Tuesday report

Generative AI

Tuesday report

David ErmerCongress, Federal employment benefits, Generative AI, Medical / Rx research, Mental health care, NCQA, Patient safety, SCOTUS, Uncategorized

From Washington, DC,

  • Federal News Network reports,
    • “The House [of Representatives] passed a spending package to end a short-term partial government shutdown and fund most federal agencies through the end of the fiscal year.
    • “The spending deal, which includes a two-week continuing resolution for the Department of Homeland Security, was passed by the Senate last Friday.
    • “President Donald Trump signed the spending package into law on Tuesday afternoon.” * * *
    • “The spending package includes language guaranteeing back pay to federal employees who were briefly furloughed during the partial shutdown.” * * *
    • “After Trump signed the spending plan into law, OPM directed furloughed employees to return to work.”
  • The Wall Street Journal notes,
    • Twenty-one Republicans voted against the package [on the final vote [217-214] for passage], largely hard-liners who wanted to use the spending package as a vehicle to tighten election procedures. Twenty-one Democrats—mostly a collection of appropriations-committee members and centrists—voted for it.
  • Fierce Healthcare adds,
    • “The legislation finalizes several key healthcare extenders including provisions of the Medicare telehealth program and Acute Hospital Care at Home waiver as well as major supplementary funding programs for rural hospitals and those with high proportions of government-covered patients. The bill provides a five-year extension of the Acute Hospital Care at Home program and a two-year extension for Medicare telehealth flexibilities. The telehealth provisions in the bill include removing Medicare’s geographic requirements for telehealth and expanding the types of practitioners able to furnish telehealth services for the government health program.
    • “The bill also introduces reforms to pharmacy benefit manager (PBM) practices, including elements that would prevent PBMs from tying compensation in Part D to the list price of drugs, and boost price transparency for employers in their PBM contracts.
    • “Other provisions in the bill require that Medicare Advantage plans provide accurate provider lists, addressing so-called “ghost networks” that have come under fire in recent years. It would also require that health systems establish unique identification numbers for outpatient services, allowing the Centers for Medicare & Medicaid Services to track pricing in these facilities.”
  • Rep. Jodey Arrington (R TX), the chairman of the House Budget Committes, writing in Real Clear Health, shares his vision of a second reconciliation bill that would focus on healthcare.
  • The HHS Office of Inspector General posted “Medicare Advantage Industry Segment-Specific Compliance Program Guidance.”
  • Per an AHIP news release,
    • “Public and private payers are delivering greater value to Americans and the health care system by advancing value-based care (VBC). AHIP, in collaboration with the Centers for Medicare & Medicaid Services (CMS), today released the results of the 2025 Alternative Payment Model (APM) Adoption Survey. The findings reaffirm the commitment of the federal government and private health plans to advance VBC and APM models that shift away from fee-for-service (FFS) models toward payment arrangements that reward quality, efficiency and improved patient outcomes.
    • “This year’s survey highlights how health plans continue to work hand-in-hand with providers to advance value-based care and drive meaningful improvement for patients. These innovative payment models reward outcomes, resulting in patient-centered, high-quality, coordinated care that is more affordable for Americans,” said Danielle Lloyd, MPH, AHIP’s senior vice president of private market innovations and quality initiatives for Clinical Affairs.” * * *
    • To view the full 2025 survey findings, click here.
  • NCQA announced today,
    • “Every year, NCQA seeks public comment about proposed changes to HEDIS Volume 2.
    • “Public comment is your opportunity to weigh in on the relevance, scientific soundness and feasibility of new and revised measures for HEDIS. Your feedback helps us determine changes to our programs, procedures and processes.
    • “This year’s public comment is open February 13–March 13.
    • We’d like input on:
      • Seven new HEDIS measures.
      • Revising three HEDIS measures.
    • “This year’s public comment will go live Friday, February 13, at 9:00a.m. ET.
    • We’ll post the link and more details here, so check back on February 13.”
  • The Washington Post relates,
    • “The American Society of Plastic Surgeons has issued a broad recommendation against gender transition surgeries for youths, becoming the first major medical association in the United States to narrow its guidance on pediatric gender care amid a crackdown by the Trump administration.
    • “A statement sent Tuesday to the group’s 11,000 members and obtained by The Washington Post recommends surgeons delay gender-related chest, genital and facial surgery until a patient is at least 19 years old. Fewer than 1,000 minors in the United States receive such surgeries every year, according to research published in JAMA, the American Medical Association’s journal, and the vast majority of the procedures are mastectomies, not genital surgeries.”

From the Food and Drug Administration front,

  • The American Hospital Association News reports,
    • “The Food and Drug Administration Feb. 3 released an early alert on a heart pump issue from certain Abiomed products. The agency said Abiomed found its Impella RP with SmartAssist and Impella RP Flex with SmartAssist devices could display inaccurate information due to a malfunction of the differential pressure sensors. The company reported 22 injuries associated with the issue since Jan. 15.” 
  • MedTech Dive relates,
    • “Abbott received a warning letter from the Food and Drug Administration related to its FreeStyle Libre continuous glucose monitors.
    • “The warning letter, dated Jan. 23 and posted to the FDA’s website on Tuesday, concerns performance specifications and testing for the glucose sensors’ accuracy. An Abbott spokesperson wrote in an email that the company is implementing corrective actions and providing ongoing updates to the FDA.
    • “The warning letter does not affect Abbott’s ability to manufacture, market or distribute Libre products, wrote Leerink Partners analyst Mike Kratky and J.P. Morgan analyst Robbie Marcus.”
  • The Wall Street Journal informs us,
    • AstraZeneca AZN said the U.S. Food and Drug Administration rejected an initial submission for its Saphnelo lupus drug in injection form, and vowed to work with the regulator to move forward with an updated application.
    • “The U.K. pharmaceutical company said Tuesday that the FDA issued a complete response letter, which indicates that a new drug application can’t be approved in its present form, regarding Saphnelo for subcutaneous administration. The company said it subsequently provided information requested in the letter and that it was committed to working with the FDA to progress the application as quickly as possible.
    • “A decision on the updated application is expected in the first half of 2026, AstraZeneca said.
    • “The drug, a treatment for the autoimmune disease systemic lupus erythematosus, is already approved as an intravenous infusion and that form of administration remains commercially available, AstraZeneca said.”
  • Fierce Biotech tells us,
    • “As the first CAR-T treatment for an autoimmune disease draws ever closer, officials at the FDA have signaled a willingness to support the development of these novel cell therapies with a flexible regulatory approach.
    • “While interested in CAR-T therapies’ potential to achieve durable, drug-free remission in serious autoimmune conditions, the FDA is equally wary of their “unpredictable long-term toxicity,” according to an article published Monday in the Annals of Internal Medicine.
    • “In the article, Vinay Prasad, M.D., director of the FDA’s Center for Biologics Evaluation and Research, and two other regulators said that, recognizing the complexity of autoimmune conditions in terms of seriousness and type, the agency will work with CAR-T makers “on a case-by-case basis to encourage appropriate study populations in rheumatologic autoimmune disease.”
    • “Simultaneously, citing a need to monitor a drug’s effect on fertility, the FDA officials recommended that industry conduct long-term follow-up studies for CAR-T products in the autoimmune setting, “as is standard for genetic therapies and CAR T-cells for oncologic indications.”
    • “While the FDA “shares enthusiasm for this class of products,” it will “carefully shepherd” the advancement of clinical studies “focused on the development, durability, and long-term safety of CAR T-cell therapies,” the regulators wrote.”
  • STAT News lets us know, “AI could soon renew prescriptions without clinician help. Should the FDA make sure it’s safe? Doctronic claims its AI doctor doesn’t need FDA approval. Experts aren’t so sure.”

From the public health and medical / Rx research front,

  • Nature reports,
    • “Nearly 40% of new cancer cases worldwide are potentially preventable, according to one of the first investigations1 of its kind, which analysed dozens of cancer types in almost 200 countries.
    • “The study found that in 2022, roughly seven million cancer diagnoses were linked to modifiable risk factors — those that can be changed, controlled or managed to reduce the likelihood of developing the disease. Overall, tobacco smoking was the leading contributor to worldwide cancer cases, followed by infections and drinking alcohol. The findings suggest that avoiding such risk factors is “one of the most powerful ways that we can potentially reduce the future cancer burden”, says study co-author Hanna Fink, a cancer epidemiologist at the World Health Organization’s International Agency for Research on Cancer in Lyon, France.
    • “The study was published today in Nature Medicine.”
  • The American Journal of Managed Care relates,
    • “The majority (57.5%) of commercially insured patients had at least 1 chronic condition in 2024. The average allowed amount1 for a patient with no chronic conditions was $1590, whereas the average allowed amount for a patient with 1 chronic condition was nearly double ($3039). Of 44 common chronic conditions studied, hyperlipidemia, or high cholesterol, was the most common, with a crude prevalence2 of 21.2%. These and other findings are reported in a new FAIR Health white paper: Chronic Conditions in the United States: A Study of Commercial Claims.” * * *
    • “Many patients had more than 1 chronic condition. For example, 11.5% of patients had 2 conditions, and 9.1% had 3.
    • “Some chronic conditions frequently co-occur. In the commercially insured population, 33.4% of patients had hyperlipidemia, hypertension, obesity, or some combination of these, and 4.3% had all 3.3 Half the patients with any one of these conditions had more than 1.” * * *
    • “For the complete white paper, click here
  • CNN tells us,
    • “Men develop a greater risk of cardiovascular disease years earlier than women — starting at around age 35, according to a new long-term study.
    • “The report, published Wednesday in the Journal of the American Heart Association, followed more than 5,000 adults from young adulthood and found that men reached clinically significant levels of cardiovascular disease about seven years earlier than women.
    • “Experts advise both men and women to monitor their heart health in early adulthood and to see their doctor regularly.
    • “Heart disease doesn’t happen overnight; it develops over years. One of the things I think oftentimes people aren’t aware of is that it can start really early in your 30s or 40s,” said study coauthor Dr. Sadiya Khan, professor of cardiovascular epidemiology at Northwestern University Feinberg School of Medicine in Chicago.
    • “Even if you don’t have heart disease at that time, your risk can start at that time.”
  • MedPage Today adds,
    • “National data showed 79% of adults with hypertension didn’t have their blood pressure within the blood pressure goal recommended by guidelines.
    • “Most of those uncontrolled hypertension cases went untreated by blood pressure medication.
    • “These findings highlight a large gap in hypertension control that treating hypertension earlier and more intensively could address.”
  • The New York Times observes,
    • “For much of the 20th century and beyond, social scientists attributed a range of chronic mental health problems to dysfunction between infants and their mothers, who were categorized as overbearing, rejecting, domineering or ambivalent.
    • “But a team of researchers from Pennsylvania State University has found that at times the early parenting behavior of fathers may have a greater impact on children’s health.
    • “For a study published recently in the journal Health Psychology, the scientists observed three-way interactions between 10-month-old infants, their fathers and their mothers, and then checked in on the families when the children were 2 and 7.
    • “They found that fathers who were less attentive to their 10-month-olds were likely to have trouble co-parenting, instead withdrawing or competing with mothers for the children’s attention. And at age 7, the children of those fathers were more likely to have markers of poor heart or metabolic health, such as inflammation and high blood sugar.
    • “Mothers’ behavior did not have the same effect, said Alp Aytuglu, a postdoctoral scholar at Penn State’s College of Health and Human Development and an author of the paper.
    • “We of course expected that family dynamics, everybody in the family, fathers and mothers, would impact child development — but it was only fathers, in this case,” Dr. Aytuglu said.”
  • Per Health Day,
    • “More than one-quarter of young children experience persisting symptoms after concussion (PSaC), according to a study published online Jan. 26 in Pediatrics.
    • “Sean C. Rose, M.D., from The Ohio State University in Columbus, and colleagues assessed the frequency of PSaC after early childhood concussion and identified potential predictors of PSaC. The analysis included 235 young children (ages 6 months to <6 years) with concussion, 108 with orthopedic injury, and 75 community controls.
    • “The researchers found that at one month postinjury, PSaC were documented in 28 percent of children with concussion, higher than in the orthopedic injury group (10 percent) and the community control group (2 percent). PSaC were documented in just under one-quarter of children at three months postconcussion (24 percent) and 16 percent at 12 months. PSaC at one month postconcussion was predicted by total symptom burden in the emergency department (odds ratio, 1.108). There were no associations for age, loss of consciousness, receiving brain imaging in the emergency department, attending daycare or school, or parent education with PSaC.”
  • and
    • “The symptoms women experience on the verge of menopause could be vastly different from what they might expect, a new study says.
    • “Women in perimenopause – the time leading up to their final period, as well as the year after – expect to be plagued with hot flashes and night sweats.
    • “However, these women reported symptoms like exhaustion and fatigue far more frequently than those typically associated with menopause, researchers reported Jan. 28 in the journal Menopause.
    • “This study shines a light on how little we still understand about perimenopause and how much it affects people’s daily lives,” lead researcher Dr. Mary Hedges said in a news release. She’s a community internal medicine physician at the Mayo Clinic in Jacksonville, Florida.”
  • Per BioPharma Dive,
    • “An experimental obesity shot Pfizer got through a buyout of Metsera helped enrollees in a mid-stage trial lose significantly more weight than a placebo, spurring up to an 11% reduction over 28 weeks using a regimen that switched from a weekly to monthly dose after 12 weeks.
    • “When including only participants who completed the trial, the shot helped people lose up to 12 percentage points more of their body weight than those who received a placebo. Though cross-trial comparisons can be misleading, the results “look slightly inferior” to what was seen in testing of Eli Lilly’s blockbuster Zepbound at a similar timepoint, wrote Leerink Partners analyst David Risinger.
    • “Pfizer executives noted on a conference call that, going forward, they intend to test a far higher dose than they did in Phase 2 testing. Phase 3 trials starting later this year will involve a dose that’s double the highest one used in the Phase 2.”

From the U.S. healthcare business and artificial intelligence front,

  • Fierce Healthcare reports,
    • “Kaiser Permanente and Renown Health have wrapped the paperwork on a deal forming an insurance and outpatient care joint venture in northern Nevada. 
    • “The arrangement announced last September (see below) represents an entry into the geographic market for Kaiser, the country’s largest nonprofit health system. It brings Hometown Health—an existing health plan run by Renown Health, a Reno-based, two-hospital nonprofit system—plus an existing primary care medical office under joint ownership. The partners have plans to open two more facilities in 2026, plus retail pharmacies in 2027. 
    • “This joint venture with Renown Health allows us to extend our value-based care model and nation-leading health outcomes to northern Nevada, in collaboration with Renown Health’s trusted local teams,” Greg Adams, chair and CEO of Kaiser, said in a Tuesday announcement. “Together, we will improve health outcomes; expand access to affordable, high-quality care; and serve the needs of this growing community.”
    • “Financial terms of the transaction were not disclosed.” 
  • and
    • “Primary care company Carbon Health filed for Chapter 11 bankruptcy relief in Texas. 
    • “The company, which offers both in-person care at nearly 100 clinics and virtual care services, said Monday it reached a restructuring agreement with its existing lenders that establishes a “clear path to recapitalization and new ownership.”
    • “Carbon Health intends to pursue a dual-track, court-supervised process that allows it to enter a Chapter 11 plan premised on a debt-for-equity exchange, and a post-petition marketing and sale process for all or a portion of its assets, the company said in a press release issued Monday.
    • “This structure is intended to maximize value while preserving flexibility as the process moves forward,” Carbon Health executives said.
    • “To implement the restructuring, Carbon Health and certain affiliates have filed voluntary petitions for reorganization under Chapter 11 of the U.S. Bankruptcy Code in the United States Bankruptcy Court for the Southern District of Texas.”
  • Healthcare Dive relates,
    • “Humana is launching an artificial intelligence tool that aims to help its call center workers answer beneficiaries’ questions about their coverage, the insurer said Tuesday. 
    • “Agent Assist, developed in partnership with Google Cloud, can summarize conversations between workers and enrollees in real time while highlighting relevant information, like the member’s benefit and eligibility details and important context from the call, Chris Sakalosky, vice president of strategic industries at Google Cloud, said via email.
    • “The insurer began rolling out Agent Assist in October, and plans to implement the tool across Humana’s service centers this year.”
  • Per MedCity News,
    • “About 50 million people in the U.S. are affected by autoimmune disease, and about 80% of them are women. When women give birth, they often experience significant hormonal changes that can trigger new diagnoses or symptoms of autoimmune disease.
    • “That’s why WellTheory, a platform focused on autoimmune disease, launched a new program last week aimed at supporting women in the postpartum period.
    • ‘Atherton, California-based WellTheory treats autoimmune conditions such as Addison’s disease, celiac disease, multiple sclerosis and lupus. Using a collaborative care model, it partners with patients’ physicians to deliver personalized plans focused on nutrition, stress, sleep and movement. The company offers video sessions, unlimited expert messaging and diagnostics. It serves both employers and health plans.
    • “The new postpartum program includes personalized care plans and one-on-one support with autoimmune and hormonal health experts. WellTheory also provides advanced hormonal testing if appropriate, including assessment of sex hormones, cortisol levels and metabolites. This helps identify root causes of conditions like postpartum depression.”
  • Adam Fein writing in his Drug Channels blog lets us know,
    • “The boffins at the Centers for Medicare & Medicaid Services (CMS) recently dropped the latest National Health Expenditure (NHE) data, which track all U.S. spending on healthcare. (Links below.)
    • “We spent an astounding $5,278,588,000,000 on healthcare in 2024. Yes, that’s $5.3 trillion!
    • “Retail outpatient prescription drugs accounted for less than 9% of that total. More than half of net outpatient drug spending was paid by federal, state, and local government programs. Below, we delve into the spending trends, which reveal the impact of the Inflation Reduction Act (IRA) on Medicare spending, the boom in healthcare marketplaces, and the post-pandemic bust in Medicaid. 
    • “Contrary to what you might read, the government’s data show that drug spending growth was not driven by purportedly “skyrocketing” drug prices. In reality, nearly all of the increase in drug spending reflected higher utilization—more people treated, more prescriptions dispensed, and shifts among drugs dispensed—rather than higher net prices.”
  • Per Fierce Pharma,
    • “Armed with what CEO Robert Davis called the “broadest and widest pipeline we’ve had in years,” Merck is preparing for its post-Keytruda future with what it foresees as a host of major sales opportunities over the next decade.
    • “Thanks in part to its recent acquisitions of Verona Pharma and Cidara Therapeutics, the company sees new growth drivers delivering potential annual revenue of more than $70 billion by the “mid-2030s,” Merck said in its fourth-quarter and full-year earnings presentation (PDF).
    • “To put the $70 billion number into context, Davis pointed to the figure as being more than double the $35 billion Keytruda is expected to pick up during its peak sales year in 2028. The oncology superstar is slated for a loss of exclusivity (LOE) in 2028, and a growing pipeline of Keytruda biosimilars is already lining up to take a shot at the drug’s massive market.
    • “Our belief in our ability to have substantial growth once we get closer to the LOE is as high as it’s ever been,” Davis emphasized on a conference call. “And we’re not done.”
  • and
    • “During the first six months of Maziar Mike Doustdar’s tenure as Novo Nordisk’s CEO, the company enjoyed a run of positive momentum highlighted by the launch of its Wegovy pill and a recent stock-price runup. But investor optimism came to a sudden halt Tuesday as the company warned of significant sales and earnings declines in 2026.
    • “Tuesday, Novo put out word that it’s expecting sales and earnings to slide between 5% and 13% this year. In 2025, Novo generated sales growth of 10% and operating profit growth of 6%, the company said.
    • “A few factors are playing into the 2026 guidance. For one, the company said it’s expecting sales to decline in the U.S. amid “intensifying competition” and lower prices in some areas of its business. Novo is also warning of a sales hit from the recent “Most Favored Nation” pricing deal it struck with the Trump administration.
    • “The company is also forecasting a currency hit as the U.S. dollar has lost value against the Danish krone, Novo’s local currency.”
  • Per MedTech Dive,
    • “Medtronic plans to acquire CathWorks, which makes tools to help detect coronary artery disease, the companies announced on Tuesday. Medtronic will pay up to $585 million, with the potential for undisclosed earn-out payments after the acquisition closes.
    • “The companies have worked together since 2022, when Medtronic agreed to co-promote CathWorks’ FFRangio System in the U.S., Europe and Japan.
    • “The FFRangio System uses artificial intelligence and computational science to provide an assessment of the entire coronary tree using routine angiograms, a type of X-ray for imaging blood vessels. The system can provide fractional flow reserve, or FFR, values that help detect what lesions are causing a reduction in blood flow. The system can also help physicians measure the dimensions of a lesion during an operation.”
  • Per Radiology Business,
    • “RadNet Inc. is entering the Midwest by acquiring a 60-year-old private practice’s outpatient imaging assets. 
    • “The Los Angeles company has reached a deal to acquire six freestanding centers, all operated by Indianapolis-based Northwest Radiology, for an undisclosed sum. 
    • “Founded in 1967, NWR is one of Indiana’s largest independent imaging groups, employing 18 physicians. They will continue to provide contracted services across the practice’s former locations. 
    • “The centers are primarily located in Carmel, a growing northern suburb of Indianapolis recently recognized by Travel & Leisure magazine for its livability. RadNet—which, as a publicly traded company, will eventually disclose the purchase price in a future regulatory filing—expects to net $18 million in annual revenue from the sale. 
    • “Steve Forthuber, president and CEO of Eastern Operations for RadNet, said the practice has built “remarkable trust and confidence” among the local physician community. The company plans to work closely with NWR radiologists to further expand their “clinical reach and capabilities.” 

Monday report

David ErmerCDC, Congress, FDA, Generative AI, Medical / Rx research, No Surprises Act, OPM, U.S. Healthcare

From Washington, DC,

  • The Wall Street Journal reports,
    • “President Trump demanded Monday that House lawmakers back the bipartisan spending deal passed by the Senate last week and set aside policy demands in an effort to quickly end a partial government shutdown
    • “We need to get the Government open, and I hope all Republicans and Democrats will join me in supporting this Bill, and send it to my desk WITHOUT DELAY,” Trump posted on Truth Social. “There can be NO CHANGES at this time.”
    • “House Speaker Mike Johnson (R., La.) is trying to pass as soon as Tuesday the $1.2 trillion package that funds large parts of the federal government through the end of the fiscal year while funding the Department of Homeland Security for just two weeks. That short-term extension is designed to provide time for a bipartisan deal to be reached on stricter policies for immigration-enforcement agents.” 
  • The American Hospital Association (AHA) News tells us,
    • “The Department of Health and Human Services today announced a new behavioral health initiativeto assist homeless individuals with substance use treatment and recovery. The program, called the Safety Through Recovery, Engagement, and Evidence-based Treatment and Supports, or STREETS, will focus on psychiatric care, medical stabilization and crisis intervention, HHS said. The initiative is tied to an executive order issued by the administration last week on substance use.” 
  • In January 2024 OPM proposed to create to advance the FEHB / PSHB eligibility date to the first day of employment.  AFHO, the trade association that the FEHBlog represents, used the public comment period to advocate for the HIPAA 820.  Today, in a welcome deregulatory step, OPM withdrew the proposed rule.
  • MedCity News considers whether “It is Time to Change the Independent Dispute Resolution Process of the No Surprises Act.” The FEHBlog thinks so because the current process is opaque.

From the Food and Drug Administration front,

  • MedTech Dive reports,
    • “Grail has filed for Food and Drug Administration approval of its multi-cancer early detection test, the company said Thursday.
    • “The premarket approval filing for Grail’s Galleri test focuses on a U.S. study of more than 25,000 people and a randomized, controlled trial the company is running in the United Kingdom.
    • “Grail President Josh Ofman said at an event in January that approval will be a “major trigger” for evidence-based decisions with U.S. payers and could enable Medicare coverage.”
  • Cardiovascular Business relates,
    • “eMurmur, an Ontario-based artificial intelligence (AI) startup, has received U.S. Food and Drug Administration (FDA)clearance for its suite of algorithms designed to evaluate heart recordings captured by digital stethoscopes. 
    • “The newly approved offering, eMurmur Heart AI, was designed to detect both the presence and absence of heart murmurs. In addition, it can provide hemodynamic data that helps care teams as they develop patient management strategies. eMurmur Heart AI can be accessed through the company’s own standalone software—available as a web platform or mobile app—or through a third-party system.”

From the public health and medical / Rx research front,

  • The AHA News reports,
    • “The Centers for Disease Control and Prevention released its annual progress report on health care-associated infections Jan. 29, which found continued decreases in hospitalizations from multiple infections last year. Among the findings, there was an 11% decrease in hospital-onset Clostridioides difficile, or C. difficile, infection; a 10% decrease in catheter-associated urinary tract infections, or CAUTI; a 9% decrease in central line-associated bloodstream infections, or CLABSI; and a 7% decrease in hospital-onset methicillin-resistant Staphylococcus aureus, or MRSA. 
    • “Among inpatient rehabilitation facilities, there was an 18% decrease in hospital-onset C. difficile infections and an 8% decrease in CAUTI. For long-term care hospitals, there was a 23% decrease in ventilator-associated events and a 15% decrease in hospital-onset C. difficile. The report recommended providers continue reinforcing prevention practices, review HAI surveillance data to identify areas for improvement and address any gaps in prevention practices.”
  • Cardiovasular Business relates,
    • “Researchers have developed a new injectable therapy that could help protect a patient’s brain after they experience a stroke. The team behind this new treatment shared a look at its early progress in Neurotherapeutics.
    • “The therapy in question was built to cross the blood-brain barrier and help repair brain tissue, limiting the risk of permanent brain damage and encouraging a healthy recovery following an ischemic stroke. Co-author Samuel Stupp, PhD, founding director of Northwestern University’s Center for Regenerative Nanomedicine, previously found that supramolecular therapeutic peptides (STPs) technology could reverse paralysis and repair tissue in mice after a single injection. This analysis took those observations related to the potential benefits of STPs and transferred them to a new area of medicine. 
    • “Current clinical approaches are entirely focused on blood flow restoration,” co-author Ayush Batra, MD, an associate professor with the Northwestern University Feinberg School of Medicine and co-director of the NeuroVascular Inflammation Laboratory at Northwestern, said in a statement. “Any treatment that facilitates neuronal recovery and minimizes injury would be very powerful, but that holy grail doesn’t yet exist. This study is promising because it’s leading us down a pathway to develop these technologies and therapeutics for this unmet need.”
  • MedPage Today informs us,
    • “Use of single maintenance and reliever therapy (SMART) for moderate-to-severe asthma saved money by improving outcomes, according to a meta-analysis.
    • “While SMART is recommended by guidelines, combination inhalers aren’t FDA approved for both rescue and maintenance therapy, and thus insurance coverage has been a struggle in the U.S.
    • “Finding an economic advantage should influence payer decisions, the researchers suggested, calling for broader formulary inclusion of SMART.”
  • and
    • “All hypertensive disorders of pregnancy were tied to increased long-term cardiovascular risk, but superimposed preeclampsia carried the highest risk.
    • “All subtypes were significantly associated with higher risks of heart failure and stroke, and most were associated with higher risk of cardiovascular death.
    • “Unspecified hypertension was associated with myocardial infarction, while chronic and unspecified hypertension were both associated with atrial fibrillation.”
  • The Endocrinology Advisor lets us know that “the fit-fat index (FFI), which calculates the ratio of cardiorespiratory fitness to various adiposity measures (BMI, WHR, or WHtR), is significantly associated with lower risks for cardiovascular and all-cause mortality.”
  • Genetic Engineering and BioTechnology News points out,
    • “Evidence has been rising over the past few years that the gut microbiome can significantly influence how well cancer treatments work, especially immunotherapies. But the underlying mechanism has remained unclear. Now, a new study reveals how bacteria in the gut can help determine whether the amino acid asparagine (obtained from diet) will increase tumor growth or activate immune cells against the cancer​.
    • “The findings, published in Cell Microbe and Host in the paper, “Microbiota utilization of intestinal amino acids modulates cancer progression and anticancer immunity,” could lead to a novel cancer treatment approach and monitoring strategy; instead of targeting tumors directly, clinicians may one day be able to reshape the gut microbiome or diet to starve tumors while supercharging immune cells.
    • “Our study suggests that we need to think about how the interplay of diet, gut microbiota and tumor-infiltrating immune cells could affect cancer growth and response to therapy. We can’t overlook this key level regulation,” said Chunjun Guo, PhD, associate professor of immunology at Weill Cornell.”
  • Per BioPharma Dive,
    • “Novo Nordisk’s experimental combination shot CagriSema helped people with diabetes and obesity lower their blood sugar and lose more weight than the blockbuster drug Wegovy in a Phase 3 trial, the company said Monday, building the case for regulatory approval.
    • “The results come from one of several studies Novo has underway in obesity and diabetes for CagriSema, which adds a second metabolic drug to the active ingredient from Wegovy in a fixed-dose injection. The Denmark-based drugmaker has already asked the Food and Drug Administration to approve the shot in obesity.
    • “The data could sharpen Novo’s rivalry with Eli Lilly and its obesity drug Zepbound, which has overtaken Wegovy to become the biggest-selling obesity treatment in the world. Looking at all participants enrolled in the trial, CagriSema’s weight loss and blood-sugar reductions fall numerically short of Zepbound’s, but a head-to-head trial comparing the two hasn’t been completed yet.”
  • and
    • “An experimental rare disease drug from Sanofi succeeded against one so-called lysosomal storage disorder but failed against another, the French pharmaceutical company said Monday.
    • “According to Sanofi, the drug, dubbed venglustat, missed its primary objective in a Phase 3 study testing it against Fabry disease. However, in another study in a form of Gaucher disease, the drug met its main goal and three out of four key secondary endpoints. Sanofi didn’t provide details — they’ll be shared at medical meeting this week — but said it intends to submit the Gaucher results to global regulatory authorities.”

From the U.S. healthcare business and artificial intelligence front,

  • MedCity News reports,
    • “Access to primary care is collapsing in the U.S., creating an opening for new models that lower costs and improve outcomes.
    • “This week, Premise Health and Crossover Health moved to capitalize on that opportunity, announcing an agreement to merge into a single company focused on scaling primary care access. The combined organization will provide onsite, nearsite and virtual care for more than 400 employers with millions of members, operating nearly 900 wellness centers across the country.
    • “The new entity will be led by Premise CEO Stu Clark. He framed the deal as a convergence of two companies with the same thesis: advanced primary care is the lever to disrupt U.S. healthcare. Both companies define advanced primary care as an integrated bundle of primary care, behavioral health, pharmacy services and care navigation.
    • “Crossover and Premise have proven that a few things happen when you deploy our advanced primary care models: access goes up, health improves and costs go down. Costs go down for the employer as well as for the family,” Clark stated.
    • “The company’s target customers will be large self-insured employers, mainly Fortune 1000 companies, unions, Native tribes and government entities, he said.”
  • Healthcare Dive relates,
    • “Tenet has regained full ownership of Conifer Health Solutions, acquiring the remaining stake in its revenue cycle management business from CommonSpirit Health.
    • CommonSpirit will pay Tenet almost $1.9 billion over the next three years to get out of its existing services contract, according to the deal announced Monday. That’s offset by $540 million that Conifer will pay CommonSpirit for its almost 24% equity stake and to eliminate CommonSpirit’s capital account.
    • “All told, Tenet executives said the deal creates almost $2.7 billion in total value to the system through the cash payments, the reduction of liability on its balance sheet and the value of the additional Conifer equity. Tenet’s stock rose 2% in morning trade Monday following the news.”
  • Fierce Healthcare informs us,
    • “Community Health Systems (CHS) has wrapped a deal to divest its 80% interest in two joint ventures to Vanderbilt University Medical Center (VUMC), the organizations announced Monday morning.
    • “The joint ventures own and operate Tennova Healthcare – Clarksville, a 270-bed hospital with 1,100 staff, and other ancillary businesses in the major Tennessee city. CHS received $623 million before certain transaction expenses for the interests, with CHS also paying $23 million of owed balances to the subsidiaries upon completion of the transaction. 
    • “VUMC, in its announcement, said it will be renaming the hospital and a freestanding emergency room to Vanderbilt Clarksville Hospital and Vanderbilt Emergency Sango, respectively. It also highlighted physician practices in Clarksville plus nearby Dover, Pleasant View and Tiny Town that were included in the deal.”
  • and
    •  “Community Health Systems (CHS) has sold its Commonwealth Health system to nonprofit Tenor Health Foundation, the for-profit chain announced.
    • “The sale, effective Feb. 1, comes just days after the parties received regulatory clearance from the state and in the wake of community and government efforts to keep the facilities open despite financial losses (see that story below). 
    • “The announcement also makes public the three-hospital system’s price tag: $33 million of cash plus a $15 million promissory note from Tenor, with additional cash considerations possible depending on collections of certain patient accounts receivable during the following 90 days.”
  • Healthcare Dive adds,
    • “Healthcare bankruptcies declined in 2025, even as the sector faces financial headwinds on the horizon, according to an analysis published last week by restructuring advisory firm Gibbins Advisors.
    • “The industry recorded 45 bankruptcy filings for debtors with liabilities of at least $10 million last year, down 21% from 2024 — and a steep drop from the 79 cases logged in 2023. However, hospital bankruptcies rose. 
    • “Another year of falling Chapter 11 bankruptcy filings doesn’t necessarily signal financial health in the sector, the report cautioned. Healthcare remains under “significant pressure” as the industry faces looming challenges like historic cuts to Medicaid, according to Gibbins.” 
  • The New York Times tells us,
    • If you wind up at an urgent care center in America, it’s increasingly likely you will be treated by a P.A. For a long time, P.A. meant the same thing everywhere: “physician assistant,” a licensed medical professional who can perform patient care, including prescribing medicine, under the supervision of a doctor.
    • But that might be changing. In Oregon, New Hampshire and Maine, P.A. now means “physician associate,” and other states may follow this year.
    • “Assistant” versus “associate” might sound like a trivial semantic debate, but to many practitioners, and to the American Academy of Physician Associates (which changed its own name in 2021), it’s an important part of the expanding role of P.A.s in health care. * * *
    • “Since 2000, the number of P.A.s has quadrupled, while many parts of the country face a shortage of doctors. That means P.A.s are becoming more numerous — and visible — in all fields of medicine, from primary care to dermatology. And along with the name change, they are seeking the ability to operate more independently from doctors.”
  • Per The Wall Street Journal,
    • “Eli Lilly plans to open a $3.5 billion weight-loss drug manufacturing plant in Pennsylvania’s Lehigh Valley, creating 850 permanent jobs.
    • “Pennsylvania is investing $100 million in tax credits and grants for the project, plus $5 million for a pharmaceutical training center.
    • “Lehigh Valley manufacturing jobs have grown by 28.8% since 2010, triple the national rate, despite recent U.S. manufacturing job contractions.”
  • Per Beckers Health IT,
    • “Oracle Health is expanding its Clinical AI Agent to help clinicians automate the creation of clinical orders during patient appointments.
    • “The tool now supports automated order creation for laboratory tests, imaging and diagnostic studies, new and refilled prescription medications, follow-up appointments and referrals. Oracle Health said in a Feb. 2 news release that the update builds on the product’s existing note-generation feature and uses ambient listening during visits to draft clinical orders for physician review and approval.
    • “The technology is designed to reduce the administrative burden of repetitive manual tasks, such as order entry, which can pull providers away from direct patient care and contribute to burnout.”

Cybersecurity Saturday

David ErmerCybersecurity, Generative AI

From the cybersecurity policy and law enforcement front,

  • The Wall Street Journal reports,
    • “Senators voted 71-29 to pass a $1.2 trillion package of five bills funding many agencies through September and a sixth to provide two weeks of funding for the Department of Homeland Security. The measure was designed to give lawmakers more time to negotiate over proposed new restrictions on immigration enforcement.
    • “The proposal still needs to be approved by the House, which isn’t expected to return until Monday. With no law passed, funding for the Pentagon, DHS and other departments lapsed at 12:01 a.m. Saturday, and the partial shutdown is expected to run through the weekend.”
  • The Homeland Security appropriations had been Division H of the consolidated appropriations bill, H.R. 7148. The amended version which the Senate passed yesterday, replaced Section H with a two week long extension of Fiscal Year 2025 appropriations. The FEHBlog raises this point because the provision reauthorizing CISA 2015 is found in Division I.
    • SEC. 5008. CYBERSECURITY INFORMATION SHARING ACT OF 2015. Section 111(a) of the Cybersecurity Information Sharing Act of 2015 (6 U.S.C. 1510(a)) is amended by striking “September 30, 2025” and inserting “September 30, 2026”
  • Consequently this reauthorization will apply when the House passes amended H.R. 7148 next week.
  • Per a Cybersecurity and Infrastructure Security Agency (CISA) news release,
    • “The Cybersecurity and Infrastructure Security Agency (CISA) is calling on critical infrastructure organizations to take decisive action against insider threats. To support this effort, CISA has released today a powerful new resource—Assembling a Multi-Disciplinary Insider Threat Management Team. Designed for critical infrastructure entities and state, local, tribal, and territorial (SLTT) governments, this comprehensive infographic provides actionable strategies guidance to proactively prevent, detect and mitigate insider threats-helping organizations stay ahead of evolving organizational vulnerabilities.
    • “Insider threats often take two forms: calculated acts of harm and unintentional mistakes. Malicious insiders may exploit access for personal gain or revenge, causing severe damage to systems and trust, At the same time, negligence or simple human errors can open the door to vulnerabilities that adversaries can exploit. Whether driven by intent or accident, insider threats pose one of the most serious risks to organizational security and resilience- demanding proactive measures to detect, prevent and respond.
    • “Insider threats remain one of the most serious challenges to organizational security because they can erode trust and disrupt critical operations.” said Acting CISA Director Dr. Madhu Gottumukkala. “CISA is committed to helping organizations confront this risk head-on by delivering practical strategies, expert guidance, and actionable resources that empower leaders to act decisively — building resilient, multi-disciplinary teams, fostering accountability, and safeguarding the systems Americans rely on every day.”
  • Security Week reports,
    • “The White House has announced that software security guidance issued during the Biden administration has been rescinded due to “unproven and burdensome” requirements that prioritized administrative compliance over meaningful security investments.
    • “The US Office of Management and Budget (OMB) has issued Memorandum M-26-05, officially revoking the previous administration’s 2022 policy, ‘Enhancing the Security of the Software Supply Chain through Secure Software Development Practices’ (M-22-18), as well as the follow-up enhancements announced in 2023 (M-23-16).
    • “The new guidance shifts responsibility to individual agency heads to develop tailored security policies for both software and hardware based on their specific mission needs and risk assessments. 
    • “Each agency head is ultimately responsible for assuring the security of software and hardware that is permitted to operate on the agency’s network,” reads the memo sent by the OMB to departments and agencies. 
    • “There is no universal, one-size-fits-all method of achieving that result. Each agency should validate provider security utilizing secure development principles and based on a comprehensive risk assessment,” the OMB added.
    • “While agencies are no longer strictly required to do so, they may continue to use secure software development attestation forms, Software Bills of Materials (SBOMs), and other resources described in M-22-18.”
  • The American Hospital Association News relates,
    • “The FBI has launched a two-month campaign, Operation Winter SHIELD (Securing Homeland Infrastructure by Enhancing Layered Defense), highlighting 10 actions organizations can use to protect against cyberattacks. The recommendations were developed with domestic and international partners and based on recent cyber investigations to reflect adversary behavior and defensive gaps. The recommendations include adopting phish-resistant authentication, implementing a risk-based vulnerability management program, tracking and retiring end-of-life technology on a defined schedule, and managing third-party risk, among others.
    • “Operation Winter SHIELD is based on lessons learned from the most significant nation state and criminal cyber investigations,” said John Riggi, AHA national advisor for cybersecurity and risk. “In sum, agencies involved focused on the most common methodologies threat actors are using to ‘beat us,’ and what cyber defensive measures are the most effective at reducing cyber risk and increasing resiliency and recovery. There is nothing surprising on the list, but the landmark campaign serves as an excellent validation and a concise summary of cybersecurity best practices. Operation Winter SHIELD also acknowledges the private sector’s crucial role in defending the nation’s critical infrastructure against the very real and very serious cyber threats we face as a nation.”
  • Cyberscoop tells us,
    • “The internet domain registration system is a major weakness that malicious hackers can exploit, but is often being overlooked, a senior Secret Service official said Thursday.
    • “It is staggering to me that we live in a world where domain registrars and registrars will do bulk registration of various spellings of a major institution’s brand name to create URLs to then use in phishing campaigns or in fraudulent advertising,” the official, Matt Noyes, said at a conference in Washington, D.C.
    • “It was one of two areas Noyes identified as attack vectors that aren’t adequately being addressed during a panel at the 2026 Identity, Authentication and the Road Ahead Policy Forum, along with susceptibility to business email compromise scams.
    • “The problem is in how the Internet Assigned Numbers Authority (IANA) functions, he said. A decade ago, the United States relinquished its control of that process.
  • The Register informs us,
    • “Ransomware crims have just lost one of their best business platforms. US law enforcement has seized the notorious RAMP cybercrime forum’s dark web and clearnet domains.
    • “RAMP, which stands for Russian Anonymous Marketplace, was an online souk, favored by ransomware-as-a-service gangs, extortionists, initial access brokers, and other miscreants specializing in digital crime. Its websites now say “This Site Has Been Seized,” with the notice attributing the takedown to the FBI in coordination with the US Attorney’s Office for the Southern District of Florida and the Computer Crime and Intellectual Property Section of the Department of Justice.” * * *
    • “It’s highly unlikely impossible that this takedown signals the end of ransomware and other crime crews who used RAMP’s websites to buy and sell malware and exploits and recruit affiliates. Much like horror-movie monsters, cybercrime forums never really die, and their users will likely scatter to other underground marketplaces to buy and sell their illicit services.
    • “Still, “its loss represents a meaningful disruption to a core piece of criminal infrastructure,” Tammy Harper, a senior threat intelligence researcher at Flare who specializes in ransomware research, told The Register.”
  • Per Cyberscoop,
    • “Millions of devices used as proxies by cybercriminals, espionage groups and data thieves have been removed from circulation following Google’s disruption of IPIDEA, a China-based residential proxy network. The reduction in available proxy devices came after Google’s Threat Intelligence Group used legal action and intelligence sharing to target the company’s domain infrastructure, Google said in a blog post Wednesday. 
    • “Google’s action, aided by Cloudflare, Lumen’s Black Lotus Labs and Spur, impaired some of IPIDEA’s proxy infrastructure, but not all of it. The coordinated strikes against malicious infrastructure underscore the back-and-forth struggle threat hunters confront when they take out pieces of cybercriminals’ vast and growing infrastructure. 
    • “Initial data indicates IPIDEA’s proxy network was cut by about 40%.
    • “We have still seen around 5 million distinct bots communicating with the IPIDEA command and control servers, so as of now they are still able to operate with a large volume of proxies,” Chris Formosa, senior lead information security engineer at Lumen Technologies’ Black Lotus Labs, told CyberScoop Thursday.”

From the cybersecurity breaches and vulnerabilities front,

  • Cybersecurity Dive reports,
    • “The share of cyberattacks that relied on vulnerability exploitation as the initial means of access dropped in the fourth quarter of 2025, although it still remained high, researchers from Cisco’s Talos threat intelligence team said in a blog post published on Thursday.
    • “Nearly 40% of the incidents to which Cisco responded in Q4 began with the exploitation of public-facing network services, compared with 62% in the third quarter.
    • “Cisco also saw fewer ransomware attacks in Q4 (13% of all incidents) compared with Q3 (when it was 20%) and the first half of the year (when it was nearly 50% in both Q1 and Q2).
    • “Notably, Cisco said it “did not respond to any previously unseen ransomware variants.”
  • and
    • “Federal authorities and security researchers are warning about a critical vulnerability in Fortinet FortiCloud single sign-on, which is currently under exploitation. 
    • “The flaw, tracked as CVE-2026-24858, allows an attacker with a registered device and a FortiCloud account to access devices registered to other accounts. FortiCloud SSO authentication needs to be enabled in those other devices in order for the attack to work. 
    • “The Cybersecurity and Infrastructure Security Agency on Wednesday warned that Fortinet has confirmed several forms of malicious activity, including hackers changing firewall configurations on FortiGate devices, creating false unauthorized accounts and making changes on VPN accounts in order to get access to new accounts.”
  • Cyberscoop relates,
    • “Google Threat Intelligence Group warned that a diverse and growing collection of attackers, including nation-state groups and financially motivated cybercriminals, are exploiting a path-traversal vulnerability affecting WinRAR that was disclosed and patched six months ago.
    • “The high-severity vulnerability — CVE-2025-8088 — was exploited in the wild almost two weeks before RARLAB, the vendor behind the file archiver tool, addressed the vulnerability in a software update in late July. 
    • “Active exploitation of the vulnerability has consistently extended to more threat groups during the past six months and remains ongoing. Google threat hunters have attributed attacks to at least three financially motivated attackers, four Russia state-sponsored groups and one attacker based in China.” 
  • and
    • “ChatGPT users beware: your browser extensions could be used to steal your accounts and identity.
    • “LayerX Research has identified at least 16 Chrome browser extensions for ChatGPT floating around the internet that promise to enhance work productivity. All show signs of being built by the same threat actor and designed for the same purpose: to pilfer account credentials.
    • “According to security researcher Natalie Zargarov, as legitimate AI browser extensions have become more widely used, “many of these extensions mimic known brands to gain users’ trust, particularly those designed to enhance interaction with large language models.”
    • “As these extensions increasingly require deep integration with authenticated web applications, they introduce a materially expanded browser attack surface,” Zargarov wrote.”
  • CISA added seven five known exploited vulnerabilities to its catalog this week.
    • January 26, 2025
      • CVE-2018-14634 Linux Kernel Integer Overflow Vulnerability
      • CVE-2025-52691 SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability
      • CVE-2026-21509 Microsoft Office Security Feature Bypass Vulnerability
      • CVE-2026-23760 SmarterTools SmarterMail Authentication Bypass Using an Alternate Path or Channel Vulnerability
      • CVE-2026-24061 GNU InetUtils Argument Injection Vulnerability
        • Security Affairs discusses these KVEs here.
    • January 27, 2025
      • CVE-2026-24858 Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability
        • The Hacker News discusses this KVE here.
    • January 29, 2025
      • CVE-2026-128 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
        • Bleeping Computer discusses this KVE here.
  • Cybersecurity Dive points out,
    • “The cybercrime group ShinyHunters is claiming credit for at least five attacks related to a voice phishing campaign that previously was disclosed by security researchers at Okta. 
    • “Okta warned Thursday that a social engineering campaign using custom phishing kits was targeting Google, Microsoft and Okta environments using voice phishing techniques. 
    • ‘The phishing kits were capable of intercepting user credentials and persuading targeted users to skip multifactor authentication.”
  • Bank Info Security notes,
    • “The victim count in a 2025 hack against a Maryland-based firm that provides “artificial intelligence-powered” administrative and technology services to healthcare practices soared to nearly 3.1 million nationwide, according to an updated breach report from Healthcare Interactive.
    • “The company, more commonly known as HCIactive, previously filed lowball estimate breach reports to several state attorneys general. But in a Jan. 7 breach report submitted to Oregon state regulators, HCIactive said the incident affected a total of about 3.06 million individuals.
    • “Based on HCIactive’s latest breach tally provided to Oregon regulators, the company’s hacking incident as of Wednesday would rank among the 10 largest of the 691 protected health information breaches reported in 2025.”

From the ransomware front,

  • WFSB (Hartford, CT) reports,
    • “A ransomware attack has disrupted New Britain [CT]’s city network systems for more than 48 hours, forcing departments to operate with pen and paper while federal authorities investigate.
    • “What began as a suspected cyberattack has been confirmed as a ransomware attack that started early Wednesday morning when the New Britain Police Department was notified of a network disruption that spread throughout the city’s internet server.” * * *
    • “The city hopes to restore its server sometime this weekend. The attack comes as data breaches have increased significantly, with the Identity Theft Resource Center reporting that data breaches increased by five percent over the last year and 79 percent over the past five years.
    • “One of those incidents included a phishing attack that hit a New Haven [CT] High School.”
  • Sophos explains how ransomware operators choose victims.
    • “Counter Threat Unit™ (CTU) researchers are frequently asked about ransomware groups posing a threat to organizations in specific verticals or geographic locations. These questions usually follow the publication of third-party reports that highlight how a particular ransomware group is “targeting” a specific sector. CTU™ researchers understand the concerns but maintain that focusing on defending against specific groups is not the best way to avoid becoming a victim of ransomware. As the majority of ransomware attacks are opportunistic, organizations should instead consider how they can best prepare for any ransomware or data theft attack, regardless of the perpetrators.
    • “How threat actors choose their victims and deploy ransomware depends on their motivations. Cybercriminals want to make money, so all organizations are potential victims of these groups. In contrast, state-sponsored actors use ransomware for destructive purposes, to obscure espionage activity, to generate revenue, or to achieve a combination of these outcomes. Each of these groups therefore has a separate threat profile, and the organizations at risk can vary greatly.”
  • Panda Security shares “50+ Ransomware Statistics Vital for Security in 2026.”
    • “Ransomware statistics for 2026 reveal how widespread attacks have become and why awareness is your first line of defense.”
  • Per Dark Reading,
    • “Victims hit with the emerging Sicarii ransomware should never opt to pay up: the decryption process doesn’t work, likely a result of an unskilled cybercriminal using vibe-coding to create it.
    • “Researchers at Halcyon’s Ransomware Research Center observed a technical flaw where even if a victim pays, the decryption process fails in such a way where not even the threat actor can fix the issue. Paying the ransom is, of course, not recommended in general, as doing so funds further cybercrime and doesn’t necessarily guarantee your data is safe, nor that attackers wouldn’t simply exploit you again.”
  • Bleeping Computer lets us know,
    • “Marquis Software Solutions, a Texas-based financial services provider, is blaming a ransomware attack that impacted its systems and affected dozens of U.S. banks and credit unions in August 2025 on a security breach reported by SonicWall a month later.
    • “The software company provides data analytics, compliance reporting, CRM tools, and digital marketing services to more than 700 banks, credit unions, and mortgage lenders across the United States.
    • “In statements to customers earlier this week seen by BleepingComputer, Marquis says the ransomware operators didn’t breach its systems by exploiting an unpatched SonicWall firewall, as previously believed.
    • “Instead, the attackers used information obtained from firewall configuration backup files stolen after gaining unauthorized access to SonicWall’s MySonicWall online customer portal.
    • “Based on the ongoing third-party investigation, we have determined that the threat actor that attacked Marquis was able to circumvent our firewall by leveraging the configuration data extracted from the service provider’s cloud backup breach,” Marquis said.”
  • Dark Reading considers “How Can CISOs Respond to Ransomware Getting More Violent?”
    • “Ransomware defense requires focusing on business resilience. This means patching issues promptly, improving user education, and deploying multifactor authentication.”

From the cybersecurity defenses front,

  • Security Week explores offensive cybersecurity.
  • Cyberscooop observes that “Cybersecurity can be America’s secret weapon in the AI race.”
    • “Beijing is aggressively exploiting global data for strategic purposes. AI-powered cybersecurity is essential to Washington’s counter-offensive to win the global market.”
  • Dark Reading shines a light on “From Quantum to AI Risks: Preparing for Cybersecurity’s Future.”
    • “In the latest edition of “Reporters’ Notebook,” a trio of journalists urge the cybersecurity industry to prioritize patching vulnerabilities, preparing for quantum threats, and refining AI applications.”
  • and
    • “Out-of-the-Box Expectations for 2026 Reveal a Grab-Bag of Risk.”
      • “Security teams need to be thinking about this list of emerging cybersecurity realities, to avoid rolling the dice on enterprise security risks (and opportunities).”
  • The Hackers News calls attention to “3 Decisions CISOs Need to Make to Prevent Downtime Risk in 2026.”
    • “Prioritizing relevant threat intelligence, filling operational gaps, and improving the entire workflow from triage to response directly impacts performance rates across SOCs. For CISOs, this translated into a clear priority: take targeted action to reduce dwell time by empowering analysts with actionable, relevant, and unique threat intelligence feeds, enabling fast and confident decision-making.”
  • Here’s a link to Dark Reading’s CISO Corner.

Monday report

David ErmerCMS, Congress, FDA, Generative AI, Medical / Rx research, Medicare, Mental health care, No Surprises Act, Patient safety, U.S. Healthcare

From Washington, DC

  • Roll Call reports,
    • “The Senate inched closer to triggering a partial government shutdown Monday as GOP leaders pushed forward with a $1.33 trillion funding package that includes a Homeland Security bill Democrats vowed to oppose.
    • “With only four days left before current funding for most federal agencies runs out, both parties sought to find an exit ramp from the road to a shutdown that neither side wants.”
  • The Wall Street Journal reports,
    • “The Trump administration is proposing a .09% average payment increase for Medicare Advantage plans in 2027, significantly below Wall Street’s roughly 4% to 6% expectations.
    • “The proposal also includes eliminating payments tied to diagnoses from insurer medical chart reviews not linked to specific medical visits, reducing the 2027 payment rate by 1.53 percentage points.
    • “Overall payments are projected to increase by 2.54% for 2027, combining the proposed rate changes with an additional 2.45% from underlying billing trends.”
  • Per another CMS news release,
    • “The Centers for Medicare & Medicaid Services (CMS) today issued an Advance Notice of Proposed Rulemaking (ANPRM) seeking public feedback on potential approaches to strengthen the American-made supply chain for personal protective equipment (PPE) and essential medicines. Building on lessons learned during the COVID-19 public health emergency, the agency is exploring ways to reduce reliance on foreign-made medical supplies and enhance the nation’s readiness for future emergencies while supporting American workers and manufacturers.” * * *
    • “Information on how to submit comments is available via the Federal Register at: https://www.federalregister.gov/public-inspection/current. There is a 60-day comment period.”
  • The American Hospital Association (AHA) News notes,
    • The AHA Jan. 26 urged the Health Resources and Services Administration to take immediate action to stop a new Eli Lilly and Company policy from taking effect on Feb. 1, including by “assessing civil monetary penalties for intentionally overcharging 340B hospitals.”  
    • On Jan. 15, Lilly issued a notice to all 340B covered entities that the company was updating its data requirements for its 340B distribution program. The policy would require 340B covered entities to submit claims data for all dispensations of all Lilly drugs, regardless of setting.  
    • “All told, Lilly’s draconian new policy is a case of ‘déjà vu all over again,’” the AHA wrote. “Once more, we have a drug company taking unilateral action against 340B hospitals based on flawed legal and policy reasoning, testing the limits of the law and challenging HRSA’s authority over the 340B Program. Much like its 2021 contract pharmacy restrictions and its 2024 unilateral rebate policy, Lilly seeks to boost its bottom line at the expense of 340B hospitals and the vulnerable patients they serve.” 
  • Healthcare Dive reports,
    • “Providers and health insurers submitted almost 1.2 million cases to a federal portal meant to resolve disputes over surprise medical bills in the first half of 2025 — almost 40% more than in the last six months of 2024, according to new data from the CMS.
    • Arbiters are handling the rising volume while cutting into the existing backlog, processing more than 1.3 million disputes in the first half of the year, the CMS said. That’s up almost 50% from the prior six months.
    • “Still, despite faster closures, the independent dispute resolution process remains dogged by problems. Many submitted disputes are actually ineligible for IDR, and parsing through those is the primary cause of delays, the CMS said. And, the lion’s share of disputes continue to be submitted by a handful of mostly private equity backed-provider groups, raising concerns IDR is being exploited for profit.”
  • The AHA News adds,
    • “The Departments of Health and Human Services, Labor, and the Treasury have added Dane Street, LLC as a new independent dispute resolution entity, bringing the total number to 16. IDR arbitrators help make payment determinations in disputes between providers, group health plans and health insurance issuers under the No Surprises Act.” 
  • OPM Director Scott Kupor writes in his Secrets of OPM blog about “the performance management priorities and actions the Trump Administration is taking on behalf of the American people.”

From the Food and Drug Administration front,

  • Fierce Healthcare relates,
    • “Aidoc has secured 11 new indications from the Food and Drug Administration (FDA), bringing a comprehensive body CT triage solution to emergency departments and ambulatory settings to reduce patient backlogs. 
    • “Aidoc, a clinical artificial intelligence company, is trying to solve the root issue of overcrowding in emergency departments and provider offices. The company argues that providers’ operational workflows, which mostly prioritize patients on a “first come, first serve” basis, don’t work well.
    • “Instead of first-in, first-out, Aidoc’s AI triage solution can prioritize scans based on its initial review of the images. Those scans are then moved up in the queue for radiologists to review, allowing acutely ill patients to receive care more quickly.”
  • MedTech Dive points out,
    • “Intuitive Surgical on Monday provided more details about its new cardiac surgery initiative for the da Vinci 5 robot, including specifying nine procedures that received U.S. clearance.
    • “Among those are mitral and tricuspid valve repair, mitral valve replacement, and left atrial appendage closure — procedures that comprise key businesses for heart device companies such as Boston Scientific, Abbott and Edwards Lifesciences.
    • “Intuitive said cardiac procedures with da Vinci 5 can enable surgeons to operate through small incisions without splitting the breastbone, which is typically required in open heart surgery.” * * *
    • “The update comes after Intuitive executives told analysts on an earnings call last week that the Food and Drug Administration had cleared the robot for cardiac surgery.”
    • “Intuitive said it plans to begin working with a limited number of U.S. sites through 2026 to establish da Vinci 5 cardiac programs.”

From the public health and medical / Rx research front,

  • The Wall Street Journal reports,
    • “The American Academy of Pediatrics recommends children be vaccinated against 18 diseases, more than the U.S. government directs after it overhauled its schedule.
    • “The doctors group, which released its recommendations Monday, kept its guidance largely unchanged from its previous version from last year. The group said it doesn’t endorse the Centers for Disease Control and Prevention’s childhood-vaccine schedule. The agency now recommends all children get vaccinated against 11 diseases.”
  • A commentator, writing in STAT News, observes,
    • “The recent overhaul of the U.S. pediatric vaccine schedule under Health and Human Services Secretary Robert F. Kennedy Jr. touched off a firestorm of criticism — most of it for demoting six vaccines from routinely recommended to “shared clinical decision-making” (SCDM). The implication was that these six vaccines are optional, less safe, or less useful than the routinely recommended ones.
    • “Like nearly everyone in public health, I agree that the evidence for the safety and efficacy of the six vaccines is robust and hasn’t changed.
    • “But in its urge to say what Kennedy gets wrong, the public health and medical community is actively resisting something he gets right: Vaccination decisions belong to patients and their parents, guided by candid advice from health care professionals.”
  • The American Medical Association lets us know what doctors wish their patients knew about polio.
  • The New York Times relates,
    • “For years, the nonprofit groups that coordinate transplants in the United States regularly ignored federal rules — skipping patients at the top of waiting lists and sending organs to those who weren’t as sick and hadn’t waited as long.
    • “But new federal data shows that the rate of skipped patients has dropped by more than half in recent months, a change that reflects a far-reaching effort to make the transplant system fairer and safer.
    • “This is truly great news for patients and the system,” said Dr. Jesse Roach of the National Kidney Foundation. “We need to continue to monitor it, to ensure the system is fair, efficient and transparent. But this is a win.”
  • Beckers Clinical Leadership informs us,
    • “The Joint Commission and the National Quality Forum are aligning their serious safety event reporting frameworks in an effort to reduce redundancy and ease the administrative burden on healthcare providers.
    • “Effective Jan. 1, 2027, The Joint Commission will adopt the NQF’s Serious Reportable Events, or SRE List, across all accredited domestic and international organizations, according to a Jan. 26 news release from the organizations. Three workplace safety events — homicide, sexual abuse or assault, and physical assault of staff — will be retained as part of the revised SRE list.
    • “Leaders of both organizations said consolidating around the NQF list will simplify reporting for clinicians and hospitals while providing a more consistent, standardized framework for measuring and tracking patient safety events across states and health systems.”
  • Genetic Engineering and BioTechnology News notes,
    • “It is known that inflammatory bowel disease (IBD) increases the risk of colorectal cancer (CRC). But the underlying mechanism—and the genetic drivers—between this link remain yet to be determined. Genetic variants in TNFSF15, encoding tumor necrosis factor (TNF)-like cytokine 1A (TL1A), are associated with both severe IBD and advanced CRC.
    • “Now, a new study points to immune reactions in the gut—driven by a key signaling protein and a surge of white blood cells from the bone marrow—to help explain why people with inflammatory bowel disease have a higher risk of colorectal cancer.
    • “This work is published in Immunity in the paper, “Innate lymphoid cells activated by the cytokine TL1A link colitis to emergency granulopoiesis and the recruitment of tumor-promoting neutrophils.”
  • Per Healio,
    • “Researchers compared the outcomes of more than 40,000 infants who were immunized through nirsevimab or maternal RSV vaccination.
    • “Nirsevimab was associated with fewer severe outcomes than the maternal vaccine.” * * *
    • “Our results should not be interpreted as evidence against maternal RSV vaccination,” Marie Joelle Jabagi, PharmD, PhD, MPH, said. “Instead, they underscore that clinicians should individualize prevention strategies based on clinical context, access to care and timing within the RSV season. Both approaches remain valuable and may be complementary, particularly in efforts to maximize population-level protection against RSV.”
  • Per Health Day,
    • “Childhood ADHD can set a person up to have poor health in middle age, a new study says.
    • “People with ADHD traits at age 10 are likely to have chronic illness and disability at age 46, researchers reported Jan. 21 in JAMA Network Open.
    • ‘The study said these health problems can include asthma, migraines, back problems, cancer, epilepsy, hearing problems, GI disorders, kidney disease and diabetes.
    • “We have added to the concerning evidence base that people with ADHD are more likely to experience worse health than average across their lifespan,” said lead researcher Joshua Stott, a professor of aging and clinical psychology at University College London in the U.K.
    • “People with ADHD can thrive with the right support, but this is often lacking, both due to a shortage of tailored support services but also because ADHD remains underdiagnosed, particularly in people in midlife and older, with needs unaddressed,” Stott said in a news release.”

From the U.S. healthcare business and artificial intelligence front,

  • The Street reports
    • “The Centers for Medicare & Medicaid Services (CMS) recently published some in-the-weeds datasets on the use of, and spending for, drugs prescribed to Medicare beneficiaries. 
    • “There’s the Medicare Quarterly Part B and Part D Drug Spending Datasets and the annual version of the Medicare Part B and Part D Drug Spending datasets.”
    • The Street feature a 13 minute webinar with a consultant who has used the data sets (plus a transcript of that webinar).
  • Beckers Hospital Review tells us,
    • “More than 500,000 providers prescribed GLP-1s in 2025, with wide variation between specialties, according to a Jan. 22 article from IQVIA, a clinical research firm. 
    • “GLP-1 medications are approved for several conditions, including Type 2 diabetes, obesity, cardiovascular disease, chronic kidney disease, liver disease and sleep apnea. Among GLP-1 drugs approved for weight loss — Novo Nordisk’s Wegovy and Eli Lilly’s Zepbound — adoption and prescribing trends differed across provider specialties.
    • “Endocrinologists stand out as both quick adopters of Wegovy and subsequent high writers for Zepbound, leveraging their expertise in managing complex metabolic conditions to integrate new treatments earlier,” according to IQVIA. “Their readiness to prescribe is shaped by familiarity with the mechanisms of GLP-1 therapies and a patient base that often presents with comorbidities where these drugs deliver added value.”
    • “Primary care providers account for the largest share of GLP-1 prescriptions due their broad patient base. However, in contrast to endocrinologists, they have been slower to adopt GLP-1s, which IQVIA defines as prescribing a GLP-1 within the first 1.75 years of the drug entering the market.”
  • Per BioPharma Dive,
    • “Children with Duchenne muscular dystrophy who received Sarepta Therapeutics’ gene therapy Elevidys in a clinical trial continued to perform better on tests of motor function than historical data suggests they should, and the benefits appear to compound with time, the company said Monday.
    • “According to Sarepta, patients in the study, Embark, had greater reductions on three measures of function than a matched historical control group, with the gap “significantly widening” between two and three years after treatment. Doug Ingram, Sarepta’s CEO, said the data is an opportunity to “rebalance the discussion” surrounding Elevidys, sales of which have slowed amid safety concerns and newly restrictive labeling
    • “In research notes published Monday, multiple Wall Street analysts viewed the data as a positive development for the company. They also noted, though, that investors will be more focused on whether the results translate to sales growth. Sarepta shares, which have lost much of their value over the last year, rose by double digits in morning trading.” 
  • MedCity News considers “what does OpenAI and Anthropic’s healthcare push mean for the industry?”
    • “As OpenAI and Anthropic move deeper into healthcare, experts say AI chatbots are becoming the new front door to medicine. This shift is shaking things up for some health tech startups, redefining the patient-provider relationship, and intensifying debates over safety, privacy and accountability.:

Cybersecurity Saturday

David ErmerCybersecurity, Generative AI

From the cybersecurity policy and law enforcement front,

  • Federal News Network reported last Tuesday,
    • “Lawmakers are moving to extend key cybersecurity information authorities and grant programs, while also providing funds for the Cybersecurity and Infrastructure Security Agency to fill “critical” positions.
    • “The “minibus” appropriations agreement released by House and Senate negotiators on Tuesday includes fiscal 2026 funding for the Department of Homeland Security. DHS funding could be a sticking point in moving the bill forward, as some Democrats want more restrictions around the Trump administration’s immigration enforcement operations.
    • “The bill also extends the Cybersecurity Information Sharing Act of 2015 (CISA 2015) and the State and Local Cybersecurity Grant Program through the end of fiscal 2026. Both laws are set to expire at the end of this month.
    • “The extension would give lawmakers more time to work out differences between competing versions of CISA 2015 reauthorizations in the House and Senate.”
  • Roll Call adds,
    • “The House passed a roughly $1.25 trillion spending package Thursday in a pair of votes that overcame internal GOP divisions and Democratic protests over the Trump administration’s immigration policies.
    • “The most closely watched of the four bills at stake was the Homeland Security measure, which was at greatest risk of defeat amid an immigration crackdown that raised civil rights concerns.
    • “But the bill, which was taken up separately from the rest of the package, passed on a 220-207 vote. Seven Democrats joined almost all Republicans to support the measure. Kentucky Rep. Thomas Massie was the lone GOP dissenter.” * * *
    • “The Senate plans to take up that [bi-partisan, bi-cameral] mega package next week to meet a Jan. 30 deadline, when current funding for most federal agencies is set to run out.”
  • Cyberscoop tells us,
    • “The acting head of the Cybersecurity and Infrastructure Security Agency faced pointed questions from lawmakers Wednesday [January 21, 2026] over CISA personnel decisions and staffing levels.
    • “Members of the House Homeland Security Committee asked Madhu Gottumukkala about a reported attempt to fire the agency’s chief information officer, efforts to push out a large number of staff and whether CISA had enough people to do the job.
    • “Gottumukkala at times sidestepped the questions, with the probing coming from both sides of the aisle. However,  Democrats exhibited deeper worries about the agency’s workforce and its ability to do its job.
    • “Cutbacks at CISA after employees were “bullied into quitting” — among other methods of reducing CISA’s size — have “weakened our defenses and left our critical systems and infrastructure more exposed, and the American people more vulnerable,” said Rep. James Walkinshaw, D-Va.
    • “Said Chairman Andrew Garbarino, R-N.Y.: “This committee supports the administration’s goal of aligning department [of Homeland Security] resources towards urgent homeland security priorities. At the same time, workforce continuity, clear leadership and mission readiness are essential to effective cyber defenses.”
  • Cybersecurity Dive informs us,
    • “The National Institute of Standards and Technology is reevaluating its role in analyzing software vulnerabilities as it tries to meet skyrocketing demand for vulnerability analysis and reassure partners about the government’s continuing commitment to the program that catalogs those flaws.
    • “We’ve been doing more and more thinking about the [National Vulnerability Database] and, strategically, how we’re planning on moving forward,” Jon Boyens, the acting chief of NIST’s Computer Security Division, told members of the agency’s Information Security and Privacy Advisory Board during a quarterly meeting on Thursday [January 22, 2026]. * * *
    • To solve this {skyrocketing demand] problem, NIST will begin prioritizing which vulnerabilities it enriches based on several factors, including whether a vulnerability appears in the Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities catalog, whether it exists in software that federal agencies use and whether it exists in software that NIST defines as critical.
    • “All CVEs aren’t equal,” Boyens said. “We’re in the process of defining that prioritization. We’ve had an informal prioritization for a while. We want to formalize it now.”
  • Cyberscoop relates,
    • “Russian national pleaded guilty to leading a ransomware conspiracy that targeted at least 50 victims during a four-year period ending in August 2022. 
    • “Ianis Aleksandrovich Antropenko began participating in ransomware attacks before moving to the United States, but conducted many of his crimes while living in Florida and California, where he’s been out on bond enjoying rare leniency since his arrest in 2024.
    • “Antropenko pleaded guilty in the U.S. District Court for the Northern District of Texas earlier this month to conspiracy to commit money laundering and conspiracy to commit computer fraud and abuse. He faces up to 25 years in jail, fines up to $750,000 and is ordered to pay restitution to his victims and forfeit property.
    • “Federal prosecutors reached a plea agreement with Antropenko after a years-long investigation, closing one of the more unusual cases against a Russian ransomware operator who committed many of his crimes while living in the U.S.”
  • and
    • “Law enforcement agencies from multiple European countries are still pursuing leads on people involved in the Black Basta ransomware group, nearly a year after the group’s internal chat logs were leaked, exposing key details about its operations, and at least six months since the group claimed responsibility for new attacks.
    • “Officials in Ukraine and Germany said they raided the homes of two Russian nationalsaccused of participating in Black Basta’s crimes and effectively halted their operations. The pair of alleged criminals who were living in Ukraine were not named.
    • “German police publicly identified a third Russian national — Oleg Evgenievich Nefedov — as Black Basta’s alleged leader. Nefedov, a 35-year-old who was subsequently added to the most-wanted lists of Europol and Interpol, allegedly formed and ran Black Basta since 2022, authorities said. 
    • “He is accused of extorting more than 100 companies in Germany and about 600 other countries globally. Nefedov’s current whereabouts are unknown, but he is believed to be living in Russia.”

From the cybersecurity vulnerabilities front,

  • Cyberscoop reports,
    • “European cybersecurity organization has launched a decentralized system for identifying and numbering software security vulnerabilities, introducing a fundamental shift in how the global technology community could track and manage security flaws.
    • “The Global CVE Allocation System, or GCVE, will be maintained by The Computer Incident Response Center Luxembourg (CIRCL) as an alternative to the traditional Common Vulnerabilities and Exposures program, which narrowly avoided shutdown last April when the Cybersecurity and Infrastructure Security Agency initially failed to renew its contract with MITRE, the nonprofit that operates the CVE system. A last-minute extension averted immediate collapse, but the near-miss exposed the 25-year-old program’s dependence on a single funding source and triggered development of competing models.
    • “Unlike the traditional CVE system, which relies on a centralized structure for assigning vulnerability identifiers, GCVE introduces independent numbering authorities that can allocate identifiers without seeking blocks pre-allocated from a central body or adhering strictly to centrally enforced policies. Each approved numbering authority receives a unique numeric identifier that becomes part of the vulnerability identification format, allowing organizations to assign identifiers at their own pace and define their own internal policies for vulnerability identification.
    • “The system maintains backward compatibility with the existing CVE infrastructure through a technical accommodation. All existing and future standard CVE identifiers are represented within the GCVE system using the reserved numbering authority designation of zero. A vulnerability identified as CVE-2023-40224 in the traditional system can be represented as GCVE-0-2023-40224, allowing the new framework to coexist with established practices without disrupting existing databases and tools.”
  • Bleeping Computer adds,
    • “Days after admins began reporting that their fully patched firewalls are being hacked, Fortinet confirmed it’s working to fully address a critical FortiCloud SSO authentication bypass vulnerability that should have already been patched since early December.
    • “This comes after a wave of reports from Fortinet customers about threat actors exploiting a patch bypass for the CVE-2025-59718 vulnerability to compromise fully patched firewalls.
    • “Cybersecurity company Arctic Wolf said on Wednesday [January 21, 2026] that the campaign began on January 15, with attackers creating accounts with VPN access and stealing firewall configurations within seconds, in what appear to be automated attacks. It also added that the attacks are very similar to incidents it documented in December, following the disclosure of the CVE-2025-59718 critical vulnerability in Fortinet products.
    • “On Thursday, Fortinet finally confirmed these reports, stating that ongoing CVE-2025-59718 attacks match December’s malicious activity and that it’s now working to fully patch the flaw.”
  • Cybersecurity Dive lets us know,
    • “LastPass on Tuesday warned of a phishing campaign with false claims that the company is conducting maintenance and asking customers to back up their vaults in the next 24 hours, according to an alert released by the company.
    • LastPass said the campaign began on or about Monday, which was Martin Luther King Jr. Day, when many U.S. businesses were closed. The company emphasized the email is not a legitimate request and confirmed that customers are being targeted in a social engineering campaign.
    • “This campaign is designed to create a false sense of urgency, which is one of the most common and effective tactics we see in phishing attacks,” a spokesperson for LastPass said in a statement.
    • The spokesperson added that LastPass would never ask customers for their master passwords or demand action. under a tight deadline.
  • and
    • “AI agents are involved in 40% of insider cybersecurity threats, according to a report by managed security service provider Akati Sekurity.
    • “Non-human identities outnumber humans 144 to one in the average business and constitute an attack surface IT teams, service providers and vendors are ill-equipped to defend, Akati CEO Krishna Rajagopal told Channel Dive.
    • “[Partners] are focused on making sure that the LLMs are secure and doing an assessment, looking at the security of the MCP server. But there is this little worm — literally the agentic agent — that can [go] rogue, and if that goes rogue, most MSPs and MSSPs currently do not have an answer for,” Rajagopal said.”
  • Dark Reading relates,
    • “A zero-day vulnerability affecting a range of Cisco’s unified communications products has been exploited by threat actors, though details of the activity are unclear.
    • “Cisco on Wednesday disclosed and patched CVE-2026-20045, a remote code execution (RCE) vulnerability in Cisco’s Unified Communications Manager(UCM) as well as other products. Cisco has 30 million users for UCM, which provides IP-based voice, video, conferencing, and collaboration for enterpises — so the potential impact could be vast.”

From the ransomware front,

  • The Hackers News reports,
    • “Cybersecurity researchers have disclosed details of a new ransomware family called Osiris that targeted a major food service franchisee operator in Southeast Asia in November 2025.
    • “The attack leveraged a malicious driver called POORTRY as part of a known technique referred to as bring your own vulnerable driver (BYOVD) to disarm security software, the Symantec and Carbon Black Threat Hunter Team said.
    • “It’s worth noting that Osiris is assessed to be a brand-new ransomware strain, sharing no similarities with another variant of the same name that emerged in December 2016 as an iteration of the Locky ransomware. It’s currently not known who the developers of the locker are, or if it’s advertised as a ransomware-as-a-service (RaaS).
    • “However, the Broadcom-owned cybersecurity division said it identified clues that suggest the threat actors who deployed the ransomware may have been previously associated with INC ransomware (aka Warble).”
  • Bleeping Computer cautions,
    • “The ShinyHunters extortion gang claims it is behind a wave of ongoing voice phishing attacks targeting single sign-on (SSO) accounts at Okta, Microsoft, and Google, enabling threat actors to breach corporate SaaS platforms and steal company data for extortion.
    • “In these attacks, threat actors impersonate IT support and call employees, tricking them into entering their credentials and multi-factor authentication (MFA) codes on phishing sites that impersonate company login portals.
    • “Once compromised, the attackers gain access to the victim’s SSO account, which can provide access to other connected enterprise applications and services.”
  • Fox News tells us,
    • “Cybercriminals are happy to target almost any industry where data can be stolen. In many cases, less prepared and less security-focused companies are simply easier targets. 
    • “A recent ransomware attack on a company tied to dozens of gas stations across Texas shows exactly how this plays out. The incident exposed highly sensitive personal data, including Social Security numbers and driver’s license details, belonging to hundreds of thousands of people. 
    • “The breach went undetected for days, giving attackers ample time to move through internal systems and steal sensitive data. If you’ve ever paid at the pump or shopped inside one of these convenience stores, this is the kind of incident that should make you stop and pay attention.
    • “According to a disclosure filed with the Maine Attorney General’s Office, Gulshan Management Services, Inc. reported a cybersecurity incident that impacted more than 377,000 individuals. Gulshan is linked to Gulshan Enterprises, which operates around 150 Handi Plus and Handi Stop gas stations and convenience stores across Texas.”
  • The HIPAA Journal calls our attention to four recent attacks against healthcare providers — here and here.

From the cybersecurity defenses front,

  • Cybersecurity Dive shares “Five cybersecurity trends to watch in 2026. Corporations across the globe are facing a dynamic risk environment, as AI adoption surges with few guardrails, business resilience takes center stage and the insurance industry raises major concerns.”
    • AI governance and guardrails now front and center
    • Cybersecurity regulatory shifts shape disclosures
    • Cyber insurance enters new phase in pricing, coverage
    • CVE crisis resolved while patching challenges remain
    • Operational resilience becomes the new watchword for cyberattack readiness  
  • and
    • “CISOs are slightly less confident than CEOs that AI will improve their company’s cyber defenses, according to a new report.
    • “Roughly 30% of CEOs think AI will help them with cybersecurity, while only 20% of CISOs said the same, Axis Capital said in its report.
    • “The survey also revealed transatlantic disagreement about the value of AI and the dangers of AI-fueled cyberattacks.”
  • ISACA shares “Post Quantum Cryptography: A 12 Month Playbook for Digital Trust Professionals.”
    • “The window for “harvest‑now, decrypt‑later” attacks is open, and the clock is ticking. With NIST’s first three post-quantum cryptography (PQC) standards now finalized (FIPS 203/204/205) and HQC selected in 2025 as an additional encryption option, audit, risk and security teams have the clarity they need to start moving with intent. This blog post distills the core ideas from our ISACA Journal article into a pragmatic, one-year plan you can run inside any enterprise.”
  • Here is a link to Dark Reading’s CISO Corner.

Cybersecurity Saturday

David ErmerCybersecurity, Generative AI

From the cybersecurity policy and law enforcement front,

  • The Wall Street Journal reports,
    • “Federal lawmakers next week are expected to revive efforts to renew lapsed cybersecurity legislation aimed at fostering collaboration between Washington and private-sector companies in chasing down state-sponsored hackers.
    • “We’re making a hard push,” Rep. Andrew Garbarino, a New York Republican, said about extending the Cybersecurity Information Sharing Act, which provides liability and antitrust protections to companies sharing cyberattack intelligence with the federal government.
    • “Garbarino at a congressional hearing Tuesday said House and Senate lawmakers on both sides of the aisle are committed to fully reauthorizing the decade-old legislation, known as CISA, beyond a reprieve passed in Novemberand set to expire at the end of January. Congress failed to approve a long-term extension before last year’s government shutdown in October.”
  • Cyberscoop tells us,
    • “President Donald Trump re-nominated Sean Plankey to lead the Cybersecurity and Infrastructure Security Agency on Tuesday, after Plankey’s bid for the position ended last year stuck in the Senate.
    • “It’s not clear whether or how Plankey’s resubmitted nomination will overcome the hurdles that left many observers convinced his chance of becoming CISA director had likely ended, but it does definitively signal that the Trump administration still wants Plankey to have the job.
    • “Plankey’s nomination was included in a batch sent to the Senate announced on Tuesday [January 13].
  • Cybersecurity Dive informs us,
    • “In an attempt to help critical infrastructure operators protect themselves from hackers, the U.S. and six other countries have published security guidance for organizations that run operational technology, offering advice on everything from network segmentation to activity logging.
    • “Exposed and insecure OT connectivity is known to be targeted by both opportunistic and highly capable actors,” the authoring agencies — representing the U.S., Australia, Canada, Germany, the Netherlands, New Zealand and the United Kingdom — wrote in the document, “Secure connectivity principles for Operational Technology.”
    • “Improving OT cybersecurity, the agencies added, “can challenge attackers’ efforts and raise the threshold necessary to cause physical harm, environmental impact, and disruption.”
  • and
    • “The Department of Homeland Security is preparing to introduce a new system for holding sensitive discussions with critical infrastructure operators, replacing a framework that the Trump administration abruptly eliminated in its early days.
    • “The new program, currently dubbed Alliance of National Councils for Homeland Operational Resilience (ANCHOR), will streamline the process through which federal agencies and infrastructure providers meet to discuss cyber and physical security threats, according to multiple people familiar with the matter, who requested anonymity to speak freely.”
  • Cyberscoop relates,
    • “A 40-year-old Jordanian national pleaded guilty Thursday [January 15, 2026] to operating as an access broker, selling access to at least 50 victim company networks he broke into by exploiting two commercial firewall products in 2023, according to the Justice Department.
    • Feras Khalil Ahmad Albashiti, who lived in the Republic of Georgia at the time, sold an undercover FBI agent unauthorized access to the victim networks on a cybercrime forum under the moniker “r1z” in May 2023, authorities said in court records.
    • The undercover FBI agent continued communicating with Albashiti for the next five months, uncovering evidence of additional alleged crimes. He’s accused of selling malware that could turn off endpoint detection and response products from three different companies.
    • Albashiti proved the malware worked when, unbeknownst to him, the FBI observed him use the EDR-killing malware on an FBI server the agency granted him access to as part of its investigation. 

From the cybersecurity breaches and vulnerabilities front,

  • Cybersecurity Dive reports,
    • “The healthcare sector experienced twice as many breaches in 2025 as it did in 2024, but the number of exposed patient records dropped precipitously, according to a new report from Fortified Health Security.
    • “Ransomware attacks and third-party risk are powering the surge in breaches, with many of those intrusions now threatening operations more than data privacy.
    • “The industry has shifted from major, headline events to a more taxing state of constant disruption,” Fortified said in its report.”
  • and
    • “Cybersecurity remained the top risk concern among corporate leaders for a fifth year in a row, but AI jumped into the number two position, according to a report released Wednesday from Allianz Commercial. 
    • “AI rose sharply from the number 10 spot to the second biggest concern, indicating growing interest in how the technology might improve productivity, while also creating novel security challenges, according to the annual Allianz Risk Barometer
    • “Companies increasingly see AI not only as a powerful strategic opportunity, but also as a complex source of operational, legal and reputational risk,” Allianz chief economist Ludovic Subran told Cybersecurity Dive. “In many cases, adoption is moving faster than governance, regulation and workforce readiness can keep up.”
  • CISA added two known exploited vulnerabilities to its catalog this week.
  • Dark Reading informs us,
    • Linux systems may soon be facing a new threat with an advanced, cloud-first malware framework developed by China-affiliated actors that’s aimed at establishing persistent access to cloud and container environments.
    • “Check Point Research discovered the framework, called VoidLink, which is comprised of cloud-focused capabilities and modules, including custom loaders, implants, rootkits, and modular plug-ins, according to a blog post published Tuesday [January 13]. Calling it an “impressive piece of software,” Check Point researchers said the framework is far more advanced than any current Linux-oriented malware.”
  • and
    • “The year has barely begun, but 2026 is already in familiar territory for Fortinet customers, as a new vulnerability has come under attack.
    • “On Jan. 13, Fortinet disclosed a critical flaw in its FortiSIEM platform, tracked as CVE-2025-64155 and assigned a 9.4 CVSS score. The OS command injection vulnerability allows an unauthenticated attacker to achieve remote code execution (RCE) on FortSIEM instances through crafted TCP requests.
    • “Yesterday, cybersecurity vendor Defused warned in a post on X that CVE-2025-64155 had been exploited in the wild. Much of the threat activity observed by Defused’s honeypots came from different IP addresses, including three from Chinese providers.
    • “In a LinkedIn post, Simo Kohonen, Defused founder and CEO, said the company’s honeypots had received a “good amount” of targeted exploitation activity that began almost immediately after public disclosure. China-nexus threat groups have heavily targeted Fortinet, along with other edge device vendors, in recent years.”
  • Cyberscoop points out,
    • Predator spyware operators have the ability to recognize why an infection failed, and the tech has more sophisticated capabilities for averting detection than previously known, according to research published Wednesday [January 14].
    • Jamf Threat Labs found from an analysis of a Predator sample that it has an error code system that can alert operators to why an implant didn’t stick, with “error code 304” signifying that a target was running security or analysis tools.
    • “This error code system transforms failed deployments from black boxes into diagnostic events,” Shen Yuan and Nir Avraham wrote for the company. “When an operator deploys Predator against a target and receives error code 304, they know the target is running security tools — not that the exploit failed, not that the device is incompatible, but specifically that active analysis is occurring.
    • “This has direct implications for targeted individuals: if security analysis tools like Frida are running, Predator will abort deployment and report error code 304 to operators, who can then troubleshoot why their deployment failed,” they continued.
  • Bleeping Computer notes,
    • Security researchers have discovered a critical vulnerability in Google’s Fast Pair protocol that can allow attackers to hijack Bluetooth audio accessories, track users, and eavesdrop on their conversations.
    • The flaw (tracked as CVE-2025-36911 and dubbed WhisperPair) affects hundreds of millions of wireless headphones, earbuds, and speakers from multiple manufacturers that support Google’s Fast Pair feature. It affects users regardless of their smartphone operating system because the flaw lies in the accessories themselves, meaning that iPhone users with vulnerable Bluetooth devices are equally at risk.
    • Researchers with KU Leuven’s Computer Security and Industrial Cryptography group who discovered it explain that the vulnerability stems from the improper implementation of the Fast Pair protocol in many flagship audio accessories.
  • Per SC Media,
    • “A vulnerability in the AI-powered Cursor integrated development environment (IDE) could have enabled an attacker to conduct stealthy remote code execution (RCE) attacks via indirect prompt injection, Pillar Security reported Wednesday.
    • “The flaw, tracked as CVE-2026-22708, arose from implicit trust in certain shell built-ins including “export” and “typeset,” which would allow them to be executed without any notification of or approval from the user, even when the user’s allowlist was empty.”

From the ransomware front,

  • The HIPAA Journal reports,
    • “The threat from ransomware is greater than ever, according to a new report from GuidePoint Security. The cybersecurity firm recorded a 58% year-over-year increase in victims, making 2025 the most active year ever reported by GuidePoint Security. In 2025, GuidePoint Security tracked 2,287 unique victims in Q4, 2025 alone – the largest number of victims in any quarter tracked by the GuidePoint Research and Intelligence Team (GRIT). December was the most active month in terms of claimed victims, which increased 42% year-over-year to 814 attacks. On average, 145 new victims were added to dark web data leak sites every week in 2025, with the year ending with 7,515 claimed victims.
    • “Law enforcement operations have targeted the most active groups, and there have been notable successes; however, they have had little effect on the number of victims, which continues to increase. Rather than the ransomware-as-a-service (RaaS) landscape being dominated by one or two major actors, law enforcement operations have helped create a highly fragmented ecosystem, with smaller groups conducting attacks in high volume, using repeatable operations. In 2025, GRIT tracked 124 distinct named ransomware groups – a 46% increase from 2024 and the highest number of groups ever recorded in a single year.
    • “While ransomware attacks are conducted globally, as in previous years, ransomware actors are primarily focused on the United States, where 55% of attacks were conducted last year, followed by Canada, which accounted for 4.5% of attacks. The manufacturing sector was the most heavily targeted, accounting for 14% of attacks, followed by the technology sector (9%), and retail/wholesale (7%). Healthcare ranked in fourth spot, with more than 500 victims in 2025.”
  • Symantec adds,
    • “The cyber-extortion epidemic reached new heights in 2025, with a record number of attacks recorded. As outlined in our new whitepaper, this increase is being powered by a new breed of attackers who eschew encryption and rely solely on data theft as leverage for extortion. By using zero-day vulnerabilities or exploiting weaknesses in the software supply chain, attackers can steal data from even the best-defended organizations before they become aware of the issue. 
    • Meanwhile, there has also been no decline in the number of attacks involving encryption. This is despite significant levels of disruption among key players, such as the collapse of LockBit in late 2024 and the closure of RansomHub in April 2025. Instead, other ransomware operators such as Akira, Qilin, Safepay and DragonForce expanded rapidly in the wake of those departures, quickly winning over affiliate attackers who previously worked with the departing actors. 
  • The Register calls our attention to
    • “Researchers at Group-IB say the DeadLock ransomware operation is using blockchain-based anti-detection methods to evade defenders’ attempts to analyze their tradecraft.
    • “First spotted in July 2025, the DeadLock group has attacked a wide range of organizations while almost managing to stay under the radar.
    • “It abandons the usual double extortion approach in which cybercrooks steal data, encrypt systems, and threaten to post it online for all to see if the victim refuses to pay a ransom.” * * *
    • “But for the researchers at Group-IB, the old-school encryption-only model is not the most notable aspect of the DeadLock operation. Its use of Polygon smart contracts to obscure its command-and-control (C2) infrastructure is an unusual move that’s slowly gaining popularity.
    • “Once a victim’s systems are encrypted, DeadLock drops an HTML file that acts as a wrapper for the decentralized messenger Session. This file replaces an instruction for the victim to download Session to communicate with DeadLock.
    • “By using blockchain-based smart contracts to store the group’s proxy server URL – the one victims connect to before communicating with the criminals – it allows DeadLock to rotate this address frequently, making it difficult for defenders to permanently block its infrastructure.”

From the cybersecurity business and defenses front,

  • Dark Reading reports,
    • “CrowdStrike continues its shopping spree, announcing plans to acquire browser security startup Seraphic Security. The acquisition will bring browser telemetry to the endpoint detection company’s flagship Falcon security platform.
    • “Seraphic Security’s platform, which includes a secure Web gateway, zero-trust network access, and cloud access security browser, provides protection and detection capabilities to browsers. Enterprises can use the platform to provide their users with secure access to software-as-a-service and private Web applications. Security teams get a consistent secure browser experience across both managed and personal devices without the complexity or cost of deploying virtual desktop infrastructure or a virtual private network.” * * *
    • “CrowdStrike plans to combine Seraphic’s “continuous in-session browser protection” with the identity protection and authorization capabilities from SGNL (announced last week) and Falcon’s existing endpoint telemetry and threat intelligence, according to the release announcing the acquisition. The combination will provide next-generation identity security that protects every interaction across endpoints, browser sessions, and the cloud, the company said.”
  • Bleeping Computer relates,
    • “Microsoft announced on Wednesday [January 14] that it disrupted RedVDS, a massive cybercrime platform linked to at least $40 million in reported losses in the United States alone since March 2025.
    • “Microsoft filed civil lawsuits in the United States and the United Kingdom, seizing malicious infrastructure and taking RedVDS’s marketplace and customer portal offline as part of a broader international operation with Europol and German authorities.
    • ‘Two co-plaintiffs joined Microsoft in this action: H2-Pharma, an Alabama pharmaceutical company that lost $7.3 million in a business email compromise scheme, and the Gatehouse Dock Condominium Association in Florida, which lost nearly $500,000 in resident funds.”
  • Federal News Network tells us,
    • “As the Defense Department moves to meet its 2027 deadline for completing a zero trust strategy, it’s critical that the military can ingest data from disparate sources while also being able to observe and secure systems that span all layers of data operations.
    • “Gone are the days of secure moats. Interconnected cloud, edge, hybrid and services-based architectures have created new levels of complexity — and more avenues for bad actors to introduce threats.
    • “The ultimate vision of zero trust can’t be accomplished through one-off integrations between systems or layers. For critical cybersecurity operations to succeed, zero trust must be based on fast, well-informed risk scoring and decision making that consider a myriad of indicators that are continually flowing from all pillars.
    • “Short of rewriting every application, protocol and API schema to support new zero trust communication specifications, agencies must look to the one commonality across the pillars: They all produce data in the form of logs, metrics, traces and alerts. When brought together into an actionable speed layer, the data flowing from and between each pillar can become the basis for making better-informed zero trust decisions.”
  • Security Week notes,
    • “Tracked as CVE-2025-20393 (CVSS score of 10/10), the security defect was disclosed on December 17, one week after Cisco’s Talos researchers observed its in-the-wild exploitation as a zero-day.
    • “This attack allows the threat actors to execute arbitrary commands with root privileges on the underlying operating system of an affected appliance,” Cisco said at the time.
    • “The company said the attacks targeted only a small set of appliances, and attributed the campaign to UAT-9686, a China-linked APT.
    • “On Thursday, Cisco updated its advisory to provide information on the flaw, the affected products, and the available patches.
    • “The flaw affects the Spam Quarantine feature of the AsyncOS software running on Secure Email Gateway and Cisco Secure Email and Web Manager, and exists due to insufficient validation of HTTP requests.’
  • SC Media considers,
    • “The concerning cyber-physical security disconnect”
  • and
    • “Five questions to ask about email whitelists.”
  • Here’s a link to Dark Reading’s CISO Corner.

Midweek report

David ErmerCDC, CMS, Congress, FDA, Generative AI, Medical / Rx research, Mental health care, Obesity, OPM, U.S. Healthcare

From Washington DC

  • The House of Representatives approved an appropriations bill (HR 7006) that includes OPM appropriations by a 341-79 votes this afternoon. The bill now moves onto the Senate for its consideration.
  • Roll Call offers more details on the state of the Congressional effort to pass the twelve appropriations bills in regular orde.
  • Beckers Payer Issues reports,
    • “A bipartisan group of senators working to revive the ACA enhanced tax credits that expired at the end of 2025 said they won’t have their proposal ready until the end of January, Politico reported Jan. 13. 
    • “Sen. Bernie Moreno, R-Ohio, a lead negotiator, previously said the legislative text could be ready as early as Jan. 12, but told Politico, “[W]e have to make sure we get this right.”
    • “Mr. Moreno said Republicans and Democrats involved in the discussions have not yet resolved how to address the Hyde Amendment, which bars federal funding from covering abortions, according to the report. Under the law, ACA marketplace insurers must segregate funds that go toward abortion services from funds that go to all other health services. Republicans and Democrats disagree on whether that segregation complies with the Hyde Amendment.” 
  • Axios adds,
    • “Long-stalled bipartisan priorities that are in play include an overhaul of pharmacy benefit manager practices, as well as a measure that would place more controls on Medicare outpatient spending. 
    • “They’d likely be combined with a renewal of health programs due to expire Jan. 30, including certain Medicare telehealth flexibilities and funding for community health centers.”
  • Healthcare Dive tells us,
    • “National healthcare spending reached $5.3 trillion in 2024 as Americans continued to ravenously consume healthcare coming out of the coronavirus pandemic, according to a new report from CMS actuaries.
    • “Growth in healthcare spending continued to outpace that of the overall economy. As a result, healthcare’s share of the U.S. gross domestic product increased from 17.7% in 2023 to 18% in 2024, researchers said in the report released Wednesday in Health Affairs.
    • “The sharp health spending growth was not driven by increasing costs for goods and services. Instead, it was fueled by intense consumer demand for medical care, and changes in what types of medical care was consumed, CMS actuaries said.
    • “Prices are a factor. They’re part of the equation. But non-price factors were the driver,” Micah Hartman, a statistician with the CMS’ Office of the Actuary, said in a call with press on Wednesday.”
  • Modern Healthcare adds,
    • “Health insurers struggling with rising medical expenses may have less of a cushion in 2026. 
    • “Companies such as UnitedHealth Group reaped gains on their investments over the past several years that bolstered their finances and offset narrowing profit margins or losses from operations.
    • “Broader economic factors are at work though. The Federal Reserve signaled last month that it intends to cut the benchmark interest rate for the fourth time since the beginning of 2025. In addition, Standard & Poor’s Global Ratings projects that yields on 10-year Treasury bonds will continue to decline, which would indicate waning investor confidence in the economy. 
    • “These circumstances would squeeze health insurance company finances at a time when many of the companies are struggling to restore profit margins, said Whit Mayo, senior managing director and senior research analyst at investment bank Leerink Partners.
    • “It’s not a helpful headwind in the context of the challenging, persistent elevated-cost-trend environment,” Mayo said.” 
  • MedPage Today points out,
    • “There’s a reason that the ACA specifies the [U.S. preventive services] task force as the organization insurers must pay attention to, according to Aaron Carroll, MD, president and CEO of AcademyHealth. “No one else has the rigorous transparency in process that the USPSTF has,” he said in an online interview at which a public relations person was present. “They are very clear and transparent in how they gather the evidence, how they grade the evidence, what was actually included, and how they are deliberating. Other organizations may do that, but they do not do it as consistently … which is why the ACA is pegged to them and not to each individual society.”
    • “However, the Trump administration has taken actions recently that have slowed the task force’s work. A planned meeting of the task force in July was canceledopens in a new tab or window, and its November meeting was postponedopens in a new tab or window. No new meeting dates have been announced, according to the New York Timesopens in a new tab or window. In addition, the Timesreported, the terms of five members of the 16-member task force expired on Dec. 31, with no plans announced for their replacements, even as four draft guidelines are set to be finalized. Those guidelines address screening adults for unhealthy alcohol use, self-swabs for cervical cancer screening, counseling for women at increased risk for perinatal depression, and the use of vitamin D supplements to prevent fractures and falls in older people (the task force’s draft guideline recommended against the latter preventive measure).” * * *
    • “Last week, the Health Resources and Services Administration (HRSA) issued guidelines in support of self-swabs to screen for cervical cancer. However, although the ACA also requires insurers to cover preventive services recommended by HRSA, “the difference is in the rigor of the process with high transparency and public input at every stage of the process that the USPSTF adheres to, as opposed to the HRSA process,” Melissa Simon, MD, MPH, vice chair of obstetrics and gynecology research at Northwestern University in Chicago, said in an email. “It is through that highly rigorous and successful methodology that USPSTF adheres to for the decades it has been in existence that lends itself to [being] one of the most trusted preventive services [recommendation bodies] for the U.S.”
  • Fierce Healthcare informs us,
    • “The Paragon Health Institute, a conservative health policy think tank, has launched an AI Initiative that will deliver market-based policy recommendations to the Trump administration and Congress on AI in healthcare. 
    • “Paragon already has an ear with the administration. Its president, Brian Blase, was an economic advisor to President Donald Trump during his first term and formerly worked at the Heritage Foundation. Moreover, several Paragon directors and advisers joined the second Trump administration to lead health policy. Some of the think tank’s proposals, including limits on states’ use of federal Medicaid funds, also made it into the text of last summer’s One Big Beautiful Bill Act.
    • “The Health AI initiative will be led by Kev Coleman, a technologist and healthcare researcher, who has already published several policy papers on the topic as a research fellow at Paragon.”

From the Food and Drug Administration front,

  • BioPharma Dive reports,
    • “The Food and Drug Administration is expected to decide on approval of Eli Lilly’s obesity pill orforglipron in the second quarter of 2026, Lilly CEO David Ricks said Tuesday, giving it a chance to quickly follow to market an oral version of Wegovy that rival Novo Nordisk launched last week. 
    • “The FDA granted Lilly a “national priority” voucher for orforglipron that could significantly accelerate the agency’s evaluation. While no statutory deadline exists under that program because it’s never been authorized by Congress, Ricks said he expects a “rapid review” that is “moving at pace.”
    • “A second-quarter launch would be well-timed for Lilly to begin selling orforglipron to the millions of people enrolled in Medicare, which will have broad access to obesity medications beginning in April.”
  • MedPage Today relates,
    • “Modern Warrior is recalling all lots of its Modern Warrior Ready supplement, marketed for boosting brain function, after the detection of undeclared 1,4-DMAA, aniracetam, and tianeptine, the latter of which has been linked to suicidal ideation or behavior in kids and young adults, according to the FDA. (The Hill)”
  • and
    • “The FDA requested that manufacturers of GLP-1 receptor agonists remove information regarding risks of suicidal behavior and ideation from drug labels following a detailed review of existing data, the agency announced on Tuesday.
    • “Affected products include those indicated for weight management, including tirzepatide (Zepbound), semaglutide (Wegovy), and liraglutide (Saxenda).
    • “Today’s FDA action will ensure consistent messaging across the labeling for all FDA-approved GLP-1 receptor agonist medications,” the agency said in a statement.”
  • and
    • “The FDA told influenza vaccine makers they should add a warning about an increased febrile seizure risk in babies and preschoolers the day after flu vaccination.
    • “The agency made the announcement opens in a new tab or windowin safety labeling notification letters sent Jan. 9 to the manufacturers of six flu vaccines.
    • “The new language in the label would state, “In two separate postmarketing observational studies, an increased risk of febrile seizures was observed during the first day following vaccination with standard dose trivalent (2024-2025) and quadrivalent (2023-2024) influenza vaccines in children 6 months through 4 years of age.”
  • MedTech Dive notes,
    • “Boston Scientific has received Food and Drug Administration approval for a new pulsed field ablation catheter that is indicated for use as an adjunctive device in a type of ablation that is performed when treating persistent atrial fibrillation.
    • “Called Farapoint, the device can deliver linear and focal lesions across complex heart anatomies in a single catheter while preserving surrounding cardiac tissue, the company said in an emailed statement Tuesday. The catheter can be combined with the company’s Faraview software module on the Opal HDx mapping system to enhance visualization of the catheter and lesion formation.
    • “Boston Scientific said clinical data supporting the approval, in cavotricuspid isthmus ablation, demonstrated the device was safe and effective, and showed high effectiveness in preventing atrial flutter recurrence.”

From the judicial front,

  • Beckers Payers Issues discusses ten recent healthcare billing fraud cases.
  • It’s worth adding that the GAO announced today,
    • “The federal government loses hundreds of billions of dollars annually to fraud. We issued the Fraud Risk Framework in 2015 to help managers prevent, detect, and respond to fraud.
    • “However, agencies aren’t doing enough to evaluate their antifraud efforts. In 2023, we surveyed 24 federal agencies and found
      • a third didn’t have regular monitoring or evaluation activities
      • half didn’t regularly make changes based on evaluation results
    • “We are issuing this technical appendix to our framework to help managers evaluate and adapt their antifraud efforts. These efforts can aid program integrity, protect taxpayer dollars, and maintain public trust.”

From the public health and medical / Rx research front,

  • The University of Minnesota’s CIDRAP informs us,
    • “South Carolina health officials yesterday said the state now has 434 measles cases after 124 new cases have been confirmed. 
    • “There are currently 409 South Carolinians in quarantine and 17 in isolation, with some quarantines extending to February 6. Mobile vaccine units will be active this week, and officials urge local residents to get vaccinated.” * * * 
    • In other measles news, Utah has 25 new cases, raising the state total to 201. Southwest Utah has the most cases, at 147, followed by Utah County with 24 cases, and Wasatch County with 9 cases. 
    • “Arizona officials yesterday confirmed three new measles cases in the state, all from this year. All three are in Mohave County, which has seen a lingering cross-border outbreak with Southwest Utah for several months. Arizona’s outbreak has now reached 217 infections.”
  • STAT News reports,
    • “U.S. overdose deaths fell through most of last year, suggesting a lasting improvement in an epidemic that had been worsening for decades.
    • Federal data released Wednesday showed that overdose deaths have been falling for more than two years — the longest drop in decades — but also that the decline was slowing.
    • “And the monthly death toll is still not back to what it was before the Covid-19 pandemic, let alone where it was before the current overdose epidemic struck decades ago, said Brandon Marshall, a Brown University researcher who studies overdose trends.
    • “Overall I think this continues to be encouraging, especially since we’re seeing declines almost across the nation,” he said.”
  • Per Cardiovacular News,
    • “In many ways, cardiovascular health throughout the United States has improved significantly over the years. However, thanks in part to an aging population and the impact of the COVID-19 pandemic, there are certain areas where patient outcomes are trending in the wrong direction.
    • “To learn more about this topic, researchers performed the first comprehensive report of its kind, tracking the latest data on a variety of risk factors and cardiovascular conditions. They published their findings in JACC, the flagship publication of the American College of Cardiology (ACC).[1] 
    • “Progress in cardiovascular health depends on knowing where we stand,” wrote first author Rishi K. Wadhera, MD, MPP, MPhil, associate director and section head of health policy at Richard A. and Susan F. Smith Center for Outcomes Research at Beth Israel Deaconess Medical Center, and colleagues. “To improve, we must measure—not occasionally, but consistently, transparently and with purpose.”
    • “One key takeaway from the report is that there is still plenty of room for improvement in terms of patient outcomes.
    • “Across all risk factors and conditions, persistent disparities by race, geography, and socioeconomic status emerge as a central finding—one that demands focused attention and action,” the authors wrote. “The report also reveals other critical gaps: places where information is incomplete, where our collective understanding falls short, and where new data are urgently needed.”
  • CNN reports,
    • “The Defense Department has spent more than a year testing a device purchased in an undercover operation that some investigators think could be the cause of a series of mysterious ailments impacting US spies, diplomats and troops that are colloquially known as Havana Syndrome, according to four sources briefed on the matter.
    • “A division of the Department of Homeland Security, Homeland Security Investigations, purchased the device for millions of dollars in the waning days of the Biden administration, using funding provided by the Defense Department, according to two of the sources. Officials paid “eight figures” for the device, these people said, declining to offer a more specific number.
    • “The device is still being studied and there is ongoing debate — and in some quarters of government, skepticism — over its link to the roughly dozens of anomalous health incidents that remain officially unexplained.
    • “CNN has asked the Pentagon, HSI and the DHS for comment. The CIA declined to comment.”
  • MedPage Today points out,
    • “Nearly 76% of households with prediabetes patients had additional members who had diabetes risk factors.
    • “Many of these household members had overweight or obesity.
    • “EHR data could identify at-risk households and help target family-centered diabetes prevention strategies, the researchers suggested.”
  • and
    • “Physicians viewed 17% of patient encounters as difficult, according to a meta-analysis.
    • “Patient characteristics associated with perceived difficulty included personality disorders, depression, anxiety, and chronic pain.
    • “The researchers suggested a need for more training in handling difficult encounters.”
  • Healio notes,
    • “Bystander CPR as depicted on TV frequently did not align with correct real-world procedures and experience.
    • “These inaccuracies may skew lay perceptions of cardiac arrest and negatively influence bystander CPR.”

From the. J.P. Morgan healthcare conference,

  • Genetic Engineering and Biotechnology News reports,
    • “They met for the first time in 2018. David A. Ricks, a year into his tenure as Eli Lilly’s Chair and CEO, hosted Jensen Huang at Lilly’s Indianapolis headquarters campus, where the Nvidia founder and CEO gave a talk to the pharma giant’s management team about a new technology called artificial intelligence (AI) and its potential in reshaping drug discovery.” * * *
    • “The two CEOs recalled their first meeting on Monday, when they entertained a packed ballroom at the Fairmont San Francisco hotel, a hilly half-mile north of where the J.P. Morgan 44th Annual Healthcare Conference is taking place. The occasion was a Huang-hosted “fireside chat” in which he and Ricks discussed the companies’ latest partnership, and extolled the promise and potential of AI to reshape not just drug discovery but the development of new treatments and their uptake by patients.
    • “The Silicon Valley microprocessing giant and pharma powerhouse announced a five-year, $1 billion partnership to create a “Co-Innovation AI Lab” designed to address key challenges in AI drug discovery.”
  • STAT News lets us know,
    • “Pfizer CEO Albert Bourla said earlier this week that “the goal in obesity is to become a leading player.” No surprise. But he was also asked about his prediction a year ago that President Trump would be a net positive for the pharmaceutical industry.
    • “Yes,” he said, “but I have to say that I got scared big time” along the way. The big win, from his perspective: The United Kingdom agreeing to raise prices for medicines as part of a trade deal with the U.S. This, he said, changed the dynamic between European companies and the pharmaceutical industry and would not have happened without Trump, who, Bourla also reiterated, deserved a Nobel Prize for supporting the development of Covid vaccines.
    • “But Bourla also expressed some worries about elements of the administration. He continued to say that the pressure it was putting on vaccines is “an anomaly that will correct itself” and reiterated that Pfizer is doing its own vaccine research, including developing a Lyme disease inoculation.
    • “He also expressed concern about developments at the Food and Drug Administration, including the departure of former top official Richard Pazdur. Bourla called Pazdur “a legend in regulatory work globally” and said that he was “very concerned” when Pazdur resigned after only two weeks on the job.”
  • Fierce Healthcare reports,
    • “Surescripts is teaming up with Good Rx to surface key prescription discounts to consumers.
    • “The health information network announced Tuesday at the J.P. Morgan Healthcare Conference that it would launch Script Corner, a new patient experience platform. Script Corner unites key benefit data, medication management tools and personalized engagement to smooth out their medication experience.
    • “The tool is also being built with price transparency in mind, in part through offering discounted cash prices in an exclusive partnership with GoodRx.
    • “Frank Harvey, CEO of Surescripts, said at the conference that while many apps and tools aim to arm patients with key transparency data, but the Script Corner platform is the first to put that in the palm of their hands.”
  • Fierce Healthcare also offers more stories from day 3 of the conference.

From the U.S. healthcare business and artificial intelligence front,

  • Fierce Healthcare reports,
    • “Insurance giant UnitedHealthcare is rolling out a new program that aims to support the finances of cash-strapped rural hospitals.
    • “Through the pilot, UHC will accelerate the payment timelines in its Medicare Advantage plans by 50% over the next six months, lowering the time from an average of less than 30 days to less than 15 days, according to an announcement from the company.
    • “The insurer said in the announcement that the program is designed to “deliver immediate cash‑flow relief and support the sustainability of these important rural hospitals.” * * *
    • “The pilot will initially launch in four states: Oklahoma, Idaho, Minnesota and Missouri. UnitedHealth said the first participants were selected based on their potential to “maximize impact” and support the future of this initiative and the development of additional interventions in rural healthcare.”
  • Beckers Hospital Review shares “McKinsey’s 2026 healthcare predictions: 5 takeaways for hospital leaders.” 
  • Fierce BioTech relates,
    • “Still riding the high of last year’s twice-yearly HIV PrEP approval of lenacapavir as Yeztugo, Gilead Sciences is approaching dealmaking from a “position of strength” as a more mature biopharma, according to CEO Daniel O’Day.
    • “When you’re a company that’s cured a disease and showed curative potential in another disease and are on the verge of ending an epidemic, you’re kind of bold about your aspirations,” said O’Day, referring to the company’s hepatitis C and HIV medicines.
    • “Since O’Day joined Gilead from Roche in 2018, the California company has built three primary focus areas: virology, cancer and inflammation. In all three, Gilead’s recent successes have given the pharma the luxury of being selective in the external assets it considers, O’Day explained.
  • Healthcare Dive calls attention to the “Top healthcare AI trends in 2026.”
    • “While health systems will continue their AI rollout, use of the technology could evolve amid intensifying competition from EHRs, fragmented regulations and growing M&A opportunities.”

Tuesday report

David ErmerCDC, Congress, Electronic health records, FDA, Generative AI, Medical / Rx research, NIH, No Surprises Act, OPM, U.S. Healthcare

From Washington, DC,

  • Tomorrow, the House of Representatives will vote on the appropriations bill that funds the FEHB and PSHB, among other programs, H.R. 7006 – Financial Services and General Government and National Security, Department of State, and Related Programs Appropriations Act, 2026
  • Beckers Hospital Review tells us whether the ACA healthcare premium subsidies stand.
  • Fierce Healthcare adds,
    • “The Trump administration has released a new update on enrollment on the Affordable Care Act’s exchanges, with signups lagging notably behind figures for the 2025 plan year.
    • “Per the latest snapshot report, nearly 22.8 million people have signed up for coverage across the exchanges through Jan. 3. By comparison, 23.6 million people had enrolled in ACA plans through Jan. 4, 2025, according to a report from a year ago.
    • “Of that total, the Centers for Medicare & Medicaid Services said 2.8 million individuals are new enrollees, while nearly 20 million are returning customers. Close to 15.6 million people signed up for coverage through Healthcare.gov, and 7.2 million used a state-based exchange, according to the report.
  • Beckers Payer Issues provides us with eleven No Surprises Act updates.
  • BenefitsLink calls our attention to a November 2025 IRS notice that provides for inflation adjustments to qualifying payment amounts issued in 2026 under the No Surprises Act. According to BenefitsLink, the notice was not well publicized.
  • Milliman assesses “Medicare drug price negotiation: Navigating the next wave of maximum fair prices.”
  • BioPharma Dive adds,
    • AbbVie is the latest among more than a dozen of the world’s largest drugmakers to sign a drug pricing deal with the White House, announcing late Monday a deal to invest $100 billion in U.S. pharmaceutical research and manufacturing and lower some product costs in return for tariff relief. 
    • As with the many other deals revealed between the Trump administration and large pharma companies, the agreement is short on details as well as its potential impact on AbbVie’s earnings. AbbVie only said that it will provide “low prices” to Medicaid and boost efforts to sell through a government portal widely used medicines like Humira, Alphagan, Combigan and Synthroid — all of which are off-patent and face competition from lower-cost biosimilars or generics. 
  • Per an HHS news release,
    • The U.S. Department of Health and Human Services (HHS) and the Centers for Disease Control and Prevention (CDC) today announced the appointment of two new members to the CDC Advisory Committee on Immunization Practices (ACIP). These appointments reflect the commitment of Secretary Robert F. Kennedy, Jr. to transparency, gold standard science, and diverse expertise in guiding the nation’s immunization policies. In June 2025, Secretary Kennedy reconstituted ACIP to restore public trust in vaccines.
    • The new members are Adam Urato, MD, and Kimberly Biss, MD.
  • MedPage Today offers backgrounds on the new members.
  • Federal News Network notes that “A sea of challenges opens up with 105,000 feds retiring.”
    • “The one-year drop in the number of GS-14s and GS-15s across government is causing some to be concerned about the future of federal management.”

From the Food and Drug Administration front,

  • MedTech Dive points out,
    • “Medtronic said Monday it received 510(k) clearance from the Food and Drug Administration for an app to connect its smart insulin pens with a glucose sensor made by Abbott.
    • “The app, called MiniMed Go, provides alerts for missed insulin doses, a dose calculator and guidance on what to do if a person misses a dose. It also includes software reporting for providers.
    • “The pairing is part of a partnership Medtronic struck in 2024 for Abbott to make an integrated continuous glucose monitor sold exclusively by Medtronic.”

From the public health and medical / Rx research front,

  • The American Hospital Association News reports,
    • “The five-year survival rate for all cancers in the U.S. has reached 70% for the first time, according to a report published Jan. 13 by the American Cancer Society. The study analyzed diagnosed cases of cancer in the U.S. from 2015-2021. Among the findings, the study said that since the mid-1990s, there have been notable gains in the survival rates for more fatal cancers, such as myeloma (from 32% to 62%), liver (7% to 22%) and lung cancers (15% to 28%). The cancer mortality rate declined by a total of 34% since peaking in 1991, averting 4.8 million deaths since then.”
  • and
    • “A study released Jan. 12 by the Journal of the American College of Cardiology analyzed the current state of heart health in the U.S., highlighting the burden of disease, quality of care and mortality trends of risk factors and conditions that can lead to heart disease. The study found no change in the prevalence of hypertension among U.S. adults from 2009-2023 but found that hypertension-related cardiovascular deaths nearly doubled from 23 per 100,000 in 2000 to 43 per 100,000 in 2019. The prevalence of diabetes in U.S. adults increased from 11.9% in 2009-2010 to 14.1% in 2021-2023. Deaths related to type 2 diabetes increased from 30.4 per 100,000 adults in 2009 to 54 per 100,000 adults in 2023. The study analyzed other risk factors and conditions such as obesity, cigarette smoking and stroke, among others.”
  • STAT News adds,
    • “46% of U.S. counties don’t have a cardiologist. ARPA-H’s new agentic AI program could bring them specialized care.”
      • “The Agentic AI-Enabled Cardiovascular Care Transformation (ADVOCATE) program will support the development of Food and Drug Administration-authorized full-stack solutions that use agentic artificial intelligence to autonomously provide specialty care for every American living with advanced heart disease.”
  • The Washington Post explains how to know when to keep your kids out of school.
  • Per Genetic Engineering and BioTechnology News,
    • “Tahoe Therapeutics, Arc Institute, and Biohub have each made a multi-million dollar commitment to fill the massive data gap for virtual cell models. The teams exclusively told GEN Edge that more than 120 million single cell data points across 225,0000 perturbations will be generated using Tahoe’s Mosaic technology for mapping how drug molecules interact with biology.
    • “All three organizations lead a field that builds AI models trained on transcriptome data to predict how cell gene expression changes with cell states. In therapeutics, these virtual cells could gleam insight into new drugs capable of shifting cells from “diseased” to “healthy” with fewer off target effects.” 

From the J.P. Morgan Healthcare Conference,

  • Healthcare Dive reports
    • “JPM26: Dr. Oz, CMS leaders make their pitch to hospitals, payers on Trump admin healthcare policies.
  • and
    • “JPM26: CommonSpirit CEO teases new divestures, outlines AI wins and pitfalls”
  • Fierce Pharma offers a potpourri of biopharma stories from day 2.
  • STAT News adds,
    • It will be hard for OpenEvidence to top its 2025. The company announced nearly $500 million in funding last year and seemingly overnight became a go-to tool in the medical profession. A slide during the company’s Monday JPM presentation claims that queries to the company’s clinical evidence chatbot grew from 2.6 million in 2024 to 17.9 million in December 2025, with well over 100 million queries for the year.
    • “The company also revealed it will be launching “medical super-intelligence.” What does that mean? Katie Palmer explains in a new story.”

From the U.S. healthcare business and artifical intelligence front,

  • Beckers Hospital Review reports,
    • San Antonio-based University Health is investing $1.7 billion in a five-year expansion, including two new community hospitals and two multispecialty clinics.
  • and
    • “Skilled nursing facility operating capacity dropped by 5% in the U.S. between 2019 and 2024, according to a study published Jan. 12 in JAMA Internal Medicine.” 
  • STAT New relates,
    • “Illumina became a genomics juggernaut by developing machines that could read large amounts of DNA accurately and quickly. But the company’s betting the next phase of its growth will be accelerated by helping customers better understand genetic data and apply it to drug development.
    • “The San Diego firm took a step in that direction on Tuesday, when it unveiled what it says will be the world’s largest dataset of its kind, the Billion Cell Atlas. The atlas is based on the results of turning on or off genes across 200 cell lines, including lines used to study heart disease, neurologic disorders, immune conditions, and cancer.”
    • “Data on how these genetic perturbations affect cells could in principle help drug companies validate drug targets or create “virtual cells,” artificial intelligence-powered models of cell behavior. Thus far, Illumina has generated data from about 150 million cells and expects to reach a billion by the end of the year. The company’s already offering the atlas as a resource for pharmaceutical companies, with Merck, AstraZeneca, and Eli Lilly as its first customers. Several others have expressed interest, too, according to CEO Jacob Thaysen.”
  • Per MedCity News,
    • “If there’s any single company that understands or should understand the value of health data and its importance in patients’ lives, it’s Wisconsin-based EHR company Epic.
    • “And yet, while the company announced a whole host of future AI efforts last August, including a digital companion for patients called Emmie, it was OpenAI — which announced ChatGPT Health last week — that has actually given people the power to query their medical records and gain insights. Anthropic is announcing a similar capability for Pro and Max users of its Claude generative AI platform. Like Epic, other companies that demonstrated an understanding of that broad patient need also missed the boat.
    • “But in an interview on Friday, Epic’s chief medical officer pushed back on the notion that this was a “missed opportunity” for the EHR company.
    • “I would categorize it, instead of a missed opportunity, as thoughtfully developed over multiple years on top of other non-AI MyChart development and AI that’s actually going to be more thoughtful and tuned to your medical history and your personal medical care,” declared Dr. Jackie Gerhart, also a practicing family physician and vice president of clinical informatics.
    • “Gerhart, who has been with Epic for seven years, and another Epic R&D expert took some pains to describe how the company is developing the capabilities of Emmie, the digital concierge, deeply embedded within the EHR and able to not only handle simple queries like “create an exercise plan”or “explain my lab results” but also nudge you to do the things that you should do for better health.”

Monday report

David ErmerCDC, CMS, Congress, FDA, Generative AI, Medical / Rx research, Medicare, Mental health care, OPM, SCOTUS, Telehealth, U.S. Healthcare

From Washington, DC,

  • Federal News Network reports,
    • “Congressional appropriators are seeking less aggressive budget cuts for the IRS than what the Trump administration has proposed.
    • ‘Members of the House and Senate appropriations committees, in the latest package of spending bills for fiscal 2026, are also renewing efforts to shrink federal office space.
    • “Funding for the State Department remains relatively unchanged, despite a massive reorganization carried out last year.
    • “Meanwhile, lawmakers want agencies to use artificial intelligence tools to speed up the delivery of public-facing benefits and services.
  • Govexec adds,
    • “Lawmakers in Congress appear to have abandoned a plan to bar insurers participating in the federal government’s employer-sponsored health care program from covering gender affirming care for federal workers and their family members, though the development changes little, practically speaking.
    • ‘When the House first unveiled its draft of the fiscal 2026 Financial Services and General Government appropriations package last September, it included language barring federal funds being used to cover the cost of “surgical procedures or puberty blockers or hormone therapy” as part of gender affirming care under the Federal Employees Health Benefits Program.
    • “But a new version of the bill unveiled Sunday, negotiated with Senate appropriators and containing three of the 12 traditional appropriations packages, strikes that language, issuing no prohibition on gender-affirming care for FEHBP participants.
    • “Despite the recent reversal, the measure, if passed, on its own would not restore access to gender affirming care for federal workers and their families. That’s because the Office of Personnel Management last year instructed insurance carriers who participate in FEHBP to cease covering those treatments.”
  • Here is a link to the House Appropriations Committee’s January 11 news releases on these new appropriations bills.
  • The American Hospital Association News tells us,
    • “The Centers for Medicare & Medicaid Services has released a request for information seeking input on replacing its Medicare claims processing system with a real-time, cloud-based platform. Under the program, called ClaimsCore, CMS is seeking vendors already capable of supporting more than 2 million active members on a single production instance and processing more than 100,000 claims per day. CMS said the program would provide faster, more transparent claims, strengthen fraud protection and provide near real-time explanations of benefits, among other improvements.” 

From the Food and Drug Administration front,

  • Per FDA news releases,
    • “The U.S. Food and Drug Administration today approved the Zycubo (copper histidinate) injection as the first treatment for Menkes disease in pediatric patients.” * * *  
    • “Menkes disease is a neurodegenerative disorder caused by a genetic defect that impairs a child’s ability to absorb copper. The disease is characterized by seizures, failure to gain weight and grow, developmental delays, and intellectual disability. It leads to abnormalities of the vascular system, bladder, bowel, bones, muscles, and nervous system. Children with classical Menkes (90% of those with the disease) begin to develop symptoms in infancy and typically do not live past three years. It affects approximately one in every 100,000-250,000 live births worldwide and is more common in boys.”
  • and
    • “The U.S. Food and Drug Administration today published draft guidance designed to facilitate the use of Bayesian methodologies in clinical trials of drugs and biologics, helping drug developers make better use of available data, conduct more efficient clinical trials, and deliver safe and effective treatments to patients sooner. 
    • “Bayesian methodologies help address two of the biggest problems of drug development: high costs and long timelines,” said FDA Commissioner Marty Makary, M.D., M.P.H. “Providing clarity around modern statistical methods will help sponsors bring more cures and meaningful treatments to patients faster and more affordably.”
    • “Bayesian approaches use a different framework from traditional statistical approaches. In a Bayesian analysis, data from a study are combined with relevant prior information to form a new distribution that can be used for inference and to draw conclusions about safety and efficacy.” 

From the judicial front,

  • Bloomberg Law lets us know,
    • “The US Supreme Court rejected a case seeking to force health insurers to pay arbitration awards that medical providers win in disputes over surprise medical bills, ending a long-running fight for a pair of air ambulance companies.” * * *
    • “Courts have so far mostly ruled for insurers in determining that oversight of the process resides with the Department of Health and Human Services, though providers have notched a couple of victories in district court.
    • The petition sought the high court’s input on whether the law grants parties the private right to sue, as well as whether breaching the relevant plan terms constitutes an injury to an enrollee under the Employee Retirement Income Security Act.” * * *
    • “The case is Guardian Flight LLC v. Health Care Serv. Corp. , U.S., No. 25-441, decision issued 1/12/26.”
  • STAT News reports,
    • “The Trump administration has signaled plans to drop its appeal of a court order that blocked a pilot program from changing payment terms for a controversial federal drug discount program.
    • “In a Monday court document, the Department of Justice indicated talks are underway with the American Hospital Association and several hospital systems, which filed a lawsuit challenging a plan that allowed drug companies to pay rebates — instead of discounts — for some medicines purchased under the 340B Drug Pricing Program.
    • “The parties are engaged in discussions about returning the [rebate] approvals challenged in this litigation to the agency for reconsideration. The agency intends to resolve such proceedings promptly. Therefore, the parties do not believe that expediting this appeal is warranted at this time and plan to dismiss the appeal in short order,” the DOJ wrote.”
  • MedTech Dive informs us,
    • “Edwards Lifesciences said Friday it has dropped plans to acquire JenaValve Technology after a U.S. district court granted the Federal Trade Commission’s motion for an injunction blocking the transaction.
    • “Edwards said it disagrees with the ruling, in the U.S. District Court for the District of Columbia, and believes the acquisition would have been in the best interest of a large underserved group of patients.”

From the public health and medical / Rx research front

  • The Wall Street Journal reports,
    • “If everyone you know seems to have the flu, there is a reason for that: Influenza climbed to unusually high levels across the country, thanks to a flu strain that caught us off guard.
    • “There have already been an estimated 15 million cases of the flu, according to the Centers for Disease Control and Prevention, along with 180,000 hospitalizations and 7,400 deaths.
    • It is the worst flu season in recent years though numbers are starting to decline yet remain high. But there are two things making things easier for some folks.
    • One, we all became familiar with at-home rapid tests for Covid-19 during the pandemic so more people are comfortable taking such tests at home for influenza. This results in more timely diagnoses.
    • That makes it easier to take antivirals, which make people feel better sooner, provided they are started within two days of getting sick. While most people are familiar with Tamiflu (oseltamivir phosphate), there is another antiviral, Xofluza (baloxavir marboxil) making the rounds on social media.
  • The AP related last Friday,
    • “South Carolina’s measles outbreak exploded into one of the worst in the U.S., with state health officials confirming 99 new cases in the past three days. 
    • “The outbreak centered in Spartanburg County grew to 310 cases over the holidays, and spawned cases in North Carolina and Ohio among families who traveled to the outbreak area in the northwestern part of the state.
    • “State health officials acknowledged the spike in cases had been expected following holiday travel and family gatherings during the school break. A growing number of public exposures and low vaccination rates in the area are driving the surge, they said. As of Friday, 200 people were in quarantine and nine in isolation, state health department data shows.
    • “The number of those in quarantine does not reflect the number actually exposed,” said Dr. Linda Bell, who leads the state health department’s outbreak response. “An increasing number of public exposure sites are being identified with likely hundreds more people exposed who are not aware they should be in quarantine if they are not immune to measles.”
  • The American Medical Association lets us know what doctors wish their patients knew about donating blood.
    • “When caring for patients, physicians and other health professionals rely on blood donation to support care ranging from trauma response to cancer treatment. But ongoing blood shortages mean many hospitals and health systems struggle to keep an adequate supply on hand. With the need for donating blood rising during seasonal shortages or public health crises, a single donation of blood can help up to three people. Donating blood when you can is vital because maintaining an adequate blood supply is a shared responsibility that strengthens patient care across the country.”
  • The Washington Post informs us,
    • “An estimated quarter of traditional Medicare beneficiaries with dementia are prescribed risky, brain-altering drugs despite years of clinical guidelines cautioning against the practice, a new study shows.
    • “The drugs fall into five broad categories — including antidepressants, antipsychotics, antidepressants and barbiturates — that may leave older adults in a drowsy, confused fog that can make them less steady on their feet and more prone to falls. And while the study published Monday in JAMA found that overall prescriptions for these types of drugs for traditional Medicare beneficiaries fell from 2013 to 2021, their “potentially inappropriate” use was significantly higher for people who are cognitively impaired or have dementia compared to people whose cognition was normal.
  • Per Genetic Engineering and Biotechnology News,
    • “Many of us will recognize being in a situation where it’s really hard to get started on a task—whether it’s making a difficult phone call or preparing a presentation that’s stressful just to think about. We understand what needs to be done, yet taking that very first step feels surprisingly hard.
    • “When this difficulty becomes severe, it is known medically as avolition. People with avolition are not lazy or unaware. They know what they need to do, but their brains seem unable to push the “go” button. Avolition is commonly seen in conditions such as depression, schizophrenia, and Parkinson’s disease, and it can seriously disrupt a person’s ability to manage daily life and maintain social functions.
    • “Working with macaque monkeys trained to perform certain tasks, scientists at Kyoto University applied chemogenetics techniques to identify a pathway between the ventral striatum (VS) and ventral pallidum (VP) in the brain that functions as a “motivation brake,” suppressing this internal “go” button, particularly when facing stressful or unpleasant tasks. The results showed that chemogenetic suppression of this VS–VP pathway restored motivation in the animals under aversive conditions.
    • “The team, headed by Ken-ichi Amemori, PhD, an associate professor at the Institute for the Advanced Study of Human Biology (WPI-ASHBi), and colleagues, suggests that the discovery of this VS–VP motivation brake may shed light on conditions such as depression and schizophrenia, where severe loss of motivation is common, and point to interventional strategies.”

From the J.P. Morgan Healthcare Conference 2026,

  • Per BioPharma Dive,
    • “JPM26: US biotech’s ‘Sputnik moment,’ Pfizer’s obesity ambitions and Bristol Myers’ big year.
    • “Four recent deals fueled more angst about China’s biotech progress, while Pfizer, Bristol Myers and Sarepta all worked to appease jittery investors.”
  • Fierce Healthcare reports,
    • “Abridge is partnering with real-time health information network Availity to fire up AI-powered prior authorization, expanding the reach of real-time coverage approval to more providers.
    • “The two companies announced a partnership, timed to the annual J.P. Morgan Healthcare Conference, to scale up real-time prior authorization. The integration of the two companies’ technologies could significantly speed up prior auth, from months to minutes. The use of Abridge’s ambient AI and Availity’s data exchange tech can compress a weekslong process that occurs post-visit to one that happens in real-time during the patient exam.
    • “Rather than create disparate AI systems, Abridge and Availity decided to team up to share information between providers and health plans at the point of care, making the process of medical necessity review more efficient, the companies said in a press release.”
  • and
    • “Teladoc is improving its 24/7 virtual urgent care for health plans by upskilling providers through real-time specialist consultations and offering care for a broader set of conditions, the company announced at the 2026 J.P. Morgan Healthcare Conference.
    • “The company hopes to save health plans money by reducing the number of follow-up appointments a patient may need to have after a virtual urgent care visit. 
    • “Teladoc’s virtual urgent care, which has been operational for over 20 years, will now be treating back and joint pain, hair loss and sleep issues, in addition to acute conditions like colds, coughs and ear infections.” 
  • Fierce Pharma offers a potpourri of stories from day one of the conference.

From the U.S. healthcare business front,

  • BioPharma Dive reports,
    • “Boston Scientific said Monday it has agreed to acquire Valencia Technologies, a developer of treatments for bladder dysfunction, for an undisclosed sum.
    • “Valencia makes the eCoin tibial nerve stimulator, which received Food and Drug Administration approval in 2022 to treat urinary urge incontinence. The leadless device is implanted near the ankle.
    • “The deal will allow Boston Scientific to expand into a high-growth area that complements the company’s existing pelvic health product line, Meghan Scanlon, Boston Scientific’s president of urology, said in a statement.” 
  • Beckers Payers Issues points out,
    • Administration and automation are not the only AI use cases payers should be focused on this year, according to McKinsey Senior Partner Adi Kumar, who broke down his 2026 predictions for insurers in a Jan. 12 report.
      • “1. Payers are at a place to look beyond AI administrative use cases. Care management is one opportunity where payers can assert more control.
      • “2. Mr. Kumar said healthcare has been slow to reach a technological revolution, but payers can harness technology to better engage with consumers.
      • “3. The One Big Beautiful Bill Act will raise the bar for payer performance, affecting how much money insurers get from the federal level. Payer financials could either take a hit — hurting risk pools — or payers could play the “productivity game” to get ahead.
      • “4. Mr. Kumar encourages payer CEOs to consider what types of business they want to focus on as the line between payers, providers and services get more blurred.
      • “5. CEOs also need to think about productivity and “how to do more with less.”
  • BioPharma Dive calls attention to five questions facing biopharma this year.
    • “The biopharmaceutical sector finally regained its footing in 2025. Here are five issues that could determine whether the renewed optimism will carry over into the new year.”
  • Beckers Hospital Review relates,
    • “In recent years, a swell of states has adopted laws to lessen the requirements for foreign-trained physicians to join the U.S. workforce.  
    • “The laws aim to combat the nation’s growing physician shortage, which is becoming more urgent as patient acuity risesmore physicians approach retirement age and a plethora of other factors. One tactic to staunch the shortage is reducing or eliminating residency requirements for internationally trained medical school graduates to gain employment in the U.S.
    • “Eighteen states have laws allowing internationally trained physicians to gain full licensure, three states grant limited licensure, three other states have pending bills related to limited licensure and another six state legislatures are considering pathway bills in 2026.
    • “International medical graduates account for about one-fourth of physicians practicing in the U.S., according to the American Medical Association, which supports these pathway laws.” 

Weekend Update

David ErmerCongress, FDA, Generative AI, Medical / Rx research, OPM, U.S. Healthcare

From Washington, DC

  • Tomorrow, the Senate will take a final vote on H.R. 6938, Commerce, Justice, Science; Energy and Water Development; and Interior and Environment Appropriations Act, 2026, which the House of Representatives already has passed. When as expected, the Senate passes this bill, Congress will have passed half of the twelve appropriations bills in regular order.
  • Roll Call offers more insights into the state of the appropriations process.
    • “The House, meanwhile, looks to move forward with a bundle of two more spending bills, including funding for the State Department, the Treasury and an assortment of related agencies including the White House itself.”
    • While the Senate has scheduled a recess for next week, “[t]he House is expected to be in session next week except for Jan. 19, which is Martin Luther King Jr. Day.”
  • Per a Senate news release,
    • “On Thursday, January 15, [at 10 am ET] the Senate Health, Education, Labor, and Pensions (HELP) Committee will vote on several bipartisan bills to improve American families’ health.
    • “The bills under consideration include:
      • “S. 1157, Women and Lung Cancer Research and Preventive Services Act
      • “S. 921, Tyler’s Law
      • “S. 2169, Rural Hospital Cybersecurity Enhancement Act
      • “S. 272, Protect Infant Formula from Contamination Act.” * * *
    • “Click here to watch live.”
  • Per a House news release,
    • “Ways and Means Committee Chairman Jason Smith (MO-08) and Energy and Commerce Committee Chairman Brett Guthrie (KY-02) announced the details for an upcoming hearing with five of the biggest health insurance company CEOs to answer questions on making health care more affordable for all Americans.” * * *
    • “The date of the hearing will be January 22, 2025, with the panel appearing before the House Committee on Energy and Commerce Subcommittee on Health in the morning, and the House Committee on Ways and Means in the afternoon. 
    • “Company CEOs in attendance will be UnitedHealth Group, CVS Health, Elevance Health, The Cigna Group, and Ascendiun (the parent company of Blue Shield of California).”
  • Govexec tells us,
    • “The Trump administration is bringing back an awards program for senior executives after canceling it for fiscal 2025. 
    • “In a Jan. 5 memo, Office of Personnel Management Director Scott Kupor asked agencies to nominate up to nine percent of their highest-ranking career employees for the fiscal 2026 presidential rank awards. The program was established in 1978 to honor civil servants who have exhibited consistent achievement.”
  • BioPharma Dive reports,
    • Johnson & Johnson on Thursday [January 8] became the latest pharmaceutical company to agree to “most favored nation” pricing in return for a reprieve on pharmaceutical tariffs. The company didn’t provide many specifics in its announcement. But it’ll participate in a government online channel for drug purchasing; enable U.S. patients to access drugs at comparable prices to what’s paid in foreign countries; and give the same prices to Medicaid, which already has best-price guarantees. J&J will also build a cell therapy plant in Pennsylvania and a facility in North Carolina as part of its $55 billion commitment to boost U.S. manufacturing capacity.

Frrom the Food and Drug Administration front,

  • Per an FDA news release,
    • “The U.S. Food and Drug Administration today announced it is sharing information about the agency’s flexible approach to overseeing chemistry, manufacturing and control (CMC) requirements for cell and gene therapies (CGT). The agency’s more flexible approach has been, and is expected to continue to be, helpful in expediting product development and will help guide the FDA’s evaluation of development strategies in preparation for a Biologics License Application (BLA) submission.  
    • “Regulatory flexibility must be tailored for cell and gene therapies,” said FDA Commissioner Marty Makary, M.D., M.P.H. “These are common-sense reforms that will address the unique characteristics of cell and gene therapies and foster more innovation.”
  • The Washington Post explains the problem that the FDA seeks to resolve.
    • “Genetic therapies could be used to treat hundreds of diseases. The path to patients is tricky.”
  • STAT News notes,
    • “Stoke Therapeutics and the Food and Drug Administration were unable to reach agreement on an expedited submission for the company’s severe epilepsy treatment, the company said Sunday. 
    • “Following a meeting in December, the FDA did not shut the door on Stoke’s request to submit zorevunersen, a treatment for Dravet syndrome, later this year, rather than wait for the completion of an ongoing Phase 3 study in the middle of 2027, Stoke CEO Ian Smith told STAT in an interview.
    • “Instead, regulators asked the company to submit more information, and further discussions are planned. Stoke expects to make a decision on a regulatory path for zorevunersen by the middle of the year.” 

From the public health and medical / Rx research front,

  • Medscape relates,
    • “Different subgroups of patients with adult-onset diabetes showed different rates of comorbidities and mortality outcomes. Patients with severe insulin-resistant diabetes (SIRD), a high-risk subtype, were most likely to have kidney, liver, and heart diseases despite having only mild hyperglycemia, and some of these conditions were present even before diabetes was diagnosed.”
  • Healio points out,
    • “Between 50% to 75% of children struggle with adhering to health care regimens.
    • “Rebecca Liu, a senior at UCLA, described her idea for a game that could educate children about their health and improve adherence.”
  • The Wall Street Journal considers,
    • “What Time Should You Wake Up? Probably Not 5 a.m.
    • “Sleep experts warn against rising too early if you’re not naturally a morning person, and provide tips for a better night’s sleep.” * * *
    • “Your ideal rise time is linked to your chronotype, your genetic predisposition to waking at a certain time. (If you need help understanding yours, take Breus’s quiz, which requests your name and email address.)”
  • MedPage Today reports,
    • “An immuno-oncology (IO) regimen for intermediate-stage hepatocellular carcinoma (HCC) significantly extended treatment benefit versus transarterial chemoembolization (TACE), according to an interim analysis of a randomized trial.
    • “Time to failure of treatment strategy (TTFS) increased from 9.5 months with TACE to 14.6 months with the combination of atezolizumab (Tecentriq) and bevacizumab (Avastin). Treatment-related adverse events (TRAEs), including grade ≥3 TRAEs, occurred more often with the systemic therapy, but no unexpected or excess fatal events occurred.
    • “The results provided justification to continue enrollment and follow-up to a second planned interim analysis later this year, reported Peter R. Galle, MD, of University Medical Center Mainz in Germany, at the American Society of Clinical Oncology Gastrointestinal Cancers Symposium.”

From the U.S. healthcare business and artificial intelligence front,

  • Modern Healthcare reports,
    • “The 44th annual J.P. Morgan Healthcare Conference kicks off Monday, drawing more than 8,000 healthcare executives and investors to San Francisco. 
    • “At a time of widespread uncertainty for the industry’s profit potential, companies will unpack their latest financial results while touting capital projects, technology advancements and merger and acquisition plans to private equity firms, venture capitalists and other potential investors. More than 500 public and private companies are expected to discuss a range of topics including artificial intelligence, biotechnology, personalized medicine, digital health, healthcare funding, regulation and glucagon-like peptide-1 drugs that treat diabetes and obesity.”
  • The Wall Street Journal adds,
    • “When Health Secretary Robert F. Kennedy Jr. released his MAHA Report in May, a who’s who of the wellness world convened at the White House for the occasion. There was the influential physician Mark Hyman, who co-founded the direct-to-consumer testing company Function Health, recently valued at $2.5 billion. Also in attendance: Alex Clark, the host of the popular Turning Point USA podcast “Culture Apothecary.” Longevity influencer Gary Brecka, who’d recently had Kennedy over to get intravenous drips and use Brecka’s hyperbaric chamber, was present, along with the “medfluencers” Dr. Will Cole and Dr. Paul Saladino.
    • “All of them support Kennedy’s ascent to the nation’s top health job. And all of them stand to gain from the spotlight he’s placed on alternative health. That’s because each of them has ties to the business of supplements, a $70 billion, lightly regulated U.S. market that could benefit from his support. On Brecka’s podcast, recorded after their wellness treatments, Kennedy vowed to end “the war on vitamins.”
  • Fierce Pharma lets us know,
    • As Novartis turns the calendar on a new year, the Swiss drugmaker is elaborating further on plans for the $23 billion U.S. investment it unveiled last April.
    • Next on the docket will be a new, 35,000-square-foot radioligand therapy (RLT) facility in Winter Park, Florida, Novartis reported Friday. 
    • Joining established plants in Novartis’ American RLT network in Indiana, New Jersey and California, the new facility will boost the company’s radiopharmaceutical manufacturing to “optimize the delivery” of the cutting-edge cancer treatments to patients across the southeastern United States, Novartis said in a Jan. 9 press release. The upcoming site is expected to come online by 2029, the company added. 
  • Buiness Insider relates,
    • Anthropic is rolling out a major expansion of its healthcare and life-sciences offerings, as AI companies race to embed large language models more deeply into regulated medical workflows.
    • “The company on Sunday announced Claude for Healthcare, a product that allows healthcare providers, insurers, and consumers to use Claude for medical purposes through HIPAA-ready infrastructure. 
    • “The launch builds on Anthropic’s earlier release of Claude for Life Sciences, which focused on research and drug discovery, and reflects the company’s broader effort to position its AI models as practical tools for regulated industries.”

Notable Obituary

  • The New York Times reports,
    • “Dr. Joel Habener, an American endocrinologist who discovered GLP-1, the protein fragment that became the basis of Ozempic, Wegovy and other blockbuster weight-loss and diabetes drugs that are transforming 21st-century medicine, died on Dec. 28 in Newton, Mass. He was 88.
    • “His death, in a retirement community, was confirmed by his brother, Stephen, who said the cause was a heart attack.” * * *
    • “Dr. Habener’s discovery of GLP-1, in 1987, came about almost by accident. “It was a eureka moment,” he said in a 2023 interview, “which rarely happens in science.”
    • “He was a researcher at the time at Massachusetts General Hospital, where he arrived in 1971 and remained until his retirement in 2023.”