, would take over leading the agency in an acting capacity.
    • “The president also posted a text message from Makary that included his resignation and a list of what he considered his accomplishments, such as reducing drug-review times. “It’s been the honor of a lifetime to serve as your FDA Commissioner. I am forever grateful,” Makary said.”
  • MedTech Dive reports,
    • “Artera has received Food and Drug Administration clearance for an artificial intelligence tool that predicts the likelihood of a certain form of breast cancer developing distant metastases.
    • “The clearance, which Artera disclosed Wednesday, covers technology that uses histopathology images and clinical variables to stratify patients into low- and high-risk groups.
    • “Insights into the risk of distant metastases could improve decisions about the use of treatments including chemotherapy, the company said.”
  • and
    • “Johns Hopkins University spinoff Bayesian Health received 510(k) clearance for an artificial intelligence tool to help detect sepsis early.
    • “Sepsis is a life threatening response to infection. Detecting sepsis earlier can improve a patient’s chance for survival. Once a clinician suspects sepsis, the clock has been running, often for hours or even days, Bayesian Health founder and CEO Suchi Saria said in a Tuesday statement.
    • “Other Food and Drug Administration-authorized sepsis tools on the market require a physician to suspect sepsis first. Bayesian’s system, which uses electronic health records and AI, can detect sepsis nearly two to 48 hours faster than traditional methods, the company said.”
  • The American Hospital Association notes,
    • “The Food and Drug Administration has identified a Class I recall of convenience kits by Aligned Medical Solutions that contain recalled Namic Angiographic Control Syringes by Medline.”

From the public health and medical / Rx research front,

  • STAT News reports,
    • “Alcohol is wreaking havoc on U.S. public health. American society looks the other way.”
    • “Confronting heavy drinking could be one of the best ways to improve health and save lives.”
    • * * * “Of 178,000 deaths that occur each year from alcohol, roughly one-third are from causes like car crashes and alcohol poisoning. The rest are from cancer, heart disease, liver failure, and other chronic conditions that result from sustained heavy drinking. As far as drugs are concerned, alcohol’s toll is only outpaced by the prolonged damage of tobacco. 
    • :But though the U.S. has dramatically cut tobacco use, it has never made a serious effort to curb alcohol-related harms other than in the infamous era of Prohibition. Over twice as many Americans consumed alcohol in 2024 than used tobacco products, federal estimates suggest.” * * *
    • “Recent polls suggest drinking levels have reached historic lows in the U.S., with about half of adults abstaining. Last year, while much of the alcohol industry struggled against new headwinds, the nonalcoholic sector grew. Companies launched alcohol-free products and shifted their marketing to align with health-conscious customers. 
    • “Strikingly, there is little evidence that the mocktail trend is driving actual health improvements, experts told STAT. That may be because of lagging data. Or it may reflect how in many cases, market research suggests drinkers are adding nonalcoholic beverages to their rotation, rather than switching over entirely. The groups that could most benefit from cutting back, including heavy drinkers, may not be interested at all.
    • “Meanwhile, heavy and binge drinking — practices known to be particularly harmful to health — have remained at pandemic levels among key groups, including older adults and teenagers. Five million underage people used alcohol in 2024, and over half of those 12 to 20 years old engaged in binge drinking, defined as four or more drinks in one sitting for women, or five for men.”  
  • MedPage Today relates,
    • “Despite improvements in survival, the incidence of stage IV breast cancer increased significantly from 2010 through 2021, according to a U.S. population-based cohort study.
    • “The age-adjusted incidence rate of de novo stage IV breast cancer significantly increased from 9.5 cases per 100,000 females in 2010 to 11.2 cases in 2021, an annual percentage change (APC) of 1.2% (95% CI 0.8-1.6), reported José P. Leone, MD, of the Dana-Farber Cancer Institute in Boston, and colleagues.
    • “Among males, there was also a statistically significant increase in stage IV incidence, from 0.12 cases per 100,000 in 2010 to 0.20 cases in 2021, an APC of 3.7% (95% CI 1.0-6.5), they noted in JAMA Network Open.
    • “Moreover, the incidence of stage IV breast cancer increased significantly across age groups and numerically across all races and ethnicities.”
  • and
    • “Two non-pharmaceutical approaches for irritable bowel syndrome (IBS) feasibly offered patients symptom relief, according to research presented at the annual Digestive Disease Week meeting. 
    • “In a post-hoc analysis of a small single-arm trial, IBS patients’ mean scores on a 0-100 scale dropped from baseline for pain (37 to 21.6), discomfort (48.4 to 27.4), distention (54.8 to 30.9), and bloating (54.4 to 31.8) after 2 weeks of an oral, palatable elemental diet followed by a 2-week follow-up period, reported researchers led by Ali Rezaie, MD, of Cedars-Sinai Medical Center in Los Angeles.
    • “Even after reintroduction of a regular diet, “a 2-week elemental diet significantly improved abdominal pain and other IBS symptoms across subtypes using FDA-recommended responder endpoints,” Rezaie and colleagues wrote in their poster. “Larger, long-term studies are needed to confirm durability and understand how it works.”
    • “And in a sham-controlled randomized trial, people with IBS who used a virtual reality (VR) program to deliver cognitive behavioral therapy (CBT) reported greater symptom improvement after 8 weeks, with scores of 244.3 versus 295.6 with sham on a 0-500 scale where higher numbers indicate more severe symptoms (P=0.026), reported Christopher Almario, MD, of Cedars-Sinai Medical Center, and colleagues.”
  • Health Day informs us,
    • “About 8,500 steps a day may be the sweet spot for keeping weight off after dieting, new research shows.
    • “The findings — recently published in the International Journal of Environmental Research and Public Health — are also scheduled for presentation this week at the European Congress on Obesity in Istanbul.
    • “The most important — and greatest — challenge when treating obesity is preventing weight regain,” said lead researcher Marwan El Ghoch, a professor in biomedical, metabolic and neural sciences at the University of Modena and Reggio Emilia in Italy. 
    • “Around 80% of people with overweight or obesity who initially lose weight tend to put some or all of it back on again within three to five years,” he said. “The identification of a strategy that would solve this problem and help people maintain their new weight would be of huge clinical value.”
  • The Wall Street Journal lets us know,
    • “Novo Nordisk said certain patients on its higher-dose Wegovy shot lost 27.7% of their body weight on average in a trial.
    • “The Danish drugmaker said those patients who reacted faster to treatment by losing at least 15% of their weight after the first six months went on to achieve the nearly 28% total weight loss after about a year and a half.
    • “The company said the majority of the weight loss, around 84%, from using its Wegovy shots comes from losing body fat while preserving muscle function and improving muscle health.
    • “The data was presented at the European Congress on Obesity in Turkey.”
  • Cigna Health, writing in LinkedIn, discusses how employers can take advantage of Mental Health Awareness Month.
    • “Key Takeaways
      • “Offering mental health benefits is not enough—employees need a clear, guided path to find, understand, and use them.
      • “Benefits literacy is a productivity lever—clear navigation can reduce delays in care and protect vitality.
      • “Small design moves—one starting point, steady education—make the difference between availability and utilization.”
  • Fierce Healthcare considers “the broken pipeline of mental healthcare for LGBTQ teenagers.”
  • Beckers Hospital Review identifies the sixteen hospitals recognized by HealthGrades for deserving Outstanding Patient Experience, Patient Safety Excellence, and America’s Best Hospitals distinctions for 2026.
    • The organization evaluated 3,020 hospitals that submitted at least 100 patient experience surveys to CMS’ Hospital Consumer Assessment of Healthcare Providers and Systems between January and December 2024. Hospitals were evaluated on patient survey data on 10 patient experience measures. Recipients of the outstanding patient experience award earned the highest overall experience scores.
  • Fierce Pharma points out,
    • “Alkermes has chalked up a quick clinical win from its $2.37 billion acquisition of Avadel, reporting Tuesday that a phase 3 study of the sodium oxybate Lumryz met all primary and key secondary endpoints in a rare sleep disorder.
    • “The positive readout from the Revitalyz trial in idiopathic hypersomnia comes three months after Alkermes bagged Lumryz upon closing the Avadel buyout. By demonstrating its ability to significantly reduce daytime sleepiness and other symptoms, Lumryz is moving one step closer to helping Avadel investors realize the deal’s full value.”

From the U.S. healthcare business and artificial intelligence front,

  • Yesterday, the FEHBlog linked to a Modern Healthcare article about Optum Rx’s decision to implement a “new pharmacy care model that fundamentally changes how pharmacy benefits are priced and delivered — replacing traditional approaches tied to drug prices set by manufacturers or prescription volume with a transparent, fee‑based structure offered to every Optum Rx PBM customer. Here is a link to OptumRx’s news release about this decision.
  • Healthcare Dive adds,
    • “Employers are looking for a simpler pharmacy benefits model, particularly an approach that eliminates rebates to send savings directly to patients, according to a survey released last week.  
    • “More than 90% of employers surveyed agreed a rebate-free model would improve transparency into prescription drug prices, according to the research by communications and reputation management firm Penta Group for Evernorth Health Services, which operates the Express Scripts pharmacy benefit manager. 
    • “Additionally, 91% said an approach that removed rebates is easier to understand, and 90% reported it would improve employee satisfaction and drug affordability.” 
  • Fierce Healthcare relates,
    • “Providence’s turnaround efforts are continuing to gain steam, securing the 51-hospital nonprofit a $111 million net operating income (1.5% operating margin) for the start of 2026 and its third consecutive quarter on the right side of zero. 
    • “Financial performance numbers released Monday afternoon showed a roughly $360 million year-over-year operating improvement, when it had logged a -3.5% operating margin. Compared to then, Providence grew its operating revenues by 4.1%, to nearly $7.5 billion, while shrinking its operating expenses by 0.9%, to a bit over $7.3 billion. 
    • “The numbers, Providence said, reflect “deliberate steps” it’s taken over the past couple of years to reverse longstanding losses and generally tighten up the ship as financial headwinds, such as Medicaid funding cuts, loom for providers. 
    • “These, the West Coast system said in a release, include “streamlining its leadership structure, reducing duplication of services, renegotiating commercial payer contracts and sharpening its focus on core services—including transferring ownership or partnering with others on non‑core services.” 
  • Fierce Pharma tells us,
    • “Since Roche launched its long-acting eye disease medicine Vabysmo in 2022, Bayer and Regeneron have seen the impact on sales of their rival treatment Eylea, with the U.S. biotech taking a bigger hit.
    • “Bayer has managed to keep its annual Eylea sales relatively stable as they have toggled between 3.1 billion euros and 3.3 billion euros in each of the last four years. But that’s coming to an end this year as biosimilar competition is hitting the German company with full force.”
    • “In the first quarter (PDF), Bayer’s Eylea sales were down 24% year over year to 623 million euros ($731 million). They also declined sequentially by 11%. None of this is a surprise as Bayer has projected Eylea sales to drop 20% to 25% this year.”
    • “However, it wasn’t all bad news for Bayer’s Eylea franchise, as Chief Financial Officer Wolfgang Nickl cited “continued positive volume development” for Eylea’s longer-acting 8 mg formulation, which now accounts for 46% of the company’s overall Eylea sales.”
  • Beckers Health IT informs us,
    • “Cleveland Clinic’s quantum computing program has moved from a pilot phase to a fully operational “innovation engine” integrated with AI, according to Lara Jehi, MD, chief research information officer at the health system.
    • “It’s been a whirlwind, and we’ve made much more progress — and much faster — than we originally anticipated,” Dr. Jehi told Becker’s.
    • “Cleveland Clinic started its quantum computing journey in 2023 when the organization formed a 10-year partnership with IBM to create a joint accelerator center to advance healthcare discoveries using AI and cloud computing. As part of that deal, IBM installed its first private-sector, on-premise quantum computing system in the U.S. at Cleveland Clinic. The quantum computer, dubbed IBM’s Quantum System One, is dedicated to healthcare research and was installed at the Lerner Research Institute on Cleveland Clinic’s main campus.”

Weekend update

David ErmerACA, CDC, Congress, Generative AI, Medical / Rx research, Obesity, U.S. Healthcare

Happy Mothers Day!

  • Per an HHS news release,
    • “On Mother’s Day, the U.S. Department of Health and Human Services launched Moms.gov, a groundbreaking website for new and expecting mothers. This first-of-its-kind resource offers guidance and information to support the health and well-being of mothers and their families.
    • “Moms.gov also supports expecting parents who are navigating difficult or unexpected pregnancies. It features information about pregnancy centers, Federally Qualified Health Centers, nutritional guidance, Trump Accounts, and other resources that allow maternal and infant health to thrive.”
  • Per a Labor Department news release,
    • “The U.S. departments of Labor, Health and Human Services, and Treasury announced a proposed rule that would create a new category of limited excepted benefits to further expand the ability of employers to offer meaningful fertility benefits to their employees. 
    • “The proposed rule is a central component of the Trump administration’s efforts to expand American families’ access to fertility benefits. It builds upon President Trump’s Executive Order “Expanding Access to In Vitro Fertilization,” which announced that it is the policy of the administration to ensure reliable and affordable access to in vitro fertilization to support American families.” * * *
    • “The proposed rule would establish a new category of limited excepted benefits. Excepted benefits are generally exempt from the market reforms under the Affordable Care Act and certain other federal health care coverage laws. This new category would apply limiting principles similar to those already in place for other limited excepted benefits. 
    • “The proposed rule sets a few main requirements for the benefits: 
      • “Substantially all of the benefits must be for diagnosis, mitigation, or treatment of infertility or related reproductive health conditions.
      • “Benefits are capped at a combined lifetime maximum of up to $120,000 for the participant and their beneficiaries, indexed for inflation for plan years starting after 2028.
      • “Employers must provide a notice that clearly describes the coverage and meets other specified requirements.
    • “Comments are due 60 days from its publication in the Federal Register. 
    • Read the notice of proposed rulemaking on limited excepted fertility benefits.”
  • While the FEHBlog has not yet read the proposed rule, he noticed that the proposed rule amends the Public Health Service Act and therefore may impact the FEHB and PSHB programs.

From Washington, DC,

  • Tomorrow, the Senate will take a final vote on S. Res. 690, “authorizing the en bloc consideration in Executive Session of (49) certain nominations on the Executive Calendar.” The FEHBlog does not notice any noteworthy nominations on that list.
  • Here is a Roll Call discussion of other actions under consideration on the Hill this week.
  • Federal News Network reports,
    • “The Postal Service is floating the possibility of Congress stepping in to provide more financial assistance to keep the largely self-funded agency from running out of cash early next year.
    • “Postmaster General David Steiner said USPS hasn’t officially pitched the idea to Congress, but it’s an option lawmakers should consider to get the agency on firmer financial footing. Steiner said USPS will spend the next month refining its wish-list of legislative proposals before sharing it with Congress.
    • “Steiner told members of the House Oversight Committee in March that USPS will run out of cash in early 2027, as long as it continues to pay its bills on time. But USPS is relying on some emergency measures to conserve cash.
    • “To the credit of Congress, they’re not looking for short-term band-aids, but for long-term solutions,” Steiner said Friday at a public meeting of the USPS Board of Governors.”

From the public health and medical / Rx research front,

  • The Wall Street Journal reports,
    • ‘The U.S. Centers for Disease Control and Prevention is sending staff to the Canary Islands to meet a cruise ship with a hantavirus outbreak.
    • “The MV Hondius has a hantavirus outbreak that has killed three people and infected five others; the rare Andes variant is confirmed.
    • “Seventeen American passengers from the ship will be quarantined at the University of Nebraska Medical Center’s National Quarantine Unit.” * * *
    • “The facility looks more like a hotel than a hospital. People quarantining at the center are asked not to leave their rooms and receive, essentially, room service brought to their door, said Dr. Michael Wadman, medical director of the National Quarantine Unit at University of Nebraska Medicine.” * * *
    • “If any cruise ship passengers are quarantined and develop symptoms, they will be moved to the nearby Nebraska Biocontainment Unit—a facility isolated from the rest of Nebraska’s medical center, designed to treat patients infected with highly hazardous infectious diseases, according to Nebraska Medicine.
    • “A CDC official said Saturday that ship passengers will be monitored for around six weeks, or 42 days, but not necessarily only in Nebraska. The official said authorities will coordinate with some passengers and local jurisdictions for at-home monitoring, though it wasn’t clear how many people were going home or when.”
  • MedPage relates,
    • “The CDC has issued a Health Alert Network (HAN) health advisory on hantavirus, urging clinicians to be aware of the potential for imported cases of hantavirus disease in connection with an outbreak of Andes virus aboard a cruise ship.
    • “While the risk of broad spread in the U.S. is “considered extremely unlikely at this time,” the agency noted that early symptoms can be easily confused with influenza or other viral illnesses. In addition, the virus may not be accurately detected in body secretions and excretions within the first 72 hours of symptom onset, so testing should be repeated after that window, the agency warned. * * *
    • “Several state health departments — including Arizona, California, Georgia, and Texas — confirmed to MedPage Today that they are monitoring individuals in their respective states. New Jersey also is monitoring two peopleopens in a new tab or window who were on the same flight as a woman who was symptomatic on board and later died.”
  • The Wall Street Journal tells us “After the hantavirus uutbreak here’s what cruise travelers should know.”
    • “The hantavirus outbreak aboard the MV Hondius has revived memories of Covid-era cruise chaos. Infectious-disease doctors say the current situation is very different.”
  • The Wall Street Journal also reports,
    • “A study of more than 57,000 iPhone users confirmed a correlation between hearing loss and slower walking speeds.
    • “The Apple and University of Michigan study used data people agreed to share via Apple’s Research app.
    • “Doctors state addressing hearing issues could lead to a longer, healthier life and recommend annual hearing tests.”
  • Healio informs us,
    • “Among adults with obesity, the risk for new physician-reported sleep apnea and new-onset obstructive sleep apnea significantly fell if they used vs. did not use a GLP-1 agonist, according to data from two studies.
    • “Both studies were published in Annals of the American Thoracic Society.

From the U.S. healthcare business and artificial intelligence front,

  • HR Dive reports,
    • “The merit increases employers awarded this year were only slightly below previous projections, with a mean 3.1% merit increase, versus a 3.2% projection in October 2025, according to the latest Mercer QuickPulse Compensation Planning Survey.
    • “Average total increases were 3.4%, versus a predicted 3.5%, per the report. 
    • “Meanwhile, just 4% of employers gave workers equal, across-the-board salary increases, also called “peanut butter” raises, rather than merit increases, Mercer found. Most still use a combination of individual performance and position relative to market value or relative to peers.”
  • Healio relates,
    • “The AI tools that benefit clinicians most are not always the glamourous ones contributing to drugs, robotics and therapeutics innovations, but could also be the mundane ones that help ease physician burnout. 
    • “That is according to David Ting, MD, keynote speaker at Digestive Disease Week.
    • “Ting, chief clinical product lead at Microsoft and primary care internist and pediatrician at Massachusetts General Hospital, told attendees he envisions a 2036 where AI products assist with the ordinary: workflow redesign, administrative burden and workplace collaboration.
    • “AI also might one day take center stage in reshaping the clinical environment and restoring the “joy of practice,” he said.”
  • BioPharma Dive tells us,
    • “Odyssey Therapeutics, a maker of medicines for autoimmune disorders, has brought in $279 million through an initial public offering that’s been more than a year in the making.
    • “Selling 15.5 million shares at $18 each, Odyssey on Thursday raised more than what it expected and became the latest drug company of late to top $250 million in IPO proceeds. The company also added another $25 million to its haul via a concurrent private stock sale at the IPO price. Odyssey is now the 11th biotech company to go public so far this year, according to BioPharma Dive data, and will start trading on the Nasdaq stock exchange on Friday under the ticker symbol “ODTX.”
    • “Odyssey is led by Gary Glick, a biotech veteran who’s led multiple drug startups that were later acquired. Glick launched the company in 2021 with backing from the likes of OrbiMed and SR One, and it’s since netted $727 million in venture funding.”
  • Healthcare Dive informs us,
    • “Staffing technology company Cross Country Healthcare has entered into an agreement to be acquired by private equity firm Knox Lane in an all-cash deal worth $437 million.
    • “The acquisition, which will take Cross Country private, values the company at $13.25 per share, a 31% premium over the staffing firm’s closing stock price on Wednesday, according to a press release. It’s expected to close in the third quarter if the deal clears regulatory approval.
    • “The deal comes months after Cross Country and travel nursing agency Aya Healthcare abandoned plans to combine following antitrust scrutiny from the Federal Trade Commission.”
  • That’s a better outcome than Spririt Airlines experienced.  

Cybersecurity Saturday

David ErmerCybersecurity, Generative AI

From the Iranian war front,

  • Cybersecurity Dive reports,
    • “A threat group linked to Iranian intelligence has been running a months-long false-flag operation to hack organizations in the U.S. and other countries under the guise of a criminal ransomware group, according to a report released Wednesday [May 6] by researchers at Rapid7. 
    • “The state-sponsored threat group, tracked as MuddyWater, operated a social engineering campaign beginning in early 2026 that abused Microsoft Teams to harvest credentials and bypass multifactor authentication. 
    • “The attacks were made to look as if they were the work of Chaos, a ransomware-as-a-service group that has been active since 2025. Researchers said the false flag creates ambiguity that could affect how security teams investigate an intrusion. 
    • “If an operation looks like ransomware, defenders may initially treat it as financially motivated cybercrime rather than a state-linked operation,” Christiaan Beek, vice president of cyber intelligence at Rapid7, told Cybersecurity Dive. “That can slow attribution, complicate response, and give the actor plausible deniability.”

From the cybersecurity policy and law enforcement front,

  • Dark Reading reports,
    • “It’s been a brutal 16 months since the Cybersecurity and Infrastructure Security Agency (CISA) has had a Senate-confirmed director. Now, a new name has bubbled up as a possible pick to take over the beleaguered agency: Tom Parker, a low-key, British-born cybersecurity expert known for business savvy, technical expertise, and decades of focus on the delicate economics of cybercrime and cyber defense. 
    • “Reports say that although he has not yet been officially nominated, Parker is a contender to get the nod from new Department of Homeland Security Secretary, Markwayne Mullin. A request for comment from Dark Reading to DHS was referred to the White House, which has not yet responded. 
    • “Parker however tells Dark Reading that despite recent reporting, he has not had any “direct engagement” with the administration on taking on the role, but would welcome the conversation.” 
  • Federal News Network adds,
    • “The Office of Management and Budget (OMB) picked a long-time federal technology manager to take over as the deputy federal CIO. Thomas Flagg is set to assume that role. Federal News Network has learned that Federal CIO Greg Barbaccia made the announcement to agency CIOs yesterday. Flagg, who is the Education Department CIO, will replace Drew Mykelgard, who left in September to join the private sector after three-plus years in the role. Barbaccia wrote in his email that Flagg stood out among a large number of candidates because of the depth and seriousness of his experience across multiple technology leadership roles. Flagg also worked at the Labor Department for 11 years before moving to Education in 2025. 
  • Cybersecurity Dive reports,
    • “The Cybersecurity and Infrastructure Security Agency (CISA) wants to help critical infrastructure operators keep their systems running during a major cyberattack or other serious incident.
    • “CISA on Tuesday [May 5, 2026,] released guidance as part of an international “CI Fortify” initiative focused on activities that infrastructure operators can take to isolate the effects of a cyber intrusion and recover from them.
    • “In a geopolitical crisis, the critical infrastructure organizations Americans rely on must be able to continue delivering—at a minimum—crucial services,” acting CISA Director Nick Andersen said in a statement. “They must be able to isolate vital systems from harm, continue operating in that isolated state, and quickly recover any systems that an adversary may successfully compromise.
    • “The new guidance, modeled on advice that the Australian government published in 2025, comes as intelligence agencies warn that China might sabotage Western critical infrastructure to keep the U.S. and its allies from interfering with Beijing’s long-rumored invasion of Taiwan. China’s Volt Typhoon hacking campaign indicated that Beijing had already begun laying the groundwork for such disruption, prompting U.S. officials to step up warnings about the dangers of interdependencies in operational technology.”
  • and
    • “The U.S. government’s AI security center will evaluate frontier models from Google, Microsoft and xAI before their release to determine whether the models’ advanced capabilities pose cybersecurity risks.
    • The newly announced plan for the National Institute of Standards and Technology’s (NIST) Center for AI Standards and Innovation (CAISI) to conduct “pre-deployment evaluations” represents the U.S. government’s most significant attempt yet to get ahead of security threats from powerful AI systems.
    • “Independent, rigorous measurement science is essential to understanding frontier AI and its national security implications,” CAISI Director Chris Fall said in a statement. “These expanded industry collaborations help us scale our work in the public interest at a critical moment.”
  • The Wall Street Journal adds,
    • “The White House is weighing a new government-review process for artificial-intelligence tools that the government deems to pose cybersecurity risks, a move that could further expand its oversight of AI in response to Anthropic’s powerful Mythos model.
    • “The White House is considering a cybersecurity-focused executive order that could include formalizing a government oversight group to create standards for the most powerful AI models, such as Mythos, people familiar with the discussions said. The goal is to protect consumers and businesses from cyberattacks and other disruptions caused by the premature release of such models, and a range of ideas are being considered, the people said. 
    • ‘The internal conversations show how Mythos has forced the Trump administration to recalibrate aspects of its laissez-faire approach to AI oversight. The administration has unwound Biden administration efforts to implement safety standards and attacked states trying to impose regulations, hoping to ease constraints tech companies face in rolling out new models.” 
  • Cyberscoop notes,
    • “The Cybersecurity and Infrastructure Security Agency has gotten “by far” the biggest gains from artificial intelligence automation in its security operations unit to help analysts sift through threats, but it’s also proven valuable elsewhere within the agency, CISA officials said Tuesday.
    • “It’s “really allowing those analysts to do triage very fast, so they focus on what matters versus the noise,” Tammy Barbour, acting chief of application management at CISA, said. “They’re able to do a lot of real-time, quick looks before events happen in most places.”
    • “Barbour, speaking at the UiPath FUSION Public Sector event hosted by Scoop News Group, said automation has also been a boon to CISA’s Technology Operations Center.
    • “The top analysts are able to quickly respond to customers who are reaching out to talk and asking questions, and be able to get real-time efficiencies with that,” she said.”
  • Security Week tells us,
    • “A Latvian member of the Karakurt ransomware gang was sentenced to 8.5 years in prison in the US for his involvement in extorting victims.
    • “The individual, Deniss Zolotarjovs, 35, of Latvia, was arrested in Georgia in December 2023 and extradited to the US in August 2024. He pleaded guilty in July 2025.
    • “Associated with the infamous Conti group and also known as TommyLeaks, Schoolboys Ransomware Gang, and Blockbit, Karakurt was one of the most notorious ransomware groups half a decade ago.”
  • Cyberscoop informs us,
    • “Two U.S. nationals were sentenced to 18 months in prison for running laptop farms that facilitated North Korea’s expansive remote IT workers scheme, the Justice Department said Wednesday.
    • “Matthew Issac Knoot and Erick Ntekereze Prince both received and hosted laptops at their residences to dupe U.S. companies into thinking remote IT workers they hired were located in the country. The pair’s separate schemes impacted almost 70 U.S. companies and generated a combined $1.2 million in revenue for the North Korean regime.”
  • Bleeping Computer adds,
    • “A 34-year-old Virginia man was found guilty of conspiring to destroy dozens of government databases after getting fired from his job as a federal contractor.
    • “In 2016, Sohaib Akhter and his twin brother and co-defendant Muneeb Akhter were also sentenced to several years in prison after pleading guilty to accessing U.S. State Department systems without authorization and stealing the personal information of dozens of co-workers and a federal law enforcement agent who was investigating their crimes.
    • After serving their sentences, the two brothers were rehired as government contractors by a company that worked with more than 45 federal agencies and hosted government data on servers in Ashburn.
    • “When the company discovered Sohaib Akhter’s felony conviction, it terminated both brothers’ employment during an online remote meeting on Feb. 18, 2025,” the Justice Department said. “Immediately after being fired during this meeting, the brothers sought to harm their employer and its U.S. government customers by accessing computers without authorization, write-protecting databases, deleting databases, and destroying evidence of their unlawful activities.”

From the cybersecurity breaches and vulnerabilities front,

  • Cyberscoop reports,
    • “A defense technology company with Department of Defense contracts exposed user records and military training materials through API endpoints that lacked meaningful authorization checks, according to an account published by Strix, an open-source autonomous security testing project.
    • “The issue affected Schemata, an AI-powered virtual training platform used in military and defense settings. According to Strix, an ordinary low-privilege account was able to access data across multiple tenants, including user listings, organization records, course information, training metadata and direct links to documents hosted on the Schemata’s Amazon Web Services instances.”
  • CISA added three known exploited vulnerabilities (KVES) to its catalog this week.
  • SC Media points out,
    • “The Cybersecurity and Infrastructure Security Agency (CISA) is reportedly considering shortening remediation deadlines for vulnerabilities added to the Known Exploited Vulnerabilities catalog, according to Reuters.
    • “Citing two sources familiar with the matter, Reuters reported Friday [May 1, 2026] that CISA Acting Director Nick Anderson and U.S. National Cyber Director Sean Cairncross were discussing proposals to cut KEV deadlines for federal civilian executive branch agencies from an average of two to three weeks to just three days.
    • The discussion was reportedly spurred by the emergence of advanced AI tools such as Anthropic’s Claude Mythos and OpenAI’s GPT-5.4-Cyber that have the potential to identify and exploit flaws at unprecedented speed.
    • A CISA spokesperson declined to comment on whether such discussions were taking place or whether a decision had been made.
  • Security Week lets us know,
    • “Microsoft has warned organizations in the United States about a sophisticated phishing campaign that uses a “code of conduct review” theme to lure victims to a malicious website.
    • “The tech giant observed more than 35,000 attempts between April 14 and 16. The malicious emails were received by users across roughly 13,000 organizations in 26 countries, but 92% of the targets were in the US. 
    • “Many of the messages were received by users in the healthcare and life sciences, financial services, professional services, and technology and software sectors.” * * *
    • “Enterprises at risk of being targeted in this and similar phishing campaigns have been provided with recommendations for mitigating attacks, as well as threat-hunting queries and indicators of compromise (IoCs).”
  • Cybersecurity Dive relates,
    • “Hackers could exploit vulnerabilities in Progress Software’s MOVEit Automation tool to improperly access businesses’ data, the software maker said in a recent advisory.
    • “Exploitation of the two flaws — an authentication-bypass vulnerability tracked as CVE-2026-4670 and a privilege-escalation vulnerability tracked as CVE-2026-5174 — could “lead to unauthorized access, administrative control, and data exposure,” according to Progress Software’s advisory.
    • “The newly patched flaws represent serious security weaknesses in a widely used managed-file-transfer program that helps organizations transfer data between self-hosted servers, cloud platforms and third-party vendors.
    • “Progress Software urged customers to upgrade to the latest version of the software, which fixes both vulnerabilities.”
  • Per Dark Reading,
    • “Researchers have spotted a modular cloud worm that will clear you of any infections by the dangerous supply chain attacker “TeamPCP,” free of charge. The catch: It wants your secrets.
    • “SentinelLabs named the program “PCPJack” in a new blog post,and described it as “well developed” — effective, with a few inexplicable but superficial oddities. Affected organizations stand to lose secrets associated with their cloud, container, developer, productivity, and financial services, unless they implement cloud security best practices, concealing passwords and keys behind vaults and multifactor checks.”
  • Per Bleeping Computer,
    • “A fake version for the Claude AI website offers a malicious Claude-Pro Relay download that pushes a previously undocumented backdoor for Windows named Beagle.
    • “The threat actor advertises Claude-Pro as a “high-performance relay service designed specifically for Claude-Code” developers.
    • “The fake website is a simplistic attempt at mimicking the legitimate site for the popular Claude large language model (LLM) and an AI assistant, using similar colors and fonts.
    • “However, the facade falls apart when it comes to links, as they are mere redirects to the front page, researchers at cybersecurity company Sophos say in a report today.”

From the ransomware front,

  • Edscoop reports,
    • “ShinyHunters, the prolific criminal hacker and extortion group, on Thursday [May 7, 2026] provided additional details about its recent breach of Canvas, the learning management system developed by Instructure, with hopes of coaxing payments from some of the nearly 9,000 educational institutions it claims are affected.
    • “After announcing on May 1 that it had exfiltrated several terabytes of data containing the personal information of 275 million users, it announced a deadline of Thursday [May 7] before “everything is leaked and there will be no chance at a negociation for anyone. Instructure has not even bothered speaking to us to understand the situation or to even negociate with us to prevent the release of this data. Our demand was not even as high as you might think it is.”
    • “On Thursday, the group presented to Canvas users a second message and extended the deadline for payment until May 12. “ShinyHunters has breached Instructure (again). Instead of contacting us to resolve it they ignored us and did some ‘security patches’,” the note reads. The group advised affected schools to consult security professionals and use the Tox messaging protocol to negotiate a “settlement.”
    • “The attached list of affected institutions includes many school districts, along with well-known universities, including Cambridge, Columbia, Cornell, Georgetown, Harvard, MIT and UC Berkeley.”
  • The Wall Street Journal adds on May 8, 2026,
    • Canvas, one of the most widely used education apps, said it had restored services after pulling the plug in the middle of finals week at many colleges to deal with a cybersecurity incident.
    • From Berkeley to Harvard, students at thousands of colleges and high schools temporarily lost access to their coursework on Thursday afternoon after a hacking group posted a ransom note on the platform.  
    • The company behind Canvas, Instructure Inc., said the intruders had accessed some customer data, including names, email addresses and student ID numbers, as well as messages between Canvas users. The company said it hasn’t found that passwords or financial information were involved. The investigation is ongoing and it has notified the Federal Bureau of Investigation.
    • “We have since confirmed that the unauthorized actor carried out this activity by exploiting an issue related to our Free-For-Teacher accounts,” the company said on its website. “As a result, we have made the difficult decision to temporarily shut down Free-For-Teacher accounts.” 
  • Security Week relates,
    • “The RansomHouse ransomware group has taken credit for the recent attack on the cybersecurity firm Trellix.
    • “The Trellix hack came to light this week when the company announced on its website that part of its source code repository had been breached.
    • “Based on our investigation to date, we have found no evidence that our source code release or distribution process was affected, or that our source code has been exploited,” the company stated.
    • “No other information has been shared by Trellix, but it has promised to release additional details after it completes its investigation.”
  • Industrial Cyber tells us,
    • “New data from BlackFog shows ransomware activity remaining structurally elevated, with attacks continuing to operate at high volume while expanding their data-centric focus across both disclosed and undisclosed incidents. The analysis highlights that threat actors are increasingly prioritising data theft and extortion over traditional encryption-only disruption, reflecting a broader shift in how ransomware operations monetise compromise. It also underscores that incidents continue to span multiple sectors and geographies, reinforcing that ransomware is no longer episodic but persistent, industrialised, and embedded across the global threat landscape.
    • “A total of 264 publicly disclosed ransomware attacks were recorded, representing a 15% decrease compared to the same period the previous year, BlackFog disclosed in its ‘Q1 2026 Ransomware Report.’ Despite this decline, activity remained steady throughout the first quarter, with 91 attacks in January, 83 in February, and 90 in March. Healthcare remained the most targeted sector, accounting for 72 attacks (27%), reflecting the continued focus on organizations with sensitive data and limited tolerance for operational disruption. Government entities experienced 32 attacks (12%), while the technology sector followed with 28 attacks (11%).” 

From the cybersecurity business and defenses front,

  • The Wall Street Journal reports,
    • “OpenAI said it was previewing a powerful artificial-intelligence model capable of finding software vulnerabilities for a limited group of partners, adding to an industry race to give customers the most advanced cyber capabilities.
    • “The ChatGPT maker said it was releasing GPT-5.5-Cyber, a version of its most capable AI model, to a limited group of users that do vital security work. Other versions of GPT-5.5 are available to customers that do broader cyber work or general queries.
    • “The announcement followed consultation with the White House, which is working with top AI companies on the release of models that present national-security risks. Federal agencies and congressional committees have also been briefed on the latest capabilities.
    • “OpenAI Chief Executive Sam Altman said last week that the company was beginning to roll out the model to trusted cyber partners.”
  • Security Boulevard assesses Anthropic’s Project Glasswing.
  • Security Week relates,
    • “Cisco on Monday announced its intent to acquire Astrix Security, a startup focused on securing non-human identities (NHIs) such as API keys, service accounts, and OAuth tokens increasingly used by applications and AI agents.
    • “In a blog post, Cisco said the acquisition is aimed at extending zero trust principles to the emerging “agentic workforce,” where AI agents and machine identities are rapidly expanding the enterprise attack surface. Astrix’s technology is designed to help organizations discover, govern, and secure these identities, including detecting excessive privileges and real-time threats. 
    • “Astrix provides visibility into non-human identities and the activity of AI-driven agents, along with lifecycle management and automated detection and remediation of over-privileged, unnecessary, or malicious access — including compromised credentials and rogue agent behavior. Cisco plans to integrate these capabilities into its broader security platform, including identity intelligence, secure access, and Duo IAM.”
  • Cybersecurity Dive tells us,
    • “Businesses are confident that AI will improve their cybersecurity posture, even as they neglect more fundamental security tools like identity management and zero-trust networking, according to a “State of Workforce Password Security” report that the business software provider Zoho published on Tuesday.
    • “AI confidence also doesn’t match implementation readiness, the report found, with a massive gap between the share of companies expecting AI to help them with security and the share of companies ready to act on that potential.
    • “The report also contains data on the share of companies that experienced recent cyberattacks and the business world’s security spending plans.”
  • Tech Target identifies “top zero-trust use cases in the enterprise.”
    • “When applied correctly, zero trust can minimize an organization’s attack surface. Experts weigh in on the best use cases where zero trust can deliver results.”
  • Here is a link to Dark Reading’s CISO Corner.

Thursday report

David ErmerFDA, Federal employment benefits, Generative AI, Medical / Rx research, OPM, Rx coverage, U.S. Healthcare

From Washington, DC

  • Federal News Network reports,
    • “In the coming months, the Office of Personnel Management is expected to release a reworked version of its employee viewpoint survey that’s more focused on granular data and delivering realtime feedback.
    • “OPM Director Scott Kupor said his agency has been refining the survey to focus more on micro-level questions in order to more effectively gauge employee opinion.
    • “The goal is to get to a decision on what the kind of new survey format looks like so that we have time to do something over the course of this fiscal year for sure,” Kupor told Federal News Network in an interview Wednesday.”
  • Fedweek outlines the FEHB/PSHB eligibility rules for children.
    • “Both the Federal Employees Health Benefits program and Postal Service Health Benefits program, provide for coverage of spouses and children in their self plus one and family options. While enrollment changes typically happen during the open season each autumn, there are certain life events that involve adding children—for example from self plus one to self and family on the birth or adoption of a child.
    • “In both cases, it’s important to know who qualifies for coverage as a child, and when that may end.’
  • Thompson Reuters notes,
    • QUESTION: We recall that the Affordable Care Act (ACA) requires insured group health plans to satisfy nondiscrimination rules similar to those that apply to self-insured plans under Code § 105(h) (the eligibility and benefit tests). What is the status of those rules? Are employers that sponsor insured plans required to comply with them, and if so, when?
    • ANSWER: Under the ACA, insured group health plans generally must satisfy the nondiscrimination rules of Code § 105(h)(2), including “rules similar to” those in Code § 105(h) regarding nondiscriminatory eligibility, nondiscriminatory benefits, and controlled groups. The Code § 105(h) rules pre-date the ACA, prohibit certain discrimination in favor of highly compensated individuals, and apply only to self-insured health plans. The ACA applied similar requirements to insured plans, other than those that provide only excepted benefits or qualify for grandfathered status.
    • “Although insured group health plans initially were required to comply with the ACA nondiscrimination rules for plan years beginning on or after September 23, 2010, the IRS announced in Notice 2011-1 that compliance is not required until the agencies issue regulations or other guidance regarding how the rules apply to insured plans. To date, the agencies have not issued such regulations or guidance, so sanctions for failure to comply do not yet apply for insured plans. Note that the Code § 105(h) nondiscrimination rules continue to apply to self-insured health plans, including those that provide excepted benefits or are grandfathered. For example, the Code § 105(h) nondiscrimination rules continue to apply to health FSAs”.
  • Per an HHS news release,
    • “Today, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced an Interim Final Rule (IFR) extending, for one-year, the compliance dates that recipients of HHS funding must meet for conforming web content and mobile applications to specific accessibility standards under Section 504 of the Rehabilitation Act of 1973 (Section 504).
    • “Under the revised timeline:
      • “Recipients with 15 or more employees will now have until May 11, 2027, to comply.
      • “Recipients with fewer than 15 employees will now have until May 10, 2028, to comply.

From the Food and Drug Administration front,

  • Fierce Pharma reports,
    • “After a surprise rejection at the beginning of 2026, the FDA has agreed to reconsider a T-cell therapy based on the same single-arm trial that the agency had previously found problematic.
    • “For Pierre Fabre Pharmaceuticals and Atara Biotherapeutics’ Ebvallo, the FDA agreed during a recent meeting that a single-arm study using an appropriate historical control “could serve as an adequate and well controlled study” in support of an application for approval, the two companies said Thursday.
    • “Pierre Fabre and Atara are aiming to get Ebvallo, also known as tabelecleucel or tab-cel, approved for patients with relapsed or refractory Epstein-Barr virus-positive post-transplant lymphoproliferative disease (EBV+PTLD) who have failed on an anti-CD20 regimen. Before the FDA, European regulators had already greenlighted the immunotherapy for the indication in 2022.”
  • MedPage Today adds,
  • and
    • “An investigational trivalent mRNA-based vaccine reduced confirmed flu illness by 26.6% through the end of the flu season compared with approved standard-dose vaccines in a randomized trial among adults ages 50 and older.
    • “The mRNA vaccine led to more adverse events, particularly injection-site pain and fatigue, but most were transient and mild without an excess of more serious risks.
    • “An FDA decision on approval is expected by August.”

From the public health and medical / Rx research front,

  • The Washington Post reports,
    • “Using the blood of a 56-year-old woman vaccinated against measles, scientists have isolated a fighting force of four potent virus-blocking antibodies that could pave the way toward a treatment for people exposed to the highly contagious respiratory disease making a comeback in the United States.
    • “A safe, highly effective vaccine for measles has been available since the 1960s, and the U.S. officially eliminated the disease in 2000, with sporadic cases and outbreaks. But dropping vaccination rates have sparked large outbreaks in multiple states, and the country is edging closer to the virus spreading freely again—which puts more people at risk.
    • “New ways to block or treat measles would be particularly important for people who are immunocompromised and babies under the age of 1, because they are not eligible for the vaccine, leaving them unprotected amid a growing number of cases.
    • “Measles was a problem that was solved. Until it wasn’t solved anymore,” said Erica Ollmann Saphire, president of the La Jolla Institute for Immunology who led the study published Thursday in the journal Cell Host & Microbe. But she and other scientists stressed that this approach was not a substitute for a vaccine.
    • “The treatment is always going to be more expensive than the vaccine. It’s the best bang for your public-health buck — this is for people that couldn’t be vaccinated,” Saphire said.”
  • MedPage Today adds, “A new systematic review in The BMJ reported that current evidence did not support causal associations between aluminium adjuvanted vaccines and serious or long-term health outcomes.
  • Infectious Disease Advisor notes,
    • “HIV pre-exposure prophylaxis (PrEP) uptake remains suboptimal among commercially-insured adolescents and young adults in the United States, highlighting the need for targeted interventions to address access barriers.”
  • The American Medical Association lets us know what doctors wish their patients knew about swimmer’s ear.
    • “Diving into pools or spending the day at the beach or lake can be the epitome of summer fun, but these aquatic adventures can also come with an unwelcome companion: otitis externa, commonly known as swimmer’s ear. This common affliction can sideline even the most dedicated water enthusiasts with its painful consequences. With the incidence of swimmer’s ear rising during the warmer months, understanding its causes, symptoms and prevention methods is essential for water enthusiasts of all ages.” 
  • The National Institute for Health Care Management’s May newletter discusses “Cancer Trends & Treatment Advancements”
  • Per BioPharma Dive,
    • “CellCentric, a biotechnology company developing an experimental drug for multiple myeloma, announced Wednesday it raised a $220 million Series D round to finance mid- and late-stage trials.
    • “Its lead drug, dubbed inobrodib, is an oral medicine that blocks a pair of proteins called “p300” and “CBP,” which in turn prevents the expression of certain key cancer-driving genes. CellCentric believes the treatment might be useful as an additive therapy across different lines of care in multiple myeloma. 
    • “The biotech is testing inobrodib in an all-oral combination involving Bristol Myers Squibb’s Pomalyst, as well as in conjunction with bispecific antibodies for myeloma such as Pfizer’s Elrexfio and Johnson & Johnson’s Tecvayli. It’s also evaluating use in a “maintenance” setting, where treatments are used to keep cancer from returning.”

From the U.S. healthcare business front,

  • Beckers Payer Issues reports,
    • “Blue Shield of California debuted its virtual-first Virtual Blue healthcare plan just over three years ago. Now, the data is rolling in.
    • “The program began in 2023 through a collaboration with tech-enabled healthcare platforms Accolade — now owned by Transcarent — and TeleMed2U. The program has no out-of-pocket costs for visits with virtual-only providers, can often deliver same-day care and now has more than 150,000 members. Blue Shield is even tacking virtual primary care options onto its Trio HMO plan, expanding offerings into the individual market.
    • “Tim Lieb, Blue Shield of California’s senior vice president of commercial markets, recently joined the “Becker’s Payer Issues Podcast” to discuss Virtual Blue’s early strengths and challenges.”
  • Healthcare Dive relates,
    • “Nearly 8 in 10 employers report GLP-1 drugs are driving heightened healthcare costs at their companies, pushing some to consider dropping coverage of the pricey weight loss medications, according to a survey released Tuesday by the Business Group on Health.
    • “Only 72% of employers that cover GLP-1s for weight management said they’d likely maintain that coverage next year, while 10% reported they likely wouldn’t, according to the group, which represents employers that provide health coverage. 
    • “Additionally, 87% of respondents said new oral versions of GLP-1 drugs would result in higher demand for the medications, but only 9% predicted prices would decrease.”
  • and
    •  Providing hospital-level care in patients’ homes was linked to better clinical outcomes, suggesting hospital-at-home programs could serve as a safe and efficient alternative to traditional inpatient care, according to a study published this week in JAMA Network Open. 
    • Hospital at home was associated with decreased emergency department use within 30 days of discharge and lower in-hospital mortality, according to the research. But patients at hospital-at-home programs saw no significant difference in hospital readmissions within 30 days. 
    • Additionally, adoption of hospital at home across the country is uneven, with few rural facilities participating, researchers wrote. The findings “underscore the need to address practical and implementation challenges to broaden equitable access,” they said.
  • Per Healthcare Cost Institute news releases,
    • Health care spending can differ dramatically depending on where Americans live, with costs varying by more than twofold from one metro area to another, according to new findings from the Health Care Cost Institute (HCCI). Charleston, WV, tops the list of the highest spending markets, with annual costs more than twice those in places like Bakersfield, CA, one of the country’s lowest spending areas.
    • The new data comes from the Health Cost Landscape, HCCI’s updated interactive platform that compares health care spending, prices, service use, and market dynamics across 269 metro areas in 45 states. The tool gives a clear, local look at how health care markets function and where consumers are paying the most for care.
  • and
    • “The Transparency in Coverage (TiC) regulations have introduced unprecedented visibility into negotiated health care prices in the United States. By requiring insurers to publish machine-readable files containing payer–provider contracted rates starting in 2022, the policy has created a new data source for studying price variation. However, the scale, inconsistency, and missing information within the TiC data mean that rigorous methodological work is required before it can be used for research. This brief explores the nature of this data, how it is accessed and processed, and how it can be used for analysis, with a detailed walkthrough of a real example examining childbirth prices in Pennsylvania.” * * *
    • “Transparency in Coverage data represent a significant advancement in the availability of information on negotiated health care prices, offering researchers a new lens into variation across payers, providers, and markets. As demonstrated in the childbirth analysis in Pennsylvania, TiC data can be used to replicate and extend findings from traditional claims-based research, particularly in understanding the range and distribution of negotiated rates across payers and providers.
    • “At the same time, the value of TiC data depends heavily on the methods used to create an analytic dataset. The raw data are not inherently research-ready and require substantial processing, including careful service definition, data cleaning, provider and payer entity resolution, and restrictions to ensure comparability. Without these steps, analyses may not be replicable and risk reflecting the messiness of the raw data rather than meaningful differences in prices. Additionally, the absence of utilization data remains a fundamental limitation, requiring integration with external sources to fully assess spending and average prices.
    • “Overall, TiC data should be viewed as a powerful but incomplete resource. When used appropriately, they can provide important insights into health care pricing dynamics and market structure. As data quality improves and methods continue to evolve, TiC data are likely to become an increasingly valuable complement to claims data in health services research.”
  • Per Fierce Healthcare,
    • “Hims & Hers launched an artificial intelligence agent embedded in its platform to help interpret biomarker lab results and provide users personalized insights about their health.
    • “The company launched its direct-to-consumer lab testing program for health biomarker testing back in November. The new agent AI, Labs AI, has been available to some customers in beta testing and will roll out to all Labs customers over time, the company announced Thursday.
    • “Hims & Hers’ Labs offers access to 130 biomarker tests across 10 health areas, including heart health, metabolism, hormones, inflammation and stress, as part of its strategy to extend into prevention and health screening. The new AI care agent makes customers’ lab results clearer, more useful and easier to engage with, according to Patrick Carroll, M.D., Hims & Hers chief medical officer.”
  • and
    • “Ardent Health topped the market’s revenue and earnings estimates, touting Wednesday solid adjusted admission and labor spend numbers despite what has proved to be a tumultuous first quarter for hospitals. 
    • “The publicly traded for-profit logged $1.6 billion of total revenue, which was up 7% year over year and 1.3% above Zacks Investment Research’s consensus estimate. Net income was $40 million, or 28 cents per share, beating the consensus estimate of 18 cents per share. 
    • “Similar to other for-profit health systems’ reports from the past few weeks, executives acknowledged the impacts of a weak respiratory season and severe winter storms on Ardent’s business, particularly in Texas, Oklahoma and New Jersey. That led to a 1.1% year-over-year decline in admissions, though CEO Marty Bonick said during Wednesday’s earnings call that the company “acted swiftly to reschedule surgeries and adjust labor to align with volume, mitigating the impact on our performance.”
  • Per Fierce Pharma,
    • “With an eye on the lucrative U.S. market, Italy’s Angelini Pharma will acquire rare disease specialist Catalyst Pharmaceuticals and its potential blockbuster, Firdapse, for $4.1 billion.
    • “Rome-based Angelini, a family-owned private company established in 1919, is paying $31.50 per share for Florida-based Catalyst. It is a 3% premium on Catalyst’s share price at close yesterday and a 21% premium on its price on April 22 before market activity hinted at public knowledge that a sale was in the offing. Bloomberg reported the potential buyout on April 27, triggering another stock surge.”
  • Per MedTech Dive,
    • “Roche has agreed to acquire PathAI, a Boston-based digital pathology firm, for up to $1.05 billion.
    • “Roche plans to pay $750 million upfront and up to $300 million in additional milestone payments, according to a Thursday announcement. 
    • “The acquisition is expected to close in the second half of 2026, subject to customary closing conditions, including antitrust and regulatory approvals.”

Midweek update

David ErmerCDC, CMS, FDA, Generative AI, Medical / Rx research, Medicare, Patient safety, Rx coverage, Telehealth, U.S. Healthcare

From Washington, DC,

  • The American Hospital Association News tells us,
    • “The White House May 4 released its National Drug Control Strategy, which, among other efforts, recommends effective primary prevention programs. The initiative increases the implementation of evidence-based prevention strategies; establishes new partnerships with organizations supporting youth health and expanding primary prevention; supports a national media and education campaign against drug use; and supports and enhances the federal drug-free workplace program.”
  • The Centers for Medicare and Medicaid Services announced,
    • “The Centers for Medicare & Medicaid Services (CMS) will provide eligible Medicare beneficiaries access to certain GLP-1 medications for $50 per month beginning July 1, 2026, through December 31, 2027.
    • “Under the Medicare GLP-1 Bridge, a time-limited demonstration, CMS is expanding access to innovative, evidence-based weight-loss treatments. Eligible individuals enrolled in Medicare Part D prescription drug plans will be able to access these medications at a predictable and affordable cost—$50 for a monthly supply. This approach reflects CMS’ continued focus on improving access to high-value treatments that support better long-term health outcomes.
    • * * * “Beginning July 1, Medicare beneficiaries with Part D coverage may be eligible to access certain GLP-1 medications at $50 for a monthly supply. Beneficiaries can talk to their doctor to determine whether a GLP-1 medication is right for them. CMS will share additional information for beneficiaries as the program begins.
    • “In addition, CMS continues to work with stakeholders—including providers, pharmacies, and manufacturers—to support implementation and ensure all partners have the information they need ahead of launch. 
    • “The Medicare GLP-1 Bridge builds on CMS’ broader efforts to improve access to innovative therapies and support healthier outcomes for Medicare beneficiaries. For additional “demonstration details, visit: https://www.cms.gov/medicare/coverage/prescription-drug-coverage/medicare-glp-1-bridge
  • U.S. Office of Personnel Management Director Scott Kupor, writing in his Secrets of OPM blog on Substack, optimistically discusses the state of artificial intelligence.
  • Meanwhile, KFF Health News reviews “Regulation of AI in Prior Authorization and Claims Review: A Look at Federal and State Consumer Protections.”

From the Food and Drug Administation front,

  • Per FDA news releases,
    • “The U.S. Food and Drug Administration today announced major steps in its bold initiative to modernize the agency. The agency launched Elsa 4.0, a significant upgrade to the agency’s internal AI tool available to all FDA staff, from scientific reviewers to investigators.  
    • “The agency also consolidated more than 40 disparate application and submission data sources, systems and portals across all FDA centers into a new platform called HALO (Harmonized AI & Lifecycle Operations for Data).The agency began integrating HALO and Elsa so that FDA staff can query data and build workflows without having to manually upload documents within each chat. The HALO consolidation is expected to enable more penetrating deployment of AI capabilities within agency operations. 
    • “Elsa’s new capabilities once again position FDA as a leader in deploying AI tools that empower staff,” said FDA Commissioner Marty Makary, M.D., M.P.H. “Removing tedious burdens for staff enables them to focus more on science and makes their work streams more efficient and enjoyable. We have some of the best scientists in the world and we need to take good care of them.”
  • and
    • The U.S. Food and Drug Administration today announced that it is piloting one-day inspectional assessments, as part of a broader initiative to make its inspectional resources more targeted and efficient. As part of this pilot, which launched in April, the agency is conducting shorter, focused screening assessments to complement standard FDA inspections. 
    • “One-day inspections can strengthen our inspectional approach by focusing our time and resources where they are most needed—enhancing our overall effectiveness,” said FDA Commissioner Marty Makary, M.D., M.P.H. “For the FDA, the ability to conduct shorter, targeted assessments allows for broader surveillance coverage, enabling the agency to assess more facilities and gather critical insights without compromising regulatory rigor. For industry, these assessments can provide timely feedback while minimizing operational disruption, particularly for lower-risk establishments.”
    • One-day inspectional assessments also support the development of more robust risk models across FDA programs. Data gathered through these assessments—such as recurring compliance themes, facility-specific risk scores, and discrepancies between registered and actual operations—can be used to better target future oversight activities.
  • MedTech Dive tells us,
    • “The Food and Drug Administration added neurosurgical supplies to its medical device shortages list on Wednesday.
    • “The regulator sent a letter to healthcare providers warning about disruptions in availability of neurosurgical patties, sponges and strip devices, which are used to absorb fluids and protect tissue during surgery.
    • “The FDA attributed the problem to recent supplier issues, noting that Medline Industries recently recalled its neuro sponge products. The agency expects the shortage to continue through the end of the year.”

From the public health and medical / Rx research front,

  • The New York Times explains,
    • “Hantaviruses have most likely been around as long as rodents, but little was known about these pathogens before the 20th century. This rare family of viruses that rodents carry has been cited as the source of a deadly outbreak aboard a cruise ship in the Atlantic Ocean.
    • “The virus is zoonotic, meaning it can be transmitted to humans from animals. And while outbreaks have been rare, it is one of the most widely distributed zoonotic viruses on Earth.
    • “Some are Old World hantaviruses and others are New World hantaviruses,” said Sabra Klein, a professor of molecular microbiology and immunology at the Johns Hopkins Bloomberg School of Public Health.
    • “Different species of the virus are carried by different rodents,” Dr. Klein said, adding that European strains cause less severe illnesses than those from Asia.
    • She noted that “there’s no vaccine, there’s no cure, there’s no money” in finding a cure “in part because these are so rare.”
  • The Wall Street Journal adds,
    • “Hantavirus is an unlikely source of contagion on a cruise ship. The virus isn’t as infectious between humans as fast-spreading respiratory illnesses like Covid-19 and the flu. 
    • “It belongs to a family of viruses carried by rodents and spread to humans through contact with infected urine, droppings or saliva. Only one strain—the Andes virus—has shown limited evidence of human-to-human transmission. Researchers in South Africa and Switzerland confirmed this week the virus involved in the suspected outbreak is the Andes strain.
    • “Human-to-human transmission of the Andes strain requires very close contact, like sharing food or living quartersaccording Steven Bradfute, an immunologist at the University of New Mexico Health Sciences Center whose lab has sequenced hantaviruses. “It doesn’t spread into huge outbreaks,” Bradfute said.
    • “WHO and other health authorities say the threat to public health is low. 
    • “Yet the ship’s passengers are at risk, as well as perhaps people they came into close and extended contact with after leaving the ship. That is why Oceanwide Expeditions, the Hondius’s operator, plus health authorities around the world and airlines, are mobilizing to trace the paths of the ship’s travelers.”
  • Fierce Healthcare reports,
    • “The Leapfrog Group highlighted broad improvements across several patient safety measures in this year’s spring release of hospital safety grades, the first reflecting changes made after a court-ordered removal of hospitals that declined to voluntarily submit information to the watchdog group. 
    • “Top marks were handed out to 917 hospitals, with Leapfrog outlining a particularly high share of “A” hospitals in the states of Connecticut (where 64% of hospitals received an “A”), Virginia (59%), South Carolina (51%), Utah (50%) and Montana (44%). 
    • “A hospital’s assigned grade is calculated by reviewing recent data on up to 22 patient safety measures, including a 10-part Medicare composite of reported patient safety and adverse events. Among these, Leapfrog said it saw “significant improvement” in 17 measures, including those related to healthcare-associated infections and medication safety plus multiple items related to patient experience. 
    • “The good news is that hospitals across the country are making meaningful strides in patient safety and helping save countless lives,” Leah Binder, president and CEO of The Leapfrog Group, said. “But not all hospitals are the same. That’s why it’s so important for people to consult Safety Grades and do their research when choosing a hospital.”
    • “Of note, the latest release excludes 450 hospitals that did not participate in Leapfrog’s 2024 or 2025 surveys.” 
  • Beckers Hospital Review points out the “eleven U.S. hospitals have earned consecutive “A” safety grades from The Leapfrog Group since 2012.” You can see “the list of Leapfrog’s five “F” hospitals here.
  • Pulmonary Advisor notes,
    • “While vaccinations showed protective trends, prior viral infections were generally linked to an increased likelihood of future respiratory illnesses.”
  • Per MedPage Today,
    • “Updated findings from a European randomized trial continued to show that colonoscopy screening significantly reduced colorectal cancer (CRC) incidence, but its impact on CRC mortality was less clear.”
  • Following up on recent Wall Street Journal articles, Cardiology Business relates
    • “Three of the leading U.S. cardiovascular health societies have joined forces for a new statement about the importance of multidisciplinary, patient-centered decision-making when managing patients with severe aortic stenosis (AS).
    • “The Society for Cardiovascular Angiography and Interventions (SCAI)American College of Cardiology (ACC) and Society of Thoracic Surgeons (STS) collaborated on the joint statement, calling it a response to “recent media coverage” about transcatheter aortic valve replacement (TAVR) and surgical aortic valve replacement (SAVR). The primary focus of the statement appears to a feature story published by The Wall Street Journal on April 23 that included interviews with patients who experienced significant complications after undergoing TAVR. 
    • “The joint statement highlights the fact that multidisciplinary heart teams are at the center of every treatment decision for patients who present with severe AS and require an aortic valve replacement. This has been the case for many years now, but coverage from The Wall Street Journal and other mainstream news outlets is sure to grab the attention of people unfamiliar with how such treatment decisions are made. 
    • “This statement serves as a fresh reminder for the general public that cardiologists and cardiac surgeons do not take these decisions lightly. The cardiology groups said years of hard work and dedication have gone into developing the framework that is now in place.”
  • Per MedTech Dive,
    • “Neptune Medical’s gastrointestinal robot met both of its primary endpoints in a clinical trial assessing the safety and feasibility of the system to perform colonoscopies.
    • “The study followed 50 adults who underwent screening, surveillance or diagnostic colonoscopy with the robotic endoscopy system at a single center in Poland for 14 days after the procedure.
    • “The results, announced Tuesday, showed no adverse events and a 100% rate of cecal intubation, where the endoscope is guided through the entire colon to the beginning of the large intestine.”
  • and
    • “Johnson & Johnson said Tuesday that a study evaluating the investigational Ottava robotic system in gastric bypass surgery met its safety and efficacy endpoints through 30 days. The average weight loss in that time frame was 30 pounds.
    • “Results from the 30-patient study were among the pre-clinical evidence included in J&J’s submission to the Food and Drug Administration, announced in January, for de novo classification of the robot in multiple procedures in the upper abdomen. 
    • “All procedures in the prospective, multicenter study were completed robotically on Ottava without conversion to a non-robotic approach, the company said. There were no adverse events related to the device.”

From the U.S. healthcare business front,

  • The Wall Street Journal reports,
    • “CVS Health exceeded first-quarter earnings expectations and raised its full-year adjusted-earnings guidance.
    • “The company reported first-quarter net income of $2.96 billion, driven by a turnaround at its Aetna insurance unit.
    • “Aetna’s medical-loss ratio was 84.6%, below analysts’ projections, but 2027 Medicare rates still fall short.”
  • Modern Healthcare relates,
    • “Humana plans to cut Medicare Advantage supplemental benefits in 2027 in a strategic shift for the insurer.
    • “Medicare Advantage payments are not keeping pace with medical costs, President and CEO Jim Rechtin said.
    • “Medicare Advantage membership was 22.6% higher in the first quarter.
    • “Humana downgraded its annual earnings guidance.”
  • Beckers Payers Issues tells us,
    • “Oscar Health reported a net income of $679 million in the first quarter of 2026, according to a May 6 earnings release. This marked the highest quarterly profit in the company’s history, nearly 2.5 times greater than profit in the first quarter of 2025.
    • “Membership reached roughly 3.2 million members, a 56% year-over-year increase. The company’s medical loss ratio was 70.5%, compared to 75.4% during the same period last year.
    • “Total revenue reached $4.6 billion, up 53% year over year. Earnings from operations were $704.1 million, more than double from the first quarter of 2025.
    • “The company also reaffirmed its 2026 guidance. The strong quarter follows a $443 million net loss in 2025.”
  • Fierce Healthcare informs us,
    • “Hinge Health boosted its full-year revenue outlook by $64 million as the company reported a stronger-than-expected first quarter and kicked off an expansion of its business beyond muscle and joint pain.
    • “The digital musculoskeletal (MSK) care provider, which went public nearly a year ago, brought in first-quarter revenue of $182 million, up 47% year-over-year from $123.8 million in Q1 2025. The company posted first-quarter adjusted earnings of 45 cents per share, significantly exceeding Wall Street analyst estimates of 12 cents per share. Hinge Health’s non-GAAP income from operations jumped 208% to $46.2 million compared to non-GAAP income from operations of $15 million during the same quarter a year ago.
    • “The company’s results easily topped Wall Street analyst estimates, with a revenue target of $172 million for the quarter and a Street estimate of $31.2 million for operating income.”
  • and
    • “Amwell, the telehealth platform formerly known as American Well, brought in $54.9 million in first-quarter revenue, down approximately 18% the same period a year ago, as executives discussed artificial intelligence and key contract renewals with investors on Tuesday.
    • “The company is shifting towards subscription revenue, and in Q1, subscription software revenue was 53% of total revenue at $24.9 million, which Chief Financial Officer Mark Hirschhorn said was down “approximately 23%” year-over-year in a May 5 call to discuss Q1 results. 
    • “Encouragingly, renewals and retention were higher than budgeted in the first quarter, providing greater confidence in the stability of our subscription base going forward,” Hirschhorn said.
    • “Amwell’s visit volume was down approximately 19% compared to a year ago, according to Hirschhorn, with 1.1 million visits in Q1. Hirschhorn said the figure is “is in line with the portfolio changes” previously disclosed by the company.”
  • The Wall Street Journal lets us know,
    • “BioNTech plans to shrink its workforce and manufacturing network to cut costs after Covid-19 vaccine demand waned.
    • “The company will affect 1,860 roles, about 22% of its 8,400-person workforce, and exit manufacturing plants.
    • “BioNTech will hand Covid shot supply to Pfizer, pivot to cancer therapies, and projects 500 million euros in annual savings by 2029.”
  • and
    • “Bayer agreed to acquire Perfuse Therapeutics, an eye disease drug specialist, for up to $2.45 billion.
    • “The acquisition aims to complement Bayer’s ophthalmology pipeline, following patent expiration issues with its Eylea drug.
    • ‘Perfuse’s lead drug candidate is an experimental treatment for glaucoma and diabetic retinopathy in mid-stage trials. Bayer will pay $300 million upfront.”
  • Per Fierce Pharma,
    • “Since the start of the decade, Eli Lilly has committed to spend more than $50 billion to bolster its United States manufacturing capabilities. But even that’s not enough to meet the needs of the rapidly growing pharma giant.
    • “On Wednesday, Lilly said that it has earmarked another $4.5 billion to further build up two of three planned production facilities in Lebanon, Indiana, some 28 miles northwest of Lilly’s headquarters in Indianapolis. The company revealed the new investment at a ribbon cutting ceremony for its genetic medicine plant in Lebanon, the first of the three new facilities at the site to become operational.
    • “Of the sum Lilly has pledged to spend for its domestic manufacturing in this decade, more than $21 billion has been allocated for the buildup in its home state. Lilly’s “evolving pipeline” and shifts in the anticipated demand for its products dictated the additional funding, the company said.”





Monday report

David ErmerCDC, CMS, Congress, FDA, Generative AI, Medical / Rx research, Medicare, OPM, U.S. Healthcare, Uncategorized

From Washington, DC,

  • Per a Senate news release,
    • “The U.S. Senate Health, Education, Labor, and Pensions (HELP) Committee will hold two field hearings in Louisiana this week to discuss how Congress can make health care affordable and improve mental health and substance use disorder treatment. The Committee will hear from a variety of perspectives within the health care system, including patients, providers, and local subject matter experts.” * * *
    • “Title: Making Health Care Affordable Again Part 2: Perspectives from Employers, Patients, and Providers
    • Date: Tuesday, May 5, 2026
    • Time: 9:00 AM CT/10:00 AM ET
    • Location: LSU Foundation Building, 3796 Nicholson Drive, Baton Rouge, LA
    • “Click here to watch this hearing live.”
  • The Wall Street Journal reports,
    • “Health Secretary Robert F. Kennedy Jr. is announcing steps that he said are aimed at helping wean some Americans off psychiatric medications, including antidepressants.
    • “Too many patients begin treatment without a clear understanding of the risks, and how long they will stay on these drugs, or how to come off them,” he said to an audience at an event hosted by the Make America Healthy Again Institute, a nonprofit, on Monday. “We are going to fix it.” 
  • Here is a link to the HHS news release about this announcement.
  • Per U.S. Office of Personnel Management news releases,
    • “The US Office of Personnel Management (OPM) today recognized Public Service Recognition Week, honoring the federal employees who serve the American people every day and highlighting the critical role public servants play in delivering results for taxpayers.
    • “Observed annually during the first full week of May, Public Service Recognition Week celebrates the dedication, professionalism, and impact of public servants across the federal government and at all levels of public service. This recognition also comes as OPM continues its work to strengthen the federal workforce through modern hiring, performance management, and workforce development initiatives.”
  • and
    • “The US Office of Personnel Management (OPM) today announced the expansion of access to USA Class, an artificial intelligence (AI)–enabled tool designed to accelerate the creation of federal position descriptions, to all federal agencies using USA Staffing at no additional cost.
    • “This move integrates USA Class directly into the federal government’s primary hiring platform, providing hiring managers and human resources professionals with modern tools to reduce administrative burdens and speed the hiring process.
    • “USA Class uses AI technology trained on thousands of existing federal position descriptions to help managers quickly generate structured draft duties and assist classifiers in aligning those duties with OPM classification standards. The tool is designed to strengthen collaboration between managers and classifiers, reduce rework, and significantly shorten timelines needed to prepare position descriptions, an essential first step in the hiring process.”
  • OPM Director Scott Kupot discusses the USA Class initiative in the latest post in his Secrets of OPM blog.
    • “Don’t get me wrong – hiring is still hard, and I don’t suspect AI will fully solve that problem in the near term. But we are using AI to streamline the tasks for which computers are very capable and free up time for HR professionals and hiring managers to focus on the people-facing aspects of recruiting and assessing candidates. More to come.”
  • Fierce Healthcare offers “A deeper dive into the ACCESS Model—Who’s participating, potential headwinds and how it could spur health plan adoption.”
    • “The CMS ACCESS Model creates a new category of Medicare Part B providers, ACCESS organizations, that can receive outcome-aligned payments for managing qualifying chronic conditions. The model shifts away from remote patient monitoring (RPM) and chronic care management (CCM) billing codes that offer payments for specific activities.
    • “This access model introduces an alternative approach, which is, you get rid of the billing codes altogether, and you have these new outcomes-aligned payments,” said Aneesh Chopra, chair of the Arcadia Institute.
    • “Chopra, who served as the first U.S. Chief Technology Officer, asserts that the ACCESS model redefines value-based care as it eliminates complexity and makes value-based care scalable.
    • “The use of AI technologies enables companies and providers to take a scarce resource—care management—and make it abundant, Chopra noted, to scale it to more patients living with chronic conditions.”
  • Healthcare Dive relates,
    • “The Department of Justice’s fraud division last week launched a strike force dedicated to rooting out healthcare fraud on the West Coast, as the Trump administration continues to double down on fraud enforcement across the country. 
    • “The West Coast Health Care Fraud Strike Force brings the DOJ’s healthcare fraud unit together with the U.S. attorney’s offices for Arizona, Nevada and the Northern District of California, to coordinate on cases in the region, according to a Thursday press release. 
    • “The strike force will bring increased enforcement resources to Northern California — one of the nation’s hubs for health technology development — and Arizona and Nevada, where the DOJ says healthcare fraud schemes are rising.” 

From the Food and Drug Administration front,

  • Fierce Pharma reports,
    • Incyte is poised to expand the reach of its blockbuster JAK inhibitor Jakafi with a new once-daily, extended-release version that’s soon to hit pharmacy shelves. 
    • “The FDA signed off on Jakafi XR under the same indications as original Jakafi, allowing its use to treat intermediate or high-risk myelofibrosis, polycthemia vera and graft-versus-host disease. In a bioequivalence study, a single 55-mg Jakafi XR tablet exhibited consistent, day-long exposure comparable to a twice-daily 25-mg immediate-release Jakafi dose. 
    • The new version allows for expanded treatment options “without changing the well-established role of Jakafi in clinical practice,” Incyte’s CEO Bill Meury explained in a company release.”
  • and
    • “Along with partner Lannett, a subsidiary of China’s Sunshine Lake Pharma has brought a biosimilar of Sanofi’s insulin glargine Lantus to the U.S., adding a cheaper interchangeable option to the diabetes treatment landscape. 
    • “The green light makes Lannet and Sunshine’s product the first long-acting insulin from a Chinese company to win the FDA’s blessing. 
    • “The biosimilar will be sold under the brand name Langlara and is now FDA-approved to treat adult and pediatric patients with type 1 diabetes as well as adults with type 2 diabetes. Langlara also received an interchangeable designation from the FDA, meaning that it can be distributed by pharmacists in place of Lantus without sign-off from a physician.”   

From the judicial front,

  • Per a Department of Justice news release,
    • “Two men were sentenced today for their roles in a scheme to defraud Medicare, Medicaid, and private health insurance companies by submitting over $522 million in fraudulent claims for medically unnecessary genetic tests that were obtained through the payment of illegal kickbacks and bribes.
    • “Reyad Salahaldeen, 57, of Buford, Georgia, was sentenced to 151 months in prison after pleading guilty to conspiracy to commit health care fraud and wire fraud. Mohamad Mustafa, 28, of Duluth, Georgia, was sentenced to three years in prison after pleading guilty to paying health care kickbacks.
    • “Under the guise of health care, these two fraudsters attempted to steal more than half a billion dollars from taxpayers through a web of sham contracts, lies, and bribes,” said Colin M. McDonald, Assistant Attorney for the National Fraud Enforcement Division. “These schemes deplete America’s pocketbook and destroy the trust in medicine that patients deserve and demand. The Department of Justice will remain vigilant in our efforts to deter those defrauding the American people in the name of health care. I thank the prosecutors and our law enforcement partners at FBI and HHS-OIG who worked tirelessly for this just outcome.”

From the public health and medical / Rx research front,

  • A neurologist, writing in the Washington Post, tells us about “six ways to keep work stress from fueling headaches.”
  • The American Medical Association lets us know what doctors wish their patients knew about Lyme Disease.
    • “An early sign of Lyme disease is a bullseye rash from a tick bite. But symptoms can worsen if left untreated. Three infectious diseases physicians share more.”
  • Cardiovascular Business reports,
    • “Long-term antidepressant use may increase a person’s risk of sudden cardiac death (SCD), according to new findings published in Heart Rhythm.
    • “SCD frequently occurs without warning, often in individuals without previously diagnosed cardiovascular disease,” wrote first author Jasmin Mujkanovic, MD, a cardiologist with Copenhagen University Hospital, and colleagues. “It accounts for a significant proportion of cardiovascular mortality worldwide. Psychiatric disorders have previously been shown to be associated with SCD, with major depressive disorders having a twofold increased risk … Pharmacologic treatment of depression, with antidepressants among the most common pharmaceuticals prescribed, adds another layer of complexity.”
  • MedPage Today relates,
    • “Kids seen by primary care clinicians for acute respiratory tract infections were prescribed antibiotics less often during telemedicine visits versus in-person visits in a cross-sectional study.
    • “The difference was driven by more telemedicine diagnoses of viral infections and sinusitis versus more in-person diagnoses of acute otitis media and streptococcal pharyngitis.
    • “There were no significant differences between groups in antibiotic management guideline concordance, follow-up visits, or antibiotic prescription within 14 days after the initial visit.”
  • and
    • “A 10% increase in ultraprocessed food intake was tied to lower attention scores and greater dementia risk in a cross-sectional study.
    • “The relationships persisted even in people who followed a Mediterranean diet.
    • “No relationship emerged between ultraprocessed food intake and memory scores.”
  • Health Day informs us,
    • “Antibiotics don’t appear to increase a person’s risk of developing celiac disease, a new study says.
    • “Patients with celiac disease had a 24% higher odds of antibiotic use compared to healthy siblings or members of the general public, researchers reported recently in the journal Clinical Gastroenterology and Hepatology
    • “However, the odds of antibiotic use were even higher — 50% — among a group of people whose gut lining was normal, when they were compared to the general public, researchers said.
    • “These results indicate that earlier studies that linked celiac disease to antibiotics reflect a heightened awareness of the disorder, in which the gut becomes inflamed if a person eats gluten.
    • “We do not see a causal link between celiac disease and antibiotics,” said lead researcher Dr. Maria Ulnes, a pediatrician and doctoral student at the University of Gothenburg in Sweden.”
  • Radiology Business points out,
    • “A new 4D mammography technique could diagnose cancer with up to four times the precision of 3D digital breast tomosynthesis (DBT) exams. 
    • “That’s according to early data out of an ongoing first-in-human clinical trial at Baptist Health Hardin in Elizabethtown, Kentucky. The trial is testing the utility of the 4D mammography system developed by Calidar Inc.—a medical technology startup out of North Carolina. Calidar’s 4D system harnesses X-ray diffraction imaging to measure molecular-level signatures of disease; these tissue “fingerprints” could help providers diagnose breast cancer in its earliest stages, but current mammography systems do not have this capability. 
    • “Calidar has indicated that its 4D system also allows for exams to be completed more quickly, and at a reduced radiation dose compared to 2D and 3D scans.” 

From the U.S. healthcare business and artificial intelligence front,

  • Beckers Payer Issues explains,
    • “Healthcare more broadly has been focused on reaching consumers where they are at. Health systems have established virtual care partnerships, and prescription drugs are now more accessible via direct-to-consumer pathways.
    • “But health insurers have also been developing strategies to reach members more directly, such as through transparent pricing and shifts in product offerings.”
    • The article offers several examples.
  • The Wall Street Journal reports,
    • UCB said it agreed to buy Candid Therapeutics [which is based in San Diego, CA] for up to $2.2 billion, in a deal that seeks to bolster the Belgian pharmaceutical company’s pipeline of experimental treatments for autoimmune and inflammatory diseases.
    • Brussels-based UCB said Sunday that it would pay $2 billion upfront and up to $200 million subject to future targets to acquire Candid. Its latest acquisition follows a licensing agreement with China’s Antengene valued at up to $1.18 billion in March, and a deal to buy epilepsy-therapy developer Neurona Therapeutics for up to $1.15 billion last month.
    • Privately held Candid is developing a portfolio of experimental drugs to treat autoimmune and inflammatory diseases and its lead candidate, cizutamig, is a so-called bispecific antibody being tested in multiple early-stage clinical trials across a number of indications, UCB said.
  • Fierce Healthcare relates,
    • “UPMC and CommonSpirit’s talks to hand over a three-hospital system in eastern Ohio have progressed to a definitive agreement between the parties with a transaction expected to close in the fall. 
    • “Financial terms of the deal for CommonSpirit’s Trinity Health System were not disclosed, and a close would require regulatory clearances.
    • “Trinity Health System and UPMC share a commitment to providing top-tier care and serving the most vulnerable members of our community,” Dwayne Richardson, interim president of Trinity Health System, said in a Monday release announcing the agreement. “UPMC’s proven track record of community service and compassionate approach to care were key factors in our decision, and will significantly benefit our patients.”
    • “Trinity Health System includes facilities for urgent care, behavioral health and physician offices alongside its hospitals. The deal reflects a market expansion for UPMC, which is based in Pittsburgh, Pennsylvania and dominates the western half of that state with more than 40 hospitals and 800 outpatient sites.” 
  • Radiology Business notes,
    • “It may be more than anxiety and forgetfulness to blame for women missing their scheduled mammograms, according to new survey data. 
    • “Missed breast imaging appointments are not uncommon. In fact, prior research has suggested that breast imaging appointments account for the largest number of no-shows in imaging. This can be problematic for both practices and patients, experts explain in a new paper in Academic Radiology.” * * *
    •  
  • Healthcare Dive tells us,
    • “Healthcare bankruptcies rose in the first quarter after declining last year, according to a report released last week by restructuring advisory firm Gibbins Advisors.
    • “Twelve healthcare companies with liabilities of at least $10 million filed for Chapter 11 bankruptcy protection in the first quarter, up 33% from the fourth quarter of 2025. 
    • “Senior care firms and physician practices drove bankruptcies in the first quarter, with four filings each.” * * *
    • “The most common reason for missing an exam was forgetting about the appointment, cited by 35% of respondents. Financial and logistical issues, however, also represented a significant barrier for many; 19% indicated that financial hardship prevented them from attending their appointment, while another 20% said they did not have transportation to get to their exam. Notably, respondents who fell under lower income brackets most often cited issues with payments and transportation. Notably, around 30% of the patients who missed their appointment never rescheduled. 
    • “In terms of improving follow through, respondents suggested that more frequent reminders would be beneficial; the majority signaled that text message reminders were the most effective. Other suggestions included some form of payment assistance and transportation services.”  
  • Joanna Stern writing in the Wall Street Journal describes a personal experience with AI enhanced mammography.
  • Per an Institute for Clinical and Economic Review news release,
    • “The Institute for Clinical and Economic Review (ICER) posted a Protocol today outlining how it will conduct its second annual analysis titled the “Launch Price and Access Report,” which will examine launch prices and patient access for new FDA-approved treatments. This protocol was developed with input from a multi-stakeholder working group* consisting of patient and consumer advocates, clinicians, policy experts, payers, and life science companies. 
    • “In the upcoming report, to be released in October 2026, ICER will analyze launch price trends over four years (2022-2025). ICER is also conducting an in-depth review of newly launched drugs (July 2024 to June 2025 novel drug approvals) by:
      • “Evaluating the impact of pricing above ICER’s Health Benefit Price Benchmark (HBPB) for drugs that ICER has previously reviewed.
      • “Evaluating patient access to newly launched drugs using real-world pharmacy and medical claims data, payer coverage policies, and direct patient surveys.
    • “The complete timeline for ICER’s Launch Price and Access report is available here.”
  • Fierce Pharma tells us,
    • “With three weeks of data on Lilly’s oral GLP-1 launch in obesity now on the books, the dimensions of Foundayo’s rollout—and its critical comparison to that of Novo Nordisk’s Wegovy pill—are coming into focus. 
    • “In its third week on the U.S. market, which ended April 24, Foundayo generated some 5,600 prescriptions, analysts at Jefferies wrote in a May 1 note to clients. That level of adoption is numerically lower than the stats recorded by the Wegovy pill in its third week, when prescriptions for the oral obesity med came in at around 26,100, per the note. 
    • “Nevertheless, almost all of Foundayo’s recorded performance stems from cash pay channels, according to the Jefferies team, with commercial access via insurance set to come online by the middle of this month, which will likely give Foundayo a substantial boost in uptake. 
    • “The team acknowledged that Foundayo’s reimbursement “appears to be ramping more slowly vs oral Wegovy’s.” 
    • “Overall, the analysts described Foundayo as “off to a solid start,” and estimate the drug will generate $146 million in the second quarter and $1.6 billion for all of 2026. That compares to consensus forecasts of $134 million and $1.2 billion, respectively.” 

Cybersecurity Saturday

David ErmerCybersecurity, Generative AI, Uncategorized

From the Iranian war front,

  • The Center for Strategic and International Studies offers an April 27, 2026, FAQ about “The Iranian Cyber Threat to U.S. Critical Infrastructure.”
  • MedTech Dive tells us,
    • “A cyberattack that shut down ordering, shipping and manufacturing at Stryker for weeks cut into the company’s first-quarter results.
    • “CEO Kevin Lobo told investors Thursday that the cyberattack “meaningfully” affected Stryker’s growth.
    • “The cyber incident had a big impact on our results and affected each of our businesses differently given their varied go-to-market models and processes to record revenue,” Lobo said. “This resulted in distortions in our first-quarter results that will normalize over the course of the year.” * * *
    • “Stryker was hit by the cyberattack on March 11. The company’s global Microsoft environment was disrupted, and ordering, shipping and manufacturing were shut down for weeks. Operations were not restored until the first week of April.
    • “The attack has been claimed by an Iran-linked threat actor tracked as Handala, according to Check Point Research. Along with the operational disruption, the group claims to have wiped thousands of servers and mobile devices, and stolen data.
    • “Lobo said the cyberattack wiped 40,000 laptops. He added that the company lost some procedures due to operations shutting down, and some sales reps were unable to get into hospitals. However, Lobo maintained that the company didn’t lose overall business.”
  • SC Media reports on April 27,
    • “Large medical devices maker Medtronic on April 24 said it was hit by a cyberattack that led to unauthorized access to data in some of its corporate IT systems. 
    • “However, in a statement, Medtronic said it had not identified any impact to its products, patient safety, or connections to its customers, manufacturing and distribution operations, financial reporting systems, or the company’s ability to meet patient needs.
    • “The networks that support our corporate IT systems, our products and our manufacturing and distribution operations are separate,” said the company. “Hospital customer networks remain separate from Medtronic IT networks and are secured and managed by customers’ IT teams.”
    • “The attack raised some eyebrows because it was reportedly claimed by Handala, the same group that was behind the attack on Stryker March 11 that led to service disruptions. This was the second publicly reported attack on a large medical device maker since the war with Iran started Feb. 28.”
    • “Handala didn’t target Medtronic by accident,” said Amir Khayat, co-founder and CEO of Vorlon. “Critical infrastructure, complex vendor networks, sensitive data, and known security gaps make healthcare one of the most attractive targets in the world. The teams that find out their exposure after an incident are the ones who never looked before it.”

From the cybersecurity policy and law enforcement front,

  • Cybersecurity Dive reports,
    • “The U.S. government wants to know how major U.S. technology companies are using AI to protect their computer networks and how they’re preparing for the possibility of an AI-driven cybersecurity crisis.
    • “Officials from the White House’s Office of the National Cyber Director (ONCD) have reached out to tech giants in recent weeks with questions about AI, information sharing, vulnerability patching and how the federal government can help, according to an email and a list of questions shared with Cybersecurity Dive.” * * *
    • “ONCD asked the companies to answer 11 questions on a range of cybersecurity topics by May 1.”
  • and
    • “A group of U.S. government agencies on Wednesday [April 29] offered advice for critical infrastructure organizations on applying zero-trust (ZT) principles to their operational technology (OT) environments.
    • “Taking a zero-trust approach to these industrial systems requires careful consideration, the new government publication says, “because OT systems interact with the physical environment and are constrained by availability and safety requirements, as well as legacy technology with long lifespans.”
    • “The document — co-authored by the Cybersecurity and Infrastructure Security Agency (CISA), the FBI and the departments of Defense, Energy and State — describes the unique challenges that OT environments pose, the importance of clear governance frameworks and supply-chain oversight, and the steps that infrastructure operators should take to implement zero trust.”
  • and
    • “The Australian and U.S. governments, along with other international partners, released guidance on Friday [May 1] for safely deploying agentic AI systems.
    • The automation capabilities of AI agents create unique risks that can lead to “productivity losses, service disruption, privacy breaches or cybersecurity incidents,” the guidance document reads. “Organisations must therefore anticipate what could go wrong, assess how agentic AI risk scenarios might affect operations and establish ongoing visibility and assurance to maintain confidence in their agentic AI investments.”
    • “Safely using AI agents means “never granting it broad or unrestricted access, especially to sensitive data or critical systems,” the document warns. Companies, it says, “should only use agentic AI for low-risk and non-sensitive tasks.”
    • “The publication — co-issued by the Australian Signals Directorate, the U.S.’s Cybersecurity and Infrastructure Security Agency and National Security Agency and their British, Canadian and New Zealand counterparts — comes as businesses race to integrate AI tools into their workflows and increasingly embrace agentic AI for its ability to automate repetitive tasks.”
  • HelpNet Security adds,
    • “AI agents need credentials to work. They authenticate with LLM platforms, connect to databases, call SaaS APIs, access cloud resources, and orchestrate across dozens of external services. Every integration point requires an identity. Most organizations are handling this badly, and the evidence is in the code.
    • “GitGuardian’s State of Secrets Sprawl Report found 28,649,024 new secrets exposed in public GitHub commits across 2025, a 34% year-over-year increase and the largest annual jump in the report’s history.
    • “One of the root causes is authentication design: which credential type gets chosen, what scope it carries, how long it lives, and where it gets stored. In the meantime, AI is creating more credentials that need managing and generating more artifacts where those credentials leak.”
  • Per a National Institute of Standards and Technology news release,
    • “The National Institute of Standards and Technology (NIST) is hosting a virtual event titled “Building Your Small Business Cybersecurity Team: From In-House to Outsourcing” on May 5, 2026, from 2:00 to 3:00 p.m. EDT. The webinar, part of National Small Business Week, focuses on helping small businesses develop cybersecurity teams to manage and reduce risks. It will address different team structures based on factors such as budget, staff capabilities, and organizational needs, including in-house roles, full teams, and outsourced support. Speakers will discuss considerations for hiring, outsourcing, and training employees, as well as available resources such as the National Initiative for Cybersecurity Education Workforce Framework for Cybersecurity.  For additional information and to register for the event refer to the official NIST Event page.”
  • Cyberscoop informs us,
    • “Two former cybersecurity professionals who moonlighted as cybercriminals, committing a series of ransomware attacks in 2023, were each sentenced to four years in prison, the Justice Department said Thursday [April 30].
    • “Ryan Clifford Goldberg and Kevin Tyler Martin previously pleaded guilty to one of three charges brought against them in December and faced up to 20 years behind bars. 
    • “Goldberg, who was a manager of incident response at Sygnia, and Martin, a ransomware negotiator at DigitalMint at the time, collaborated with Angelo John Martino III to attack victim computers and networks and use ALPHV, also known as BlackCat, ransomware to extort payments.
    • “These defendants exploited specialized cybersecurity knowledge not to protect victims, but to extort them,” Jason A. Reding Quiñones, U.S. attorney for the Southern District of Florida, said in a statement. “They used ransomware to lock down critical systems, steal sensitive data, and pressure American businesses into paying to regain access to their own information.”

From the cybersecurity breaches and vulnerabilities front,

  • The Washington Post reports on April 30,
    • “The Trump administration inadvertently exposed the Social Security numbers of health care providers in a database powering a new Medicare portal, The Washington Post found.
    • “The Centers for Medicare and Medicaid Services (CMS) last year created a directory to help seniors look up which doctors and medical providers accept which insurance plans, framing it as an overdue improvement and part of the Trump administration’s initiative to modernize health care technology.
    • “But a publicly accessible database used to populate the directory contains some of the providers’ Social Security numbers, linked to their names and other identifying information. For at least several weeks, CMS made the database available for public use as part of its data transparency efforts. The files are not immediately visible to users who visit the provider directory.
    • “The Post downloaded the database and identified at least dozens of Social Security numbers belonging to health care providers while reviewing a sample of rows.
    • “The Post informed health officials on Tuesday that the numbers had been exposed, giving the agency time to take down the database, and contacted some of the affected providers, who said they were confused and concerned.” * * *
    • “CMS officials said they are working to fix the problem that led to the exposure. A spokesperson said the problem “stems from incorrect entries of provider or provider-representative-supplied information in the wrong places” — essentially, that providers entered information in the wrong place and left their own Social Security numbers exposed.
    • “The agency has taken steps to address it promptly and reinforce safeguards around data submission and validation,” CMS said in a statement.”
  • Cyberscoop relates on April 30,
    • “A pair of persistent and problematic threat groups affiliated with The Com are actively targeting organizations across multiple critical infrastructure sectors for rapid data theft and extortion attacks, according to CrowdStrike.
    • “The financially-motivated attackers, which CrowdStrike tracks as Cordial Spider and Snarky Spider, have used voice-phishing and social engineering attacks to break into victims’ identity platforms and traverse SaaS environments since at least October 2025, the company said in a report Thursday, which it shared exclusively with CyberScoop prior to release. 
    • “Adam Meyers, senior vice president of counter adversary operations at CrowdStrike, said the subgroups composed of native English speakers primarily target U.S.-based organizations in the academic, aviation, retail, hospitality, automotive, financial services, legal and technology sectors.
    • “This “new wave of ecrime threat actors” are closely aligned with Scattered Spider and linked to other subsets of The Com, including SLSH and ShinyHunters, Meyers said.” 
  • Cybersecurity Dive tells us,
    • “Phishing attacks using QR codes to direct victims to malicious links surged in the first quarter of 2026, Microsoft said in a threat report published on Thursday [April 30].
    • “Email-based phishing attacks overwhelmingly used malicious links rather than attachments during the first three months of the year, reflecting the greater range of delivery options for externally hosted threats.
    • “A major phishing-as-a-service (PhaaS) platform is significantly diminished after recent attempts to choke off its infrastructure, the company said.”
  • InfoSecurity Magazine points out,
    • “The threat landscape in 2025 was characterized by a surge in compromised credentials, extortion and vulnerability exploitation, according to a new report from KELA.  
    • “The threat intelligence firm tracked nearly 2.9 billion compromised credentials last year globally, it said in its latest report, The State of Cybercrime 2026: Emerging Threats & Predictions.” * * *
    • “Cybercriminals and APT groups have moved from using AI merely as a supportive tool in attacks to making it an essential component in the complexity, enhancement, and escalation of those attacks,” it warned.
    • “Specifically, attacks have moved on from basic jailbreaking of LLMs to vibe hacking for autonomous execution of entire workflows, the report claimed. AI-assisted malware and prompt injection attacks designed to hijack agents are also increasingly common, KELA said.
    • “We’re seeing a fundamental pivot in adversary behavior with the shift from AI-assisted tools to fully autonomous, agentic malicious workflows, where over 80% of operations require minimal human oversight,” said David Carmiel, CEO of KELA.
    • “Attackers no longer need to break in through a backdoor, they can quickly find the key and walk through the front using stolen credentials. Organizations relying on stale intelligence and legacy defenses instead of AI-powered solutions are leaving the door wide open to attacks.”
  • The Cybersecurity and Infrastructure Security Agency, which beginning yesterday is no longer subject to shutdown, added four known exploited vulnerabilities to its catalog this week.

From the ransomware front,

  • Security Week reports,
    • “South Carolina-based healthcare provider Sandhills Medical Foundation has disclosed a data breach affecting nearly 170,000 individuals.
    • “Sandhills Medical said in a data security incident notice on its website that it discovered a ransomware attack on May 8, 2025. 
    • “It has since been working with law enforcement, cybersecurity experts, and a forensics firm to investigate the intrusion and determine its impact.
    • “Now, nearly one year later, the healthcare organization has publicly disclosed the incident and notified affected individuals.
  • Insurance Business Magazine relates
    • “A single ransomware crew exploiting a single brand of firewall is now driving nearly half of all cyber insurance claims, At-Bay has warned, in a finding that recasts how underwriters and brokers should be thinking about risk selection.
    • “The cyber carrier’s 2026 InsurSec Report, drawn from more than 6,500 claims and 100,000 policy years, concluded that ransomware has entered an infrastructure-driven phase.
    • “Attackers, it said, are no longer hunting by industry or company size but by the network appliances their targets happen to run.
    • “Nearly three in four ransomware attacks, or 73%, began with a VPN in 2025 — a share that has almost doubled in two years.
    • “SonicWall topped the list of most-targeted VPNs for the first time, linked to 27% of ransomware claims. Akira alone accounted for more than 40%, the highest concentration of a single strain on At-Bay’s books, with SonicWall appliances present in 86% of its attacks.”
  • Security Affairs tells us,
    • “Symantec researchers report that recent Trigona ransomware attacks used a custom-built data exfiltration tool instead of common utilities like Rclone or MegaSync. This shift, seen in March 2026 incidents, gives attackers more control and helps them evade detection, as standard tools are often flagged by security systems. Researchers believe this move shows a growing investment in proprietary malware to stay stealthy. 
    • “The attacks, which occurred in March 2026, mark a significant shift in tactics for Trigona affiliates. The motivation for moving away from publicly available tools remains unknown.” reads the report published by Symantec. “Many publicly available tools are now so well known that they may be flagged by security solutions.”
    • “Trigona, active since late 2022, operates as a Ransomware-as-a-Service linked to the Rhantus cybercrime group.”
  • Dark Reading informs us,
    • “The latest variant of an emerging ransomware may be far more destructive than its operators intended, acting as a wiper that deletes many of an organization’s captured files instead of encrypting them, as typical ransomware does. This scenario makes recovery impossible for defenders while complicating the possibility of holding files for ransom for the attackers.
    • “The Vect 2.0 variant of the ransomware-as-service (RaaS) operation, which first appeared last December, has a flaw across its versions for Windows, Linux, and VMware ESXi that inadvertently and permanently destroys so-called “large files” rather than encrypting them, according to a report published this week by Check Point Software. 
    • “For all files of only 128KB or higher, “this effectively makes Vect a wiper for virtually any file containing meaningful data, enterprise assets such as VM disks, databases, documents and backups included,” according to the report. Check Point has confirmed that the flaw, which “discards three of four decryption nonces for every file above 131,072 bytes (128 KB),” is identical across all three platform variants.” * * *
    • “For defenders, this makes the situation slightly worse, as they no longer will be able to recover all of their files, even if they agree to pay the ransom to do so, Check Point says. “Victims who pay the ransom cannot receive a working decryptor for their largest files, not through operator deception, but because the information required for decryption was irrecoverably destroyed at the moment of encryption.”
    • “They probably wouldn’t realize they can’t recover files only after the ransom is paid and their decryption key doesn’t work, which is why Check Point found it so important to report the flaw in Vect, Smadja says.”

From the cybersecurity business and defenses front,

  • CRN reports,
    • “Anthropic announced Thursday [April 30] it’s moving Claude Security, formerly known as Claude Code Security, into public beta to enable rapid AI-powered vulnerability discovery and remediation.
    • “The launch follows the widely discussed disclosure about Anthropic’s Claude Mythos Preview earlier this month, though the Claude Security offering does not leverage Mythos.
    • “Today’s models are already highly effective at finding flaws in software code,” Anthropic said in a blog post Thursday. “The next generation will be more capable still, and will be particularly effective at autonomously exploiting these flaws.”
  • Cybersecurity Dive relates,
    • “PwC has launched an AI-driven, unified detection-and-response managed security service, enabled by Google Security Operations.
    • “The recent announcement follows PwC’s three-year, $400 million collaboration investment with Google Cloud to modernize cybersecurity operations, unveiled in January. The offering targets smaller and mid-sized enterprises that wouldn’t typically turn to a big consulting firm for cybersecurity.
    • “This is not an old-school cyber-managed service offering that requires a lot of people, time and infrastructure to set up,” PwC’s Partner, Global and US Managed Services Leader, Tim Canonico told Channel Dive from the Google Cloud Next conference in Las Vegas. “We’re leveraging Google’s SecOps platform and building agents to do a lot of the work that would typically require large-scale teams to operate.” * * *
    • “All this automation has human checkpoints, and Canonico says it helps create an efficient, low-cost cybersecurity service with 24/7 monitoring, detection and response.”
  • Security Week tells us,
    • Cisco on Thursday [April 30] unveiled a new open source tool, named Model Provenance Kit, designed to help organizations address potential issues associated with the use of third-party AI models.
    • Organizations often leverage AI models obtained from model repositories such as HuggingFace, where millions of models are available.
    • While these models can offer many benefits, organizations often don’t track the changes made to them. In addition, although repositories provide guidance on the importance of model cards and metadata, the maintenance work performed by their developers can vary, affecting downstream users. 
  • The Wall Street Journal infoms us
    • “OpenAI and Microsoft MSFT have reached a truce.
    • “The startup and its longtime partner have forged a new deal that offers OpenAI more freedom to partner with Microsoft’s rivals, caps the amount of revenue it must share with the software giant through 2030 and removes a controversial clause in prior agreements. Microsoft, meanwhile, will retain access to the startup’s models and products.”
  • Here is a link to Dark Reading’s CISO Corner.

Monday report

David ErmerCDC, COVID-19, FDA, Generative AI, Medical / Rx research, Mental health care, NIH, Patient safety, Rx coverage, U.S. Healthcare

From Washington, DC

  • Beckers Hospital Review reports,
    • “Americans spend more than $1.6 trillion a year on hospital care — roughly one-third of all health spending — and a new paper from the nonprofit think tank Paragon Health Institute argues that government policy is the primary driver of why those costs keep climbing.
    • “The paper, “The Hospital Cost Crisis: How Government Policies Drive Consolidation, Undermine Competition, and Fuel Soaring Prices,” was authored by John Graham, a visiting fellow at Paragon with nearly three decades of health policy experience.” * * *
    • Click here to read the paper in full. FEHBlog note — The article includes ten highlights from the report.
  • and
    • “Johnson & Johnson will begin marketing four prescription drugs on the Trump administration’s TrumpRx website, according to an April 24 report from CBS News.
    • “The drugs include metformin, metformin extended release, Invokana and Xarelto. Pricing on the platform shows Invokana discounted 62% to about $225 from $598.56, Xarelto discounted 68% to about $197 from $611.82, and Invokamet XR — an extended-release combination of canagliflozin and metformin — discounted 62% to about $225 from $598.56, based on listed cash-pay prices.”
  • MedPage Today relates,
    • “Advocates for the LGBTQ+ community claimed a win this week after the Trump administration pledged to reinstate the 988 Suicide and Crisis Lifeline specialized support program tailored to their needs.
    • During a Senate hearing earlier [last] week, HHS Secretary Robert F. Kennedy Jr. was asked whether he would commit to restoring the tailored line for LGBTQ+ callers to 988, as required by law, after the Trump administration removed it last summer.
    • “We are working on getting it up now,” Kennedy said.
    • “While most 988 calls are routed to the nearest call center, callers who press 3 or text PRIDE were once connected to a centralized network of trained crisis counselors who have shared lived experiences or are trained to provide services to LGBTQ+ youth.
    • “Linking callers to local resources is usually best, since support outside of a phone call might be needed. However, for those in states where attacks on LGBTQ+ individuals are widespread, local resources may not be preferred, Hannah Wesolowski, chief advocacy officer for the National Alliance on Mental Illness, told MedPage Today.
  • The American Hospital Association News tells us,
    • “The AHA again is asking the Health Resources and Services Administration to take action after Eli Lilly warned hospitals that they could lose access to discounted drug prices unless they comply with new data submission requirements.
    • “The AHA said Eli Lilly recently issued a letter to hospitals participating in the 340B Drug Pricing Program threatening the “imminent loss” of discounted pricing if claims data are not submitted “without further delay.”
    • “The AHA for months has raised concerns with HRSA about these practices.
    • “Unfortunately, we are not aware of any action that HRSA has taken to address these unlawful drug company claims-data policies, even as more and more companies have announced policies similar to Lilly’s,” the AHA wrote. “HRSA’s inaction here stands in stark contrast to the speed with which it acted in 2024 when the drug companies announced their unlawful rebate policies.”

From the Food and Drug Administration front,

  • Health Exec reports,
    • “Multiple wound and burn gel products are being removed from where they are used or sold, after it was discovered that a packaging failure was leading to the sterile barrier being breached. Unfortunately, this has led to at least 14 serious injuries. 
    • “The manufacturer of the gels, Integra LifeSciences, issued a letter to distributors of the products,  branded as MediHoney and CVS Wound Gel. The products are sold in retail settings, but also may be found in patient care settings. 
    • “In a statement, the U.S. Food and Drug Administration (FDA) said it’s aware of the issue and provided the known details. The agency said it has determined that using wound gels with the defective packaging may “cause temporary or reversible health problems, or—though unlikely—serious health problems.”
    • “Despite the risk of severe infection and the recorded injuries, there are no known deaths associated with the recalled wound gels.” 
  • The American Hospital Association adds,
    • “The Food and Drug Administration has identified a nationwide recall. Arrow International is recommending dialysis catheter kits containing Merit Medical 16F Dual-Valved Splittable Sheath Introducers be taken out of use due to a design defect where the sheath introducer may not split as intended. In addition, the FDA issued an Early Alert for Omnicell i.v.STATION sterile labels. Omnicell recommends customers do not use affected labels. They should verify the accuracy of labels on filled products.”
  • Fierce Pharma tells us,
    • “AstraZeneca’s systemic lupus erythematosus (SLE) med Saphnelo may have earned a considerable convenience edge in the United States, courtesy of an FDA nod clearing the drug for self-administration via a once-weekly autoinjector. 
    • “As with the drug’s original SLE nod in 2021, the self-administration green light covers the use of Saphnelo on top of standard therapy, AZ said in an April 27 release. In its original formulation, Saphnelo, also known as anifrolumab, is given as an intravenous infusion. 
    • “The FDA signed off on the new administration route after reviewing data from the late-stage TULIP-SC study, in which subcutaneous dosing of Saphnelo triggered statistically significant and clinically meaningful disease activity reductions versus placebo, according to AZ.”
  • and
    • “Johnson & Johnson is bolstering the case for its approved schizophrenia med Caplyta to prevent relapses in the disease. 
    • “On Monday, the FDA approved J&J’s supplemental new drug application for the atypical antipsychotic to include long-term data on the med’s schizophrenia relapse-prevention capabilities.
    • “In a press release, J&J clarified that the “label update builds upon the existing clinical data and postmarketing experience across [Caplyta’s] approved uses.” 
    • “Relapses pose a significant challenge for schizophrenia patients and can disrupt stability, undermine functioning and often trigger episodes of psychosis, hallucinations and other symptoms that have the potential to disrupt daily life, according to J&J. On average, adults living with the condition experience nine relapse episodes within a six-year period, the company added.” 

From the public health and medical / Rx research front,

  • NBC News reports
    • “Deaths from rectal cancer are rising rapidly among younger adults, an alarming trend that is confounding scientists trying to understand why millennials are so hard-hit. 
    • “The rate of rectal cancer seems to be increasing more than two to three times compared to colon cancer,” said Mythili Menon Pathiyil, lead author of a new study and a gastroenterology fellow at SUNY Upstate Medical University in Syracuse, New York. 
    • “If the trend continues, rectal cancer deaths will exceed the number of colon cancer deaths — already the nation’s No. 1 cause of cancer death in people under age 50 — by 2035.”
    • “According to the American Cancer Society, 158,850 new colorectal cancers will be diagnosed in 2026. About 55,230 patients will die from the disease, with nearly a third of those deaths in people under age 65. Colon cancer and rectal cancer are similar but form in different parts of the digestive tract. 
    • “The new research, which hasn’t yet been published in a peer-reviewed journal, is scheduled to be presented at Digestive Disease Week, an annual meeting of gastroenterologists, in May. 
    • “The findings, however, strengthen an American Cancer Society study released in March showing that a rise in rectal cancer rates is driving increases in colorectal cancer diagnoses in people younger than age 65. Colorectal cancer rates have been increasing 3% each year for adults under age 50 since the late 1990s and scientists are scrambling to understand why.”
  • STAT News considers what happened to COVID?
    • “There is an ever-shrinking portion of the population that thinks it’s never been infected — the folks who call themselves Novids. Even among that population, many have all but certainly been exposed to the virus but had only asymptomatic infections.”
    • “This, many experts told STAT, explains why the threat from Covid has subsided.” * * *
    • “Most of the experts STAT consulted believe the virus either now qualifies as, or is on its way to becoming, just another one of the viruses that make people sick with cold or flu-like symptoms — with some caveats. For one, the risk remains high for some people — particularly older people, very young children, and people with medical conditions that weaken their immune systems. For another, cold and flu-like viruses trigger symptoms that range from sniffles and coughs to knock-you-off-your-feet illness. A bad case of flu can take a couple of weeks to recover from, even for a healthy person. Same with Covid.” * * *
    • “Marion Koopmans, scientific director of the Pandemic and Disaster Preparedness Center at Erasmus University in Rotterdam, the Netherlands, said at this point, annual boosting is probably not doing much for people who aren’t at high risk.
    • “What we really would need is data on what the effect is of boosting on variant specific responses AND protection from disease over increasing intervals between boosters. That data is virtually impossible to get,” she wrote in an email. (Pfizer recently announced it had halted a clinical trial the Food and Drug Administration asked it to conduct in healthy adults aged 50 to 64, because it couldn’t recruit enough volunteers.) 
    • “But for high-risk individuals, Covid boosters still offered protection against becoming sick enough to require hospitalization, the latest study in the Netherlands concluded, Koopmans said.”  
  • MedPage Today adds,
    • “Two multicenter trials [(PANORAMIC and CanTreatCOVID)] found no change in hospitalization and death rates when antiviral nirmatrelvir-ritonavir (Paxlovid) was given to COVID-19 patients already mostly vaccinated.” * * *
    • “Now, the PANORAMIC and CanTreatCOVID results reflect a COVID-19 landscape that’s shifted since the pandemic’s early period, said H. Clifford Lane, MD, former deputy director for clinical research and special projects at the National Institute of Allergy and Infectious Diseases (NIAID), and Anthony Fauci, MD, the former NIAID director.
    • “These new data indicate that the 89% relative risk reduction seen in the analysis of hospitalizations or death associated with the use of nirmatrelvir-ritonavir in the EPIC-HR trial does not apply to the current circumstances, in which most adults have varying degrees of preexisting immunity and the circulating variants are different,” Lane and Fauci wrote in an accompanying editorialopens in a new tab or window.
    • “That doesn’t mean nirmatrelvir-ritonavir’s therapeutic time has come and gone, they cautioned. PANORAMIC and CanTreatCOVID participants who took the combination drug saw enhanced recovery and faster viral load reductions, they noted, which points to both clinical efficacy and antiviral activity.”
  • Health Day tells us,
    • “The eyes are the windows not only to the soul, but also to a person’s health, a new study says.
    • Premature aging of the retina could be a red flag for major diseases like diabetes or heart disease, researchers recently reported in the journal Communications Medicine.
    • “They found that people had a higher risk of chronic disease if they had advanced aging of their retinas — the light-sensitive layer of cells that lines the back wall of the eye.”
  • Per a National Institutes of Health news release,
    • “A National Institutes of Health (NIH)-funded clinical study shows that a symptom-based treatment for babies with neonatal opioid withdrawal syndrome (NOWS) — a highly prevalent condition wherein opioid exposure during pregnancy leads to withdrawal after birth — could speed up their recovery.
    • “To treat babies with moderate to severe symptoms of NOWS, doctors often administer opioid medication, lowering the dose over time. Many doctors commonly use this scheduled dosing approach, however, the new study found that providing “as-needed” doses of opioid medications based on each baby’s signs of withdrawal helped them stop the medicine sooner and go home earlier.
    • “Scheduled opioid dosing, which includes a taper, is necessary for some infants with NOWS, however it may overtreat others,” said corresponding author Lori Devlin, D.O., a professor of pediatrics at the University of Louisville and Norton Children’s Neonatology. “The idea is that by matching treatment to disease severity, we can accelerate recovery and minimize exposure.”
  • Genetic Engineering and Biotechnology News informs us,
    • “A cellular-resolution molecular map details how Down syndrome alters human brain development before birth. The study analyzed more than 100,000 nuclei from human prenatal neocortex samples collected across 26 pre-genotyped donors during gestational weeks 13 to 23—the only window during which all the cortical neurons a person will carry for their entire life are generated. The findings suggest that Down syndrome disrupts the developmental sequence of that process, creating shifts that may help explain later differences in cognition, learning, and sensory processing.
    • “This work is published in Science in the paper, “A single-cell multiomic analysis identifies molecular and gene-regulatory mechanisms dysregulated in developing Down syndrome neocortex.
    • “There’s a new level of detail here that had never existed before,” said Luis de la Torre-Ubieta, PhD, an assistant professor of psychiatry and biobehavioral sciences at UCLA and a member of the Eli and Edythe Broad Center of Regenerative Medicine and Stem Cell Research. “For the first time, we can really try to understand systematically what’s going on in the developing brain of individuals with Down syndrome.”
  • STAT News points out,
    • “The drugmaker Erasca said Monday that its RAS-targeting pill shrank tumors in 40% of patients with advanced pancreatic cancer and 62% of patients with advanced non-small cell lung cancer, results that the company said exceeded its expectations. 
    • “The new data, collected from studies done in the U.S. and China, are still preliminary. However, Erasca said the clinical benefit and tolerability of its drug, called ERAS-0015, compared favorably to daraxonrasib, a similar RAS-targeting drug from Revolution Medicines that recently showed a doubling of overall survival in patients with advanced pancreatic cancer.
    • “I’m excited about both datasets, but I think lung is more definitive at this point. The pancreatic results are maturing, but are very, very promising,” Erasca CEO Jonathan Lim told STAT. “All options are on the table.” 
  • and
    • “An oral medicine for hair loss successfully spurred hair growth in a late-stage trial, startup Veradermics announced Monday.
    • “Veradermics assessed the pill in two ways: by how many hairs grew within a square centimeter of the scalp, on average, and by how satisfied participants were with the results. Over the course of six months, men who took the drug, known as VDPHL01, either once or twice daily had between 30 and 33 more hairs per square centimeter of scalp. Men in the placebo group grew approximately seven additional hairs.
    • “Between 79% and 86% of men taking VDPHL01 said they saw improvement, along with between 72% and 84% of the clinical trial investigators — results that pleased Reid Waldman, a dermatologist turned Veradermics’ chief executive.” 
  • BioPharma Dive adds,
    • “An experimental gene editing medicine from Intellia Therapeutics has succeeded in a Phase 3 trial, positioning the company to seek approval of what would be the first treatment of its kind for a rare disorder known as hereditary angioedema.
    • “When compared to a placebo, the therapy, “lonvo-z,” reduced the rate of the disease’s hallmark swelling attacks by 87% over the course of about six months, meeting the study’s primary objective. Lonvo-z also helped rid 62% of recipients of disease attacks or the need for other therapies during that follow-up period, versus 11% of placebo patients.
    • “Intellia said, without specifics, that lonvo-z had a “favorable” safety and tolerability profile. The most common treatment-emergent side effects were infusion-related reactions, headache and fatigue, and all reported by a Feb. 10 data cutoff were mild to moderate in degree. The company has begun a “rolling” U.S. approval submission and, assuming a clearance, intends to launch lonvo-z in the first half of 2027.” 

From the U.S. healthcare and artificial inteliigence front,

  • Beckers Payer Issues reports,
    • “Elevance Health has set aside $935 million to cover potential costs tied to its ongoing risk adjustment data dispute with CMS, which threatens the insurers’ ability to enroll new members into some of its Medicare Advantage plans.
    • “CFO Mark Kaye disclosed the charge during the company’s first quarter earnings call on April 22, saying the figure reflects Elevance’s current best estimate of what the issue could cost as it works toward a resolution with the government.
    • “[Elevance CEO Gail} Boudreaux also characterized the issue as a historical payment dispute rather than a current compliance concern.”
  • and
    • “CenterWell, Humana’s pharmacy branch, is collaborating with Mark Cuban’s Cost Plus Drug Co. for an employer-based program, according to an April 27 news release.
    • “CenterWell will use Cost Plus Drugs’ SwiftyRx, a digital pharmacy software-as-a-service solution, for medication order intake. The platform should enable CenterWell to offer home delivery pharmacy services for the insurer’s eligible workforce in the Humana Associate Benefit Plan.
    • “Along with SwiftyRx, the organizations will harness Cost Plus Drugs’ drug pricing and CenterWell’s distribution strategies. The collaboration aims to ease access and reduce patient cost through smoother onboarding, automated benefit checks, lowered costs to fill prescriptions and operational efficiency.” 
  • Healthcare Dive points out,
    • Nearly three-quarters of U.S. finance leaders rank healthcare among their companies’ five biggest operating expense concerns, consulting firm Mercer found in a recent survey.
    • “The research comes as the rapid rise of GLP-1 weight-loss medications — like Wegovy and Ozempic — is adding to volatility in employer health costs.
    • “The survey results make clear the far-reaching impacts of rising health benefit costs for individual organizations,” Susan Potter, president of Mercer U.S. & Canada, said in an emailed statement. “Only about one in four CFOs said that their organization was able to absorb the cost increases over the past two years without any business impacts, such as slower wage growth, reduced hiring, or higher prices.”
  • Fierce Healthcare relates,
    • “Insurers are putting a growing focus on specialty drugs covered under the medical benefit, and on re-evaluating the efficacy of traditional rebate models, according to a new report.
    • “The Pharmaceutical Strategies Group (PSG) on Monday released its annual Trends in Specialty Drug Benefits report, which offers a look at how payers are responding to rising costs for these products and striking a balance between cost management and access.
    • “PSG surveyed 228 benefits leaders representing employers, health plans and union coverage, and found that 43% ranked managing specialty drug costs as their top goal. By comparison, 37% said their No. 1 goal is to manage total cost of care, per the report.
    • “As more and more of these products come to market and existing drugs gain new indications, managing them across the pharmacy and medical benefits poses significant complexity, the report found. More payers listed this as a top challenge than access to integrated data or member affordability.”
  • The Wall Street Journal reports,
    • “Eli Lilly agreed to acquire Ajax Therapeutics for up to $2.3 billion to bolster its blood-cancer portfolio.
    • “Ajax Therapeutics is developing AJ1-11095, a Type II JAK2 inhibitor for myelofibrosis patients.
    • “Eli Lilly’s deal to buy Ajax adds to a recent spate of pharma acquisitions, including several by Lilly.”
  • and
    • [India’s] Sun Pharmaceutical Industries will acquire U.S.-listed Organon for $11.75 billion, becoming a top three global women’s health player.
    • Organon, a Merck spinoff, has over 70 products in women’s health and general medicines, commercialized across 140 countries.
    • Sun Pharma will fund the all-cash deal through internal cash and bank financing; the acquisition will make it a top seven global biosimilars player.
  • and
    • Ligand Pharmaceuticals LGND said it has reached a deal to acquire Xoma XOMA Royalty, a company that invests in a range of biotech firms, for around $740 million.
    • “Under the terms, Ligand will pay $39 a share in cash for Xoma, a 2.9% premium over the $37.90 closing price on Friday. The deal is expected to close in the third quarter.
    • “Both Ligand and Xoma are known as royalty aggregators for investing in drugs while they are in development and then, if they work out, collecting royalties from their sales.
    • “By absorbing Xoma, Ligand’s total portfolio would more than double in size to more than 200 drugs and experimental treatments, including a handful of medicines on the market and several in late-stage studies.”
  • MedTech Dive adds,
    • “Johnson & Johnson said Friday it has struck a deal to buy Atraverse Medical, an atrial fibrillation ablation device developer founded by the team behind Farapulse.
    • “Atraverse sells a radiofrequency guidewire used to create an atrial septal defect to treat AFib. The Food and Drug Administration cleared the Hotwire device for use in 2024.
    • “Hotwire competes with products including Boston Scientific’s ProTrack RF Anchor Wire, which Atraverse cited as the predicate product in its 510(k) submission.”
  • Beckers Health IT observes,
    • “For years, the conversation about AI in health systems centered on technology adoption: which tools to buy, which pilots to run, which workflows to automate. But as health systems move from isolated AI deployments toward enterprise-wide agentic platforms, the limiting factor is no longer the technology. It’s the people managing it.
    • “That was the central tension running through a panel of health system technology leaders at Becker’s 16th Annual Meeting in Chicago this spring. Across organizations ranging from a large rural integrated delivery network to an urban academic medical center to a national cancer system, the same challenge surfaced: operations leaders have not yet grasped that they are now managing a digital workforce — and the consequences of that gap are starting to show.
    • “The biggest barrier to us moving forward is really getting operations to understand that this fundamentally changes their role in the equation,” said Jeff Gautney, CIO of Rush University Medical Center in Chicago. “They are managing a digital workforce and they need to think that way as opposed to [thinking that] IT is monitoring this, IT is keeping an eye on it, IT is delivering this solution and I don’t really need to think any differently about it.”
  • MedCity News adds,
    • “There are plenty of AI startups on the market promising to bolster hospitals’ finances by increasing revenue. But that’s not the case for San Francisco-based Midstream Health.
    • “For most health systems, the key to unlocking dollars isn’t boosting revenue — it’s decreasing costs, said Venkat Mocherla, Midstream’s co-founder and president.
    • “Midstream, founded in 2023, uses AI to clean up and unify hospitals’ fragmented financial and operational data, which helps leaders spot savings opportunities and make smarter purchasing decisions, he explained. For instance, the platform could help surface insights that help a hospital capture missed rebates or avoid overpaying for supplies and devices.” * * *
    • T”he company’s platform is being used across health systems including Mount SinaiCommonSpirit and Houston Methodist. Midstream primarily makes money by taking a cut of the savings it generates, which Mocherla noted aligns the startup’s incentives directly with hospitals’ financial outcomes.”

Noteworthy Death

  • Cardiovascular Business reports,
    • “Pioneer cardiologist Eugene Braunwald, MD, often referred to as the “father of modern cardiology,” died April 22. He was 96 years old.
    • “Braunwald was born in Vienna, Austria, and immigrated to the United States as a child to flee Nazi persecution. He went on to hold leadership positions with the National Heart, Lung and Blood Institute; the University of California, San Diego; Brigham and Women’s Hospital and Harvard Medical School. He authored or co-authored more than 1,000 publications over the course of his career and helped shape medical education for many years as the longtime editor of Harrison’s Principles of Internal Medicine, a premier textbook for clinicians. 
    • “Braunwald was also a lifelong contributor to a variety of industry societies, including the American College of Cardiology (ACC)American Heart Association (AHA) and European Society of Cardiology (ESC). He earned the highest honors from all of these groups over the course of his career in medicine, and the AHA even started giving out the Eugene Braunwald Academic Mentorship Award annually in 1999.”
  • RIP