Cybersecurity Saturday

Generative AI

Cybersecurity Saturday

David ErmerCybersecurity, Generative AI

From the cybersecurity policy front,

  • Cybersecurity Dive tells us,
    • “An HHS agency revealed a new cybersecurity program Monday [May 20, 2024,] that aims to better safeguard hospitals as the healthcare sector faces increasing cyber threats that can derail patient care. 
    • “The initiative, which comes out of the Advanced Research Projects Agency for Health, will invest more than $50 million to build a software suite that could automatically scan model hospital environments for vulnerabilities that could be exploited by hackers and quickly develop and deploy fixes.
    • “The project seeks to help hospitals keep their vast array of internet-connected devices up to date, preventing attacks and subsequent technology outages that can last for weeks and threaten patient safety.”
  • American Hospital News adds,
    • “The Universal PatchinG and Remediation for Autonomous DEfense (UPGRADE) program will proactively evaluate potential vulnerabilities by probing for weaknesses in software. When it detects a threat, a patch could be automatically developed, tested and deployed with minimal interruption to hospital devices. 
    • “We applaud HHS’ recognition of the unique challenges and systemic nature of vulnerability management in health care,” said John Riggi, AHA’s national advisor for cybersecurity and risk. “The research which will be empowered through the ARPA-H funding will yield technical solutions which should be applied strategically to help secure the entire sector. It is clear, health care is a critical infrastructure sector, which must not be left to defend itself on its own through uncoordinated and uneven capabilities. Continuing ransomware attacks on the health care sector represent an urgent national security, public health and safety issue. The UPGRADE program is an innovative and welcomed ‘whole of nation’ approach, which will combine the expertise of the health care sector and government experts.” 
  • Cybersecurity Dive informs us,
    • Providers are still looking for clarification on whether they’ll have to report or notify patients about data breaches stemming from the cyberattack against Change Healthcare earlier this year.
    • In a letter sent to HHS Secretary Xavier Becerra Monday [May 20, 2024], more than 50 organizations — including the American Medical Association, the College of Healthcare Information Management Executives and the American Health Information Management Association— urged the federal government to publicly confirm that Change could manage data breach reporting and notification requirements, since the technology firm and major claims processor experienced the breach. 
    • UnitedHealth Group, Change’s parent company, has previously said it would handle reporting for customers whose data may have been exposed — which could be a huge swath of Americans.
  • Bloomberg Law reports,
    • “Companies working with the US government may be required to start protecting their data and technology from attacks by quantum computers as soon as July.
    • “The National Institute for Standards and Technology, part of the Department of Commerce, will in July stipulate three types of encryption algorithms the agency deems sufficient for protecting data from quantum computers, setting an internationally-recognized standard aimed at helping organizations manage evolving cybersecurity threats. 
    • “The rollout of the standards will kick off “the transition to the next generation of cryptography,” White House deputy national security adviser Anne Neuberger told Bloomberg in Cambridge, England on Tuesday [May 21, 2024]. Breaking encryption not only threatens “national security secrets” but also the way we secure the internet, online payments and bank transactions, she added.”
  • The National Institute of Standards and Technology (NIST), announced on May 20, 2024,

From the cyber vulnerabilities and breaches front,

  • Cybersecurity Dive notes yesterday,
    • “On the eve of Memorial Day weekend, threat researchers and incident response teams are quietly preparing for the risk of malicious activity when staffing is minimal and millions of workers will be on the road. 
    • “Critical industries have faced a series of threats from criminal ransomware gangs or nation-state actors for much of 2024, and the unofficial summer kickoff weekend is a prime opportunity for malicious attacks. 
    • “We see attacks and attempted intrusions every day,” Scott Algeier, executive director of the IT-ISAC, said via email.
    • “While there is no specific threat information pointing to a Memorial Day event, “attackers are also aware of the calendar and know that security teams tend to operate with reduced staffing on weekends and holidays,” Algeier said.
    • “While there is no specific threat information pointing to a Memorial Day event, “attackers are also aware of the calendar and know that security teams tend to operate with reduced staffing on weekends and holidays,” Algeier said.”
  • HHS’s Health Sector Cybersecurity Coordination Center (HC3) has issued its April 2024 cybersecurity vulnerability bulletin.
    • In April 2024, vulnerabilities to the health sector have been released that require attention. This includes the monthly Patch Tuesday vulnerabilities released by several vendors on the second Tuesday of each month, along with mitigation steps and patches. Vulnerabilities for April are from Palo Alto, Ivanti, Microsoft, Google/Android, Apple, Mozilla, Cisco, SAP, VMWare, Adobe, Fortinet, and Atlassian. A vulnerability is given the classification of a zero-day when it is actively exploited with no fix available, or if it is publicly disclosed. HC3 recommends patching all vulnerabilities, with special consideration given to the risk management posture of the organization.
  • HC3 also issued a useful PowerPoint presentation titled “Business Email Compromise (BEC) & Healthcare.”
  • The Cybersecurity Infrastructure Security Administration added the following new known exploited vulnerabilities to its catalog:
  • Dark Reading reports yesterday that “Google Discovers Fourth Zero-Day in Less Than a Month; The tech company has rolled out fixes for a type confusion vulnerability that has already been exploited by malicious actors.”
  • Cyberscoop adds
    • “An aggressive, nebulous ring of young cybercriminals linked to a string of recent high-profile breaches is made up of approximately 1,000 people, a senior FBI official said Friday. 
    • “In remarks Friday at the cybercrime-focused Sleuthcon conference, Bryan Vorndran, assistant director of the FBI’s Cyber Division, described the group best known as Scattered Spider as a “very, very large, expansive, disbursed group of individuals,” many of whom don’t know each other directly. 
    • “Scattered Spider emanates from an online community known as “the Com.” The group is also tracked by cybersecurity firms as “0ktapus” or UNC3944, and Vorndran’s remarks provide the best number yet for the total size of the hacking crew.  
    • “Scattered Spider has breached a who’s-who of big-name companies, including the casino giant MGM Resorts and the identity management company Okta. Made up of mostly native English speakers in the United States and the United Kingdom, Scattered Spider is classified as a top three cybersecurity threat, alongside China and Russia’s foreign intelligence agency, Vorndran said.” 

From the cybersecurity defenses front,

  • Modern Healthcare lets us know
    • A recent string of massive healthcare cybersecurity breaches has put data security leaders on edge. 
    • Health system cybersecurity executives are looking at their biggest points of weakness in the aftermath of large-scale breaches at St. Louis-based health system AscensionUnitedHealth Group’s Change Healthcare and Chicago-based Lurie Children’s Hospital
    • Recent incidents have shined a light on some of the most significant vulnerabilities at health systems. Here are four of the biggest, according to experts.. 
      • Lack of Shared Organizational Goals
      • Third party Vendor Risks
      • Multi-factor Authentication Misses
      • Slow Response Time
  • Similarly MedCity News points out,
    • “During a fireside chat at MedCity News’ INVEST conference, Nitin Natarajan — deputy director at the Cybersecurity and Infrastructure Security Agency (CISA) — shared some key ideas that people need to understand about the current state of cybersecurity in the healthcare industry. For instance, he reminded us that things won’t get better overnight, and that cybersecurity requires an all-hands-on deck approach.”


 

Tuesday Tidbits

David ErmerCDC, CMS, Congress, FDA, Generative AI, Obesity, Rx coverage, Telehealth, U.S. Healthcare
Photo by Patrick Fore on Unsplash

From Washington, DC

  • MedPage Today tells us,
    • Senators and experts on Tuesday examined the range of tools that brand-name drug manufacturers have used to keep generic and biosimilar competition at bay — from patent thickets and product hopping to “pay-for-delay” settlements — and wrestled with how to prevent such abuses.
    • “Too often the prices charged by Big Pharma do not reflect a scientific advancement,” argued Sen. Dick Durbin (D-Ill.), during a Tuesday hearing of the Senate Committee on the Judiciary. “Rather, they’re the result of skilled lawyers manipulating the patent system and skirting our nation’s competition laws.”
  • The Department of Health and Human Services announced,
    • “The Biden-Harris Administration is committed to lowering health care costs, promoting innovation, and making sure that taxpayer investments result in advancements in biomedical research that are accessible to everyone across the country.
    • “Today, the National Institutes of Health (NIH) issued a first of its kind draft policy proposal to promote equitable access to products stemming from NIH-owned inventions. By requiring organizations partnering with the NIH through patent license agreements to outline detailed plans for patient access to drugs, biologics, vaccines, or devices developed from NIH-owned inventions, we are accelerating how breakthroughs in medical research originating from the NIH’s Intramural Research Program can translate into affordable and sustainable solutions for patients across the country. NIH has released a request for information and welcomes public input to inform this new policy.”
  • The American Hospital News informs us,
    • “The Centers for Medicare & Medicaid Services May 21 announced that individuals now have the option to file an Emergency Medical Treatment and Labor Act complaint directly with the agency, in addition to the traditional process of contacting state survey agencies. The new form is the latest in a series of new resources from CMS to help educate the public about EMTALA.” 

From the public health and medical research front,

  • Beckers Hospital Review points out,
    • “The CDC is asking health officials in all 50 states to continue monitoring the prevalence of influenza as H5N1 bird flu infections among poultry and livestock increase and have begun to prompt concern over the possibility of human-to-human transmission, according to a news release shared with Becker’s.”The CDC is asking health officials in all 50 states to continue monitoring the prevalence of influenza as H5N1 bird flu infections among poultry and livestock increase and have begun to prompt concern over the possibility of human-to-human transmission, according to a news release shared with Becker’s.
    • “As of May 21, there has only been one confirmed human infection of the current H5N1 outbreak in a dairy farm employee in Texas, but no evidence of human-to-human transmission.”
  • KFF adds a report titled “Who is at Risk Amid the H5N1 Influenza Outbreak? Characteristics and Health Coverage of Animal Production Workers.”
  • The Blue Cross Blue Shield Association lets us know,
    • “Despite the explosion in demand for weight loss drugs known as GLP-1s, 58% of patients discontinue use before reaching a clinically meaningful health benefit. This is the key finding from new researchreleased by the Blue Cross Blue Shield Association (BCBSA) and conducted by Blue Health Intelligence® (BHI) based on data from nearly 170,000 commercial health plan members since the first FDA approval for a weight-loss GLP-1 in 2014.  
    • “When patients take medication, we want it to be safe and effective,” said Razia Hashmi MD, MPH, FAAFP, vice president of Clinical Affairs at BCBSA. “This study shows most people are unlikely to see lasting benefits.  Unfortunately, weight loss isn’t as simple as filling a prescription.”
    • “In the largest study using commercial data to date on this topic, BHI’s assessment also found that 30% of patients discontinued use of the medications within the first month. 
    • “This study underscores how much more we have to learn about these medications,” said Kim Keck, president and CEO of BCBSA. “The science behind these drugs is moving faster than our ability to truly understand which patients will benefit, how to sustain their success and how to pay for them. If we don’t get it right, we will drive up costs for everyone with little to show for it.” 
  • STAT News reports,
    • “Hundreds of genetic variants can nudge someone’s risk of breast cancer up or down or towards a particular subtype. The studies identifying those gene variants, though, have largely involved people with European ancestry and thus give a less accurate picture of breast cancer risk for people who are not white.
    • “That’s beginning to change. Last week, researchers published a genome-wide association study on breast cancer in roughly 40,000 people of African descent in Nature Genetics, marking a leap forward in scientists’ knowledge of breast cancer genetics in people of African ancestry.
    • “Before we started this study in 2016, there were just several thousand cases for Black Americans. It was a very small number,” said Wei Zheng, the study’s senior investigator and a cancer epidemiologist at Vanderbilt University. This study combined data from dozens of other studies and included genetic data for thousands of new participants, making it the largest combined breast cancer genetics study done with people with African ancestry.
    • “Specifically, the study compiled data from about 30 different studies investigating breast cancer in African or African American people. About 18,000 of them had breast cancer, while the other 22,000 were healthy controls, and investigators were able to scour their genetic data for specific variations that seemed closely related to breast cancer. The statistical power that comes with such numbers enabled the team to make two key advances.
    • “First, the team found 12 loci, or locations in the genome, that showed a significant association with breast cancer. Of those, the team identified variants of three genes that appear to increase the risk of triple negative breast cancer, one of the most aggressive subtypes. Since everyone has two copies or alleles of each gene, that means someone could have anywhere between one and six risk-related alleles of these three genes. Those who had all six risk-related alleles had roughly double the chance of getting triple negative breast cancer than those who only had three. * * *
    • “The other advance came when the researchers used the data to build a breast cancer risk prediction model for people with African ancestry. Such models take into account hundreds of different genetic variants that can slightly push breast cancer risk up, adding them all up into a polygenic risk score.”
  • The Wall Street Journal relates,
    • GSK’s experimental drug for asthma met its goals in the latest trial, moving a treatment with potential annual peak sales of more than 3 billion pounds ($3.81 billion) closer to market.
    • The British pharmaceutical company’s depemokimab drug reduced asthma attacks in late-stage trials for patients with severe eosinophilic asthma, a form of the disease caused by high levels of white blood cells, GSK said Tuesday.
    • Depemokimab could be the first approved drug to allow a long-term dosing interval, requiring only two injections a year. This would benefit patients exposed to multiple therapies, the company said.
    • GSK plans to submit the drug for approval for severe asthma in the U.S. in the second half of the year.
  • Per MedTech Dive,
    • “The Food and Drug Administration is seeking examples of artificial intelligence and machine learning models that can identify and predict freezing of gait events related to Parkinson’s disease. 
    • “Freezing of gait is a temporary loss of forward movement while walking. These episodes affect people’s quality of life and daily activities, but they can be difficult to measure because they often happen when patients are outside of a clinic or hospital setting. 
    • “By testing these models against its own data, the FDA hopes to better understand the ability of these technologies to provide digitally derived endpoints that could help with early disease detection and prevention or support treatment and care in the home.” 
  • From the U.S. healthcare business front,
  • Milliman tells us, “In 2024, the cost of healthcare for a hypothetical American family of four in a typical employer-sponsored health plan is $32,066, according to the Milliman Medical Index (MMI).”
  • The Wall Street Journal reports,
    • “National drugstore chains, once resistant to the retail apocalypse that swept across the U.S., are finally succumbing to competition from online shopping and discount stores.
    • “About 3,000 fewer drugstores were open for business at the start of this year compared with the same period in 2019, according to analytics company RetailStat, which tracks 15 pharmacy chains. 
    • CVS HealthWalgreens and Rite Aid have each closed hundreds of stores since the onset of the pandemic. Online shopping has been growing and offers customers a more convenient way to buy household staples. 
    • “Competition has also increased from discount retailers such as Walmart, grocers such as Aldi, and dollar stores, which all sell many of the same items at lower prices. The spread of beauty stores such as Sephora further siphoned customers from drugstore aisles. 
    • “Everybody’s gone after a component of their business,” said Henry Fonvielle, president of the real-estate company Rappaport.”
  • STAT News notes that “Reports of telehealth’s death have been greatly exaggerated.”
    • “Virtual care isn’t in trouble. What is in trouble are the aftermarket telehealth solutions that largely function as a virtual extension of our siloed, fragmented health care system. This specific application of virtual care, which we call Telehealth 1.0, has consistently failed to bring meaningful value to patients, clinicians, and purchasers.
    • “In that sense, its collapse is a welcome development. It’s a sign that the market discerns where the real value lies in virtual care, and it validates the evolution from transactional, one-off care to more sophisticated virtual-first models.”
  • Per Healthcare Dive,
    • “UnitedHealth-owned Optum Rx, one of the biggest pharmacy benefit managers in the U.S., is launching a new drug pricing model next year meant to make payers’ spending on pharmaceuticals more predictable.
    • “The model, called Clear Trend Guarantee, combines costs that used to be separated out, including retail pharmacy, home delivery, specialty drug and rebates, into one single per-member price, according to a Monday release.
    • “Clear Trend is value-based, meaning Optum Rx will share in any savings tied to patient outcomes created in the model.”
  • Per Fierce Healthcare,
    • “The Purchaser Business Group on Health has unveiled a new purchasing agreement that aims to improve maternal health.”The Purchaser Business Group on Health has unveiled a new purchasing agreement that aims to improve maternal health.
    • “Benefits experts at retail giant Walmart and technology company Qualcomm led the initiative as co-chairs, with the goal of establishing “a collective commitment among employers and public purchasers of healthcare” to address maternal health and birth equity, according to an announcement from PBGH.
    • “The agreement centers on five key principles: deploying evidence-based, coordinated models to ensure high-quality care; ensuring timely access; promoting equitable care built on cultural humility; transparency and accountability; and value-based care.
    • “It also establishes a consensus for employers and public healthcare purchasers as to what high-quality and high-value maternity care is and outlines expectations for both insurers and providers to follow to meet that bar.”
  • Per BioPharma Dive,
    • “A decade ago, as British drugmaker AstraZeneca fought off a hostile takeover bid by Pfizer, CEO Pascal Soriot made a big promise: The company, he said, would boost sales by nearly three-quarters to reach $45 billion by 2023.”A decade ago, as British drugmaker AstraZeneca fought off a hostile takeover bid by Pfizer, CEO Pascal Soriot made a big promise: The company, he said, would boost sales by nearly three-quarters to reach $45 billion by 2023.
    • “With that goal now successfully met, Soriot on Tuesday announced a plan to push the company even higher, setting a target of $80 billion in annual sales by 2030. A slate of new medicines in metabolic and autoimmune disease headline the plan, which also involves sustaining existing businesses in respiratory disorders and cancer.
  • Beckers Hospital Review calls attention to “Fortune and PINC AI’s “15 Top Health Systems” list released May 21.”
  • McKinsey & Company discusses what’s new in consumer wellness trends.

Monday Roundup

David ErmerCongress, FDA, Generative AI, Obesity, OPM, U.S. Healthcare
Photo by Sven Read on Unsplash

From Washington, DC,

  • Healthcare Dive reports,
    • “The Senate Finance Committee is considering policies to create more stability in Medicare payments for doctors, an update cheered by physician groups that have long lobbied for reforming how the insurance program reimburses clinicians.
    • “Committee Chair Ron Wyden, D-Ore., and Ranking Member Mike Crapo, R-Idaho, released the white paper on Friday proposing Medicare adjust payments to account for inflation, a key goal for physicians that argue government reimbursement hasn’t kept pace with rising costs.
    • “The Senate Finance Committee is also interested in exploring ways to use incentives to increase provider participation in alternative payment models, and potential changes to Medicare’s budget neutrality requirements, which require the CMS to cut payment to certain specialties to raise it for others.”
  • Fedweek tells us
    • The Senate Homeland Security and Governmental Affairs Committee has passed:
      • S-4035, to require that when FEHB enrollees seek to add a family member to their coverage based on a qualifying life event that the event has occurred and that the individual is eligible for coverage; require the OPM to consider coverage of ineligible individuals when conducting FEHB fraud risk assessments; require a comprehensive audit be conducted of family members currently enrolled; and require OPM to disenroll any ineligible individual found to be receiving FEHB coverage.
  • STAT News lets us know,
    • “Executives from the three major pharmacy benefit manager companies have been invited to testify before the House Committee on Oversight and Accountability next month, four sources familiar with the planning told STAT.
    • “Executives from Optum, CVS Caremark, and Express Scripts, owned by Cigna, were asked to testify before the panel on June 4. * * *
    • “Lawmakers are next eyeing action in December, when a number of health care programs and authorities are expiring.
    • “Ipsita Smolinski, founder and managing director of the consulting firm Capitol Street, said she believes some PBM reforms will pass in December, but not ones that are detrimental to the industry’s business model.
    • “They are largely Medicare and Medicaid, and provide minimal system savings,” she said.”
  • The U.S. Office of Personnel Management announced,
    • “Today, the U.S. Office of Personnel Management (OPM) highlights key actions taken to recruit, hire, and train AI and AI-related talent into the federal government. OPM’s efforts support the AI in Government Act of 2020 and President Biden’s landmark Executive Order on Safe, Secure, and Trustworthy AI.   
    • “Recruiting AI talent ensures the federal government can use the latest technology to tackle global challenges, improve government services, and better support the American public,” said OPM Acting Director Rob Shriver. “As a strategic partner to federal agencies, OPM has taken a number of actions that will set agencies up to compete for top talent in this critical field now and in the future.” 

From the public health and medical research front,

  • The Washington Post and Consumer Reports tell us about “Heart checkups you should have and those you can probably skip.”
  • Per MedTech Dive,
    • “Physician enthusiasm for new pulsed field ablation systems suggests the treatment will be rapidly adopted, to the benefit of device makers bringing the products to market, said analysts who attended the Heart Rhythm Society’s (HRS) annual meeting over the weekend.
    • “Talk about pulsed field ablation (PFA), a catheter-based cardiac ablation technique to treat atrial fibrillation (AFib), dominated the meeting in Boston.
    • “The amount of data and discussions on pulsed field ablation (PFA) was almost overwhelming, with late-breaking data presentations packed by physicians,” Citi Research analyst Joanne Wuensch said in a report to clients Sunday. * * *
    • “PFA is seen as a potentially safer alternative to traditional radiofrequency and cryoablation to treat AFib, the most common form of irregular heart rhythm. Shorter operating times are viewed as another advantage.
    • “Antiarrhythmic drugs are currently recommended as the first treatment for AFib but are associated with adverse events, according to the HRS. PFA differs from thermal ablation to disable cardiac cells by using electricity instead of heat or extreme cold.”
  • Medscape discusses how artificial intelligence fits into clinical practice.
  • MedPage Today informs us,
    • “The FDA approved the first interchangeable biosimilars to aflibercept (Eylea) to treat macular degeneration, according to an announcementopens in a new tab or window from the agency.
    • “As interchangeable biosimilars, aflibercept-jbvf (Yesafili) and aflibercept-yszy (Opuviz) have the same approved indications as the reference product: diabetic macular edema, diabetic retinopathy, macular edema following retinal vein occlusion, and neovascular age-related macular degeneration (AMD). Like reference aflibercept, the two biosimilars are administered via intravitreal injection.
    • “The FDA pointed out in the announcement that a biosimilar “has no clinically meaningful differences” from the reference product, which means that patients “can expect the same safety and effectiveness from the biosimilar as they would the reference product.” Interchangeability means that the biosimilar met other requirements and may be substituted for the reference product without consulting the prescriber.”

From the U.S. healthcare business front,

  • STAT News relates,
    • “Americans, especially Medicare beneficiaries, are getting more medical care these days. Demand from aging Baby Boomers is keeping people in doctor’s offices, and health care providers are continuing to build capacity post-Covid.
    • “Those trends — the same ones that tanked health insurance stocks a few weeks ago — made a strong mark on nonprofit health systems’ first quarter financial reports. STAT took a look at 20 large nonprofit health systems and found that all but four reported higher operating and net margins in the first three months of 2024 compared with the same period in 2023. Hospitals are seeing more patients and cutting down on the expensive contract labor they relied on during the Covid-19 pandemic. And they’re seeing strong investment gains on the non-operating side.”
  • The Wall Street Journal reports,
    • Hims & Hers Health shares soared after the company said it would add injectable weight-loss drugs to its platform, granting access to the popular treatments to its telehealth patients.
    • “The company on Monday said it now offers access to GLP-1 injections in addition to its oral weight-loss treatments, giving users a broader option to choose from. It will be providing a compounded form of the injections that use the same active ingredients as the popular drugs Ozempic and Wegovy, which are facing shortages that are limiting access for some patients.
    • “The price for compounded GLP-1 injections will start at $199 a month. Its oral medication offering starts at $79 a month. Both are not available in all states.
    • “Hims & Hers said it plans to make branded GLP-1 options available to customers once consistent supply is available through the pharmacies’ wholesaler.”
  • Per Healthcare Dive,
    • “Steward offered specifics on how it intends to auction off its assets in motions filed in bankruptcy court last week, including a timeline for selling its hospitals and physician group as well as contingency plans, including possible closures, if the assets fail to lure qualified bidders.
    • “The physician-owned healthcare network, which filed for Chapter 11 bankruptcy earlier this month, operates 31 hospitals and a physician group, Stewardship Health, in Massachusetts, Arizona, Ohio, Pennsylvania, Arkansas, Louisiana, Texas and Florida. 
    • “All of its assets are up for sale — and Steward is looking to sell quickly, according to the filings.
    • “Steward says it is in advanced discussions with Optum and hopes to finalize an agreement in the near-term for the company to serve as the stalking horse bidder for its physician group, Stewardship Health — the initial bid that sets the floor price during auction.” 
  • NBC News notes,
    • “Many of the ADHD medication shortages that have plagued the U.S. for the last two years have now been resolved, the Food and Drug Administration says. Yet some doctors and patients report they are still struggling to get prescriptions filled.
    • “Dr. Royce Lee, a psychiatrist at the University of Chicago Medicine, said supply has gotten better but it’s still an issue for about a third of the patients he writes prescriptions for. This often means he still has to call around to pharmacies to see if they have the medications in stock, switch patients to different drugs, and deal with insurance companies to confirm coverage.
    • “I do see signs of the shortages easing up,” Lee said. “But there are still enough shortages that every day we’re having to put in a little bit of work for prescriptions that need to be changed or hunted down.”
    • “I think a lot of people are still not getting their treatments,” he added.”

Friday Factoids

David ErmerCDC, Congress, FDA, Generative AI, Medical / Rx research, Rx coverage, U.S. Healthcare
Photo by Sincerely Media on Unsplash

From Washington, DC

  • Govexec tells us,
    • “The Office of Personnel Management on Thursday introduced a new form of paid leave designed for federal workers to use in connection with instances of domestic violence or other sexual or relationship-based trauma.
    • “In a memo to agency heads, acting OPM Director Rob Shriver said that although the federal government’s paid leave system “was not constructed with concepts of safe leave in mind,” the Biden administration is committed to protecting feds who have undergone relationship-based trauma and their families. * * *
    • “According to a new fact sheet on OPM’s website, the new safe leave will fall into a series of pre-existing leave categories, depending on what the federal employee intends to do while on leave.”
  • The Census Bureau announced,
    • “While the nation’s fastest-growing cities continue to be in Sun Belt states, new population estimates show that some of the top gainers are now on the outskirts of metropolitan areas or in rural areas.
    • “Today’s release of U.S. Census Bureau July 1, 2023, population estimates for cities and towns reveals geographic shifts in population growth compared to pre-pandemic July 1, 2019, estimates.
    • “The estimates also show that, on average, many small and midsize U.S. cities with populations under 50,000 saw relatively higher growth rates in 2023 than in 2019 before the pandemic hit while large cities generally grew at slower rates.
    • “Overall, the most populous cities continued to return to pre-pandemic trends thanks to increased growth rates and smaller population declines.”

From the public health and medical research front,

  • The Centers for Disease Control lets us know today,
    • “The amount of respiratory illness (fever plus cough or sore throat) causing people to seek healthcare is low nationally. This week, no jurisdictions experienced moderate, high, or very high activity.
    • “Nationally, emergency department visits with diagnosed COVID-19, influenza, and RSV are at low levels.
    • “Nationally, influenza test positivity decreased and RSV and COVID-19 test positivity remained stable at low levels compared to the previous week.
    • “Nationally, the COVID-19 wastewater viral activity level, which reflects both symptomatic and asymptomatic infections, is minimal.”
  • CNN reports,
    • “Laboratory tests by the US Department of Agriculture haven’t found any H5N1 bird flu virus in raw beef, but they are a good reminder why eating rare hamburgers can be risky.”Laboratory tests by the US Department of Agriculture haven’t found any H5N1 bird flu virus in raw beef, but they are a good reminder why eating rare hamburgers can be risky.
    • “As part of a suite of tests conducted to check safe food handling advice after the detection of H5N1 bird flu virus in dairy cattle, the USDA recently mixed a substitute virus into ground beef and then cooked patties at varying times and temperatures.
    • “Researchers found none of the virus in hamburgers cooked to 145 degrees, roughly the temperature of a medium burger, or well-done burgers cooked to 160 degrees. They did, however, find some live virus in patties cooked to 120 degrees or rare, although the virus was present “at much, much reduced levels,” said Eric Deeble, acting senior adviser for highly pathogenic avian influenza at the USDA.
    • “Whether that small amount of virus could make someone sick is still an unknown.
    • “The USDA already advises consumers to cook ground beef to an internal temperature of 160 degrees, as measured with a food thermometer, to avoid infections from bacteria such as salmonella and E. coli, he noted.
    • “I don’t think that anybody needs to change any of the safe food handling or safe cooking practices that are already recommended,” Deeble said.”
  • BioPharma Dive lets us know,
    • “New data from two late-stage studies of an experimental Bayer drug show it reduced the frequency and severity of common symptoms of menopause, supporting the company’s case for seeking regulatory approval.
    • “The results were disclosed by Bayer Thursday and will be presented at this year’s annual meeting of the American College of Obstetricians and Gynecologists in San Francisco.
    • “Bayer shared the trials’ success in January, but didn’t reveal specific findings. The company also announced positive results from a third Phase 3 study in March, when it confirmed plans to file for marketing authorization of the drug.
    • “Known as elinzanetant, Bayer’s drug would, if approved, compete with a medicine from Astellas called Veozah, which is approved in the U.S. to treat moderate-to-severe vasomotor symptoms caused by menopause.”
  • The New York Times reports,
    • “When a patient with a severe traumatic brain injury is comatose, in intensive care, unresponsive and hooked up to a ventilator, but not brain-dead, when is the time to withdraw life support? A small study on the fates of people in such situations suggests that doctors and patients’ families may make better decisions if they wait even a few days longer than usual.
    • “Often, a doctor sits down with family members within 72 hours of the patient’s admission to intensive care to discuss the patient’s prognosis, and whether they want to keep their loved one alive, or to remove life support.
    • “Experts say that many doctors would describe the outlook as grim — most likely death or severe disability. Reported outcomes of patients who had severe traumatic brain injuries show that most times the decision is to remove life support. The patient dies.
    • “The researchers behind the new study say that their limited data suggests that doctors’ predictions so soon after the injury frequently are wrong.
    • The study, published Monday in Journal of Neurotrauma, used a national database that included 1,392 traumatic brain injury patients.”
  • The Wall Street Journal points out that “A ‘Digital Twin’ of Your Heart Lets Doctors Test Treatments Before Surgery. Researchers create digital replicas of individual patients’ organs using data from exams and wearable devices: ‘You can run an infinite number of experiments’.”
    • “Kristin Myers, a mechanical engineering professor at New York’s Columbia University, is making digital copies of women’s uteruses and cervixes, hoping this can help in determining how a pregnancy will go. To do this, Myers uses an ultrasound to create 3-D computational models as part of an effort to someday solve the problem of preterm births. 
    • “The idea of digital twins in health is new,” she says. “We can offer better diagnoses. You can run an infinite number of experiments.”  
    • “At the National Cancer Institute, Emily Greenspan, a program director in the informatics and data science program, envisions a novel way to treat oncology patients. Instead of trying a drug and hoping it works, doctors would create a digital twin of the patient to predict how the disease would respond to a certain drug. 
    • “The institute has been working on creating virtual twins for best treatments of lung cancer, for instance. In the next five years the technology will likely become part of clinical decision-making, Greenspan says. 
    • “Predicting the best treatments and screening, these are blue-sky visions,” she said. “There is a lot of foundational research that’s needed.”
  • Amazing.

From the U.S. healthcare business front,

  • Beckers Payer Issues informs us,
    • “Employer adoption of ICHRAs is up 29% since 2023, according to a May 16 report from the HRA Council.
    • “ICHRAs, or individual coverage health reimbursement arrangements, allow employers to offer a defined tax-advantaged contribution used to reimburse premiums for an individual health plan purchased by an employee on their state’s ACA exchange.
    • Key numbers:
      • “1. ICHRA adoption grew 29% year over year between 2023 and 2024.
      • “2. ICHRAs grew 84% among employers with 50 or more employees.
      • “3. Among employers surveyed, 83% were not able to offer health benefits until they offered an ICHRA or Qualifying Small Employer HRA. 17% of employers switched from traditional group coverage.
      • “4. The number of employees offered a defined contribution health benefit now exceeds 200,000, which does not include dependents — some estimates have said more than 500,000 people are enrolled.”
  • Per Fierce Healthcare,
    • “For women who experience musculoskeletal (MSK) and pelvic health issues, the decline in estrogen during menopause can not only worsen existing symptoms but also trigger new joint, muscle and pelvic health issues.
    • “Research shows 71% of women who go through menopause experience joint and muscle pain.
    • “Digital health company Hinge Health expanded its movement- and behavior-based care to help women alleviate common menopause symptoms such as hot flashes, joint and muscle pain and pelvic floor disorders.             
    • “As part of the new movement-based menopause support offering, a physical therapist-led care team provides individuals with personalized exercise therapy and behavior-based lifestyle modifications. The aim is to alleviate joint and muscle pain, maintain muscle mass and bone density, and address vasomotor symptoms like hot flashes and mood swings, according to the company.
    • “Regular physical activity can reduce the frequency and severity of some disruptive symptoms that occur with menopause,” said Tamara Grisales, M.D., an urogynecologist at Hinge Health. “Exercise-focused programs complement traditional treatments like Hormone Replacement Therapy, providing a holistic approach to managing menopause.”
  • Beckers Hospital Review notes,
    • “Walgreens will sell a low-cost, over-the-counter version of the opioid overdose antidote naloxone, the company said May 15. 
    • “The Walgreens-brand nasal spray medication will retail for $34.99, a lower price than other branded versions of the drug (Narcan) sold by the retailer. The naloxone spray is currently available online and will hit store shelves nationwide by the end of the month.”

Cybersecurity Saturday

David ErmerCybersecurity, Generative AI

From the cybersecurity policy front,

  • Cybersecurity Dive reports,
    • “The Biden administration plans to pursue a liability framework to hold the software industry accountable for insecure software, according to administration officials and documents released by the Office of the National Cyber Director this week. 
    • “Federal officials said they have taken steps toward a long-stated goal of shifting the security burden away from technology users and onto the industry. 
    • “The administration wants to pursue a plan to create incentives that will help enable long-term investment in cybersecurity and resilience, Nick Leiserson, assistant national cyber director for cyber policy and programs, said during a panel Monday [May 6] at the RSA Conference in San Francisco.
    • “Leiserson cautioned the objective was not to create a liability framework for the purposes of opening up the software industry to lawsuits.
    • “That’s not the point,” Leiserson said during the panel discussion. “The point is to secure investments in secure software development.”
  • and
    • “The Biden administration plans to launch aggressive actions to enhance cyber resilience across key critical infrastructure sectors, including the healthcare and water sectors, which were the targets of significant threat activity in recent months, according to a report released Tuesday by the Office of the National Cyber Director.
    • “The U.S. wants to speed the flow of intelligence sharing and facilitate closer cooperation with the private sector. The administration also plans to enhance its ability to proactively disrupt threat activity and take down malicious actors. 
    • “We are in the midst of a fundamental transformation in our nation’s cybersecurity,” National Cyber Director Harry Coker Jr., said in a statement. “We have made progress in realizing an affirmative vision for a safe, prosperous and equitable digital future, but the threats we face remain daunting.”
  • In that regard, Govinfosecurity adds,
    • “As the Department of Health and Human Services works on a proposed update to the HIPAA Security Rule this year, regulators are also ratcheting up enforcement efforts – including resuming long-dormant HITECH Act HIPAA audits, said Melanie Fontes Rainer, director of HHS’ Office for Civil Rights. * * *
    • “HHS OCR plans by the end of the year to publish a proposed update to the HIPAA Security Rule to better reflect the evolution of technology and healthcare delivery that’s occurred over the last two decades since the regulations were first issued, she said.
    • “The beauty of the HIPAA Security Rule is that it’s 20 years old – it is technology-neutral, and it’s scalable. So we’re still able to use it and enforce the law vigorously,” she said in a video interview with Information Security Media Group. 
    • “But at the same time, “the downside of the HIPAA Security Rule is that it’s 20 years old and doesn’t reflect how we receive healthcare today,” she adds. “That’s why we’re taking a look at it to make sure we’re building into it practices – like end-to-end encryption – and things like that.”
  • Cyberscoop reports,
    • The U.S. and British governments on Tuesday [May 7] identified Dmitry Yuryevich Khoroshev as the leader, developer and administrator of the LockBit ransomware operation, one of the most prolific and profitable cybercriminal syndicates in recent years.
    • Khoroshev, a Russian national, has been LockBit’s main administrator and developer since at least September 2019 continuing through the present, U.S. federal prosecutors said in an indictment unsealed Tuesday. Since its inception, LockBit has been used in attacks against more than 2,500 targets in at least 120 countries, leading to at least $500 million in ransom payments to Khoroshev and his affiliates and “billions of dollars in broader losses, such as revenue, incident response, and recovery,” the Department of Justice said in a statement.
  • Dark Reading points out that at the RSA Conference “CISA courted the private sector to get behind CIRCIA Reporting Rules. New regulations will require the private sector to turn over incident data to CISA within three days or face enforcement. Here’s how the agency is presenting this as a benefit to the entire private sector.”

From the cyber breaches and vulnerabilities front,

  • Cyberscoop reports,
    • Ascension, a health care system with 140 hospitals in 19 states and Washington, D.C., and tens of thousands of employees and affiliated providers, detected a “cyber security event” Wednesday [May 8] that has caused a “disruption to clinical operations,” the company said
    • Major impacts to medical services have been reported in multiple states, including KansasFlorida and Michigan, including some patients being diverted to other hospitals and lack of access to digital records.
    • “We have to write everything on paper,” one physician in Michigan told the Detroit Free Press. “It’s like the 1980s or 1990s.”
  • Dark Reading adds,
    • “The provider has temporarily paused non-emergency medical procedures and appointments, and some hospitals are diverting emergency medical services. Patients were advised to bring relevant medical information to appointments due to system limitations.
    • “We are actively supporting our ministries as they continue to provide safe, patient care with established downtime protocols and procedures,” a company statement said. “It is expected that we will be utilizing downtime procedures for some time.”
    • “The organization has tapped incident response help from Mandiant for investigation and remediation efforts. It is unknown if any patient data was exposed in the attack.
    • “We are working to fully investigate what information, if any, may have been affected by the situation,” Ascension said. “Should we determine that any sensitive information was affected, we will notify and support those individuals in accordance with all relevant regulatory and legal guidelines.”
  • Cybersecurity Dive tells us,
    • “The FBI and Cybersecurity and Infrastructure Security Agency urged software companies to eliminate directory traversal vulnerabilities from their products, citing a rise in attacks against critical industries, including hospitals and school operations, in a secure by design alert released Thursday
    • “The agencies are seeking industry action following two recent campaigns where threat groups engaged in extensive exploitation activity. The agencies referenced a path traversal vulnerability in ConnectWise ScreenConnect, listed as CVE-2024-1708, and a vulnerability in the file upload functionality of Cisco AppDynamics Controller, listed as CVE-2024-20345.
    • “In total, directory traversal or path traversal vulnerabilities were identified in 55 different cases listed on CISA’s Known Exploited Vulnerabilities catalog, according to the alert.”

From the ransomware front,

  • American Hospital Association News informs us,
    • “The Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency, Department of Health and Human Services, and Multi-State Information Sharing and Analysis Center May 10 releasedjoint cybersecurity advisory to provide information on Black Basta, a ransomware variant whose actors have encrypted and stolen data from at least 12 out of 16 critical infrastructure sectors, including the health care and public health sector.”
  • Bleeping Computer’s The Week in Ransomware is back this week.

From the cybersecurity defenses front,

  • Cybersecurity Dive calls attention to the fact that “Officials see a real change in Microsoft’s security plans: financial accountability. CISA Director Jen Easterly pointed to Microsoft’s decision to link security to executive compensation as a meaningful signal of its priorities.”
  • Tech Target offers “five tips for building a cybersecurity culture at your company.”
  • Dark Reading considers the future path of CISOs while the ISACA Blog notes “A Better Path Forward for AI By Addressing Training, Governance and Risk Gaps.”
  • Finally, SC Media dives into the cybersecurity insurance market.

Friday Factoids

David ErmerCDC, Congress, COVID-19 vaccine, Employee Wellness Programs, FDA, Generative AI, Medical / Rx research, Obesity, U.S. Healthcare
Photo by Sincerely Media on Unsplash

From Washington, DC

  • Govexec reports,
    • “In the face of mounting pressure from lawmakers of all political stripes, watchdogs, stakeholders and even members of its own governing board, as well as another financial quarter in the red, leadership of the U.S. Postal Service is doubling down on its controversial plan to overhaul the agency. 
    • “USPS posted a net loss of $1.5 billion in the second quarter of fiscal 2024, though management noted that was trimmed to a $300 million loss after dispensing with costs outside of its control. USPS leaders boasted they have turned a $200 million profit in the first half of the fiscal year using that same metric, which marked a $600 million turnaround compared to the first six months of fiscal 2023.
    • “While First-Class mail volume has continued its longstanding decline, revenue grew in the quarter by nearly $500 million due in large part to the dramatic price increases USPS has instituted. The Postal Service has cut $100 million in costs, driven largely by a reduction in transportation expenses and slashing 9 million work hours. 
    • “On-time delivery of mail, however, has plummeted as USPS has instituted significant reforms to its network as laid out in Postmaster General Louis DeJoy’s 10-year Delivering for America plan.” 
  • HHS posted a fact sheet on new government efforts to reduce the impact of spread of avian flu H5N1
  • Senators John Fetterman (D PA) and Tina Smith (D MN) announced a bill, “the United States Senate Commission on Mental Health Act of 2024. The bill would establish a U.S. Senate Commission on Mental Health tasked with providing Congress and the president independent, expert policy recommendations to improve access to and affordability of mental health care services. * * * Full text of the bill can be found here.

From the public health and medical research front,

  • The Centers for Disease Control tells us today,
    • “The amount of respiratory illness (fever plus cough or sore throat) causing people to seek healthcare continues to decrease across most areas of the country. This week, no jurisdictions experienced moderate, high, or very high activity.
    • “Nationally, emergency department visits with diagnosed influenza are decreasing. Emergency department visits with COVID-19 and RSV remain stable at low levels.
    • “Nationally, influenza and RSV test positivity decreased compared to the previous week. COVID-19 test positivity remained stable at low levels.
    • “Nationally, the COVID-19 wastewater viral activity level, which reflects both symptomatic and asymptomatic infections, is minimal.”
  • STAT News reports “Harvard scientists unveil the most detailed map of the brain ever: ‘It’s an alien world inside your own head’”.
    • “On Thursday, [Dr. Jeffrey’ Lichtman and his partners unveiled the results of their [decade long] efforts in the prestigious journal Science, and also posted to the internet renderings of the human brain unlike any ever seen. They came complete with a program that allows viewers to move through a microscopic alien landscape so detailed Lichtman can’t resist waxing poetic when he talks about it.
    • “It’s an alien world inside your own head,” he said. “Neurons themselves are truly awe inspiringly beautiful. There’s no two ways about it.”
    • “True, the insights gleaned from the tiny sample have not yet unraveled the mysteries of autism, schizophrenia, or depression. They can’t yet explain the mechanics of human learning, memory, and personality on the cellular level. But they represent an important first step in that direction, and provide a tantalizing preview of the kind of insights we might see in the decades ahead.”
  • The Wall Street Journal reports,
    • Bristol Myers Squibb said on Friday that its trial evaluating a combination of cancer treatments failed to meet its primary endpoint.
    • “The company’s trial was evaluating the cancer-drug Opdivo and concurrent chemoradiotherapy, followed by Opdivo plus Yervoy, the brand name for a monoclonal antibody, in treating unresectable, locally advanced non-small cell lung cancer. The trial’s primary endpoint was progression-free survival.
    • “Bristol Myers Squibb said it would fully evaluate the data and work with investigators to share results with the scientific community.
    • “Opdivo and certain combinations with Opdivo are approved treatments for eligible patients with non-small cell lung cancer.”
  • Per Fierce Healthcare,
    • “Cancer diagnoses are on the rise among younger adults, and a new guidebook seeks to arm employers with the tools necessary to tackle this issue.
    • “The Northeast Business Group on Health’s new toolkit highlights actions employers can take to proactively address growing rates for five types of cancer in their workforce: breast cancer, colorectal cancer, head and neck cancer, cancer of the reproductive organs and skin cancer.
    • “There’s a clear business case for putting a focus on cancer, as the cost of therapies continues to increase and patients often require treatment for the long haul, NEBGH Medical Director Mark Cunningham-Hill, M.D., told Fierce Healthcare.
    • “He said that many employers, especially larger firms, have established sophisticated and comprehensive wellness and health programs for their workers. But they can do more to “connect the dots” between those offerings and critical preventive care around cancer and conditions that increase risk factors, like obesity.”
  • USA Data relates,
    • One out of every 42 babies born in the United States in 2021 was conceived using IVF or other assisted reproductive technologies.  
    • Parents who started treatments in 2021 gave birth to 97,128 babies, a 49% increase from 2012. In 2021, 238,126 patients initiated 413,776 IVF or similar treatment cycles, up 135% from 2012. 
    • IVF was most common in Washington, DC, with 5.8% of babies conceived via IVF, Massachusetts (5.4%), and New Jersey (5.0%). Less than one percent of infants born in Puerto Rico were conceived via IVF (0.4%). Alabama (0.6%) and Arkansas (0.7%) also had low rates.  

From the U.S. healthcare business front,

  • The Kaiser Family Foundation released a “KFF Health Tracking Poll May 2024: The Public’s Use and Views of GLP-1 Drugs.” Here are the key finding from the poll:
    • “The latest KFF Health Tracking Poll finds that about one in eight adults (12%) say they have ever taken a GLP-1 agonist – an increasingly popular class of prescription drugs used for weight loss and to treat diabetes or prevent heart attacks or strokes for adults with heart disease – including 6% who say they are currently taking such a drug. The share who report ever taking these drugs rises to four in ten (43%) among adults who have been told by a doctor that they have diabetes, a quarter who have been told they have heart disease, and one in five (22%) who have been told by a doctor that they are overweight or obese in the past five years1. Public awareness of GLP-1 drugs has increased in the past year, with about one-third (32%) of adults now saying they have heard “a lot” about these drugs, up from 19% in July 2023.
    • “Most adults who have taken GLP-1 drugs say they took them to treat a chronic condition including diabetes or heart disease (62%), while about four in ten say they took them primarily to lose weight.
    • “About half (54%) of all adults who have taken GLP-1 drugs say it was difficult to afford the cost, including one in five (22%) who say it was “very difficult.” While most insured adults who have taken these drugs say their insurance covered at least part of the cost, even among insured adults about half (53%) say the cost was difficult to afford2.
    • “While 8% of adults ages 65 and older say they have taken a GLP-1 medication for a chronic condition, just 1% say they have ever taken a GLP-1 drug to lose weight, which may reflect Medicare’s lack of coverage for prescription drugs used for weight loss. Nearly four in ten (37%) adults ages 65 and older report being told by a doctor they are overweight or obese in the past five years.
    • “With Medicare currently prohibited by law from covering prescription drugs used for weight loss, six in ten adults say they think Medicare should cover the cost of these drugs when prescribed for weight loss for people who are overweight, including more than half of Democrats, independents and Republicans. Similar shares of the public continue to support Medicare coverage of these drugs for weight loss even after hearing arguments for and against this proposal.”
  • Per BioPharma Dive,
    • “Sanofi will pay vaccine maker Novavax $500 million and take a small equity stake in the Maryland-based company as part of a broad COVID-19 shot alliance, the companies announced Friday.
    • “Through the deal, Sanofi will gain rights to co-market Novavax’s protein-based COVID vaccine globally, excepting certain countries, and a license to combine it with Sanofi’s existing influenza shots. Sanofi will also hold a non-exclusive right to use Novavax’s soap bark tree-derived adjuvant in other products it develops.
    • “Starting next year, Sanofi will book sales of Novavax’s COVID shot and pay Novavax double-digit percentage royalties. The French pharmaceutical company will also support certain R&D, regulatory and commercial expenses.”
  • Per MedTech Dive,
    • “Tandem Diabetes Care is recalling a version of its t:connect app for iPhone because of a fault that could drain insulin pump batteries, the Food and Drug Administration said Wednesday.”Tandem Diabetes Care is recalling a version of its t:connect app for iPhone because of a fault that could drain insulin pump batteries, the Food and Drug Administration said Wednesday.
    • “After updating the app in February, Tandem received 224 injury reports in about two months. The reports related to an issue that caused the app to crash and relaunch, resulting in excessive use of Bluetooth and potentially draining the battery of the connected insulin pump.
    • “The FDA categorized the event as a Class I recall because of the life-threatening potential for pumps to deliver too little insulin. Tandem corrected the fault in an app update in March.”
  • The Wall Street Journal explains why “Getting Alzheimer’s treatment to those who need it poses particular challenges.” For example
    • “The problem isn’t this drug. Sure. It has risks, et cetera,” said Jason Karlawish, co-director, of the Penn Memory Center at the University of Pennsylvania. “But the problem was the drug and the system — namely with a system of care for its delivery.”
    • “Karlawish said his memory center infused its first patient with Leqembi on November 16. He said that in the six months since, the number of patients who have received the drug there has climbed into the double-digits, reaching roughly 50 people. That, he said, required setting up an infrastructure that “either didn’t exist or existed in bits that had to be put together.”
  • MedCity new points out,
    • “Navigation challenges are the top reason consumers stop seeing healthcare providers, while experience issues are the main reason consumers leave their health insurer, a new survey found.
    • “The Accenture report, released last week, surveyed more than 9,700 insured consumers and 8,000 consumers who sought or received care in the prior year. The survey is a follow-up to a 2021 report, which examined why people are loyal or not loyal to their payer or provider.
    • “We wanted to leverage our patient and member experience surveys to continue to track the state of consumerism in health care, assessing how providers and health insurers perform across a number of key touchpoints that drive selection, loyalty, value and ease of use,” said Sarah Sinha, a managing director in Accenture’s health business, in an email.”
  • Insurance Business tells us,
    • “Offering support across a variety of functions including customer service, claims processing, underwriting, and fraud detection, the capability of AI to analyze large datasets and process information will continue to revolutionize insurance.
    • “Nirmal Ranganathan, vice president of engineering, AI, at Rackspace Technology, spoke with Insurance Business on how insurance companies can take advantage of AI to generate cost savings across their businesses.”
    • Check it out.

Cybersecurity Saturday

David ErmerCybersecurity, Generative AI

From the cybersecurity policy front,

  • Cybersecurity Dive lets us know,
    • “Legislators slammed UnitedHealth Group CEO Andrew Witty over the cyberattack on subsidiary Change Healthcare at two Congressional hearings on Wednesday, raising concerns about the technology firm’s lack of cybersecurity and the potentially huge breach of Americans’ health data.”
  • The American Hospital News reports
    • “The Biden Administration April 30 released a memo announcing updated critical infrastructure protection requirements, which include the Cybersecurity & Infrastructure Security Agency acting as the National Coordinator for Security and Resilience, and heightening the importance of minimum security and resilience requirements within health care and other critical infrastructure sectors, consistent with the National Cybersecurity Strategy.”  
  • and
    • “The Cybersecurity and Infrastructure Security Agency May 3 extended the comment period to July 3 for the April 4 proposed rule that would implement cyber incident and ransom payment reporting requirements under the Cyber Incident Reporting for Critical Infrastructure Act of 2022. The rule would require critical infrastructure organizations, including hospitals and health systems, to report a covered cyber incident to the federal government within 72 hours and ransom payments within 24 hours, among other requirements.”
  • Cyberscoop adds.
    • “A draft rule for cyber incident reporting asks far too much of critical infrastructure entities and of the agency tasked with carrying out the law, trade groups representing the electric, telecommunications and finance sectors said during a House hearing Wednesday.
    • “The cyber incident reporting mandate is one of the Cybersecurity and Infrastructure Security Agency’s biggest forays into a regulatory role — and it is proving to be a thorny one. The 447-page draft rule, released in March, would require select critical infrastructure companies to report significant cyber incidents within 72 hours and any ransomware payments within 24 hours. The rule was established largely for the government to better understand the cyber landscape after multiple major cyberattacks — such as the SolarWinds espionage campaign — highlighted the fact that many attacks go unnoticed.
    • “Witnesses before the House Homeland Security’s cybersecurity subcommittee were largely in agreement that the rule is an important step for broader cyber awareness but also too broad, increasing the likelihood of CISA becoming overwhelmed by reports. Meanwhile, front-line defenders — particularly smaller organizations — could be hampered by trying to both file reports and deal with an attack. CISA will not be able to keep up with the amount of data due to the broad definition of cyber incidents and who should report, the witnesses argued.”
  • Health IT Security informs us,
    • “The Federal Trade Commission (FTC) finalized updates to its Health Breach Notification Rule (HBNR) with the goal of clarifying the rule’s applicability to health apps and other technologies that fall outside HIPAA’s purview.
    • “The FTC issued the HBNR more than a decade ago, when health apps were not as embedded into the US healthcare landscape as they are now. The HBNR requires vendors of personal health records (PHRs), PHR-related entities, and third-party service providers that are not subject to HIPAA to notify the FTC and impacted individuals in the event of a health data breach.”

From the cybersecurity vulnerabilities and breaches front,

  • Cybersecurity Dive tells us,
    • “A ransomware group accessed Change Healthcare’s systems with compromised credentials, UnitedHealth Group CEO Andrew Witty said in written testimony prepared for a Wednesday hearing before the House Energy and Commerce Committee Subcommittee on Oversight and Investigations
    • “On Feb. 12, the AlphV ransomware group used those compromised credentials to “remotely access a Change Healthcare Citrix portal, an application used to enable remote access to desktops,” Witty said in his prepared remarks. “The portal did not have multifactor authentication.” 
    • “Once the threat actor gained access, they moved laterally within the systems in more sophisticated ways and exfiltrated data. Ransomware was deployed nine days later,” Witty said.”
  • and
    • “The exploitation of vulnerabilities almost tripled as an initial access vector in 2023, fueled in part by the MOVEit breach, Verizon said in its Data Breach Investigations Report released Wednesday.
    • “Ransomware actors increasingly targeted zero-day vulnerabilities in IT systems, Verizon found. About a third of all breaches in 2023 included some type of extortion, and MOVEit involved Clop ransomware exploiting zero-day vulnerabilities in the file-transfer service.
    • T”he report shows 15% of breaches involved a third party, which includes data custodians, software vulnerabilities and direct or indirect supply chain issues, according to the report. This figure represented a 68% increase from the prior year, Verizon said.”
  • and
    • “Pro-Russia hacktivists are targeting operational technology systems in the water, energy and agricultural sectors by exploiting poor cyber hygiene techniques, the Cybersecurity and Infrastructure Security Agency warned Wednesday. CISA issued a joint fact sheet with the FBI, National Security Agency and multiple international agencies.”Pro-Russia hacktivists are targeting operational technology systems in the water, energy and agricultural sectors by exploiting poor cyber hygiene techniques, the Cybersecurity and Infrastructure Security Agency warned Wednesday. CISA issued a joint fact sheet with the FBI, National Security Agency and multiple international agencies.
    • “Threat groups are looking to compromise industrial control systems at small-scale operations in North America and Europe that are exposed to the internet and use default passwords or lack multifactor authentication, officials warned.
    • “The targeting thus far has involved unsophisticated techniques that target components like human-machine interfaces. The agencies urged providers to immediately change to more complex passwords and implement multifactor authentication.” 
  • SC Media offers five takeaways from the Verizon report.
  • Bleeping Computer tells us,
    • “The NSA and FBI warned that the APT43 North Korea-linked hacking group exploits weak email Domain-based Message Authentication Reporting and Conformance (DMARC) policies to mask spearphishing attacks.
    • “Together with the U.S. State Department, the two agencies cautioned that the attackers abuse misconfigured DMARC policies to send spoofed emails which appear to come from credible sources such as journalists, academics, and other experts in East Asian affairs.”
    • “The DPRK leverages these spearphishing campaigns to collect intelligence on geopolitical events, adversary foreign policy strategies, and any information affecting DPRK interests by gaining illicit access to targets’ private documents, research, and communications,” the NSA said.”
  • CISA added the following known exploited vulnerabilities to its catalog this week.
    • On April 30, CVE-2024-29988 Microsoft SmartScreen Prompt Security Feature Bypass Vulnerability, and
    • On May 1, CVE-2023-7028 GitLab Community and Enterprise Editions Improper Access Control Vulnerability.
  • Tech Republic adds, “Researchers from the University of Illinois Urbana-Champaign found that OpenAI’s GPT-4 is able to exploit 87% of a list of vulnerabilities when provided with their NIST descriptions.”

From the cybersecurity defenses front.

  • Here is a link to Dark Reading’s CISO Corner.
  • Security Week reports, “In the wake of a scathing US government report that condemned Microsoft’s weak cybersecurity practices and lax corporate culture, security chief Charlie Bell is pledging significant reforms and a strategic shift to prioritize security above all other product features.”
  • ISACA released its 2023 annual report. “Access ISACA’s annual report here.”
  • Mercer Consulting considers how to modernize HR data strategy to address cybersecurity risks.

Cybersecurity Saturday

David ErmerCybersecurity, Generative AI, Uncategorized

From the cybersecurity policy front,

  • Cybersecurity Dive reports,
    • “The U.S. government and its partners have slowed the swell of ransomware over the last three years, Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, said Wednesday at an event.
    • “But the cyclical and persistent threat ransomware poses requires new ways of thinking, Easterly said, speaking at the Institute for Security and Technology’s annual ransomware task force event. Defenders and stakeholders have to turn the lens to software and hardware vendors, according to Easterly.
    • “There’s a lot about the villains. There’s a lot about victims. We do not talk enough about vendors,” she said.
    • “The way we are going to actually drive down the number of attacks, and the number of successful attacks, is if we go upstream and ensure that technology that is deployed and delivered is in fact prioritized to be secure,” Easterly said. “Not features, not speed to market, not driving down costs, but secure.”
  • Here is a link to a related blog post from the CISA Director on this important topic.
  • Cyberscoop adds,
    • ‘The Cybersecurity and Infrastructure Security Agency’s vulnerability warning program has issued more than 2,000 alerts to date to organizations that are running software with vulnerabilities being exploited by ransomware gangs, the agency’s director, Jen Easterly, said Wednesday.
    • “Currently running in a pilot phase, the program is mandated by the Cyber Incident Reporting for Critical Infrastructure Act of 2022 and aims to reduce the number of ransomware attacks by getting the owners and operators of vulnerable systems to patch them before they can be infiltrated. 
    • “The warning pilot is focused on reducing the prevalence of ransomware by using our vulnerability scanning tools to let businesses know if they have vulnerabilities that need to be patched,” Easterly said at an event hosted by the Institute for Security and Technology.
    • “Easterly said that since the pilot was launched in January of last year, it has expanded to include CISA’s database of known exploited vulnerabilities as well as common misconfigurations that can be linked to ransomware attacks. 
    • “In a Thursday blog about the warning pilot, CISA found that of the more than 1,700 notifications of vulnerable devices in 2023, 49% were mitigated through either patching, taking offline, or through other measures. The blog also said organizations reduce cyber risk when using CISA’s free cyber hygiene vulnerability scanning service, which monitors the web for vulnerable devices.
    • “Organizations participating in this no-cost service typically reduce their risk and exposure by 40% within the first 12 months and most see improvements in the first 90 days,” CISA said.”

From the cyber vulnerabilities and breaches front,

  • Cybersecurity Dive tells us,
    • “UnitedHealth Group said [on April 22] it paid hackers a ransom in an attempt to protect patient information from disclosure after a cyberattack against its subsidiary Change Healthcare in Februarythe company confirmed to Healthcare Dive on Monday. 
    • “The healthcare behemoth also said patient data was compromised. UnitedHealth found files involved in the cyberattack containing protected health information or personally identifiable information that “could cover a substantial proportion of people in America,” according to a press release. 
    • “UnitedHealth also said 22 screenshots of allegedly stolen files, some containing patient health information, were posted on the dark web for about a week. The healthcare giant said it’s continuing to monitor the internet and the dark web for stolen data. * * *
    • “The company also said it would take on breach reporting and notification requirements for customers whose data may have been exposed in the attack — a big concern for provider groups.”
  • Tech Crunch reports,
    • “U.S. health conglomerate Kaiser is notifying millions of current and former members of a data breach after confirming it shared patients’ information with third-party advertisers, including Google, Microsoft and X (formerly Twitter).
    • “In a statement shared with TechCrunch, Kaiser said that it conducted an investigation that found “certain online technologies, previously installed on its websites and mobile applications, may have transmitted personal information to third-party vendors.”
    • “Kaiser said that the data shared with advertisers includes member names and IP addresses, as well as information that could indicate if members were signed into a Kaiser Permanente account or service and how members “interacted with and navigated through the website and mobile applications, and search terms used in the health encyclopedia.”
    • “Kaiser said it subsequently removed the tracking code from its websites and mobile apps. ***
    • “Kaiser spokesperson Diana Yee said that the organization would begin notifying 13.4 million affected current and former members and patients who accessed its websites and mobile apps. The notifications will start in May in all markets where Kaiser Permanente operates, the spokesperson said.
    • “The health giant also filed a legally required notice with the U.S. government on April 12 but made public on Thursday confirming that 13.4 million residents had information exposed.”
  • Help Net Security informs us,
    • “More organizations hit by ransomware gangs are starting to realize that it doesn’t pay to pay up: “In Q1 2024, the proportion of victims that chose to pay touched a new record low of 28%,” ransomware incident response firm Coveware has found.
    • “Victim organizations are increasingly able to withstand an encryption attack and restore operations without the need for a decryption key, they said, and the stolen data is often leaked or traded even after the victims have paid the ransom, which repeatedly proves that paying up is no guarantee.
    • “LockBit was found to still be holding the stolen data of victims that had paid a ransom, and we have also seen prior Hive victims that had paid the extortion, have their data posted on the Hunters International leak site (a reboot / rebrand of Hive),” the company said, noting that “future victims of data exfiltration extortion are getting more evidence daily that payments to suppress leaks have little efficacy in the short and long term.”

From the cybersecurity defenses front,

  • Cybersecurity Dive lets us know,
    • “Global median dwell times — measured as the time that hackers remain undetected inside a targeted environment — have fallen to their lowest levels in more than a decade, according to the annual M-Trends report from Google Cloud’s Mandiant, released Tuesday. 
    • “Organizations were able to detect intrusions within a median of 10 days in 2023, compared with 16 days in 2022. Notably the largest improvements came in the Asia-Pacific region, where median dwell times fell to nine days in 2023, compared with 33 in 2022.  
    • :Zero-day vulnerabilities are a hot target for espionage actors as well as financially motivated threat groups. Zero-day usage rose 50% in 2023, compared with the prior year.”
  • and
    • “The majority of companies, 4 in 5, have suffered a cyberattack that wasn’t fully covered under their cyber insurance policy, according to an analysis by cyber risk quantification firm CYE.
    • “On average, each insurance gap left more than three-quarters of a breach uncovered, CYE said in a report released Wednesday. The research, which analyzed 101 breaches across various sectors, revealed an average of $27.3 million in uncovered losses per incident.
    • “This study underscores how many companies rely on cyber insurance to cover the losses incurred as a result of cyber incidents and are then taken by surprise when they find that their insurance only covers a small portion,” Nimrod Partush, vice president of data science at CYE, said in a press release.” 
  • Here is a link to Dark Reading’s latest CISO Corner.
  • SC Media considers whether the Change Healthcare case finally will make providers do a business impact analysis.

Friday Factoids

David ErmerACA, CDC, COVID-19, COVID-19 vaccine, Generative AI, Medical / Rx research, NIH, Rx coverage, U.S. Healthcare
Photo by Sincerely Media on Unsplash

From Washington, DC,

  • Perhaps the most convoluted provision in the Affordable Care Act is its individual non-discrimimination clause, Section 1557. The Obama Administration issued an implementing rule. The Trump Administration replaced the Obama Administration’s rule, and today the Biden Administration has replaced the Trump Administration rule.
    • Of note, “[f]or the first time, the Department will consider Medicare Part B payments as a form of Federal financial assistance for purposes of triggering civil rights laws enforced by the Department, ensuring that health care providers and suppliers receiving Part B funds are prohibited from discriminating on the basis of race, color, national origin, age, sex and disability.”
    • HHS will refer FEHB and FEDVIP complaints to OPM.
  • The Washington Post reports,
    • “Medtronic said Friday that the U.S. Food and Drug Administration has approved a new spinal-cord implant that relieves chronic pain, a bid to expand into a patient population that relies heavily on medications like opioids.
    • “The new device works by delivering an electrical pulse to the spinal cord, interrupting pain signals before they reach the brain in patients suffering from back, cervical and nerve damage. While earlier versions of the device provided a constant level of stimulation, Medtronic’s new product can read signals from nerve fibers and automatically adjust the intensity — a feature designed to avoid uncomfortable jolts when a patient sneezes, coughs or laughs.
    • “It’s like listening for whispers at a rock concert,” David Carr, a Medtronic vice president, said in an interview. * * *
    • “Medtronic’s Inceptiv contains a lithium battery that can be recharged through the skin, and two leads with electrodes — some to read the signals from nerve fibers, and others to deliver the electrical pulse. The device can adjust the level of stimulation 50 times a second, according to the company.
    • “Inceptiv is “the world’s smallest and thinnest fully implantable” spinal-cord stimulator, Medtronic said.”
  • Per BioPharma Dive,
    • “The Food and Drug Administration on Friday approved a new gene therapy for hemophilia, clearing Pfizer’s Beqvez for certain people with the less common “B” form of the bleeding condition.
    • “Beqvez is for adults with moderate to severe hemophilia B who currently use drugs to prevent bleeds or have repeated, spontaneous bleeding. Eligible individuals also must be tested to determine whether they have antibodies that neutralize Beqvez’s effects.
    • “Pfizer set the treatment’s list price at $3.5 million, a company spokesperson confirmed. That matches the cost of Hemgenix, the other available gene therapy for hemophilia B. Pfizer will offer insurers a warranty providing “financial protections” if Beqvez doesn’t work or its effects don’t last, the spokesperson wrote in an email, without providing details.”

From the public health and medical research front,

  • The Centers for Disease Control lets us know today,
    • “The amount of respiratory illness (fever plus cough or sore throat) causing people to seek healthcare continues to decrease across most areas of the country. This week, 0 jurisdictions experienced high activity compared to 1 jurisdiction experiencing high activity the previous week. No jurisdictions experienced very high activity. 
    • “Nationally, emergency department visits with diagnosed influenza are decreasing. Emergency department visits with COVID-19 and RSV remain stable at low levels.  
    • “Nationally, COVID-19, influenza, and RSV test positivity decreased compared to the previous week. 
    • “Nationally, the COVID-19 wastewater viral activity level, which reflects both symptomatic and asymptomatic infections, remains low.” 
  • American Hospital Association News adds,
    • “Adults age 65 and older are encouraged to receive an updated dosage of the COVID-19 vaccine, the Centers for Disease Control and Prevention announced April 25. The update provides protection against the JN.1 and other circulating variants of the virus, and should be administered at least four months following the previous dosage. The CDC’s Advisory Committee on Immunization Practices recommended the additional dose in February.”
  • On a related note, the CDC reports today
    • H5N1 bird flu is widespread in wild birds worldwide and is causing outbreaks in poultry and U.S. dairy cows with one recent human case in a U.S. dairy worker.
    • While the current public health risk is low, CDC is watching the situation carefully and working with states to monitor people with animal exposures.
    • CDC is using its flu surveillance systems to monitor for H5N1 activity in people.
  • Medscape tells us,
    • “The glucagon-like peptide 1 (GLP-1) receptor agonist semaglutide (Wegovy) not only induced weight loss but also improved knee pain in people with knee osteoarthritis (OA) and obesity, according to results from the STEP 9 study reported at the World Congress on Osteoarthritis (OARSI 2024).
    • “From baseline to week 68, the mean change in knee pain assessed using the Western Ontario and McMaster Universities Arthritis Index (WOMAC) pain score was a reduction of 41.7 points for semaglutide and a decrease of 27.5 points for a matching placebo. The estimated treatment difference of 14.1 points between the groups was statistically significant (< .001).
    • “As for weight loss, this also fell by a significantly greater amount in the people treated with semaglutide vs those given placebo, with respective reductions of 13.7% and 3.2% from baseline, with an estimated 10.5% greater weight loss with semaglutide.
    • “The interesting thing is whether there’s a specific action of GLP-1 receptor agonists on the joint, not through the weight loss but by itself,” principal study investigator Henning Bliddal, MD, DMSc, told Medscape Medical News ahead of reporting the results at OARSI 2024.”
  • The National Institutes of Health (“NIH”) Director writes in her blog,
    • “In Alzheimer’s disease, a buildup of sticky amyloid proteins in the brain clump together to form plaques, causing damage that gradually leads to worsening dementia symptoms. A promising way to change the course of this disease is with treatments that clear away damaging amyloid plaques or stop them from forming in the first place. In fact, the Food and Drug Administration recently approved the first drug for early Alzheimer’s that moderately slows cognitive decline by reducing amyloid plaques. Still, more progress is needed to combat this devastating disease that as many as 6.7 million Americans were living with in 2023.
    • Recent findings from a study in mice, supported in part by NIH and reported in Science Translational Medicine , offer another potential way to clear amyloid plaques in the brain. The key component of this strategy is using the brain’s built-in cleanup crew for amyloid plaques and other waste products: immune cells known as microglia that naturally help to limit the progression of Alzheimer’s. The findings suggest it may be possible to develop immunotherapies—treatments that use the body’s immune system to fight disease—to activate microglia in the brains of people with Alzheimer’s and clear amyloid plaques more effectively.
    • In their report, the research team—including Marco Colonna , Washington University School of Medicine in St. Louis, and Jinchao Hou, now at Children’s Hospital of Zhejiang University School of Medicine in Zhejiang Province, China—wrote that microglia in the brain surround plaques to create a barrier that controls their spread. Microglia can also destroy amyloid plaques directly. But how microglia work in the brain depends on a fine-tuned balance of signals that activate or inhibit them. In people with Alzheimer’s, microglia don’t do their job well enough.  * * *
    • [O]verall, these findings add to evidence that immunotherapies of this kind could be a promising way to treat Alzheimer’s. This strategy may also have implications for treating other neurodegenerative conditions characterized by toxic debris in the brain, such as Parkinson’s disease, amyotrophic lateral sclerosis (ALS), and Huntington’s disease. The hope is that this kind of research will ultimately lead to more effective treatments for Alzheimer’s and other conditions affecting the brain.
  • NIH announced
    • “One injected dose of an experimental malaria monoclonal antibody was 77% effective against malaria disease in children in Mali during the country’s six-month malaria season, according to the results of a mid-stage clinical trial. The trial assessed an investigational monoclonal antibody developed by scientists at the National Institutes of Health (NIH), and results appear in The New England Journal of Medicine.
    • “A long-acting monoclonal antibody delivered at a single health care visit that rapidly provides high-level protection against malaria in these vulnerable populations would fulfill an unmet public health need,” said Dr. Jeanne Marrazzo, director of the National Institute of Allergy and Infectious Diseases, part of NIH.”
  • and
    • “In a new analysis of genetic susceptibility to kidney cancer, an international team of researchers has identified 50 new areas across the genome(link is external) that are associated with the risk of developing kidney cancer. These insights could one day be used to advance our understanding of the molecular basis of kidney cancer, inform screening efforts for those at highest risk, and identify new drug targets. The study was led by scientists at the National Cancer Institute (NCI), part of the National Institutes of Health (NIH).”

From the U.S. healthcare business front,

  • Berkeley Public Health informs us,
    • “Does paying more to have your outpatient surgery done at a hospital, rather than at a freestanding surgical center, lead to better care? A new study led by James C. Robinson, professor of health economics at UC Berkeley School of Public Health, says no.
    • “In an investigation published in the April issue of The American Journal of Managed Care, Robinson and his team found that the higher prices typically charged by hospitals for four common surgeries were not justified by higher quality, as measured by the rate of post-surgical complications.
    • “The researchers analyzed more than 2 million national Blue Cross Blue Shield insurance claims from 2019-2020 for patients aged 18 to 65 who received a colonoscopy, knee or shoulder arthroscopy, or cataract removal surgery, and calculated the prices and rates of complications for each procedure.
    • “They found large differences in price, but very little difference in the rate of post-surgery complications.”
  • Health IT Analytics tells us about the top twelve ways that artificial intelligence will be used in healthcare.
  • HR Dive offers a tracker of state and local laws requiring employers to disclose pay or pay ranges.
    • “Pay disclosure laws have taken several forms. Some require employers to provide the minimum and maximum pay, or a pay range, for a given job upon the request of an applicant. Others mandate this practice without requiring candidates to ask first. The latest wave of laws now require employers to include this information in all applicable job postings.”
  • Per Biopharma Dive,
    • “U.S. Humira sales fell 40% year over year during the first three months of 2024, to about $1.8 billion, as biosimilar copycats put pressure on AbbVie’s top-selling drug, the company said Friday in its first quarter earnings report.
    • “The declines were “in line” with what the company had anticipated for its inflammatory disease drug, AbbVie commercial chief Jeffrey Stewart said in a call with investors. Humira now faces 10 copycat competitors in the U.S., the first of which launched Jan. 31, 2023.
    • “Stewart said the company also expected a recent decision by CVS Health, whose pharmacy benefit manager is the country’s largest by prescription claims, to remove Humira from its national pharmacy effective April 1. Although that has meant Humira’s market share dropped from 96% to 81% over two weeks, Stewart said some of the shift went to other branded medicines, like AbbVie’s products Skyrizi and Rinvoq.”
  • Beckers Payer Issues points out,
    • Centene reported nearly $1.2 billion in net income in the first quarter and a more than 18% decrease in Medicaid membership year over year, according to its first-quarter earnings posted April 26.
    • Total revenues in the first quarter were $40.4 billion, up 3.9% year over year.
    • Total net earnings in the first quarter were nearly $1.2 billion, up 2.9% since the same period last year.
    • The company raised its year-end adjusted EPS guidance to at least $6.80.
    • The company’s medical loss ratio was 87.1% in the first quarter and 87% during the same period last year.”
  • According to Fierce Healthcare,
    • “The new year is “off to a good start,” for Community Health Systems, which reported a somewhat narrowed $41 million net loss (-$0.32 per diluted share) and a solid uptick in operating revenues for its first quarter.
    • “The 71-hospital for-profit system had logged a $51 million net loss during the same period last year, which, at the time, CHS attributed to a bump in Medicare Advantage patient volume.
    • “After excluding adjustments related to impairment losses and business transformation costs, the company landed at a net loss of $0.14 per share, which was about in line with consensus estimates.
    • “However, CHS shared a rosier picture when it came to operating revenues. Its three-month net of $3.14 billion beat estimates by about $50 million and was a 1% increase over last year.”
  • Healthcare Dive reports,
    • “Universal Health Services delivered first quarter earnings results Wednesday that beat analysts’ estimates on stronger than expected revenue and volume metrics across its behavioral health and acute service lines.”Universal Health Services delivered first quarter earnings results Wednesday that beat analysts’ estimates on stronger than expected revenue and volume metrics across its behavioral health and acute service lines.
    • “UHS increased its same facility net revenues for its acute care and behavioral care service lines by 9.6% and 10.4%, respectively, during the first quarter of 2024 compared to the same period last year.
    • “However, the operator could suffer a “material” financial hit should the operator fail to lower a March $535 million judgment against a subsidiary, UHS disclosed in its earnings report. The for-profit health system is currently appealing the judgment in post-trial motions, said CFO Steve Filton during the earnings call.”

Midweek Update

David ErmerCongress, FDA, Federal employment benefits, Generative AI, Medical / Rx research, Mental health care, NIH, OPM, U.S. Healthcare, Uncategorized
Photo by Mel on Unsplash

From Washington, DC,

  • Here’s a link to a the brief text of Senate bill 4811 that would allow over 100,000 reservists and National Guard members who also are federal employees to transfer from the FEHB to the lower cost Tricare Reserve Select healthcare program effective January 1, 2025.
  • Kevin Moss, writing in Govexec, points out the advantages of FEHB high deductible health plans.
  • Beckers Hospital Review alerts us,
    • “A Senate committee opened an investigation into Novo Nordisk’s list prices for Ozempic and Wegovy, Novo Nordisk’s diabetes and weight loss drugs. 
    • “In an April 24 letter to Novo Nordisk’s CEO, the Senate Committee on Health, Education, Labor, and Pensions said Ozempic and Wegovy are “exorbitantly expensive,” which restricts access to the drugs for millions of Americans. 
    • “In the U.S., a four-week supply of Ozempic costs $969, and Wegovy is $1,349. That’s up to 15 times more than what Novo Nordisk charges in Canada, Europe and Japan, the letter said. 
    • “In 2023, pharmacies, clinics and hospitals spent more than $38 billion on the two products, which contain the same drug, semaglutide. They were the No. 1 pharmaceutical expense for U.S. healthcare, according to research published April 24.”
  • STAT News confirms,
    • “Spending on GLP-1 drugs like Ozempic and Wegovy ballooned last year and they’re set to cost the U.S. health care system and the federal government still more this year and beyond, two new reports released Wednesday show.
    • “One study from the American Society of Health-System Pharmacists found that GLP-1 treatments were a main driver of the increase in overall drug spending by health entities such as pharmacies and hospitals last year. In particular, expenditures on Novo Nordisk’s semaglutide — sold as Ozempic for diabetes and Wegovy for obesity — doubled to $38.6 billion, making the drug the top-selling medicine in 2023.
    • “The other report, by health policy research organization KFF, looked at the impact of the recent approval of Wegovy to prevent cardiovascular complications. Medicare is barred from covering drugs for weight loss purposes, but the new approval means the federal payer can now cover Wegovy when prescribed to reduce heart risks. As a result, Medicare could spend $2.8 billion in a year on the single drug, the researchers conservatively estimate.
    • “Taken together, the reports provide a window into the pressure that GLP-1 drugs could place on overall health care spending going forward, especially as more people take the medications. The treatments have been in short supply, but drugmakers are ramping up manufacturing capacity to meet the unprecedented demand from patients. The pharma companies are also seeking approval for even more indications like heart failure and sleep apnea.”
  • The New York Times reports,
    • “The Food and Drug Administration on Wednesday approved the sale of an antibiotic for the treatment of urinary tract infections in women, giving U.S. health providers a powerful new tool to combat a common infection that is increasingly unresponsive to the existing suite of antimicrobial drugs.
    • “The drug, pivmecillinam, has been used in Europe for more than 40 years, where it is often a first-line therapy for women with uncomplicated U.T.I.’s, meaning the infection is confined to the bladder and has not reached the kidneys. The drug will be marketed in the U.S. as Pivya and will be made available by prescription to women 18 and older. * * *
    • Utility Therapeutics, the U.S. company that acquired the rights to pivmecillinam, said it would be available in 2025. The company is also seeking F.D.A. approval for an intravenous version of the drug that is used for more serious infections and is usually administered in a hospital setting.
    • “Health practitioners said they were elated to have another tool in their arsenal given the growing challenge of antimicrobial resistance, which makes existing medications less effective as pathogens mutate in ways that allow them to survive a course of antibiotics.”
  • As we learned yesterday, “Day One Biopharmaceuticals drug Ojemda is now FDA-approved for advanced pediatric low-grade glioma, the most common type of brain cancer in children. The regulatory decision for Ojemda covers a broader swath of patients than a drug combination from Novartis approved for treating this childhood cancer.” MedCity News adds,
    • “Ojemda is available as an immediate-release tablet or an oral suspension, both administered once weekly. Dosing of the Day One drug is according to body surface area, which is consistent with dosing for other pediatric medications, Blackman said. Day One has set a $33,816 wholesale price for a 28-day supply. That means the annual cost of the therapy will top $440,000. Ojemda’s price is the same for all packages of the drug and will not change as a child grows and needs higher doses, Chief Commercial Officer Lauren Merendino said.
    • “The two formulations of Ojemda can be taken at home, which minimizes disruption to the lives of patients and families, Merendino said. Day One’s goal is to establish Ojemda as the physician’s first choice of therapy for pLGG. Merendino said the drug should become available in about two weeks.”

From the public health and medical research front,

  • The Washington Post reports,
    • “Dairy cows must be tested for bird flu before moving across state lines, under a federal order issued Wednesday, as evidence mounts that the virus is more widespread than feared among cows in the United States.
    • Biden administration officials said the move is meant to contain transmission of the virus known as H5N1 and to reduce the threat to livestock, but they maintained that the risk to humans remains low. * * *
    • “An order issued by the U.S. Agriculture Department that takes effect Monday requires every lactating dairy cow to be tested before moving across state lines. Cows carrying the virus would have to wait 30 days and test negative before being moved, officials said. Positive test results would trigger additional requirements for herd owners to disclose information, including the movement of animals, to aid epidemiologic investigations, and for laboratories and state veterinarians to report cases to the USDA.
    • “Requiring positive test reporting will help USDA better understand this disease and testing before interstate movement will limit the spread of the virus,” Mike Watson, administrator of the USDA’s Animal and Plant Health Inspection Service, told reporters.
    • “This is an evolving situation, and we are treating it seriously and with urgency,” he said.”
  • The International Foundation of Employee Benefit Plans discusses “What Health Plan Sponsors Should Know About the Emerging Mental Health Needs of Youth.”
  • The National Cancer Institute released its latest Cancer Information Highlights.
  • The National Institutes of Health announced,
    • “In a proof-of-concept study, researchers demonstrated the effectiveness of a potential new therapy for Timothy syndrome, an often life-threatening and rare genetic disorder that affects a wide range of bodily systems, leading to severe cardiac, neurological, and psychiatric symptoms as well as physical differences such as webbed fingers and toes. The treatment restored typical cellular function in 3D structures created from cells of people with Timothy syndrome, known as organoids, which can mimic the function of cells in the body. These results could serve as the foundation for new treatment approaches for the disorder. The study, supported by the National Institutes of Health (NIH), appears in the journal Nature.
    • “Not only do these findings offer a potential road map to treat Timothy syndrome, but research into this condition also offers broader insights into other rare genetic conditions and mental disorders,” said Joshua A. Gordon, M.D., Ph.D., director of the National Institute of Mental Health, part of NIH.”
  • A primary care expert writing in Medscape offers a commentary on the new Shield blood test available for colon cancer screening.
    • “We will need to be clear [to patients] that the blood test is not yet endorsed by the USPSTF or any major guideline group and is a second-line test that will miss most precancerous polyps. As with the stool tests, it is essential to emphasize that a positive result must be followed by diagnostic colonoscopy. To addend the cancer screening maxim I mentioned before, the blood test is not the best test for CRC, but it’s probably better than no test at all.”
  • Health IT Analytics tells us,
    • “Researchers from the University of Virginia (UVA) have developed a machine learning tool designed to assess and predict adverse outcome risks for patients with advanced heart failure with reduced ejection fraction (HFrEF), according to a recent study published in the American Heart Journal.
    • “The research team indicated that risk models for HFrEF exist, but few are capable of addressing the challenge of missing data or incorporating invasive hemodynamic data, limiting their ability to provide personalized risk assessments for heart failure patients.
    • “Heart failure is a progressive condition that affects not only quality of life but quantity as well,” explained Sula Mazimba, MD, an associate professor of medicine at UVA and cardiologist at UVA Health, in the news release. “All heart failure patients are not the same. Each patient is on a spectrum along the continuum of risk of suffering adverse outcomes. Identifying the degree of risk for each patient promises to help clinicians tailor therapies to improve outcomes.”

From the U.S. healthcare business front,

  • The Wall Street Journal reports,
    • “Prices for surgery, intensive care and emergency-room visits rise after hospital mergers. The increases come out of your pay. 
    • “Hospitals have struck deals in recent years to form local and regional health systems that use their reach to bargain for higher prices from insurers. Employers have often passed the higher rates onto employees. 
    • “Such price increases added an average of $204 million to national health spending in the year after mergers of nearby hospitals, according to a study published Wednesday by American Economic Review: Insights. 
    • “Workers cover much of the bill, said Zack Cooper, an associate professor of economics at Yale University who helped conduct the study. Employers cut into wagesand trim jobs to offset rising insurance premiums, he said. “The harm from these mergers really falls squarely on Main Street,” Cooper said. 
    • “Premiums are rising at their fastest pace in more than a decade, driven up by persistently high inflation across the economy. Rising costs have fueled contentious negotiations that have led some hospitals and insurers to cancel contracts, leaving patients in the lurch. 
    • “Hospital mergers make the price pressures worse.” 
  • Per BioPharma Dive,
    • “Biogen has seen “encouraging early trends” in the launch of its postpartum depression pill Zurzuvae, revealing in first quarter earnings drug sales that surpassed the estimates of Wall Street analysts.
    • “Biogen said sales of Zurzuvae between January and March hit $12 million, up from $2 million in the fourth quarter of 2023 and doubling consensus estimates of $5 million to $6 million. The company didn’t, however, reveal the number of prescriptions filled for Zurzuvae, making demand for the drug difficult to track. 
    • “Zurzuvae, which was discovered by Biogen partner Sage Therapeutics and approved by the Food and Drug Administration last August, is the only pill available specifically meant to treat postpartum depression, or PPD. But its sales prospects are uncertain, as the condition often goes undiagnosed, and many who are diagnosed don’t receive treatment.”  
  • STAT News tells us,
    • “A year ago, when Novo Nordisk announced it would cut the price of multiple insulin products by up to 75%, President Biden, lawmakers, and patient groups all counted the move as a win.
    • But several months later, Novo decided to discontinue one of those products, the basal insulin Levemir.
    • “Though the insulin won’t officially be off the market until the end of this year, patients are already running into supply disruptions and insurance cutoffs, leaving them with few options. The discontinuation, which is happening only in the U.S., has now drawn alarm from some Democratic senators, who sent a letter to Novo last week demanding an explanation.
    • “The turn of events highlights a key gap in policy efforts: Even if officials can get drugmakers to cut prices, the companies can choose to just pull a drug off the market, without guaranteeing that other manufacturers will continue to make the compound.”
  • Beckers Payer Issues informs us,
    • “Humana reported $741 million in net income in the first quarter of 2024. 
    • “The company published its first quarter earnings report April 24, beating investor expectations. In Q1 2023, Humana posted $1.2 billion in net income.
    • “Total revenue in the first quarter was $29.6 billion, up 10.7% year over year. 
    • “Humana’s medical loss ratio was 88.9% in the first quarter, which the company projects will rise to about 90% for the full year.”
  • Beckers Hospital Review notes,
    • “Cleveland Clinic’s eHospital program has expanded and now monitors 248 patient beds in ICUs and other units across the organization’s network.
    • “The eHospital program launched in 2014 as a pilot in one intensive care unit. The program is centered around a component known as the “bunker,” an operations center on Cleveland Clinic’s main campus. The operations center is staffed from 7 p.m. to 7 a.m. daily by a team consisting of two critical care nurses and a physician. Their primary responsibility is to monitor patients across various ICU units within the Cleveland Clinic network.”
  • and identifies the 25 most expensive hospital drugs.
    • “Keytruda (pembrolizumab) was nonfederal hospitals’ costliest drug expense in 2023, according to research published April 24 in the American Journal of Health-System Pharmacy
    • “In 2021 and 2022, COVID-19 drug Veklury (remdesivir) was the No. 1 pharmaceutical expense for the nation’s hospitals. Most medicines on the list saw modest changes from the prior year except for TNKase (tenecteplase), a cardiovascular therapy that cost hospitals 87.9% more in 2023.”