Generative AI Archives - Page 3 of 7

Tuesday Tidbits

David Ermer–COVID-19, Cybersecurity, Electronic health records, FDA, Generative AI, Medical / Rx research, Medicare, NIH, Obesity, OPM, Patient safety, U.S. Healthcare–March 12, 2024March 12, 2024

From Washington, DC,

Because this is the FEHBlog, the lede tonight necessarily is OPM’s announcement naming the carriers who are currently prepared Postal Service Health Benefit Program benefit and rate proposals. Good luck to them all.

FedWeek notes,
- “President Biden has issued an open letter to federal employees thanking them for their “tireless service on behalf of our country.”
and
- “While seeking a January 2025 raise of 2 percent (see related story), the White House’s fiscal 2025 budget proposal cites several initiatives related to federal pay.
- “In addition to year-to-year pay increases, the Administration is pursuing structural reforms to enhance the competitiveness of the Federal pay system,” it says.

Reg Jones, writing in Fedweek, fills us in on benefits available upon the death of a federal employee or annuitant.

The Department of Health and Human Services provided a readout from “Biden-Harris Administration Convening with Health Care Community Concerning Cyberattack on Change Healthcare. Leaders from HHS, White House, DOL, and the health care community convened to discuss ways to mitigate harms to patient and providers caused by the cyberattack.”

The Food and Drug Administration “advised consumers in Some Medicines and Driving Don’t Mix to make sure they know if their prescription or over-the-counter medication can cause side effects that may make it unsafe to drive. Most medications won’t affect consumers’ ability to drive safely or operate other heavy machinery, but some do.”

The Buck consulting firm points out why “maintaining creditable coverage may prove difficult for some employer sponsored plans in 2025.”

STAT News discusses the treatment impact of new federal methadone rules.
- “The federal government is reforming methadone care for the first time in over two decades. But how far do the changes actually go?
- “To many methadone clinics, the Biden administration’s recent refresh of the rules governing opioid treatment programs represents an unprecedented opportunity to offer care that is more compassionate and responsive to patients’ needs. To many patient advocates, however, it simply nibbles around the edges.
- “The reality is likely somewhere in between: It will depend, in large part, on whether state-level regulators embrace the changes, and whether individual clinics actually implement them. In reform-oriented states, and at patient-centered clinics, the new rules could make a world of difference for people seeking addiction treatment.”

The Office of National Coordinator for Healthcare Information Technology, Micky Tripathi, in his blog, looks forward to “HTI-2 & ONC’s Commitment to Furthering the Vision of Better Health Enabled by Data.”

From the public health and medical research front,

BioPharma Dive reports,
- “Roche’s experimental Alzheimer’s disease drug trontinemab showed “best-in-class” potential based on its ability to quickly clear clumps of amyloid protein from the brains of patients enrolled in a small clinical trial, the company said Monday.
- “A majority of patients receiving the highest dose of the drug, which is specially designed to penetrate brain tissue, saw their amyloid levels drop below detectable levels after 12 weeks, Roche executives said in an investor presentation on the pharmaceutical giant’s neurology pipeline.”

Reuters tells us, “Pfizer said on Tuesday its drug, Adcetris, extended survival in patients with the most common type of lymphoma in a late-stage study, bolstering efforts to expand the use of the treatment gained through its $43 billion purchase of Seagen [in 2023].

MedPage Today lets us know,
- “Pragmatic implementation of an automated online behavioral obesity treatment program that included 9 months of active maintenance helped people with overweight or obesity lose a clinically significant amount of weight by 12 and 24 months, a randomized trial showed. * * *
- “This pattern persisted at 24 months, reported J. Graham Thomas, PhD, of the Weight Control and Diabetes Research Center in Providence, Rhode Island, and colleagues in JAMA Internal Medicine.
- “This study shows that a fully automated online obesity treatment program can produce beneficial results for many patients in real-world primary care settings,” Thomas told MedPage Today. “We were encouraged to find that the online weight-loss program performed just as well in real-world primary care practices as it does in our previous highly controlled clinical trials.”
- “These patients lost weight “at rates comparable” to those seen in studiesopens in a new tab or window in which the researchers were completely hands-on in every aspect of the program, he added.
- “Because the treatment program is online and fully automated, Thomas said it is quite practical for widespread implementation across primary care practices. “The data show that the primary care clinicians were able to implement the program independently, and patients were able to use it successfully.”

Beckers Hospital Review adds,
- “Hospital transplant departments have strict cutoffs for patients with higher body mass indexes because of the increased risk of complications, but GLP-1s such as Ozempic and Wegovy are helping more patients be eligible for surgery.
- “Potential transplant donors and diabetic patients who otherwise would not be able to undergo surgery because of their BMI are now quickly dropping weight. Popular GLP-1s, including Ozempic, and GLP-1s and glucose-dependent insulinotropic polypeptides, such as Mounjaro and Zepbound, are dramatically helping these weight loss efforts.”

Medscape cautions,
- “Novo Nordisk’s CEO on Friday said the company was working with authorities in several countries to tackle counterfeit versions of its popular diabetes drug Ozempic, as new reports emerge of patient harm across the world.
- “This is something we take very seriously,” Lars Fruergaard Jorgensen, CEO of the Danish drugmaker, told Reuters. * * *
- “Jorgensen, echoing comments from the FDA’s Califf, also said compounded semaglutide in the United States was a serious health issue, and that the raw materials, or active pharmaceutical ingredients (API), for these products were coming from unregulated facilities in Asia and elsewhere.
- “We don’t know them, and we have really no insights or ability to understand what the API is in a certain compounded product,” he said.
- “While fake drugs often do not contain any of the medication advertised, compounded drugs are custom-made medicines that are based on the same ingredients as branded drugs. Because Wegovy and Ozempic are in short supply, they can be legally produced by licensed pharmacies in the U.S.
- “Further reports obtained by Reuters through FOIA requests show that one person died last year from abnormal blood clotting after taking a drug that was advertised as compounded semaglutide. Three others suffered severe vomiting and nausea, sensory loss in their legs, and a drop in blood platelet levels.”

The U.S. Census Bureau announced,
- “An additional 573,000 people died in the United States during the first year of the COVID-19 pandemic but “excess mortality” at the national level masks substantial variations by state, age, sex, and race and ethnicity, according to new U.S. Census Bureau research recently published in Demography.
- “Excess mortality” refers to deaths from any cause above what is expected from recent mortality trends.
- “This research shows the pandemic widened the mortality gap between the nation’s Black and White populations and completely erased the mortality advantage of the Hispanic population in relation to the non-Hispanic White population.”

The National Institutes of Health announced‘,
- “Two phase 2 clinical trials to test the safety and effectiveness of three treatments for adults with autonomic nervous system dysfunction from long COVID have begun. The autonomic nervous system acts largely unconsciously and regulates bodily functions, such as heart rate, digestion and respiratory rate. Symptoms associated with autonomic nervous system dysfunction have been among those that patients with long COVID say are most burdensome. The trials are part of the National Institutes of Health’s Researching COVID to Enhance Recovery (RECOVER) Initiative, a nationwide research program to fully understand, diagnose and treat long COVID. Other RECOVER phase 2 clinical trials testing treatments to address viral persistence and neurological symptoms, including cognitive dysfunction (like brain fog), launched in July 2023. * * *
- “People 18 years of age and older who are interested in learning more about these trials can visit https://trials.RECOVERCovid.org/autonomic or ClinicalTrials.gov and search identifier NCT06305793, NCT06305806 and NCT06305780. Please do not contact the NIH media phone number or email to enroll in these trials.”

The Wall Street Journal warns,
- “Ultra-processed foods may not only affect our bodies, but our brains too.
- “New research suggests links between ultra-processed foods—such as chips, many cereals and most packaged snacks at the grocery store—and changes in the way we learn, remember and feel. These foods can act like addictive substances, researchers say, and some scientists are proposing a new mental-health condition called “ultra-processed food use disorder.” Diets filled with such foods may raise the risk of mental health and sleep problems.
- “The science is still early and researchers say there is a lot they don’t know. Not all ultra-processed foods are equal, some scientists say, adding that some might be good for you. A diet high in ultra-processed foods has been linked with obesity, Type 2 diabetes, cancer and cardiovascular disease, but researchers are still figuring out exactly why, beyond calorie counts and nutrient composition.
- “Makers of foods such as processed meats and muffins defend their products, and note that there isn’t a consistent, universally accepted definition of ultra-processed food.”

From the HIMSS Conference in Orlando,

HIMSS offers an article about “Google Cloud’s debut of new genAI advancements for healthcare at HIMSS24. In total, the company is offering its cloud clients updates to Vertex AI Search, Healthcare Data Engine and MedLM, designed to improve patient care.”

Fierce Healthcare posted articles titled ‘Philips, AWS collaborate on cloud-based digital pathology solutions” and “CodaMetrix pockets $40M series B to build out AI-based revenue cycle tools.”

From the U.S. healthcare business front,

HR Dive reports,
- “Nearly half of U.S. workers don’t have the benefits they need at work, according to the results of a survey by Perceptyx, an employee experience company. Of the 1,500 full-time employees surveyed, 59% said they had “benefits envy” of friends’ and family members’ healthcare coverage.
- “When it comes to benefits equity, the survey found that medical, maternity and mental health are the “magic trifecta,” Emily Killham, senior director of people analytics, research and insights at Perceptyx, said. “When employees have access to all three, women and men feel equally that their needs are met.”
- “Yet 53% of those surveyed said they don’t have mental health coverage, 51% don’t have maternity leave, and 25% don’t have any medical benefits, per the results.”

Beckers Hospital Review informs us,
- “Healthgrades recognized 832 hospitals with its 2024 Patient Safety Excellence Awards and Outstanding Patient Experience Award. Only 79 of those hospitals received both awards.
- “The dual recipients spanned 27 states. Texas had the most dual recipients with 13 honorees — including four Baylor Scott and White Health and four Houston Methodist hospitals.”
- The article lists the dual recipients.

Beckers Payer Issues relates,
- “Selective contracting with primary care physicians may be one factor behind lower per-patient expenses in Medicare Advantage, a study published in the March edition of Health Affairs found.
- “The study examined 4,456,037 traditional Medicare patients who visited 151,679 primary care physicians. The physicians who participated in Medicare Advantage networks had $433 lower costs per patient than the regional average of physicians.
- “The quality measures for physicians participating in Medicare Advantage were similar to the regional average, the study found.
- “Physicians who did not participate in any MA networks cost $1,617 more per patient per year than those participating in MA networks, and they had lower quality measures.
- “The findings suggest that “managed care tools, particularly selective contracting with primary care physicians” contribute to lower costs in Medicare Advantage, the authors concluded. Though the differences in cost are most likely attributable to differences in practice style, that could also serve as a mechanism for plans to select healthier patients, the authors wrote.”

Health Payer Intelligence adds,
- “The average Medicare Advantage premium has remained low and stable, with many beneficiaries choosing plans with a zero-dollar monthly premium, according to data from eHealth, Inc.
- “eHealth’s seventh annual Medicare Index Report includes data from over 190,000 applications for Medicare insurance products submitted to eHealth during the annual enrollment period for 2024 coverage.
- “The average monthly premium for Medicare Advantage plans chosen by eHealth customers for 2024 is $9, the same as last year and up slightly from $6 in 2022. The popularity of plans with zero-dollar premiums contributed to the low average.”

HealthDay informs us,
- “The cost to American families of caring for a child with a mental health condition jumped by almost a third between 2017 and 2021.
- “It now costs an average $4,361 more per year for a U.S. family to care for a child with a mental health condition, compared to families without such children, a new study has found.”

Cybersecurity Saturday

David Ermer–Cybersecurity, Generative AI–February 24, 2024February 24, 2024

TWO BIG STORIES with an interlude

Good news

Cybersecurity Dive reported on Tuesday February 20,
- “An international group of law enforcement partners said it disrupted LockBit ransomware operations Tuesday, seizing the infrastructure of one of the most prolific ransomware groups in recent history.
- “The Department of Justice, working in conjunction with U.K. authorities and other international law enforcement agencies, unsealed indictments against two Russian nationals, Artur Sungatov and Ivan Kondratyev, charging them with deploying LockBit against numerous companies around the U.S. and other targets overseas.
- “The FBI and U.K. National Crime Agency, working with multiple partners, also seized numerous public facing websites and servers used by Lockbit. Authorities obtained decryption keys that will allow hundreds of targeted organizations and others to regain their stolen data.”

Cyberscoop adds more details on this important take down.
- “A LockBit representative confirmed the operation in an online message posted on X by VX-Underground, an online malware repository. “FBI pwned me,” the representative said.
- “As of today, LockBit are locked out,” Graeme Biggar, the National Crime Agency Director General, said in a statement. “We have damaged the capability and most notably, the credibility of a group that depended on secrecy and anonymity.”
- Two people were arrested as part of the operation — one in Poland and one in Ukraine — as part of the operation, Europol said in its statement.

Dark Reading suggests that “Hubris May Have Contributed to Downfall of Ransomware Kingpin LockBit.”

Interlude
Cybersecurity reported on Thursday February 22, 2024.
- “Critical vulnerabilities in ConnectWise ScreenConnect are under active exploitation by threat actors, and there is an urgent need for users to patch their systems, according to security researchers.
- “ConnectWise ScreenConnect is a remote desktop application widely used by help desks and remote workers. A critical authentication bypass vulnerability, with a CVSS score of 10, could allow an attacker access to critical systems or confidential information. A path transversal vulnerability, with a score of 8.4, could allow an attacker to execute remote code.
- “ConnectWise on Wednesday urged on-premises partners to immediately upgrade to the latest version of ScreenConnect, after its incident response team began to investigate reports of suspicious activity. The vulnerability applies to on-premises users.”
Dark Reading provides more details on this massive vulnerability
- “Just days after initial exploitation reports started rolling in for a critical security vulnerability in the ConnectWise ScreenConnect remote desktop management service, researchers are warning that a supply chain attack of outsized proportions could be poised to erupt.
- “Once the bugs are exploited, hackers will gain remote access into “upwards of ten thousand servers that control hundreds of thousands of endpoints,” Huntress CEO Kyle Hanslovan said in emailed commentary, opining that it’s time to prepare for “the biggest cybersecurity incident of 2024.”.

Bad News
The Wall Street Journal reports yesterday,
- Pharmacies warned of long waits for customers and U.S. military clinics worldwide have been affected after a cyberattack against one of the country’s largest prescription processors rolled into a third day of downtime.
- Health industry experts said that a cyberattack against Change Healthcare, part of insurer
- UnitedHealth Group’s Optum business, could have severe and lasting consequences should outages continue past the weekend.
- “It’s a mess, and I believe it’s our Colonial Pipeline moment in healthcare,” said Carter Groome, chief executive of healthcare-focused consulting firm First Health Advisory, referring to a 2021 cyberattack that forced the major fuel artery for the U.S. East Coast to shut down for six days, causing long lines at gas stations. * * *
- “Parent company UnitedHealth said Thursday in a regulatory filing with the U.S. Securities and Exchange Commission that it identified a cyberattack affecting systems at Change Healthcare on Wednesday. The company suspects a nation-state was behind the attack, the filing said. ***
- “The American Hospital Association urged healthcare facilities Wednesday to disconnect from Optum and to check their systems for security vulnerabilities.
  - “We recommend that all healthcare organizations that were disrupted or are potentially exposed by this incident consider disconnection from Optum until it is independently deemed safe to reconnect to Optum,” the AHA said.
- “The association also urged members to test their data backups, check that critical patches are up-to-date and designate staff for shifts to manage manual processes.
- “There is fragility in our infrastructure and in the lack of redundancy, the lack of rehearsals,” said Theresa Payton, CEO at cybersecurity consulting firm Fortalice.”

SC Media brings the stories together as follow:
- “Security experts have warned for the past couple of days that the two flaws recently uncovered in ConnectWise’s ScreenConnect app could become the major cybersecurity story of 2024 – and that the healthcare and critical infrastructure sectors were especially vulnerable.
- “Today, we’re inching closer to that reality as SC Media has learned that the recent cybersecurity incident at UnitedHealth’s Change Healthcare that led to slowdowns at pharmacies was caused by a strain of LockBit malware that was used to exploit the vulnerabilities in ConnectWise ScreenConnect.
- “Toby Gouker, chief security officer at First Health Advisory, stressed that while it was a LockBit strain of malware, it doesn’t mean that the recently taken down LockBit gang was responsible. Gouker said the two flaws were discovered as part of a crowdsourced team for the ConnectWise bugs on Feb. 15 and that the vulnerability notifications went out on Feb. 19.
- “And that’s where the problems started. As many of you know, malicious actors watch for these announcements to come out,” said Gouker. “They prey on the timeframe between the announcement and when an organization is able to apply the patch. So from the get-go, these actors are working to figure out a way to exploit the disclosed vulnerability and capitalize on it.”
- “While Goucker stands by his comments, ConnectWise remained somewhat defensive, yet cautious, issuing this statement late Friday night:”
  - “At this time, we cannot confirm that there is a connection between the Change Healthcare incident and the ScreenConnect vulnerability. Our initial review indicates that Change Healthcare appears not to be a ConnectWise direct customer, and our managed service provider partners have yet to come forward, stating Change Healthcare is a customer of theirs.” * * *

Here is a link to the CISA notice adding the Connect wise known exploited vulnerability (CVE-2024-1709) to its catalog on February 22. This was the only KEV change announced this week.

Optum provided the following update on the Change Healthcare breach this morning
- Change Healthcare is experiencing a cyber security issue, and our experts are working to address the matter. Once we became aware of the outside threat, and in the interest of protecting our partners and patients, we took immediate action to disconnect Change Healthcare’s systems to prevent further impact. This action was taken so our customers and partners do not need to. We have a high-level of confidence that Optum, UnitedHealthcare and UnitedHealth Group systems have not been affected by this issue.
- We are working on multiple approaches to restore the impacted environment and will not take any shortcuts or take any additional risk as we bring our systems back online. We will continue to be proactive and aggressive with all our systems and if we suspect any issue with the system, we will immediately take action and disconnect. The disruption is expected to last at least through the day. We will provide updates as more information becomes available.

In other vulnerabilities and breaches news,

On February 22, 2024, the HHS Office for Civil Rights announced
- “On February 14, 2024, the U.S. Department of Health & Human Services Office for Civil Rights issued two Reports to Congress on Health Insurance Portability and Accountability Act of 1996 (HIPAA) compliance and enforcement, specifically, on HIPAA Privacy, Security, and Breach Notification Rule Compliance and Breaches of Unsecured Protected Health Information. These reports are required to be submitted to Congress annually by the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009. The HIPAA Rules provide the minimum required privacy and security safeguards for protected health information, and give individuals rights with respect to that information, such as the right to access their health information. These reports, delivered to Congress, help regulated entities (such as most health care providers, health plans, and healthcare clearinghouses) and their business associates in their HIPAA compliance efforts by sharing steps taken by OCR to investigate complaints, breach reports, and compliance reviews regarding potential violations of the HIPAA Rules. The reports include important data on the number of HIPAA cases investigated, areas of noncompliance, and insights into trends such as cybersecurity readiness. * * *
- “As in previous years, hacking/IT incidents remain the largest category of breaches occurring in 2022 affecting 500 or more individuals, and affected the most individuals, comprising 77% of the reported breaches. Network servers continued as the largest category by location for breaches involving 500 or more individuals at 58% of reported large breaches.
- “OCR’s 2022 Report to Congress on HIPAA Privacy, Security, and Breach Notification Rule Compliance may be found at: https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/reports-congress/index.html
- “OCR’s 2022 Report to Congress on Breaches of Unsecured Protected Health Information may be found at: https://www.hhs.gov/hipaa/for-professionals/breach-notification/reports-congress/index.html.”

Cybersecurity Dive tells us,
- “Organizations with weak cloud security controls and gaps in cross-domain visibility are getting outmaneuvered by threat actors and struck by intrusions, CrowdStrike said Wednesday in its annual Global Threat Report.
- “Cloud environment intrusions jumped 75% from 2022 to 2023, as threat actors abused unique cloud features to initiate attacks, the report found.
- “This is not surprising,” said Adam Meyers, head of counter adversary operations at CrowdStrike. “We’ve seen more and more organizations deploying more and more cloud resources without necessarily having a cohesive or equivalent security posture for their cloud deployments as they do in their traditional enterprise deployments.”

Cyber Express informs us
- “The fusion of Artificial Intelligence (AI) and cybersecurity has ushered in a new era of warfare, one conducted not on physical battlegrounds but in the vast expanse of cyberspace. With the global AI in the cybersecurity market projected to surge to $133.8 billion by 2030, the landscape is undergoing a seismic shift, with both promise and peril on the horizon.
- “At the heart of this revolution lies a paradox: while AI bolsters defenses, it also empowers malicious actors, fueling a surge in cybercrime. As cyberattacks grow in both scale and sophistication, the stakes have never been higher, with a staggering $9.22 trillion expected to be drained from the world’s internet users in 2024 alone. * * *
- “As we navigate this tumultuous terrain, the imperative lies in striking a delicate balance between innovation and vigilance. Harnessing AI’s potential while mitigating its risks demands a multifaceted approach, one rooted in proactive defense, continuous adaptation, and unwavering resilience.
- “In the crucible of cyber conflict, AI emerges not merely as a technological marvel but as a beacon of hope, illuminating the path toward a safer, more secure digital future. Only by embracing the transformative power of AI can we hope to outmaneuver the adversaries lurking in the shadows of cyberspace.”

CSO points out,
- “Attackers prefer compromised valid accounts over phishing or any other infection methods to gain access into victim environments, according to an IBM report.
- “As defenders increase their detection and prevention capabilities, attackers are finding that obtaining valid credentials is an easier route to achieving their goals, considering the alarming volume of compromised yet valid credentials available — and easily accessible — on the dark web,” IBM said in the report.
- “The report, which is based on IBM X-Force’s penetration testing data from incidents in 2023, also found security misconfigurations and poor authentication enforcement as top application security risks opening organizations to identity-based attacks.”

From the ransomware front,

Tech Crunch identifies the “top 13 ransomware targets in 2024 and beyond.” Education is the top target, and healthcare is ranked number 11.

Cybersecurity Dive relates,
- “The HHS has reached its second-ever settlement related to a ransomware attack, which exposed the protected health information of more than 14,000 people, the agency announced Wednesday.
- “Maryland-based Green Ridge Behavioral Health agreed to pay $40,000 and implement a corrective action plan after an investigation found potential violations of the HIPAA rule and lax protections after an attack reported in early 2019, according to the HHS’ Office for Civil Rights.
- “The settlement comes as ransomware has become a growing and critical threat to healthcare organizations, and regulators have signaled interest in enforcing cybersecurity standards.”

In other cybersecurity news,

SDXCentral calls our attention to the fact that
- Gartner unveiled the top cybersecurity trends for 2024, including the impact of generative artificial intelligence (genAI), boardroom communication gaps, human risks, third-party security risks, continuous threat exposure and identity-first approaches to security.

Friday Factoids

David Ermer–CDC, Congress, COVID-19, FDA, Generative AI, Medical / Rx research, Mental health care, OPM, U.S. Healthcare–February 23, 2024February 23, 2024

From Washington DC

Roll Call reports on the state of FY 2024 appropriations negotiations on Capitol Hill. Your guess on the impending outcome is as good as mine.

The U.S. Office of Personnel Management released
- “a new Workforce of the Future Playbook today supporting a federal workforce that is inclusive, agile and engaged, and equipped with the right skills to deliver for the American people. The Playbook provides concrete actions that agencies can take to build and equip the workforce of the future, incorporating new strategies and sharing best practices across government.
- “OPM is 100% invested in strengthening the federal workforce,” said OPM Director Kiran Ahuja. “This Playbook is just another example of OPM’s ongoing efforts to equip federal agencies with the tools and resources to hire the right talent and strategically plan for their future workforce. The federal government works best when we leverage the full talent of our nation and workforce – this playbook is full of useful strategies to do just that. * * *
- “Coming soon, OPM will provide guidance through webinars, training, and technical assistance from subject matter experts to support agencies in their implementation of these strategies. The Playbook will serve as the building block for a future workforce that promotes increased effectiveness and efficiency in service to the American people. Periodic updates will be posted to the Workforce of the Future webpage.”

The Department of Justice announced,
- “Settlements and judgments under the False Claims Act exceeded $2.68 billion in the fiscal year ending Sept. 30, 2023, Acting Associate Attorney General Benjamin C. Mizer and Civil Division Principal Deputy Assistant Attorney General Brian M. Boynton announced today. The government and whistleblowers were party to 543 settlements and judgments, the highest number of settlements and judgments in a single year. Recoveries since 1986, when Congress substantially strengthened the civil False Claims Act, now total more than $75 billion. * * *
- “Of the more than $2.68 billion in False Claims Act settlements and judgments reported by the Department of Justice this past fiscal year, over $1.8 billion related to matters that involved the health care industry, including managed care providers, hospitals, pharmacies, laboratories, long-term acute care facilities, and physicians. The amounts included in the $1.8 billion reflect recoveries arising only from federal losses, but in many of these cases, the department was instrumental in recovering additional amounts for state Medicaid programs. The recoveries in fiscal year 2023 also reflect the department’s focus on key enforcement priorities, including fraud in pandemic relief programs and alleged violations of cybersecurity requirements in government contracts and grants.”

Medscape informs us,
- “The Food and Drug Administration has granted De Novo classification to a sleep apnea feature developed by Samsung for use via the Health Monitor app, according to a company press release.
- “The sleep apnea feature will be available on watches in Samsung’s Galaxy series in the third quarter of 2024, according to the press release.
- “The new feature on the app is designed to help users with no previous diagnosis of sleep apnea to detect moderate to severe symptoms over a two-night period.
- “The sleep apnea feature allows individuals older than 22 years to track their sleep twice for more than 4 hours within a 10-day period. The feature identifies breathing disruptions.”

MedTech Dive adds,
- “The Food and Drug Administration warned patients against using smartwatches or smart rings that claim to measure blood sugar without piercing the skin.
- “Officials published the safety notice Wednesday after learning that people are selling wearables that claim to noninvasively monitor blood glucose. The devices are “manufactured by dozens of companies and sold under multiple brand names,” according to the agency.
- “The FDA has never authorized a noninvasive wearable that measures or estimates blood glucose values on its own and is concerned inaccurate readings could lead to errors in the management of diabetes.”

Govexec reports,
- “The U.S. Postal Service has continued to see slower mail delivery across the country, with delays picking up as the agency is in the throes of transforming its entire network.
- “Postal management has repeatedly pointed to isolated incidents causing temporary disruptions—rather than any systemic issues—to explain the declining performance, though the trend has now persisted for nearly six months and is causing stakeholders and advocates to question the true root of the problem.
- “USPS is now delivering just 83% of First-Class mail on time during the current fiscal quarter, its worst rate in three years. That is down from 86% in the first quarter and 91% in both the fourth quarter of fiscal 2023 and the same period last year.”

From the public health and medical research front,

The Centers for Disease Control tells us about the changing threat of Covid-19
- What CDC knows
- The impact of SARS-CoV-2, the virus that causes COVID-19, has changed dramatically since 2020. Although COVID-19 remains common, when compared to 2020, individual infections are less likely to result in severe illness for most people in the United States. COVID-19 poses the highest risk for older adults, infants, and people with pre-existing medical conditions, and there are multiple ways people and communities can help reduce their risk of infection.
- What CDC is doing
- CDC continues to partner with state and local health authorities to collect and share data on COVID-19 community spread, hospitalizations, deaths, and Long COVID. Additionally, CDC continues to evaluate the effectiveness of prevention and treatment strategies for the virus in order to provide the public the best evidence-based recommendations for reducing their risk from COVID-19.
- Keep reading: The Changing Threat of COVID-19

Medscape notes,
- Exercising for upwards of 30 minutes most days may help relieve pain in patients who’ve been diagnosed with cancer, according to a study of exercise and pain outcomes from more than 60,000 people, including 10,000 with a history of cancer.
- Study participants who’d been diagnosed with cancer and surpassed 150 minutes of moderate activity a week were 16% less likely to report pain than those who did not exercise or who exercised less. Exercise was particularly helpful for those with moderate to severe pain. In general, the more people exercised, the less pain they felt — and that was true for those with and without a history of cancer.
- “This adds to a large evidence base regarding other benefits of exercise after cancer,” said lead study author Christopher Swain, PhD, a researcher at the University of Melbourne, Australia, who studies how physical activity can protect against cancer. “It would be great for physicians to encourage physical activity” for anyone who’s ever been diagnosed with cancer.

Axios reports,
- “Americans see poor mental health as one of the biggest threats to public health, ranking just behind obesity and the long-running opioid epidemic, according to the latest Axios-Ipsos American Health Index.
- “The big picture: Almost 9 out of 10 people say their own emotional wellbeing is very or somewhat good, but they view mental health issues as a serious societal threat that now outranks access to firearms, cancer or COVID-19.
- “And unlike many other perceived threats, there’s a pronounced generational split about mental health, registering as a much bigger concern for younger adults.
- “The poll also found all but a small pocket of Americans largely tuned out a winter COVID-19 wave that saw the second-largest number of cases since the start of the pandemic, and the public is skeptical about handing over their care to artificial intelligence.
- “By the numbers: Overall, 17% said mental health was the top threat to public health, while 19% said obesity, 24% said opioids and fentanyl, and 15% said it was access to guns.”

From the U.S. healthcare business front,

The Employee Benefit Research Institute announced,
- “New findings released today from the Employee Benefit Research Institute (EBRI)/Greenwald Research Consumer Engagement in Health Care Survey(CEHCS) reported that consumers were overall satisfied with their health plan selection and services, while high deductible plans showed a slight decline in enrollment.
- “The CEHCS is a survey of privately insured adults that has been conducted annually since 2005. The survey provides reliable national data on the growth of high deductible health plans (HDHP), consumer driven health plans (CDHP) and health savings accounts (HSA) – and the impact on the behavior and attitudes of health care consumers. The 2023 survey of 2,020 individuals was conducted using an online research panel between Oct. 16 – Dec. 11, 2023. All respondents were between the ages of 21 and 64. * * *
- “This year’s survey really shows strong evidence that people overall are satisfied with their health insurance. Satisfaction levels are steady. We see no majority is complaining and that is key to understanding market needs,” said Paul Fronstin, Ph.D., director, Health Benefits Research, EBRI.
- “To view the 2023 CEHCS summary report, visit https://www.ebri.org/cehcs-2023.”

Chief Healthcare Executive reports,
- “Nonprofit hospitals are making some progress financially, although the gains remain modest, according to Fitch Ratings.
- “Of course, it’s saying something that Fitch’s early projections for the 2023 calendar year continue to show operational declines, although they aren’t as steep as 2022.
- “Overall, Fitch expects the 2023 operating margins to rise into positive territory, albeit barely. The 2023 margins are expected to rise to 0.5% to 0.7%, which remains below pre-pandemic levels.
- “In 2024, Fitch projects margins should move up to 1.6%.”

MedPage Today discusses whether “Artificial intelligence can improve prior authorization.”
- “Prior authorization has ripple effects on patients and clinicians, but artificial intelligence (AI) has the potential to simplify the process, health policy experts said during an online panel discussion hosted by the Kaiser Family Foundation on Thursday.
- “Troyen Brennan, MD, a former executive at CVS Care and an adjunct professor at the Harvard T.H. Chan School of Public Health in Boston, defended the process, arguing that it cuts down on unnecessary care. About 15% to 30% of all care in the U.S. healthcare system is ineffective, Brennan said.
- “Plus, there are “really not any good studies … showing actual harm,” he argued. “There are a lot of surveys from physicians, in particular, that say that there are tremendous delays, but there’s obviously a response bias associated with this.”

Happy Lincoln’s Birthday!

David Ermer–CDC, Congress, FDA, Generative AI, Medical / Rx research, SDOH, U.S. Healthcare–February 12, 2024February 13, 2024

Our greatest President, Abraham Lincoln, was born on February 12, 1809, in Hodgenville, Kentucky. RIP.

From Washington, DC,

The Federal Times reports,
- “By the second week in February lawmakers are supposed to be busy picking apart the White House’ budget request with an eye towards policy debates in coming months. But the process hasn’t worked that way in recent years.
- “Administration officials earlier this month announced their fiscal 2025 budget proposal would arrive more than a month late — on March 11 — marking the fourth consecutive year that Biden has missed the statutory deadline for a spending plan in early February.”

Federal News Network explains,
- “For decades, Federal Executive Boards have been at the forefront of bridging together the nationwide federal workforce. Stretching from Honolulu, Hawaii, to Boston, Massachusetts — Seattle, Washington, to South Florida, and many places in between, FEBs have a large network already underway. Even so, recent changes to the decades-old program will refresh how FEBs function moving forward.
- “Federal News Network has spent months connecting with FEB leaders all across the country to learn more about what they do, the impact they have had in their local areas, and their plans in store for the future. Over the next week, we’ll be focusing on four different regions of the country — one per day:
- “Eastern Region (Feb. 12) | Southern Region (Feb. 13) | Central Region (Feb. 14) | Western Region (Feb. 15).”
- Check it out.

According to this press release,
- “The U.S. Department of Health and Human Services (HHS), through the Office of the National Coordinator for Health Information Technology (ONC), announced today that two additional organizations—CommonWell Health Alliance and Kno2—have been designated as Qualified Health Information Networks™ (QHINs™) capable of nationwide health data exchange governed by the Trusted Exchange Framework and Common Agreement^SM (TEFCA^SM). ONC has led a multi-year, public-private process alongside its Recognized Coordinating Entity®, The Sequoia Project, Inc., to implement TEFCA, which was envisioned by the 21^st Century Cures Act to support nationwide interoperability. TEFCA became operational in December 2023 with the designation of the first five QHINs—eHealth Exchange, Epic Nexus, Health Gorilla, KONZA, and MedAllies.
- “CommonWell Health Alliance and Kno2 can immediately begin supporting the exchange of data under the Common Agreement’s policies and technical requirements along with the other designated QHINs. QHINs are the pillars of TEFCA network-to-network exchange, providing shared services and governance to securely route queries, responses, and messages across networks for health care stakeholders including patients, providers, hospitals, health systems, payers, and public health agencies.”

STAT News reports,
- “A federal district judge [in Austin, Texas] on Monday granted the Biden administration’s request to dismiss a lawsuit challenging Medicare’s new drug price negotiation program from the drug industry lobbying organization PhRMA. * * *
- “However this [decision] wasn’t about the substance of those groups’ arguments. The Texas judge dismissed one of the co-plaintiffs, the National Infusion Center Association, from the case because it didn’t have subject matter jurisdiction to bring the lawsuit. And because NICA was the only party to the lawsuit in Texas, the whole case got tossed.
- “That means the Biden administration still has to brace for battles in Washington D.C., New Jersey, and Delaware, where a judge recently heard arguments in an AstraZeneca suit against the negotiation plan.”

From the public health and medical research front,

MedPage Today points out,
- “Blood protein profiles predicted future dementia in healthy adults, a large longitudinal study showed.
- “Blood samples from over 50,000 people in the U.K. Biobank showed that four proteins — glial fibrillary acidic protein (GFAP), neurofilament light (NfL), growth differentiation factor-15 (GDF-15), and latent-transforming growth factor beta-binding protein 2 (LTBP2) — consistently were associated with subsequent all-cause dementia, Alzheimer’s disease, or vascular dementia over 14 years, according to Jin-Tai Yu, MD, PhD, of Fudan University in Shanghai, and co-authors.”

The Hill reports,
- A report from the Centers for Disease Control and Prevention (CDC) found that the rate of preterm births rose by 12 percent nationally between 2014 and 2022.
- Manisha Gandhi, chair of the American College of Obstetricians and Gynecologists Clinical Practice Guidelines Committee, told The Hill’s Alejandra O’Connell-Domenech that several factors could be at play.
- “We are seeing more patients with obesity, higher risks for hypertension or preeclampsia … seeing more diabetes,” Gandhi said. “Potentially some of those risk factors that lead to earlier delivery could be playing a role.”
- Environmental factors such as exposure to hormone-disrupting chemicals and air pollution may also be contributing to the rise in preterm births.

The Wall Street Journal lets us know,
- “Uterine is the only cancer for which survival has fallen in the past four decades, the American Cancer Society said. The disease will kill some 13,250 women in the U.S. this year, the group estimates, surpassing ovarian cancer to become the deadliest gynecologic cancer.
- “Case rates have been increasing by about 1% annually over the past decade, with steeper rises for Black and Hispanic women. Rising obesity rates are partly to blame because excess weight increases estrogen levels that can fuel the cancer, researchers said. And fewer women are getting their uteruses removed to treat abnormal bleeding or noncancerous fibroids, leaving them exposed to the risk cancer develops in the organ as they age.
- “But those factors alone don’t explain the rise. The disease, more common after menopause, is rising across age groups including in women under 50 for reasons that aren’t completely clear. * * *
- “Uterine cancer, also called endometrial cancer, comes in two forms. The more common one is slow-growing, linked to elevated estrogen levels, and curable when caught early. The rarer type isn’t hormonal and is harder to treat. Cases of this more aggressive kind are increasing faster and driving rising death rates.
- “Chemical hair straighteners have been linked to uterine cancer risk. The Food and Drug Administration plans in July to propose a ban on formaldehyde in hair straightening or smoothing products.
- “I don’t think it’s just hair products, sadly,” said Dr. Premal Thaker, a gynecologic surgeon at Siteman Cancer Center in St. Louis. “There’s more diabetes, more obesity, and there’s probably something else that we just don’t know.”

Per Fierce Healthcare,
- “An “overwhelming” 88% of respondents reporting healthcare discrimination in a new screening initiative were Black, according to a new Humana study.
- “The report focused on the structural determinants of health as opposed to the more common social determinants of health. While such social determinants center on the conditions in which people live, work, play, learn and worship, structural determinants focus on the economic and social experiences and policies that influence health such as discrimination and health literacy. Both social and structural determinants are often interrelated, according to the study authors.
- “The study, published in the American Journal of Managed Care, is the first of its kind by a U.S. insurer to focus on the structural determinants of health, aspects which are “critical” but often overlooked, Humana said.
- “The healthcare discrimination finding was somewhat problematic given a small sample size and how exactly to frame and ask questions but was nevertheless quite instructive, said co-author J. Nwando Olayiwola, M.D., chief health equity officer and senior vice president at Humana.”

According to an NIH press release,
- “Scientists have identified an area within the brain’s frontal cortex that may coordinate an animal’s response to potentially traumatic situations. Understanding where and how neural circuits involving the frontal cortex regulate such functions, and how such circuits could malfunction, may provide insight about their role in trauma-related and stress-related psychiatric disorders in people. The study, led by scientists at the National Institute on Alcohol Abuse and Alcoholism (NIAAA), a part of the National Institutes of Health, was published in Nature.
- “Experiencing traumatic events is often at the root of trauma-related and stress-related psychiatric conditions, including alcohol use disorder (AUD),” said the study’s senior author, Andrew Holmes, Ph.D., senior investigator in NIAAA’s Laboratory of Behavioral and Genomic Neuroscience. “Additionally, witnessing others experience traumatic events can also contribute to these disorders.”

MedPage Today explains how patients are using artificial intelligence tools.
- “It’s no secret that patients have been using Dr. Google for years. The introduction of ChatGPT is ushering in a new era. ChatGPT and other types of artificial intelligence have their drawbacks. Still, they can offer a range of benefits to healthcare providers and patients alike.”

From the U.S. healthcare business front,

Per Fierce Healthcare,
- “Kaiser Permanente wrapped up its fiscal year with $329 million of operating income (0.3% operating income), net income of $4.1 billion and more than $100 billion in both operating revenues and expenses, the Oakland, California-based nonprofit announced Feb. 9.
- “The rebound performance follows sizable losses during 2022, when the system logged a $1.3 billion operating loss (-1.3% operating income) off of $95.4 billion in operating revenues and $96.7 billion in operating expenses. It had also weathered a net loss of $4.5 billion due to a $3.2 billion loss across “other income,” which largely reflected down investments.
- “I want to thank the people of Kaiser Permanente for their hard work in 2023 to provide members and patients with a positive experience at all touch points while also embracing new ways to drive efficiencies, improve access, and advance health outcomes,” said Chair and CEO Greg A. Adams said in a press release sharing the year’s top-line financial results. “Together, we navigated another challenging year and are on a path to deliver on our mission and bring our distinct brand of value-based care to more people.”

Per BioPharma Dive,
- “Gilead Sciences will acquire CymaBay Therapeutics and the biotechnology company’s liver disease drug in a $4.3 billion deal announced Monday.
- “The proposed buyout would hand Gilead an experimental medicine for primary biliary cholangitis, or PBC, a chronic condition characterized by the toxic build-up of bile acid in the liver. CymaBay disclosed Monday that the Food and Drug Administration has accepted its application for the drug, called seladelpar, and will decide on approval by mid-August.”

Beckers publications ranks payers by medical loss ratio and healthcare companies by revenue.

Health IT Analytics notes,
- “The American Health Information Management Association (AHIMA) has launched its AI Resource Hub to provide healthcare and health information (HI) stakeholders with knowledge around the use of non-clinical artificial intelligence (AI) tools.
- “In response to the rise of AI utilization in healthcare, AHIMA partnered with Alazro Consulting to interview experts in the space and AI implementers representing over 200 hospitals and 1,000 clinics across the United States. These structured interviews were then used to develop AHIMA’s newest white paper, upon which the AI Resource Hub is based.
- “One of the white paper’s major findings is that the use of AI in healthcare is growing as organizations turn to the technology to optimize efficiency and workflows. These tools are often deployed to support health information management, clinical care, operations, and revenue cycle management.”

Fierce Healthcare identified its Fierce 15 of 2024.
- “This year’s 15 honorees recognized a significant gap in the market, whether it’s for personalized GI care, opening up access to mental health or addressing loneliness among seniors with a robot companion. They then set to work to build forward-thinking solutions to address a specific problem.
- “They are all taking a fresh angle to long-standing problems in healthcare, such as harnessing AI to streamline clinical documentation or using virtual care to treat the root causes of obesity.”

Midweek update

David Ermer–CDC, CMS, COVID-19, Generative AI, Medicare, NIH, OPM, U.S. Healthcare–February 7, 2024February 8, 2024

From Washington, DC

The Department of Health and Human Services informs us,
- “On Monday, February 5, U.S. Department of Health and Human Services (HHS) Secretary Xavier Becerra met virtually with pharmacy CEOs, including Walgreens, CVS, Walmart, and pharmacy leaders, to discuss COVID-19 therapeutics commercialization. Secretary Becerra reconvened pharmacy leaders as a follow-up to his larger meeting with pharmacies, pharmacy benefit managers, and insurers on January 9, 2024.
- “During the call, Secretary Becerra made it clear that no patient should be charged hundreds of dollars for Paxlovid at the pharmacy counter – stressing the importance of pharmacist education and clear communication to patients. Secretary Becerra re-iterated the Biden-Harris Administration’s commitment to equitable access to COVID-19 therapeutics, reminded pharmacy leaders of the pathways for access that HHS negotiated with Pfizer, and made it clear that HHS would continue to engage with pharmacist leadership as needed.
- “While HHS is no longer managing the distribution of COVID-19 therapeutics since they transitioned to the commercial market, the Biden-Harris Administration has been closely monitoring the therapeutics commercialization process and remains committed to equitable access to lifesaving COVID-19 therapeutics, including Paxlovid. Thanks to the pathwaysthat HHS negotiated with Pfizer, all individuals on Medicare and Medicaid can receive Paxlovid for free through 2024 and individuals who are uninsured can receive Paxlovid for free through 2028. * * *
- “To learn more about Paxlovid access, go to Pfizer’s PAXCESS Website“

Health Payer Intelligence points out a KFF study on how various types of payer cover COVID-19 tests, treatments and vaccines post-public health emergency.

The American Hospital Association News tells us,
- “The Centers for Medicare & Medicaid Services yesterday released FAQs clarifying coverage criteria and utilization management requirements for Medicare Advantage plans under its final rule for calendar year 2024, which includes provisions intended to increase program oversight and create better alignment between MA and Traditional Medicare. Topics addressed by the FAQs include medical necessity determinations; algorithms and artificial intelligence; internal coverage criteria; post-acute care; the two-midnight benchmark for inpatient admission criteria; prior authorization; and enforcement.”

STAT News adds,
- “In recent months, the federal government has repeatedly told Medicare Advantage insurers that they cannot use artificial intelligence or algorithms to deny medical services the government routinely covers.
- “But in finalizing a rule to that effect, it also stepped into a thicket of questions from insurers about a technology that is especially difficult to pin down: What is AI? Can it be used at all to make decisions about the coverage of older patients? If so, how?
- “This week, the federal agency that oversees Medicare sought to boil it all down into a simple directive: Put the circumstances of the individual patient first, and your algorithm second.
- “An algorithm that determines coverage based on a larger data set instead of the individual patient’s medical history, the physician’s recommendations, or clinical notes would not be compliant” with federal regulations, the government wrote in a memo to Medicare Advantage insurers on Tuesday.”

Health plans were using algorithms in claims processing long before AI exploded on the scene. On a related note, Health IT Analytics explores the benefits of predictive analytics in healthcare.

The FEHBlog noticed this entry on the OMB Office of Information and Regulatory Affairs website.

AGENCY: OPM	RIN: 3206-AO43	Status: Pending Review	Request EO Meeting
TITLE: Postal Service Reform Act; Establishment of the Postal Service Health Benefits Program
STAGE: Final Rule	SECTION 3(f)(1) SIGNIFICANT: No
RECEIVED DATE:** 02/06/2024	LEGAL DEADLINE: None

From Reginfo.gov

This notice pertains to OPM’s effort to finalize the interim final rule establishing the Postal Service Health Benefits Program issued April 6, 2023. OIRA review is the last step in the regulatory process before publication of this “final, final” rule in the Federal Register. OPM had project publishing that rule this month.

Drug Channels discusses
- the latest National Health Expenditure (NHE) data, which measures all U.S. spending on healthcare.
- As you will see, retail and mail prescription drug spending remain a consistently small share of the $4.5 trillion that we spend on U.S. healthcare.
- And contrary to what you might read, drug spending growth was *not* driven by purportedly “skyrocketing” drug prices. In reality, nearly all drug spending growth occurred due to growth in the number of people treated, prescriptions dispensed, and other nonprice factors.

From the public health and medical research,

The Washington Post offers an opinion piece by former CDC Director Thomas Frieden about the public health importance of treating hypertension.

The Post also provides background on stomach cancer, the disease that cause country singer Toby’s Keith’s death earlier this week.

The National Institutes of Health announced,
- In a recent study of the brain’s waste drainage system, researchers from Washington University in St. Louis, collaborating with investigators at the National Institute of Neurological Disorders and Stroke (NINDS), a part of the National Institute of Health (NIH), discovered a direct connection between the brain and its tough protective covering, the dura mater. These links may allow waste fluid to leave the brain while also exposing the brain to immune cells and other signals coming from the dura. This challenges the conventional wisdom which has suggested that the brain is cut off from its surroundings by a series of protective barriers, keeping it safe from dangerous chemicals and toxins lurking in the environment.
- “Waste fluid moves from the brain into the body much like how sewage leaves our homes,” said NINDS’s Daniel S. Reich, M.D., Ph.D. “In this study, we asked the question of what happens once the ‘drain pipes’ leave the ‘house’—in this case, the brain—and connect up with the city sewer system within the body.” Reich’s group worked jointly with the lab of Jonathan Kipnis, Ph.D., a professor at Washington University in St. Louis. * * *
- Together, the labs found a “cuff” of cells that surround blood vessels as they pass through the arachnoid space. These areas, which they called arachnoid cuff exit (ACE) points, appear to act as areas where fluid, molecules, and even some cells can pass from the brain into the dura and vice versa, without allowing complete mixing of the two fluids. In some disorders like Alzheimer’s disease, impaired waste clearance can cause disease-causing proteins to build up. Continuing the sewer analogy, Kipnis explained the possible connection to ACE points:
- “If your sink is clogged, you can remove water from the sink or fix the faucet, but ultimately you need to fix the drain,” he said. “In the brain, clogs at ACE points may prevent waste from leaving. If we can find a way to clean these clogs, its possible we can protect the brain.”

Medscape lets us know,
- “Dry January has come to an end — at least for those who jumped on the trendy post-holiday no-booze wagon.
- “The benefits of drinking less alcohol are well documented. A systematic review of 63 studies, for example, found that reducing or giving up alcohol reduced people’s risk for hospitalization, injuries, and death. The lifestyle change also improved people’s physical and mental health as well as their quality of life.
- “When it comes to cancer risk, however, the benefits of quitting or cutting back on alcohol remain much less clear, according to a new report from the cancer agency of the World Health Organization (WHO).
- “After reviewing dozens of studies, the International Agency for Research on Cancer (IARC) concluded that, for most alcohol-related cancers, there is limited evidence to support a link between eliminating or reducing alcohol consumption and lowering of cancer risk.”

From the U.S. healthcare business front,

Healthcare Dive relates,
- “Citing elevated medical costs, CVS Health on Wednesday cut its 2024 outlook despite posting better revenue and earnings than Wall Street had expected in the fourth quarter.
- “The massive healthcare conglomerate now expects to bring in at least $8.30 in adjusted earnings per share this year, compared to prior guidance of $8.50.
- “CVS is the latest insurer to post 2024 guidance below investors’ expectations, after Humana released a disappointing earnings outlook last month.”
and
- “Amazon is cutting hundreds of jobs across One Medical and Amazon Pharmacy, the company confirmed on Wednesday.
- “The goal of the cuts is to “realign” resources to meet the divisions’ goals, Amazon Health Services SVP Neil Lindsay said in an email to staff shared with Healthcare Dive. The company is not disclosing the number of employees or what roles are being impacted by the cuts.
- “Affected employees will receive financial support and benefit continuation, as well as the opportunity to apply for new roles at Amazon, according to Lindsay. Amazon is not on a hiring freeze and will continue to hire providers and employees for One Medical and Amazon Pharmacy.”

Beckers Hospital Review notes,
- “More than a quarter of the top U.S. hospitals for patient experience fall under Providence’s umbrella, according to a new ranking from PEP Health.
- “The Minneapolis-based AI platform extracts behavioral insights data from patient comments shared on multiple social media and review platforms. To rank the top U.S. hospitals for patient experience in 2024, PEP Health gathered and analyzed more than 30 million online patient reviews shared between Jan. 1 and Dec. 31, 2023. * * *
- “On average, the top 30 scored 30% higher in continuity of care, 22% higher in attention to physical and environmental needs, and 17% higher in fast access than their peers.
- “Hospitals belonging to Renton, Wash.-based Providence excelled on more than half of the assessment metrics, according to PEP’s report. Although eight of the top 30 hospitals were prefixed with “Providence” — and another, Swedish Medical Center-First Hill in Seattle, is an affiliate — the system could still show improvement in communication and emotional support, per the AI company.”

Per BioPharma Dive,
- “Amgen is a global pharmaceutical company worth more than $160 billion. Nine of its marketed medicines are blockbuster products by annual sales.
- “Yet, on a Tuesday conference call discussing Amgen’s fourth quarter earnings, all Wall Street analysts wanted to talk about was an experimental drug that only just cleared the first stage of human testing.
- “More than half of the questions asked by analysts were focused on AMG 133, a promising treatment for obesity that’s drawn attention as a potential competitor to in-demand weight loss medicines from Novo Nordisk and Eli Lilly. While Wall Street often overlooks the present to focus on the future, the intense interest in a drug years away from the market was noteworthy.”

Milliman has made available its
- “sixth annual Milliman Multiemployer Health and Welfare Study, which analyzes financial disclosures for multiemployer health and welfare plans, also known as Taft-Hartley plans. This year’s report includes data for 1,226 plans covering approximately 4.6 million members as of 2021, the most recent year for which data is available. The average plan could pay about one year and three months of benefits and expenses with its net assets, a decrease of approximately one month from 2020.”

Monday Roundup

David Ermer–AHRQ, CDC, FDA, Generative AI, Medical / Rx research, Obesity, Patient safety, SDOH, U.S. Healthcare–February 5, 2024February 5, 2024

From Washington, DC,

Tomorrow at 10 am, the House Oversight and Accountability Committee will mark up several bills including the FEHB provisions in the DRUG Act, HR 6283. It’s unfortunate that the Committee did not hold a hearing on this disruptive bill. The FEHBlog will be listening to the markup.

The Federal Times informs us,
- “A pair of contracts designed to improve the quality of care in Tricare’s civilian medical networks will take effect Jan. 1, 2025, according to defense officials.
- “The contracts are moving forward following a Jan. 31 decision in the U.S. Court of Federal Claims affirming the Defense Health Agency’s choice of TriWest Healthcare Alliance as the Tricare West Region’s new manager, denying a protest lodged by incumbent contractor Health Net Federal Services last year. * * *
- “Humana Government Business, the incumbent contractor for Tricare’s East Region, will continue in that role under a new deal worth up to $70.8 billion.The new contracts for the two regions have a potential combined value of $136 billion over nine years.”

MedTech Dive lets us know
- “FDA panel recommends new standards for pulse oximeters amid bias concerns.
- “Studies have found that pulse oximeters overestimated oxygen saturation in people with dark skin pigmentation, resulting in delayed care.”
and
- “Hologic has received regulatory clearance to sell an artificial intelligence (AI)-enabled cervical cancer screening system in the U.S.
- “The product, the Genius Digital Diagnostics System, creates digital images of Pap test slides and uses an AI algorithm to identify cells that cytologists and pathologists should review.
- “Hologic’s clearance, announced on Thursday, comes days after BD partnered with Techcyte to promote a digital, AI-enabled cervical cancer screening test that is yet to come to market.”

From the public health and medical research front,

Beckers Hospital Review tells us,
- “Eli Lilly’s ingredient for Type 2 diabetes medication Mounjaro and its new weight loss drug, Zepbound, significantly lowered patients’ blood pressure by up to 10.6 mmHg, according to a new study published Feb. 5.
- “The study recruited about 500 adult patients with a body mass index at or more than 27, or the overweight range. Compared to a placebo, tirzepatide — the active pharmaceutical ingredient of Mounjaro and Zepbound — reduced blood pressure for participants taking 5, 10 and 15 milligrams each week. The patients were not diabetic and either had normal blood pressure or high blood pressure that was under control.”

STAT News reports,
- “Amgen is trying a unique strategy with its obesity drug candidate: testing whether it can wean patients toward lower or less frequent doses over time.
- “Very early data hints that Amgen’s candidate, called MariTide, may provide longer-lasting weight loss than highly popular obesity drugs on the market like Novo Nordisk’s Wegovy and Eli Lilly’s Zepbound. Amgen is already seeing if that means its drug could also be dosed differently from Novo and Lilly’s products, which are costly and expected to be taken consistently for life.
- “In an ongoing Phase 2 trial, Amgen’s researchers will first titrate participants up on MariTide, but then after some time, see if the drug can still be effective when transitioning patients to a less intensive dosing regimen, executives said in an interview.
- “Could there be an opportunity for an induction maintenance-type of strategy for a molecule like MariTide?” said Narimon Honarpour, senior vice president of global development at Amgen, referring to a strategy used for anti-inflammatory drugs in which high, rapid doses are given at the start and then lower or less frequent doses are used for maintenance in the long run.”

HHS’s Agency for Healthcare Research and Quality released a rapid evidence report about deprescribing to reduce medical harms in older adults.
- “Deprescribing has emerged as a clinical practice to reduce polypharmacy and use of potentially inappropriate medications (PIMs) and serve as a mechanism for quality improvement and increased patient safety. The purpose of this rapid response is to summarize recent literature on the use of deprescribing to improve the safety of medication use among older adults (age ≥ 65 years).”

CBS News reports,
- “Preterm and early-term births in the U.S. have increased from 2014 to 2022, raising risks to babies, according to new data from the Centers for Disease Control and Prevention.
- “Data released Wednesday from the CDC’s National Center for Health Statistics shows the preterm birth rate — meaning delivery before 37 completed weeks of pregnancy — rose 12% during that time period, while early-term birth rates, at 37 to 38 completed weeks, rose 20%.
- “This is compared to full-term births, which are those delivered at 39 to 40 weeks.
- “Using data from the National Vital Statistics System, the analysis only looks at singleton births, since multiple births like twins and triplets tend to be born at earlier gestational ages, the authors note.
- “Gestational age is a strong predictor of short- and long-term morbidity and early mortality,” the authors write. “Births delivered preterm are at the greatest risk of adverse outcomes, but risk is also elevated for early-term compared with full-term births.”

MedCity News points out,
- “Mayo Clinic has entered into a collaboration with TruLite Health — Mayo is helping the Phoenix-based startup develop its software platform designed to address providers’ clinical bias. The health system said it chose to collaborate with TruLite because of the platform’s potential to mitigate health inequities and enhance patient outcomes at the point of care.”

Per Fierce Healthcare,
- “Artificial intelligence can help identify easy to miss patients who might be good candidates for a palliative or hospice care referral, a recent pilot at Mass General Brigham (MGB) revealed.
- “The results of the findings were presented Friday at the Value-Based Payment Summit.
- “Timely end-of-life care benefits patients. Patients and their families may also be more open to a conversation about goals of care during a hospital stay, MGB said in presentation slides shown to Fierce Healthcare.”

From the U.S. healthcare business front,

Per BioPharma Dive,
- “Novo Holdings, the controlling shareholder of Danish drugmaker Novo Nordisk, will buy contract manufacturer Catalent for $16.5 billion in a take-private deal the companies announced Monday.
- “In a related transaction, Novo Nordisk has agreed pay its parent company $11 billion to take over three Catalent plants in Italy, Belgium and Indiana to help expand production of its GLP-1 drugs Ozempic and Wegovy. Demand for the latter, which is approved in the U.S. for treating obesity, has greatly exceeded supply, forcing Novo Nordisk to restrict access.
- “Novo Nordisk and Catalent already work together at the three sites, which employ more than 3,000 staff.”
and
- “On Monday, Johnson & Johnson said one of its most closely watched experimental medicines appears to have positive effects on two autoimmune diseases, providing further support to a drug that, by the company’s estimates, could eventually generate billions of dollars in annual sales.
- “J&J didn’t release any data, but rather said the drug hit the main goals of a mid-stage clinical trial testing it in patients with Sjögren’s disease as well as a late-stage study focused on generalized myasthenia gravis, a rare condition known in short as gMG. The company plans to present more detailed results from both studies at upcoming medical meetings, and to engage with regulators about the path to approval in gMG.”

Per Healthcare Dive,
- “Cano Health filed for Chapter 11 bankruptcy late Sunday, as the beleaguered primary care chain works to bolster its financials.
- “The filing is part of a restructuring support agreement with the majority of its lenders. Cano said it expects to emerge from restructuring during the second quarter this year, adding that the process will help it reduce debt and allow it to search for a strategic partner or buyer.
- “Cano also announced it reached an agreement to receive $150 million in debtor-in-possession financing to fund its operations during restructuring.”
and
- “Medicare Advantage rate changes proposed by regulators last week are upsetting Humana’s funding expectations for 2025.
- “If finalized as proposed, the MA changes will lower Humana’s benchmark funding by around 160 basis points compared to a flat rate environment, the health insurer disclosed in a filing with the Securities and Exchange Commissionon Monday.
- “The discrepancy is because the CMS didn’t factor in persistently elevated medical costs into how it calculates rates, Humana said. However, regulators could do so in the final rule. Despite the uncertainty, the insurer reaffirmed its earnings outlook for 2025.”

Per Fierce Healthcare,
- “Rural providers feel financially stable, with most planning to expand existing service lines to increase revenue, a new survey has found (PDF).
- “The survey was conducted by accounting firm Wipfli and reached 106 rural healthcare organizations across 26 states. Respondents included a mix of critical access hospitals, rural health clinics and others.
- “Overall, most respondents are cautiously or completely optimistic about their financial viability. About 40% said their financial stability is higher than it was a year ago, and the portion of those who think they are in a better place than they were five years ago also rose compared to 2023. Despite challenges like high inflation, dwindling COVID-19 relief funds and flat reimbursement rates, growing optimism suggests rural providers learned how to manage unpredictability during the pandemic, the report said. * * *
- Entering 2024, rural healthcare leaders are most concerned about revenue capture, digital capabilities and people management.

HR Morning offers nine tips on maximizing core health benefits.

The Society for Human Resource Management discusses best practices for hybrid work models.

Cybersecurity Saturday

David Ermer–Cybersecurity, Generative AI–February 3, 2024February 3, 2024

From the cybersecurity policy front,

The Wall Street Journal reported on Wednesday,
- “The U.S. government said it had disrupted a uniquely dangerous and potentially life-threatening Chinese hacking operation that hijacked hundreds of infected routers and used them to covertly target American and allied critical infrastructure networks.
- “Senior officials described the operation in unusually blunt terms as part of an evolving and increasingly worrisome campaign by Beijing to get a foothold in U.S. computer networks responsible for everything from safe drinking water to aviation traffic so it could detonate, at a moment’s notice, damaging cyberattacks during a future conflict, including over Taiwan.
- “Wednesday’s announcement was part of an effort by senior Biden administration officials to underscore what Federal Bureau of Investigation Director Christopher Wray called the “apocalyptic scenarios” animating their fears about China’s advanced and well-resourced hacking prowess. Western intelligence officials say its skill and sophistication has accelerated over the past decade. Officials have grown particularly alarmed at Beijing’s interest in infiltrating U.S. critical infrastructure networks, which they say poses an unrivaled cybersecurity challenge.”

Here’s Cybersecurity Dive’s story on this chilling development.
- “The FBI and Department of Justice disclosed Wednesday a court-authorized disruption of a botnet linked to the Volt Typhoon threat campaign from 2023, which Wray noted during his testimony. The hackers installed KV Botnet malware on hundreds of small office/home office routers in the U.S., in a plan to target critical infrastructure providers through the compromised hosts. * * *
- “Volt Typhoon is very focused on targeting U.S. critical infrastructure by staying below the radar, and works hard to reduce the signatures we use to hunt them across networks,” Sandra Joyce, VP, Mandiant Intelligence, Google Cloud, said in a statement. “They are making use of compromised systems to blend in with normal network activity and constantly change the source of their activity.”

Cyberscoop adds,
- “Any federal agency running Ivanti Connect Secure or Ivanti Policy Secure devices must disconnect them from their networks before midnight Friday [February 2], the United States’s top civilian cyber defense agency said Wednesday amid reports the vulnerable devices are being targeted by espionage operations linked to China.
- “Last month, CISA warned that the vulnerable Ivanti devices were subject to “widespread exploitation of vulnerabilities by multiple threat actors.” On Wednesday, the agency issued new instructions for how to update and bring those devices back online.
- “A CISA spokesperson did not immediately respond to a question about how many instances of Ivanti’s affected product are present in federal networks. * * *
- “Chinese hackers appear to be exploiting the Ivanti vulnerabilities to carry out espionage. Researchers with Google’s Mandiant wrote in a blog post Wednesday that they’d identified “broad exploitation activity” by suspected Chinese-linked espionage hackers they track as “UNC5221,” as well as other uncategorized attackers.”
and
- “The Office of the National Cyber Director has work to do to improve the implementation of President Joe Biden’s national cybersecurity strategy, according to a watchdog report.
- The Government Accountability Office said in a report released Thursday that the national cybersecurity strategy lacks performance measures and estimated costs, which the watchdog believes is essential for a national strategy.
- “The GAO said that “neither the strategy nor the implementation plan included outcome-oriented performance measures for the initiatives or for the overall objectives of the strategy to gauge success.” The initiatives outlined in the implementation planinclude milestones and expected completion dates, but lacked assessments in “the extent to which the initiatives are achieving outcome-oriented objectives” like information sharing or updated federal cyber defenses, GAO said.
- “ONCD staff told the GAO said it wasn’t actually feasible to develop outcome-oriented measures, simply because those measures do not yet exist in the broader cybersecurity field. “They acknowledged the value of having meaningful outcome-oriented performance measures to assess cybersecurity effectiveness but stated that such measures do not currently exist in the cybersecurity field in general,” the GAO wrote.”

On Wednesday Cybersecurity Dive tells us,
- The Biden administration came out forcefully this week against a congressional effort to undo the U.S. Securities and Exchange Commission’s recently adopted rule requiring public companies to disclose cybersecurity incidents.
- President Joe Biden would veto the joint resolution, S.J. Res. 50, if it comes to his desk, the administration said Wednesday in a policy statement.
- The legislation to disapprove the SEC’s authority to require companies to quickly disclose material cyber incidents and describe how they manage cyberthreats in annual reports was introduced by Republican senators in November alongside a companion resolution by House Republicans.

Federal News Network offers an interview with “Kirsten Moncada, OPM’s chief privacy officer and a longtime federal privacy expert, [who remarked that] the rise of AI tools in government is sure to create more work for privacy officials across the government.”

From the cybersecurity vulnerabilities and breaches front,

Cybersecurity Dive informs us
- “An identity-based attack Cloudflare previously declared contained and unimpactful turned out to be quite the opposite. The threat actor that intruded Cloudflare’s Okta environment in mid-October regained access to some of the content delivery network’s systems in mid-November, the company said Thursday in a blog post.
- “The threat actor used one access token and three service account credentials Cloudflare failed to rotate after the environment was compromised by an early October attack against Okta, the company said. The Okta incident ultimately exposed data on all of the single sign-on provider’s customer support system clients.
- “We want to emphasize to our customers that no Cloudflare customer data or systems were impacted by this event,” CEO Matthew Prince, CTO John Graham-Cumming and CSO Grant Bourzikas said in the blog post.”

Dark Reading points out,
- “Security researchers have sounded the alarm on a new cyberattack campaign using cracked copies of popular software products to distribute a backdoor to macOS users.
- “What makes the campaign different from numerous others that have employed a similar tactic — such as one reported just earlier this month involving Chinese websites — is its sheer scale and its novel, multistage payload delivery technique. Also noteworthy is the threat actor’s use of cracked macOS apps with titles that are of likely interest to business users, so organizations that don’t restrict what users download can be at risk as well.
- “Kaspersky was the first to discover and report on the Activator macOS backdoor in January 2024. A subsequent analysis of the malicious activity by SentinelOne has showed the malware to be “running rife through torrents of macOS apps,” according to the security vendor.”

On Wednesday, the Cybersecurity and Infrastructure Security Agency (CISA) announced “New Software Updates and Mitigations to Defend Against Exploitation of Ivanti Connect Secure and Policy Secure Gateways.”

CISA added a known exploited vulnerability to its catalog on January 31 and another later the same day.

From the ransomware front,

Security Week discuses why the ransomware threat continues to grow.
- “The volume of ransomware attacks is not a constant and can be affected by many short term factors (take downs, criminal retirements, retooling, etcetera). 2022 showed a reduction, and some commentators suggested that the tide was turning against ransomware. 2023 has demonstrated this was a false dawn, with more than twice the number of victims in 2023 compared to 2022.
- “Anyone who believes ransomware will go away doesn’t understand the nature of criminality. Extortion has and always will be a primary criminal business plan. The current Delinea report demonstrates that the delivery of extortion can be fine-tuned (the evolution from encryption to data exfiltration), but the purpose remains the same, and the incidence will continue to increase.
- “The success of this business plan is demonstrated by an increase in the number of victims who have paid the ransom — up from 68% to 76% (and remember that is 76% of a higher number of victims). What cannot be measured is the effect of cyberinsurance on ransomware delivery and response. Some commentators believe that attackers look for victims with cyberinsurance, and the report notes, “One reason for the willingness to pay may be the rise of cyberinsurance.”

Bleeping Computer’s The Week in Ransomware returns this week.
- “Attacks on hospitals continued this week, with ransomware operations disrupting patient care as they force organization to respond to cyberattacks.
- “While many, like LockBit, claim to have policies in place to avoid encryping hospitals, we continue to see affiliates targeting healthcare with complete disregard to the disruption they are causing patients in trying to receive care.”

From the cybersecurity defenses front,

TechTarget identifies “sixteen common types of cyberattacks and how to prevent them.”

CISA announced,
- “CISA and the Federal Bureau of Investigation (FBI) published guidance on Security Design Improvements for SOHO Device Manufacturers as a part of the new Secure by Design (SbD) Alert series that focuses on how manufacturers should shift the burden of security away from customers by integrating security into product design and development.
- “This third publication in CISA’s SbD Alert series examines how manufacturers can eliminate the path threat actors—particularly the People’s Republic of China (PRC)-sponsored Volt Typhoon group—are taking to compromise small office/home office (SOHO) routers.”

An ISACA expert writes about “Navigating the Treacherous Waters of IT Risk: The MOVEit Transfer Exploit as a Case Study.”

HHS’s 405(d) Program maps its Health Industry Cybersecurity Practices (HICPs) to HHS’s new “voluntary healthcare specific Cybersecurity Performance Goals (CPGs) to help healthcare organizations prioritize implementation of high-impact cybersecurity practices.”

Cybersecurity Saturday

David Ermer–Cybersecurity, Generative AI–January 13, 2024January 13, 2024

From the cybersecurity policy front,

Cybersecurity Dive points out five cybersecurity trends to watch this year.

Dark Reading informs us,
- Following the Securities and Exchange Commission’s X account, formerly known as Twitter, compromise on Jan. 9, two Senators have issued a statement calling the hack “inexcusable” and urging the Inspector General of the US Securities and Exchange Commission (SEC) to investigate the regulator’s failure to have basic multifactor authentication (MFA) protections in place.
- “Additionally, a hack resulting in the publication of material information for investors could have significant impacts on the stability of the financial system and trust in public markets, including potential market manipulation,” Senators Ron Wyden, D-Ore., and Cynthia Lummis, R-Wyo. said in a statement. “We urge you to investigate the agency’s practices related to the use of MFA, and in particular, phishing-resistant MFA, to identify any remaining security gaps that must be addressed.” * * *
- “Not only should the agency have enabled MFA, but it should have secured its accounts with phishing-resistant hardware tokens, commonly known as security keys, which are the gold standard for account cybersecurity,” the letter to the SEC Inspector General said, adding the agency was warned in 2023 about its “poor cybersecurity.”
- “The letter added a shot at the regulator’s increasingly rigorous oversight of enterprise cybersecurity.
- “The SEC’s failure to follow cybersecurity best practices is inexcusable, particularly given the agency’s new requirements for cybersecurity disclosure,” the Senators wrote.”

Cyberscoop reports
- “Over-classification, a lack of policy guidance, and tensions between private sector cybersecurity firms are continuing to hamper federal government efforts to share cybersecurity threat information, according to a report released Friday by the U.S. intelligence community’s top watchdog.
- “Friday’s report, released by the Office of the Inspector General of the Intelligence Community, concludes that while federal agencies have broadly improved their ability to share threat information and defensive mitigations, long-standing policy and technical concerns are providing barriers to rapid information sharing.
- “The IG’s report examines how relevant federal agencies shared cyber threat information and defensive measures over the past two years through a framework created by the Cybersecurity Information Sharing Act of 2015. The report finds that the “policies, procedures, and guidelines” for sharing information are “sufficient” to carry out the requirements of the legislation and noted that “sharing has improved” in the last two years.
- “However, a section on barriers to sharing information among federal entities describes a set of familiar issues — to cyber pros at least — that has long been a rallying cry for improvement, including failures to be more forthcoming in sharing threat information with private sector entities.”
and
- “As dozens of states race to establish standards for how their agencies use AI to increase efficiency and streamline public-facing services, researchers at the National Institute of Standards and Technology found that artificial intelligence systems, which rely on large amounts of data to perform tasks, can malfunction when exposed to untrustworthy data, according to a report published last week.
- “The report, part of a broader effort by the institute to support the development of trustworthy AI, found that cyber criminals can deliberately confuse or “poison” AI systems to make them malfunction by exposing them to bad data. And what’s more, according to the study, there’s no one-size-fits-all defense that developers or cybersecurity experts can implement to protect AI systems.”

The Wall Street Journal adds,
- “U.S. intelligence authorities are using AI to pick up on the presence of hackers trying to infiltrate and attack American critical infrastructure—and identifying signs of hackers using AI themselves in the attacks.
- “At a conference Tuesday, cybersecurity leaders discussed burgeoning aspects of AI use by hackers—as well as by law enforcement. Rob Joyce, cybersecurity director at the National Security Agency, said machine learning and artificial intelligence are helping cybersecurity investigators track digital incursions that would otherwise be very difficult to see.
- “Specifically, Chinese hackers are targeting U.S. transportation networks, pipelines and ports using stealthy techniques that blend in with normal activity on infrastructure networks, Joyce said, speaking at Fordham University in New York.
- “These methods are “really dangerous” as their aim is societal disruption, as opposed to financial gain or espionage, Joyce said. The hackers don’t use malware that common security tools can pick up, he added.”

From the cybersecurity vulnerabilities and breaches front,

Cybersecurity Dive tells us,
- Mortgage lender loanDepot is responding to a cyberattack that led the company to take some of its IT systems offline, the California-based company said Monday.
- “Though our investigation is ongoing, at this time, the company has determined that the unauthorized third-party activity included access to certain company systems and the encryption of data,” the company said Monday in filing with the Securities and Exchange Commission. “In response, the company shut down certain systems and continues to implement measures to secure its business operations, bring systems back online and respond to the incident.”
- A spokesperson for the non-bank mortgage lender declined to say how or when the threat actor gained access to its systems and if it’s received an extortion demand or paid a ransom.
and
- “Distributed denial of service attacks hit an all-time high in 2023, more than doubling year over year in the fourth quarter, Cloudflare said Tuesday in a threat report.
- “The record high year for DDoS attacks coincided with mass exploits of the novel zero-day vulnerability HTTP/2 Rapid Reset, which threat actors used to launch DDoS attacks that broke records during the third quarter of 2023.
- “Cloudflare said it was mitigating about 201 million requests per second at the peak of the series of HTTP/2 vulnerability attacks.
- “Massive DDoS attacks require significantly fewer capabilities, resources and time, according to Omer Yoachimik, senior product manager of DDoS protection and security reporting at Cloudflare.”

The Cybersecurity and Infrastructure Security Agency (CISA) let us know on January 11,
- “Cisco released a security advisory to address a vulnerability (CVE-2024-20272) in Cisco Unity Connection. A cyber threat actor could exploit this vulnerability to take control of an affected system.
- “CISA encourages users and administrators to review the Cisco Unity Connection Unauthenticated Arbitrary File Upload Vulnerability advisory and apply the necessary updates.”

CISA added six known exploited vulnerabilities to its catalog on January 8, one more on January 10, and another one on the same day.

From the ransomware front,

Per Cybersecurity Dive,
- “Almost 5,200 organizations were hit by ransomware attacks in 2023, Rapid7 said in a Friday blog post, pulling research from public disclosures and incident data from its managed detection and response team.
- “In reality, we believe that number was actually higher because it doesn’t account for the many attacks that likely went unreported,” Christiaan Beek, senior director of threat analytics at Rapid7, said in the report.
- “Rapid7 didn’t provide numbers for 2022, but research from other firms concludes the number of ransomware attacks is rising. There were twice as many ransomware attacks in the second half of 2023, compared to the latter half of 2022, according to BlackFog.”

Security Week reports,
- “Over the weekend, the LockBit ransomware gang claimed responsibility for a November 2023 cyberattack on the hospital system Capital Health.
- “In December, Capital Health announced that it fell victim to a cyberattack that resulted in network outages and that it immediately launched an investigation, informed law enforcement, and started the restoration process.
- “At this time, all services are available at our facilities, all systems have been restored, and all operations have returned to normal,” the organization said in an incident notification.
- “According to the LockBit ransomware gang, only data exfiltration occurred.
- “We purposely didn’t encrypt this hospital so as not to interfere with patient care,” the gang notes on its Tor-based leak site.
- “The ransomware group says it stole more than 10 million files from the healthcare organization, which allegedly includes medical confidentiality data.”

Here’s a link to Bleeping Computer’s latest Week in Ransomware.

From the cybersecurity defenses front,

Federal New Network identifies five steps for building an adaptable, dynamic zero trust architecture within federal agencies.

Health IT Security and ISACA discuss identity management issues.

Security Boulevard considers how to recover after failing a cybersecurity audit.

Friday Factoids

David Ermer–ACA, CDC, Congress, COVID-19, Generative AI, Medical / Rx research, Rx coverage, SDOH, U.S. Healthcare–January 12, 2024January 14, 2024

From Washington, DC

Roll Call reports,
- “Speaker Mike Johnson reiterated support Friday for the fiscal 2024 spending agreement he negotiated in the face of opposition from members of the House Freedom Caucus, who’ve been lobbying him to toss the deal.
- “Johnson, R-La., told reporters that while he is seeking feedback from across his conference, he is committed to the “strong” deal he negotiated with Senate Majority Leader Charles E. Schumer, D-N.Y.
- “Our topline agreement remains; we are getting our next steps together, and we are working toward a robust appropriations process,” he said.” * * *
- “Next week, Congress will face a more pressing Jan. 19 spending deadline for agencies covered under four of the 12 annual appropriations bills. Schumer took the first procedural step needed for a stopgap spending bill Thursday, filing cloture on the motion to proceed to a shell vehicle.
- “The Senate’s continuing resolution is expected to last until March, sources familiar with the talks say. But while Johnson has said he is “not ruling out” the need for another continuing resolution, he has not yet said definitively whether or not he would support one.
- “And that stopgap measure will be essential to keep the government open, as Senate Appropriations Chair Patty Murray, D-Wash., and House Appropriations Chairwoman Kay Granger, R-Texas, are continuing to negotiate over the final subcommittee allocations, also known as 302(b)s.
- “Negotiators will need about a month to wrap up their work after those allocations are finalized, House Appropriations ranking member Rosa DeLauro, D-Conn., said Friday. “

Govexec tells us,
- “The Office of Personnel Management made some of its best progress at reducing the number of pending retirement applications from federal workers last year, reducing the backlog by 34% in 2023 and breaking multiple recent records in the process.
- “Long a source of frustration for the governmental HR agency, lawmakers and retirees alike, OPM’s inventory of pending retirement claims has been plagued by delays due to the still largely paper-based nature of federal employment records, staffing issues and other challenges. The COVID-19 pandemic exacerbated many of these issues, as the backlog climbed to a high of more than 36,000 pending claims in March 2022.
- “But OPM moved on multiple fronts last year to improve the process. The agency released its long-awaited IT strategic plan, which includes plans to develop a “digital retirement system,” complete with electronic records and an online retirement application process.
- “And officials launched a series of short-term fixes aimed at shoring up the current system, including a guide for retirees to follow as they navigate the retirement process, as well as staffing up and coordinating more actively with federal agencies to prepare for the annual wave of new retirement claims that occurs between January and March.”

Federal News Network informs us,
- “The Postal Service says its competitive package business is growing, following its busy year-end holiday season.
- “USPS says it delivered 130 million more packages in the “peak” first quarter of fiscal 2024, a nearly 7% increase, compared to the same period last year.
- “USPS delivered more than 1.9 billion packages in the first quarter of fiscal 2023, which covers October through the end of December.
- “Postmaster General Louis DeJoy, in a video message to employees, said growing the package business is the key to turning around the Postal Service’s long-term financial problems.”

KFF analyzes the Food and Drug Administration’s recent decision to allow Florida to import prescription drugs from Canada.

Per Fierce Healthcare, AHIP, among others, expressed opposition to the provision in the proposed 2025 Notice of Benefit and Payment Parameters Notice, reducing the number of non-standardized plans that an Affordable Care Act plan carrier can offer from four to two.
- “AHIP is particularly concerned about the impact of non-standardized plan limits on issuers’ ability to offer broad networks for consumers that want access to a variety of providers and specialists, which is often a key factor in plan selection for those with chronic health conditions,” the lobbying group wrote in comments on the proposed rule.”

The U.S. Preventive Services Task Force offers a report on its 2023 accomplishments.

From the public health and medical research front,

Becker’s Hospital Review provides three updates on the predominant Omicron strain JN.1.
- “Disease severity: New findings from a study led by researchers at the Ohio State University indicate BA.2.86 and its close relative, JN.1, may be linked to an increase in disease severity. The research focused on mutations in the spike protein of BA.2.86 and found it can infect human cells that line the lower lung, which is a feature linked to severe symptoms. Researchers emphasized additional research is needed to confirm the findings, since the study used pseudoviruses.
- “But from our past experience, we know that infectivity in human epithelial cell lines provides very important information,” Shan-Lu Liu, MD, Ph.D., senior study author and virology professor at OSU, said in a news release. “The concern is whether or not this variant, as well as its descendants including JN.1, will have an increased tendency to infect human lung epithelial cells similar to the parental virus that launched the pandemic in 2020.”
- “In late December, the WHO classified JN.1 as a “variant of interest” due to its rapid spread. At the time, the agency said the overall risk to public health posed by the strain remains low, since updated vaccines continue to offer protection against severe illness. The CDC published its latest update on JN.1 Jan. 5, stating, “At this time, there is no evidence JN.1 causes more severe disease.”

The Centers for Disease Control points out,
- “As seasonal flu activity remains elevated nationally, CDC is tracking when, where and what influenza viruses are spreading and their impact on the public’s health. So far this season, the most commonly reported influenza viruses are type A(H1N1) and type B viruses. According to CDC research, this could mean more severe outcomes among people who are hospitalized with flu.”

Here’s a link to the CDC’s latest Fluview report.
- “Seasonal influenza activity remains elevated in most parts of the country.
- “After several weeks of increases in key flu indicators, a single week of decrease has been noted. CDC will continue to monitor for a second period of increased influenza activity that often occurs after the winter holidays.
- “Outpatient respiratory illness has been above baseline¹nationally since November and is above baseline in all 10 HHS Regions.
- “The number of weekly flu hospital admissions decreased slightly.”

The CDC also announced,
- “On October 23, 2023, the Centers for Disease Control and Prevention (CDC) issued Health Alert Network (HAN) Health Advisory 499 to provide guidance for prioritization of nirsevimab given the limited supply. Nirsevimab (Beyfortus, Sanofi and AstraZeneca) is a long-acting monoclonal antibody immunization recommended for preventing RSV-associated lower respiratory tract disease in young children.
- Given the recent increase in nirsevimab supply and the manufacturers’ plan to release an additional 230,000 doses in January, the CDC advises healthcare providers to return to recommendations put forward by the CDC and the Advisory Committee on Immunization Practices (ACIP) on the use of nirsevimab in young children. Infants and children recommended to receive nirsevimab should be immunized as quickly as possible. Healthcare providers should not reserve nirsevimab doses for infants born later in the season when RSV circulation and risk for exposure to RSV may be lower. RSV activity remains elevated nationwide and is continuing to increase in many parts of the country, though decreased activity has been observed in the Southeast.”

Fierce Healthcare reports,
- “Though prescriptions for antiviral influenza medications have declined somewhat since 2023, perhaps indicating that the United States might be less encumbered by the flu than in recent record-breaking years, healthcare providers still find themselves battling a surge above historic norms, according to data by the Evernorth Research Institute.
- “Researchers there examined pharmacy claims for more than 32 million people during current and past flu seasons and found an increasing prevalence of antiviral medication prescriptions since Thanksgiving 2023, though that’s tapered off slightly recently. More individuals experience flu symptoms severe enough to send them to physicians’ offices for prescriptions, and most of many of those forced to do so did not get the flu vaccination. Evernorth, a Cigna subsidiary, tries to develop cost-effective delivery systems for pharmacy benefits.
- “Urvashi Patel, M.D., vice president of the Evernorth Research Institute, told Fierce Healthcare in an email that “since the shift to remote work from the pandemic, many employees who used to get their flu vaccines at the office are no longer able to. This may change as more workers continue to return to the office, but it’s likely a contributor to lower vaccination rates.”

The Wall Street Journal shares an employee’s favorable experience with the powerful weight loss drug Mounjaro.

Health Day provides the following study notes:
- “U.S. doctors are prescribing antifungal creams to patients with skin complaints at rates so high they could be contributing to the rise of drug-resistant infections, new research shows.
- “These are “severe antimicrobial-resistant superficial fungal infections, which have recently been detected in the United States,” noted a team led by Jeremy Gold, a researcher at the U.S. Centers for Disease Control and Prevention.
- “One of the biggest emerging threats: Drug-resistant forms of ringworm (a form of dermatophytosis).”

From the U.S. healthcare business front,

Healthcare Dive reports,
- “UnitedHealth was slammed with medical costs as it closed out 2023. The health insurance behemoth still managed to exceed Wall Street’s financial expectations.
- “UnitedHealth posted a medical loss ratio of 85% in the fourth quarter — its highest MLR since the COVID-19 pandemic began early 2020.
- “MLR is a metric of how much payers shell out to cover their members’ medical expenses. Payers tried to shake the effects of higher medical costs all last year as patients who delayed healthcare during the pandemic returned to doctor’s offices.
- “The bulk of higher costs in the fourth quarter was driven by more seniors using outpatient services, a trend that first appeared in the second quarter of 2023, said UnitedHealth CEO Andrew Witty on a Friday morning call with investors.”

Beckers Hospital Review offers an interview with Mayo Health System President “Prathibha Varkey, MBBS, [who] is excited about the future of healthcare,” and an analysis of nurse practitioner pay by specialty.

The Washington Post offers an interview with the American Medical Association President Jesse Ehrenfeld, MD.

Mercer Consulting offers guidance on network strategies to optimize patient care and save while its sister company, Oliver Wyman, peers into the crystal ball concerning the state of healthcare in 2035.

Beckers Payer Issues offers a look at ten updates to the 2024 Medicare Advantage landscape.

MedCity News discusses seven JP Morgan Conference news items that you don’t want to miss.

BioPharma Dive poses five questions facing the pharmaceutical industry this year. “Many drugmakers hope to compete with Novo and Lilly in obesity, while others seek to win oncology’s next era. Meanwhile, a contentious drug pricing law looms.”

Drug Channels shares a guest post titled “Repairing the Patient Journey: How Pharma Can Fix the Obvious–and Not So Obvious–Breaking Points of Nonadherence.”

The Wall Street Journal reports,
- “CVS Health plans to close dozens of pharmacies inside Target stores at a time when pharmacy chains are struggling to grow retail profits.
- “CVS will close the pharmacies between February and April this year, said a company spokeswoman. The closures are part of CVS’s efforts to pare down its retail footprint “based on our evaluation of changes in population, consumer buying patterns and future health needs,” she said. * * *
- “CVS has operated pharmacies inside Target stores since late 2015 when it bought the business from the retailer for around $1.9 billion. It has pharmacies in around 1,800 of Target’s more than 1,950 U.S. stores. A Target spokeswoman declined to comment. The latest round of closures account for a small percentage of CVS’s pharmacies at Target stores.”

Per Fierce Healthcare,
- “Artificial intelligence was dominating CES 2024 this week. From assistive speech tools to pet wearables to AI-enabled pillows to prevent snoring, the majority of companies exhibiting at CES boasted the use of the technology as part of their products.
- “Digital health companies at the show also are putting AI to use from Intuition Robotics’ AI-enabled ElliQ care companion robot to hearing eyewear.
- “Amid all this hype, entrepreneur and investor Mark Cuban believes AI will be transformative for healthcare.
- “There are two types of companies in the world — those who are great at AI and everyone else and either you know how to use it to your advantage or you’re in trouble,” he said during a digital health panel at CES on Thursday.
- “He added, “I don’t think it will be dominated by five or six big models. I think there will be millions of models. I think we’ll find every company will have a model, every vertical will have its own model, individuals will have their own models, doctors have their own models, and trying to get to the point where it’s more democratic so that specific verticals will be used within healthcare is going to be an evolution and I don’t think we’ve figured all that out.”

Healthcare Dive adds
- “Generative artificial intelligence can be used to pull social determinants of health data, like housing or employment status, from clinician notes to identify patients who need additional support, according to a new study.
- “Large language models trained by researchers could identify 93.8% of patients with adverse social determinants of health, while official diagnostic codes include that data in only 2% of cases.
- “The finely tuned models were also less likely than OpenAI’s GPT-4 to change their determination when demographic information like race or gender was added. Algorithmic bias is a major concern for AI use in healthcare, amid fears the technology could worsen health inequities.”

Tuesday Tidbits

David Ermer–FDA, Federal employment benefits, Generative AI, Medical / Rx research, Mental health care, Rx coverage, Telehealth, U.S. Healthcare–January 2, 2024January 2, 2024

From Washington, DC,

The U.S. Census Bureau informs us,
- “[T]he U.S. population [was projected to be] 335,893,238 on New Year’s Day, an annual increase of 1,759,535 or 0.53%.
- “In January 2024, the United States is expected to experience a birth every 9.0 seconds and one death every 9.5 seconds. Meanwhile, net international migration is expected to add one person to the U.S. population every 28.3 seconds. The combination of births, deaths and net international migration increases the U.S. population by one person every 24.2 seconds.
- “The projected world population on Jan. 1, 2024, is 8,019,876,189, up 75,162,541 (0.95%) from New Year’s Day 2023. During January 2024, 4.3 births and 2.0 deaths are expected worldwide every second.”

The Internal Revenue Service released the Employers’ Tax Guide to Fringe Benefits for use in 2024.

Federal News Network discusses four ways federal pay practices have changed for 2024.

The Food and Drug Administration accounts for its recent actions.

From the public health and medical research front,

Medscape explains the other health conditions, besides diabetes and obesity, that GLP-1 drugs might treat. It’s an impressive list.

STAT News reports,
- “Reducing or eliminating alcohol consumption reduces the risk of developing oral cavity and esophagus cancers, according to a special report from the International Agency for Research on Cancer. But more data are needed to conclude whether the same is true for several other cancer types, including colorectal, breast, and liver cancer.
- “Even so, it is likely that reducing or ceasing to drink alcohol will lessen the risk of these cancers, said Farhad Islami, a cancer epidemiologist at the American Cancer Society and an author of the report. “Given that many of these cancers have similar mechanistic pathways, we think we will see a similar association with reduction or cessation,” he said. “That’s why we recommend more studies, so we can have stronger evidence.”

BioPharma Dive points out ten clinical trials that are worth watching in the first half of 2024.

From the U.S. healthcare business front,

Healthcare Dive tells us,
- “BJC HealthCare and Saint Luke’s Health System closed their merger on Monday, about seven months after the Missouri-based systems announced plans to combine.The combined organization will operate under the BJC HealthCare brand in its eastern region, serving St. Louis and southern Illinois. The Kansas City region will retain the Saint Luke’s brand name. The new system has a combined workforce of 44,000 employees, according to a Tuesday announcement.”

MedTech Dive notes,
- “Roche reached an agreement to acquire LumiraDx’s point-of-care testing technology, the companies announced on Dec. 29.
- “Roche will pay $295 million upfront and an additional amount up to $55 million to fund Lumira’s point-of-care technology platform business until the acquisition closes.
- “The acquisition comes as Lumira faces a potential delisting amid declining revenue.”

Health Payer Intelligence identifies trends in health insurer strategies for 2024. “In 2024, payer strategies will include improving health equity partnerships, differentiating their Medicare Advantage plans, and offering care navigation.”

Healthcare IT News offers an interview with “[t]wo investment bankers discuss the players in the telehealth sector, the main financial backers, the dynamics between venture capital and private equity, and more.

Beckers Hospital Review tells us,
- “Feeling blue? Your employer might have an AI app for that, The Wall Street Journal reported Dec. 27.
- “Workplaces increasingly are offering employees access to digital mental health tools, including AI chatbots meant to mimic therapists and wellness apps that diagnose mental health conditions, the report said. Over the summer, a survey of 457 U.S. companies conducted by professional services company WTW found that about one-third offer a “digital therapeutic” for mental health support. Another 15% were considering adding one by 2025.
- “The capabilities and goals of these services vary. Amazon gives employees free access to the app Twill, which uses AI to track users’ moods and create “personalized mental-health plan(s).” A construction workers’ union in Ohio will begin offering access to Wysa, a self-described “emotionally intelligent” AI chatbot that encourages users to “vent or just talk through negative thoughts and emotions” and “let it help you cope with pandemic anxiety and lockdowns.”

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.