Cybersecurity Dive

Uncategorized

Cybersecurity Dive

David ErmerCybersecurity, Generative AI, Uncategorized

From the cybersecurity policy and law enforcement front,

  • Cyberscoop reports,
    • “Congressional leaders are pressing federal agencies to provide more information on their plans to compete with China on a range of tech and cybersecurity issues, including a strategy for promoting American 6G telecommunications infrastructure and limiting Chinese tech in US supply chains.
    • “Representative Raja Krishnamoorthi, D-Ill., ranking member on the House Select Committee on the Chinese Communist Party, wrote to Secretary of State Marco Rubio last week asking for an update on the department’s work building international coalitions around 6G.
    • “In the letter, dated Oct. 30 and shared exclusively with CyberScoop, he called for the department to share details on how it is fighting to shape international norms, global technical standards and supply chains in favor of U.S. and non-Chinese companies and technologies, saying “diplomacy can, and must, play a key role in this strategy.”
    • “While it remains essential that we continue to address the threats posed by the Chinese Communist Party’s efforts to dominate 5G, we must also look forward to how we can outcompete the CCP in the next frontier of wireless competition,” he wrote.”
  • HIPAA Journal tells us,
    • “Two U.S. nationals have recently been indicted for using BlackCat ransomware to attack targets in the United States. A third individual is suspected of involvement but was not included in the indictment. All three individuals worked at cybersecurity companies and conducted the attacks while they were employed there.
    • “Ryan Clifford Goldberg was employed by the cybersecurity firm Sygnia as an incident response professional, and Kevin Tyler Martin and an unnamed co-conspirator were both employed by the Chicago-based cyber threat intelligence and incident response firm DigitalMint as ransomware threat negotiators.
    • “The two indicted individuals are alleged to have engaged in a conspiracy to enrich themselves by breaching company networks, stealing their data, using ransomware to encrypt files, and extorting the companies to obtain cryptocurrency payments. A medical device company was attacked on or around May 13, 2023, resulting in a $10 million ransom demand.  The medical device company negotiated and paid a $1,274,000 ransom payment.
    • “A pharmaceutical company was also attacked in May 2023, but the ransom demand was not disclosed. Then came a July 2023 attack on a doctor’s office in California, which included a $5,000,000 ransom demand. In October 2023, an engineering company was attacked and told to pay $1 million, then in November 2023, a drone manufacturer in Virginia was attacked, and the defendants allegedly demanded a $300,000 ransom payment. Only the medical device company paid the ransom.”
  • Cyberscoop adds,
    • “A 25-year-old Russian national pleaded guilty to multiple charges stemming from their participation in ransomware attacks and faces a maximum penalty up to 53 years in prison.
    • “Aleksei Olegovich Volkov, also known as “chubaka.kor,” served as the initial access broker for the Yanluowang ransomware group while living in Russia from July 2021 through November 2022, according to court records. Prosecutors accuse Volkov and unnamed co-conspirators of attacking seven U.S. businesses during that period, including two that paid a combined $1.5 million in ransoms. 
    • “The victims, which included an engineering firm and a bank, said executives received harassing phone calls and their networks were hit with distributed denial of service attacks after their data was stolen and encrypted by Yanluowang ransomware operators.”

From the cybersecurity breaches and vulnerabilities front,

  • Cyberscoop reports,
    • “A federal agency that supplies budget and economic information to Congress has suffered a cybersecurity incident, reportedly at the hands of a suspected foreign party.
    • “A spokesperson for the Congressional Budget Office (CBO) acknowledged the incident Thursday [November 6] after The Washington Post reported that the office was hacked, with the attackers potentially accessing communications between lawmakers and researchers at the agency.
    • “The Congressional Budget Office has identified the security incident, has taken immediate action to contain it, and has implemented additional monitoring and new security controls to further protect the agency’s systems going forward,” said the CBO spokesperson, Caitlin Emma.” 
  • and
    • “SonicWall said a state-sponsored threat actor was behind the brute-force attack that exposed firewall configuration files of every customer that used the company’s cloud backup service. 
    • The vendor pinned the responsibility for the attack on an undisclosed nation state Tuesday, after Mandiant concluded its investigation into the incident.
    • “SonicWall did not attribute the attack to a specific country or threat group and Mandiant declined to provide additional information. The vendor’s update, which lacked a root-cause analysis, was mostly an effort to put the attack behind it as leadership made pledges to improve SonicWall’s security practices.”
  • The Cybersecurity and Infrastructure Security Agency added two known exploited vulnerabilities to its catalog this week.
    • November 4, 2025
      • CVE-2025-11371 Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability
      • CVE-2025-48703 CWP Control Web Panel OS Command Injection Vulnerability 
        • The Hacker News discusses these KVEs here.
  • Cybersecurity Dive informs us,
    • “Critical flaws in Microsoft Teams can be used to allow an attacker to manipulate messages, spoof notifications and even impersonate executives, according to a report released Tuesday by Check Point Research. 
    • ‘Researchers found four vulnerabilities that allow attackers, including external hackers and malicious insiders, to manipulate Teams messages, conduct business email compromise or forge identities in video calls or phone messages. 
    • “Researchers found that attackers could conduct four specific types of attacks:
      • “Attackers could edit Teams messages without leaving the “edited” label behind in the message.
      • “Message notifications could be manipulated so that they appeared to be from another sender. 
      • “Attackers could change the display name inside private chats.
      • “Caller identities could be altered in video and audio calls.” 
  • and
    • “A critical vulnerability in Cisco IOS XE is being exploited to install an implant called BadCandy in a renewed wave of attacks, according to warnings from Australian government authorities and multiple security researchers. 
    • “State-linked and criminal hackers have been abusing the vulnerability, tracked as CVE-2023-20198, to install BadCandy in targeted systems since 2023, and have periodically renewed those attacks in waves.” * * *
    • “Shadowserver Foundation on Monday warned that threat activity is widespread across the globe, with more than 15,000 devices with backdoor implants remaining visible.”
    • “The vulnerability, tracked as CVE-2023-20198, abuses the web user interface in Cisco IOS XE software and has a severity score of 10. It was previously disclosed as a zero-day in 2023, with more than 42,000 devices exploited.” 
       
  • Security Week lets us know,
    • “ClickFix attacks continue to evolve and the technique appears to be increasingly used against macOS users, with lures becoming ever more convincing. 
    • ClickFix has been widely adopted by both profit-driven cybercriminals and state-sponsored threat groups
    • ‘The social engineering tactic enables attackers to trick victims into inadvertently executing malicious commands, particularly ones that lead to the deployment of malware. 
    • “An attack involves a fake error message being displayed, informing the targeted user that in order to ‘fix’ the issue they need to click on a button and execute a series of operations. 
    • “When the user clicks the ‘fix’ or ‘verify’ button in the prompt, a malicious command is copied in the background to their clipboard. 
    • ‘On Windows, the victim is then instructed to press the Windows+R keys, which opens the Windows Run dialog box, then press Ctrl+V, which pastes the malicious command from the clipboard into the box, and finally press Enter to execute the command. The command typically runs silently in the background (often by leveraging a legitimate Windows utility such as PowerShell), downloading and installing a piece of malware.”
  • Per Cybersecurity Dive,
    • “Energy, healthcare, government and transportation saw the biggest surges in cyberattacks targeting Android devices between June 2024 and May 2025, the security firm Zscaler said in a report published on Wednesday.
    • “Agriculture, IT and education saw some of the biggest drops in attacks on Android devices, according to the report.
    • “Manufacturing, which also saw a significant increase in 2025, accounted for 26% of all cyberattacks on Android devices that Zscaler tracked.”
  • and
    • “Identity-related risks are the biggest danger facing enterprises’ cloud environments, according to a report that ReliaQuest published on Tuesday.
    • “Forty-four percent of valid alerts from cloud security tools “were rooted in identity-related weaknesses,” ReliaQuest said, while 33% of all alerts related to identity.
    • “Hackers prefer identity-based attacks because they rely on credentials available for cheap on the dark web, they can evade many detection tools and there are so many identities ripe for impersonation, according to the report.”
  • and
    • “Cyber threat actors have recently begun using AI to develop malware, in a dramatic evolution of the technology’s role in the hacking ecosystem, Google said on Wednesday.
    • “New strains of malware use AI to grow and change in real time during the attack phase, potentially making detection and defense much more difficult, Google’s threat intelligence researchers said in a report.
    • “The recent trend represents the latest phase in an AI arms race between attackers and defenders.”
  • Help Net Security adds,
    • Security leaders are staring down a year of major change. In its Cybersecurity Forecast 2026, Google paints a picture of a threat landscape transformed by AI, supercharged cybercrime, and increasingly aggressive nation-state operations. Attackers are moving faster, scaling their operations with automation.
    • “By 2026, AI will be a normal part of everyday attack and defense activity. Adversaries are already using it to automate phishing, clone voices, and shape disinformation.
    • “One of the fastest-growing threats is prompt injection, which manipulates AI systems to ignore safeguards and carry out hidden commands. As more companies deploy LLMs inside business processes, these attacks are becoming easier to launch and harder to detect.” * * *
    • “The report notes a growing reliance on AI agents, systems that act on their own to complete tasks. These agents will need distinct digital identities and strict access controls. Security programs built for human users will not be enough. Identity management will have to account for AI-driven decision making and temporary task-based privileges.
    • “AI is also reshaping security operations. Analysts will soon direct AI tools rather than manually sort through alerts. Instead of reviewing logs, they will examine case summaries and confirm automated containment steps. This shift enables faster response but also brings new oversight challenges.”

From the ransomware front,

  • Cybersecurity Dive reports,
    • “An August ransomware attack against the state of Nevada has been traced to a May intrusion, when a state employee mistakenly downloaded a malware-laced tool from a spoofed website, according to a forensic report the state released Wednesday.
    • “State officials refused to submit to a ransom demand and recovered 90% of the impacted data after a 28-day recovery period. The state had insurance coverage and pre-negotiated vendor agreements, which factored into the decision not to pay a ransom. 
    • “The threat actor deployed an attack aimed at taking state systems offline and left behind a note with instructions on how to recover the encrypted systems and data, in an attempt to extort the state,” Timothy Galluzzi, chief information officer and executive director of the Governor’s Technology Office, said in the report.” * * *
    • “The threat actor, whom the report did not identify, gained access to more than 26,400 files. Another 3,200 files were left exposed across multiple systems. The state incurred about $1.3 million in expenses related to recovery costs, as they engaged several major companies to help investigate and restore agency services, including Mandiant, Dell, Microsoft DART, Palo Alto Networks, Aeris and other firms.” 
  • TechCrunch informs us,
    • “The Washington Post has said that it was one of the victims of a hacking campaign tied to Oracle’s suite of corporate software apps.  
    • “Reuters first reported the news on Friday [November 7], citing a statement from the newspaper that said it was affected “by the breach of the Oracle E-Business Suite platform.” 
    • “A spokesperson for the Post did not immediately respond to TechCrunch’s request for comment.” * * *
    • “On Thursday [November 6], Clop claimed on its website that it had hacked The Washington Post, claiming that the company “ignored their security,” language that the Clop gang typically uses when the victim does not pay the hackers. 
    • “It’s not uncommon for ransomware or extortion gangs like Clop to publicize the names and stolen files of their victims as a pressure tactic, which can suggest that the victim has not negotiated a payment with the gang, or the negotiation broke down. 
    • ‘Several other organizations have confirmed they are affected by the Oracle E-Business hacks, including Harvard University and American Airlines subsidiary Envoy.”
  • The Hackers News tells us,
    • “Cybersecurity researchers have flagged a malicious Visual Studio Code (VS Code) extension with basic ransomware capabilities that appears to be created with the help of artificial intelligence – in other words, vibe-coded.
    • Secure Annex researcher John Tuckner, who flagged the extension “susvsex,” said it does not attempt to hide its malicious functionality. The extension was uploaded on November 5, 2025, by a user named “suspublisher18” along with the description “Just testing” and the email address “donotsupport@example[.]com.”
    • “Automatically zips, uploads, and encrypts files from C:\Users\Public\testing (Windows) or /tmp/testing (macOS) on first launch,” reads the description of the extension. As of November 6, Microsoft has stepped in to remove it from the official VS Code Extension Marketplace.
  • Tech Radar points out,
    • “[Ransomware gang] Rhysida spoofed Microsoft Teams ads on Bing to deliver malware via fake download pages
    • “Victims received OysterLoader and Latrodectus, which deploy ransomware, backdoors, and infostealers
    • “Group operates on RaaS model; past targets include airports, libraries, and U.S. school districts.”

From the cybersecurity business and defenses front,

  • Cyberscoop reports,
    • “Cloud security company Zscaler [November 3] announced Monday it has acquired SplxAI, an artificial intelligence security platform, in a move to strengthen its ability to protect enterprise AI assets.
    • “Terms were not disclosed. 
    • “Zscaler said the purchase is aimed at enhancing its zero-trust security offerings by integrating Splx’s technology for AI asset discovery, automated red-teaming, and governance. The company said these features will help secure AI applications and services during development and after deployment.
    • “AI is creating enormous value, but its full potential can only be realized when it can be secured,” Zscaler CEO Jay Chaudhry said in a statement.”
  • Security Week adds,
    • “Google and Wiz said the antitrust review initiated by the United States Department of Justice into their planned $32 billion acquisition has been cleared.
    • “The companies announced reaching an agreement on the terms of an acquisition in March 2025. 
    • “News of a Justice Department antitrust review into Google’s planned acquisition of the cloud security giant came to light in mid-June. The goal of the probe was to determine whether the deal would harm competition in the cybersecurity market.
    • “During the recent WSJ Tech Live California event, Wiz CEO Assaf Rappaport confirmed that his company had cleared the regulatory hurdle, noting they are “still in the journey between signing and closing.”
  • Dark Reading offers a commentary about “Closing the AI Execution Gap in Cybersecurity — A CISO Framework. CISOs must navigate five critical dimensions of AI in cybersecurity: augmenting security with AI, automating security with AI, protecting AI systems, defending against AI-powered threats, and aligning AI strategies with business goals. Neglecting any of these areas is a recipe for disaster.”
  • Here’s a link to Dark Reading’s CISO Corner.

Thursday report

David ErmerCDC, CMS, Congress, FDA, Generative AI, Medical / Rx research, Medicare, Obesity, U.S. Healthcare, Uncategorized

From Washington, DC,

  • The Wall Street Journal reports,
    • “Senate Majority Leader John Thune (R., S.D.) told Senate Republicans Thursday that they should expect to vote on a new proposal Friday aiming to end the government shutdown, according to people familiar with the plan, indicating potential progress in resolving the monthlong impasse. 
    • “The proposal would combine a short-term spending measure with a package of three full-year funding bills, covering the legislative branch, agriculture, and military construction and veterans’ affairs. It was unclear whether the interim measure would keep the government open through mid-December or for a longer period. How Affordable Care Act subsidies, a central concern of Democrats, would figure into the plan also remained in flux. 
    • “The plan to vote on the revised proposal comes as the impact of the shutdown continues to grow. Government workers have gone without pay for weeks, and low-income families are seeing cuts in food aid and other assistance programs. On Thursday, airlines scrambled to review flight plans after federal officials revealed plans to reduce commercial air traffic starting Friday in response to the government shutdown.”
  • It is encouraging to see that the Senate will remain in session this week beyond today.
  • The Journal further reports,
    • “Airlines and travelers scrambled to review flight plans after U.S. transportation officials said they would throttle commercial air traffic starting Friday in response to the government shutdown.
    • “Transportation Secretary Sean Duffy said that traffic at 40 major airports would be reduced by as much as 10% as a safety measure. Air-traffic controllers and airport security agents aren’t being paid in the shutdown, which federal officials said has led to stretched staffing, flight delays and long security lines.
    • “The Federal Aviation Administration will start with a roughly 4% cut in flights this weekend at select airports, according to a Southwest Airlines internal memo reviewed by The Wall Street Journal. Some of the nation’s busiest airports are among those the FAA targeted for flight capacity cuts, including those in Atlanta, Chicago and New York.
    • “To put that in perspective, a 4% reduction in key markets represents approximately 100 flights, a level we routinely manage during standard weather or irregular operational events,” the memo said.”
  • and
    • “A federal judge has ordered the Trump administration to fully fund food-assistance benefits for November by Friday, criticizing the government’s efforts so far to make payments during the government shutdown. 
    • “Judge John McConnell said the administration violated the order he issued last weekthat required the government to tap emergency funds and “expeditiously” pay benefits under the Supplemental Nutrition Assistance Program, or SNAP.” * * *
    • “McConnell chided the government during a hearing on Thursday for its actions. “People have gone without for too long, not making payments to them for even another day is simply unacceptable,” said the judge, an Obama appointee.  
    • “He directed officials to release the full funding to states for November benefits by Friday. SNAP benefits, which cover roughly 42 million Americans, typically total about $8 billion a month. Since the contingency fund wouldn’t cover the full amount, he ordered them to use another source of money to make up the shortfall.” 
  • Tammy Flanagan, writing in Govexec, delves into OPM Director Scott Kupor’s blog entries about modernizing the federal retirement system.
  • Moving onto healthcare, BioPharma Dive relates,
    • “Novo Nordisk and Eli Lilly will sell their GLP-1 drugs for obesity and diabetes to some Medicare enrollees for $245 a month under an agreement hammered out with the Trump administration, the White House announced Thursday.
    • “Through the deal, the two companies will also offer some of the same drugs through an online government portal for about $350 a month. Lilly and Novo will additionally be required to sell starter doses of their coming oral obesity medicines, if approved by regulators, for $149 a month. They’ll have to offer all their weight loss drugs to state Medicaid programs at “most favored nation” prices, too.
    • “The new figures represent discounts to the list prices of Wegovy and Zepbound, which are $1,350 and $1,080 a month, respectively, as well as the $499 monthly charge on Lilly and Novo’s direct-to-consumer sites. But comparisons are different when weighed against the “net” prices that follow negotiations with insurers.” * * *
    • “[T]he Medicare price for GLP-1 drugs will be offered through a pilot program that will cover most beneficiaries, Novo said in a separate press release. That may be necessary, as the law that authorized Medicare coverage of prescription drugs specifically bars weight loss products. But it also likely limits which Medicare beneficiaries will qualify, and could have a fixed expiration date. Those that do benefit will have a $50 monthly copay.
    • “The agreement also won’t apply to the vast majority of people who receive their medications through commercial insurance.”
  • Fierce Pharma adds,
    • “The Trump administration is rolling out a new model that aims to bring most-favored nation pricing to the Medicaid space.
    • ‘The Centers for Medicare & Medicaid Services announced late Thursday the launch of the GENErating cost Reductions fOr U.S. Medicaid (GENEROUS) model, under which participating state Medicaid programs will be able to purchase certain drugs at prices that align with what is paid in other countries.
    • “The agency said the model, which launches in 2026, is designed around “allowing Americans to benefit from fairer, more competitive pricing.”
    • ‘CMS said that total gross spending in Medicaid on drugs in 2024 was $100 billion, up by $10 billion from 2022. Through the model, CMS will negotiate with participating pharmaceutical companies to bring down prices, while states that sign on will be able to implement coverage criteria that is uniform and transparent.”
  • The American Hospital Association News informs us,
    • “All 50 states have applied for the Rural Health Transformation Program, the Centers for Medicare & Medicaid Services announced Nov. 5. The program will fund $50 billion to states from fiscal year 2026 to FY 2030. Half of the funds will be awarded as baseline funding, and the other half will be distributed following a data-driven review that will assess each state’s initiatives and their alignment with the program. CMS said it would announce the recipients by Dec. 31.” 

From the Food and Drug Administration front,

  • Per an FDA news release,
    • “The U.S. Food and Drug Administration today announced six additional awardees under the Commissioner’s National Priority Voucher (CNPV) pilot program. This second cohort brings the total number of voucher recipients to 15, underscoring the agency’s commitment to accelerating the review of products with the potential to address key national priorities.” * * *
    • “The following products were selected following external applications and internal nominations from FDA review divisions:
      • Zongertinib for HER2 lung cancer
      • Bedaquiline for drug-resistant tuberculosis in young children
      • Dostarlimab for rectal cancer
      • Casgevy for sickle cell disease
      • Orforglipron for obesity and related health conditions  
      • Wegovy for obesity and related health conditions
  • HCP Live tells us,
    • “The US Food and Drug Administration (FDA) has approved Ironwood Pharmaceuticals’ linaclotide (Linzess) capsules for pediatric patients ≥ 7 years of age with irritable bowel syndrome with constipation (IBS-C), making it the first treatment approved for IBS-C in this patient population.
    • “The drug works by increasing intestinal fluid secretion and reducing pain-sensing nerve activity.
    • “Approval was based on adult data and a pediatric trial showing significant symptom improvement.
    • “Safety profiles were consistent across age groups, with diarrhea as the most common side effect.
    • “Linaclotide is contraindicated in children under 2 due to dehydration risks.”
  • Per BioPharma Dive,
    • “Johnson & Johnson won Food and Drug Administration approval to sell its drug Caplyta for patients suffering from major depressive disorder, a key step in its ambitions to make the medicine a $5 billion-a-year seller.
    • “Caplyta is already cleared to treat patients with schizophrenia and those suffering from bipolar I and II depression, conditions that affect some 13 million Americans combined. Major depressive disorder, also known as clinical depression, afflicts about 22 million Americans and two-thirds of that group don’t get enough relief from current medicines, J&J said Thursday.
    • ‘The latest FDA approval is based on research that showed Caplyta could significantly improve depression symptoms, as well as an open-label study that found that 80% of patients responded to treatment, with 65% achieving remission. At the same time, the drug didn’t cause the side effects such as low sexual desire or weight gain that often leads patients to drop off antidepressant treatments, J&J said.”
  • MedPage Today lets us know,
    • “The FDA sent 18 warning letters to websites that illegally market unapproved and misbranded botulinum toxin (Botox) products, the agency announced.
    • “The letters were addressed to sites with names like cosmo-korea.com, derma-solution.com, glamderma.com, and koreanfillers.com, among several others.” * * *
    • “The sites were reportedly based in South Korea, China, Panama, and the U.S., according to the letters.”

From the public health and medical / Rx research front,

  • The New York Times reports,
    • “Heavy drinking is tied to earlier and more severe brain bleeds, a new study found. The paper, published Wednesday in the journal Neurology, examined the link between alcohol and intracerebral hemorrhages — the deadliest, most disabling type of stroke.
    • “The researchers found that so-called heavy drinkers — people who had three or more drinks per day — developed a stroke on average 11 years earlier than those who had fewer than three drinks per day. They also had larger brain bleeds that were more difficult to manage.
    • “This data cannot prove that alcohol led to earlier, more severe brain bleeds. But it aligns with a wide body of research linking heavy alcohol use to damaged blood vessels and cardiovascular disease.
    • “Alcohol in high doses is toxic to brain cells,” said Dr. Bruce Ovbiagele, a professor of neurology at the University of California, San Francisco, who was not involved with the study.”
  • and
    • “Radiation has long played a role in the treatment of breast cancer, though doctors have used it more sparingly in early-stage disease in recent years, as advances in diagnostics and treatment have improved survival rates.
    • “Now a new study with an unusually long follow-up period has found that radiation to the chest wall made absolutely no difference in survival among women with early-stage breast cancer who had been treated with mastectomy, lymph-node surgery and advanced anti-cancer drugs.
    • “The results of the large, randomized clinical trial were published on Wednesday in The New England Journal of Medicine.”
  • MedPage Today points out,
    • “Observational data point to a relationship between the vascular system and epilepsy beyond the brain.
    • “Among people ages 40 and older, heart attack survivors had a disproportionately greater risk of incident late-onset epilepsy.
    • “Late-onset epilepsy may also be a marker of systemic vascular disease.”
  • Infectious Disease Advisor adds,
    • “Although the second dose of the inactivated influenza vaccine (IIV) significantly increases protection relative to a single dose among children younger than 3 years, this benefit is not observed when the study population is broadened to include children younger than 9 years, according to study findings published in JAMA Network Open.”
  • Per Healio,
    • “A multidisciplinary comprehensive obesity care model increased GLP-1 persistence at 1 year.
    • “Patients in the program also had clinically meaningful weight loss outcomes and lower fat-free mass loss.”
  • Cardiovascular Business notes,
    • “Researchers are working on a new stem cell patch designed to help patients recover after a heart attack. The patch is implanted through a tiny incision, making open-heart surgery unnecessary, and then held in place with a biocompatible adhesive. It then helps the heart recover over time, replacing dead tissue that would typically never be able to regenerate. 
    • “The group behind this new technology presented its latest findings in Acta Biomaterialia.
    • “For patients with severe heart failure, there are very few options beyond mechanical pumps or transplants,” senior author Wugiang Zhu, PhD, a researcher with Mayo Clinic in Arizona, said in a statement. “We hope this approach will offer a new way to repair their own hearts.”
    • “Zhu et al. tested their new patch on rats that were given surgically induced heart attacks. The early findings suggest this approach could provide significant value to heart patients everywhere if it can be fine-tuned and tested on human subjects. Researchers noted that the patch improved heart function and reduced both scarring and inflammation.” * * *
    • “Click here to read the full analysis.” 
  • Beckers Clinical Leadership identifies the 10 hospitals with the lowest number of birth complications and the 10 hospitals with the highest number of those complications.

From the U.S. healthcare business front,

  • Beckers Payer Issues tells us,
    • “Eighty-eight percent of Americans are content with their health coverage, yet nearly half rate the country’s overall system a “C” or worse, according to a Nov. 6 survey from health insurance marketplace eHealth.
    • ‘The survey collected input from 1,524 adults across the U.S.
    • “This new survey highlights the mixed feelings many Americans have about our health insurance system,” Whitney Stidom, vice president of consumer enablement at eHealth, told Becker’s. “While many people are satisfied with their coverage, out-of-pocket costs are often a burden, and navigating the various coverage options can be challenging for some. It is crucial consumers understand their health insurance options, as doing so can help them save time, potentially reduce costs and encourage access to quality care.”
  • The Wall Street Journal reports,
    • Pfizer PFE is preparing to sweeten its offer again for Metsera, the weight-loss drug startup at the center of a bidding war that also involves Novo Nordisk
    • New York-based Pfizer is making plans to deliver a fresh bid Wednesday, according to people familiar with the matter, ahead of a deadline it has to respond to Novo Nordisk’s latest proposal. 
    • Under the terms of its existing merger agreement with Metsera, Pfizer’s next likely step is to match Novo Nordisk’s offer, one of the people said. 
    • Metsera shares closed Wednesday at $71.38 and rose over 7% after-hours after The Wall Street Journal reported on Pfizer’s plans. Novo Nordisk’s offer valued the company at $86.20 a share, while Pfizer’s most recent offer valued it at $70 a share, Metsera said.
  • Per STAT News,
    • “In its latest bid to shake up the prescription drug market, the Mark Cuban Cost Plus Drug Company has reached a deal to sell a cheap, biosimilar version of Stelara, a widely prescribed treatment for chronic inflammatory and autoimmune conditions.
    • “The company plans to sell the lower-cost medication for $345 every three months, or $1,380 a year, for a 90-milligram dose, before shipping costs. This is significantly below the list price for the brand-name drug sold by Johnson & Johnson, which can vary depending on patient weight and the specific illness being treated.”
  • Per BioPharma Dive,
    • “AstraZeneca has exercised an option to acquire SixPeaks Bio, an obesity drug startup that it helped launch last year with Versant Ventures.
    • “AstraZeneca revealed the deal in its latest quarterly earnings report on Wednesday. According to that report, the British drugmaker on Oct. 22 paid $170 million for the shares in SixPeaks it didn’t already own. AstraZeneca will add another $30 million to the deal in two years and could shell out a further $100 million based on the achievement of certain regulatory milestones. 
    • “SixPeaks launched in 2024 with $30 million in funding and a collaboration that gave AstraZeneca the chance to acquire it at an agreed-upon price.” 
  • and
    • “Moderna again reported declining vaccine sales and tempered its 2025 revenue outlook, but expressed confidence in its plan to break even financially in a few years.
    • “In third-quarter earnings on Thursday, Moderna reported $1 billion in revenue, down roughly 45% from the same three-month period a year ago. The company also lowered the top end of its projected revenue forecast for 2025. It now expects between $1.6 and $2 billion, down from an expected range of $1.5 billion to $2.2 billion.
    • “Still, Moderna shares, which have lost more than half of their value over the last year, ticked up as much as 5% in early trading Thursday. One reason why is progress the company has made in cutting costs, with Moderna claiming that, so far, it’s ahead of its projected target for the year. 
    • “We give credit where it’s due, and [Moderna] is clearly making progress on cost control,” Leerink analyst Mani Foroohar wrote in a note to clients Thursday.” 
  • Modern Healthcare reports,
    • “Cambia Health Solutions plans to bring another Blue Cross Blue Shield insurer under its umbrella as it seeks to scale its technology and care management services. 
    • “The nonprofit, which operates Regence Blue Cross plans in Idaho, Oregon, Utah and Washington, announced Thursday that it plans to join forces with Arkansas Blue Cross and Blue Shield. The proposed strategic affiliation is Cambia’s second this year; in August, the company proposed a similar partnership with Blue Cross Blue Shield of North Dakota.
    • “By affiliating, the Blue Cross companies aim to pool their investments and administrative capabilities to develop new technology and care management services, Cambia President and CEO Jared Short said. Partnering could boost each organization’s struggling finances, although that is not the primary driver of the planned affiliations, he said.” 
  • Healthcare Dive informs us,
    • “Dr. Amy Flaster joined Cigna late last year as the CMO of the Connecticut-based company’s health insurance arm. But now, she’s stepping into an expanded role as CMO of the entire business, encompassing both Cigna Healthcare and health services division Evernorth.
    • “Starting Nov. 1, Flaster is leading Cigna’s efforts to improve clinical performance, including testing and introducing new care models, overseeing providers and determining where technology could be an asset.
    • “At Cigna, Flaster will report to COO Brian Evanko.
    • “Her appointment coincides with the departure of Dr. David Brailer, a longtime healthcare executive who served as Cigna’s chief health officer since 2022.” * * *
    • “Cigna also announced that Katya Andresen, Cigna’s chief digital and analytics officer, will oversee the company’s “excellence and transformation” efforts, which shapes customer engagement.”
  • Per MedTech Dive,
    • “Diabetes tech nonprofit Tidepool will collaborate with Ōura to launch a partnership for diabetes research, the companies announced Tuesday.
    • “With users’ consent, Tidepool will pair biometric data from the Oura Ring with data from diabetes devices, including continuous glucose monitors and insulin pumps.
    • “The companies plan to start recruitment in early 2026 through a study approved by an institutional review board. Participants who opt into the study will share their data with Tidepool’s Big Data Donation Project. With users’ consent, the de-identified data will be shared with academics, researchers and industry to accelerate diabetes research.”

From the artificial intelligence front,

  • Beckers Health IT reports,
    • “Rochester, Minn.-based Mayo Clinic has introduced a program to help other health systems adopt AI.
    • ‘Mayo Clinic Platform_Insights provides a “guided, affordable path” for healthcare organizations of all sizes to keep up with advances in the technology, the health system said.
    • “Digital solutions and artificial intelligence have enormous potential to transform healthcare but there are barriers to widespread adoption,” stated Maneesh Goyal, COO of Mayo Clinic Platform, the health system’s digital innovation arm, in a Nov. 3 news release. “When organizations partner with us, they gain access to proven clinical and administrative solutions and the technical framework to integrate them seamlessly.”

Friday report

David ErmerCDC, CMS, Congress, FDA, Federal employment benefits, Generative AI, Medical / Rx research, No Surprises Act, Obesity, U.S. Healthcare, Uncategorized

From Washington DC

  • The Wall Street Journal reports,
    • “Lawmakers are exploring options to end the government shutdown or mitigate its impact on federal workers and lower-income households.
    • “Some Republicans are considering stand-alone measures to pay specific groups of workers or fund certain programs during the shutdown.
    • “Democrats are facing increased pressure from constituents to end the shutdown, despite their stance on healthcare spending and federal workers.”
  • and
    • “The Pentagon said it received a $130 million donation from an anonymous private donor to cover military salaries during the government shutdown.
    • “The donation was accepted under the Defense Department’s “general gift acceptance authority” and is designated for servicemembers’ pay and benefits.
    • “President Trump announced the donation, calling the unnamed benefactor a “patriot,” as military members faced missing paychecks.”
  • Healthcare Dive tells us,
    • “Senators on both sides of the aisle expressed support for reforming the 340B drug discount program during a Thursday hearing of the Health, Education, Labor, and Pensions Committee — though lawmakers also cautioned that a careful approach is needed to ensure changes don’t harm rural hospitals and health centers.
    • “The hearing centered around concerns that 340B, although well-intentioned, has grown too large and may not ultimately benefit patients.” * * *
    • “Efforts are being led by a bipartisan working group formed in March, comprised of Sens. Jerry Moran, R-Kan.; Tammy Baldwin, D-Wis.; Shelley Moore Capito, R-W.V.; Tim Kaine, D-Va.; Markwayne Mullin, R-Okla.; and John Hickenlooper, D-Colo.” 
  • Per a Social Security news release,
    • “Social Security benefits and Supplemental Security Income (SSI) payments for 75 million Americans will increase 2.8 percent in 2026. On average, Social Security retirement benefits will increase by about $56 per month starting in January.
    • “Over the last decade the cost-of-living adjustment (COLA) increase has averaged about 3.1 percent.  The COLA was 2.5 percent in 2025.”
  • CMS announced today that “The Federal IDR Team released updates to the Federal IDR Portal’s Notice of IDR Initiation web form to improve the duplicate dispute validation process.” Duplicate arbitration requests were one on the principal concerns raised by the AHIP/BCBSA NSA survey noted in yesterday’s FEHBlog post.
  • Federal News Network adds,
    • “Starting in January 2026, many federal retirees will see a 2.8% cost-of-living adjustment (COLA) increase in their Social Security benefits and federal retirement annuities.
    • “That’s a higher rate than last year, and higher than projections set by AARP and the Senior Citizens League. About 75 million people, including retirees and individuals with disabilities, receive Social Security benefits.
    • “The annual COLA is meant to keep federal retirees’ and Social Security recipients’ benefits on pace with rising inflation. But not everyone will receive the full adjustment.
    • “Retirees in the Federal Employees Retirement System (FERS) usually receive a smaller cost-of-living adjustment each year for their annuities, based on the following formula:
      • “COLA is over 3%: FERS annuitants receive 1% less than the full COLA
      • “COLA is between 2% and 3%: FERS annuitants receive a 2% COLA
      • “COLA is less than 2%: FERS annuitants receive the full COLA
    • “According to those parameters, FERS retirees will receive a “diet” 2026 COLA of 2% for their retirement benefits, starting in January.”
  • FedWeek gives federal and postal employees and annuitants advice on how to approach the upcoming open season.

From the Food and Drug Administration front,

  • Fierce Pharma informs us,
    • “Following a slight delay earlier this year—and a world-first green light in the U.K. over the summer—Bayer has clinched an FDA nod to bolster the limited arsenal of nonhormonal treatments for some of the most common symptoms of menopause.
    • “Friday, the FDA approved Bayer’s dual neurokinin (NK) targeted therapy elinzanetant, which will now be marketed in the U.S. under the brand name Lynkuet, to treat moderate to severe vasomotor symptoms—comprising hot flashes and night sweats—in people with menopause.
    • “Lynkuet comes in a soft gel capsule and is taken once a day at bedtime, Bayer noted in an Oct. 24 press release. The drug is designed to target both the NK1 and NK3 receptors in the brain, which play a role in temperature regulation, the German drugmaker explained.”
    • “Bayer plans to launch Lynkuet in the U.S. starting next month.”
  • and
    • “Azurity Pharmaceuticals has scored an FDA approval for its blood pressure medicine Javadin. The oral solution was developed for patients who have difficulty swallowing tablets or capsules.
    • “Javadin becomes the first immediate-release, ready-to-use oral clonidine formulation for the treatment of hypertension. The berry-flavored treatment can eliminate the need for tablet cutting, compounding or the use of transdermal delivery products to lower blood pressure.
    • “According to the Massachusetts-based company, a recent study showed that more than a third of primary care patients have difficulty swallowing oral medications, with many resorting to splitting or crushing their tablets or opening their capsules to ingest them.”

From the public health and medical / Rx research front,

  • The American Hospital Association News informs us,
    • “Getting an annual flu vaccination is the best way to prevent flu and its potentially serious complications. 
    • “The Centers for Disease Control and Prevention recommends that anyone 6 months of age and older get vaccinated, particularly people who are at a high risk for flu complications. This includes people 65 years and older, young children, and people with chronic conditions such as asthma or heart disease. Individuals who care for or live with these high-risk populations also should get vaccinated.
    • “The 2024-2025 flu season was intense, with high levels of activity and hospitalizations across the country. Somewhere between 47-82 million people fell ill, causing an estimated 27,000-30,000 deaths. The flu vaccine is updated for the 2025-2026 season and is now available at many workplaces, hospitals, clinics, pharmacies and other locations.
    • “Making the case for the value of flu vaccination is easy, but individuals and communities must be proactive in committing to receive them. For 10 years, the AHA has been pleased to lead United Against the Flu, a collaborative effort by several national health care organizations to amplify the importance of getting the annual vaccine.”
  • BioPharma Dive adds,
    • “Sanofi on Friday reported a sharp decline in quarterly vaccine sales, a development the French company partially tied to lower immunization rates in the U.S.
    • “In its latest earnings report, Sanofi said that its overall vaccine sales fell by 7.8% to €3.4 billion, or $3.9 billion, between July and September. The pullback was largely driven by a slowdown in influenza shots, which, combined with the revenue Sanofi derives from Novavax’s COVID-19 vaccine Nuvaxovid, decreased by 16.8%, to €1.5 billion. Sanofi’s COVID-19 and influenza vaccine sales are down a total of 14% this year, the company said.” * * *
    • “It’s early. We’re still in October. But I think it’s fair that with the first few weeks that we observed a little bit of vaccination rate on the soft side when it comes to flu vaccination, particularly in the U.S.,” Thomas Triomphe, Sanofi’s head of vaccines R&D, told analysts.”
    • [Absent the shutdown, we would have had CDC info on this topic.] 
  • The University of Minnesota’s CIDRAP relates,
    • “New research suggests that nearly 1 in 5 urinary tract infections (UTIs) in Southern California may be caused by strains of Escherichia coli that originated in food-producing animals.
    • “For the study, a team led by scientists at George Washington University and Kaiser Permanente Southern California (KPSC) conducted molecular analysis of more than 5,700 extraintestinal pathogenic E coli (ExPEC) isolates collected from UTI patients and retail meat samples from stores in the neighborhoods where those patients lived. Using comparative genomic analysis and a model they developed to infer the host origin of each isolate, they found that 18% of the UTIs were linked to ExPEC strains that came from the meat.
    • “They also discovered that UTIs in patients from high-poverty neighborhoods were 60% more likely to be caused by these zoonotic (animal-to-human) ExPEC strains. 
    • “The findings were published yesterday in the journal mBio.
    • “These findings underscore the contribution of zoonotic ExPEC to the UTI burden in Southern California and the need for targeted interventions to reduce risk in vulnerable communities,” the study authors wrote.”
  • Per STAT News,
    • “Telehealth companies that have seized on the boom in weight loss drugs are playing a bigger role not just in treating patients with obesity but also shaping how the medical mainstream understands obesity.
    • “A dominant player in the field, Ro, said Friday it has launched a new questionnaire designed to measure “food noise,” a term that people with obesity often use to describe incessant and debilitating thoughts about food. One of the aims of the scale, which was developed by academic researchers with funding from Ro, is to help assess whether treatments can “quiet” patients’ level of food noise, a concept that has become more popular in recent years with the advent of new GLP-1 drugs Wegovy and Zepbound.
    • “The telehealth firm is already using the scale to track patients’ progress as they go through treatment, and it’s also licensing it out to pharma companies to use in clinical trials.
    • “WeightWatchers, which also provides telehealth care, earlier rolled out its own food noise scale.
    • “Proponents of these scales say that food noise anecdotally appears to be a common experience for people with obesity, so it’s important to measure it in an objective way to understand a range of questions — for instance, whether certain populations experience it more, how much of it is tied to a person’s weight, and ultimately, which interventions can help.”
  • Per Healio,
    • “Decreasing alcohol intake, even if an individual reports having two or fewer drinks per day, may have a positive impact on blood pressure, researchers reported.
    • “New data published in the Journal of the American College of Cardiology showed how small reductions in alcohol intake can lower BP for both men and women. 
    • “The implications are quite direct. For individuals with hypertension — as well as for the general adult population — stopping alcohol intake can be viewed as a practical, non-pharmacological strategy associated with lower BP,” Takahiro Suzuki, MD, MPH, clinical fellow at St. Luke’s International Hospital and PhD student at the Institute of Science Tokyo, told Healio. “Importantly, this recommendation should not be limited to heavy drinkers. Our findings demonstrate that even light to moderate drinkers can gain measurable benefit from stopping alcohol. A reduction of just 2 mm Hg in systolic BP can meaningfully decrease the risk of stroke and CV death at the population level. Thus, encouraging minimal alcohol intake for everyone could have significant population-level health benefits. … These results align with and support the 2025 American College of Cardiology/American Heart Association guidelines that include recommendations for alcohol abstinence or limiting intake.”
  • Per MedPage Today,
    • “A risk model showed promise for risk-stratifying women for breast cancer treatment-related heart failure or cardiomyopathy.
    • “The model achieved an overall accuracy of about 80% over 10 years.
    • “Older age, specific systemic therapies, and pre-existing cardiac risk factors contributed the most to the model.”

From the U.S. healthcare business front,

  • Beckers Hospital Review reports,
    • “Nashville, Tenn.-based HCA Healthcare reported a net income of $1.6 billion (8.6% margin) in the third quarter, a significant improvement on the $1.3 billion net income (7.3% margin) posted in the third quarter of 2024. HCA said the strong financial results were driven by higher revenue, improved earnings and growth in same-facility admissions.
    • “For the nine months ending Sept. 30, 2025, HCA reported a net income of $4.9 billion (8.7% margin) compared to $4.3 billion (8.3% margin) in the prior-year period. 
    • “Our teams continued to execute our agenda at a high level, and we remain disciplined in our efforts to improve care for our patients by increasing access, investing in advanced technology, and training our people,” CEO Sam Hazen said in an Oct. 24 earnings release. “Across many operational measures, including quality and key stakeholders’ satisfaction, outcomes were better.”
  • and
    • “More hospitals have closed in Pennsylvania than in any other state this year, reflecting a growing crisis in the state’s healthcare infrastructure. 
    • “Of the 22 hospital closures Becker’s has reported on in 2025, four were in Pennsylvania. One additional hospital — Sharon (Pa.) Regional Medical Center — closed in 2024 but was acquired and reopened in May by Tenor Health Foundation, a newly formed nonprofit.
    • “Pennsylvania’s hospital challenges are multifaceted, involving a combination of overextended acquisition strategies, reimbursement shortfalls, workforce shortages and a rising tide of high-severity malpractice settlements.
    • “According to Radha Savitala, co-founder and CEO of Tenor Health Foundation, part of the issue stems from Pennsylvania’s high number of hospitals — many of them rural — and the fact that some health systems likely overpaid for certain acquisitions in the state more than a decade ago.”
  • MedCity News interviews interviews Puneet Maheshwari, UHC senior vice president and general manager of Optum Real, about the new AI driven claims processing system.
  • Beckers Payer Issues adds,
    • “Elevance Health is deepening its use of artificial intelligence enterprise-wide, focusing on enhancements to its member services, clinical workflows and provider operations as part of long-term efforts to simplify care delivery and reduce costs.
    • “Chief Digital Information Officer Ratnakar Lavu told Becker’s the company’s goal is “to keep the patient at the center and a focus on the experience, not technology for the sake of technology.”
    • “Elevance’s strategy is among a broader industry shift among large insurers using AI not just for automation, but for personalization and decision support that spans both administrative and clinical processes.”
  • BioPharma Dive relates,
    • “Adverum Biotechnologies, a gene therapy developer, has agreed to sell all its outstanding shares to Eli Lilly for an upfront amount that is less than the company’s most recent closing stock price.
    • “Lilly, through an acquisition announced Friday, plans to pay $3.56 in cash for each share — reflecting a nearly 15% discount from the $4.18 price they traded at the day prior. Yet, Adverum investors would also receive so-called contingent value rights that may be worth up to $8.91 per share if the company’s most advanced therapy hits certain goals.
    • “Altogether, the deal value could reach roughly $261 million.
    • “Adverum, formerly named Avalanche Biotechnologies, has been working for nearly two decades to develop genetic medicines for sight-threatening eye diseases. The company raised $102 million in 2014 by going public, and changed its name not long after as part of a reverse merger. Its lead research program is evaluating whether a gene therapy known as “ixo-vec” can help patients with the “wet” form of a degenerative eye condition that affects millions of people in the U.S. alone.”

Weekend Update

David ErmerCongress, Congress, COVID-19 vaccine, Medical / Rx research, Obesity, Telehealth, U.S. Healthcare, Uncategorized

From Washington, DC,

  • On Thursday, the Senate Committee on Aging will hold a hearing at 3:30 pm ET “to examine modernizing health care, focusing on how shoppable services improve outcomes and lower costs.”
  • The Wall Street Journal reports that “Congress Is running out of time to decide the fate of Obamacare subsidies. Republicans decry the ‘Biden bonuses’ of enhanced ACA, while Democrats say pressure will rise on GOP to extend subsidies.”
    • “Enhanced Affordable Care Act subsidies, benefiting more than 20 million people, are set to expire this year, prompting a political standoff.
    • “Republicans seek major changes to the ACA, including addressing alleged fraud.
    • “ACA sign-ups have more than doubled since 2021. More than three-quarters of policyholders now reside in states that voted for President Trump.”
  • Roll Call adds,
    • “President Donald Trump is expected to host Senate Republicans for a Rose Garden lunch Tuesday, while the ongoing partial government shutdown continues to have no end in sight.
    • “A GOP source confirmed the plan for the White House visit, which comes as the Senate majority will also try this week to call up a bill that would pay federal workers who are on the job during the shutdown. The Senate this week is also expected to continue to confirm Trump’s judicial nominees.”

From the 2025 European Society for Medical Oncology congress in Berlin,

  • STAT News reports,
    • “Patients with a highly aggressive form of breast cancer will likely have new treatment options for the first time in years after AstraZeneca and Gilead Sciences both presented successful trial results here Sunday, dual achievements that will also leave clinicians having to figure out which drug to choose when treating triple-negative tumors. 
    • “Both studies tested what’s known as an antibody-drug conjugate — essentially, a next-generation type of chemotherapy — compared to traditional chemotherapy regimens as a first-line medicine in patients with metastatic triple-negative breast cancer who couldn’t receive an immunotherapy. The women largely weren’t eligible for treatments like checkpoint inhibitors because their tumors did not express the protein that the drugs target. For these patients, there hasn’t been a new first-line drug approved in over a decade.
    • “Researchers were already going to be comparing the results of the two Phase 3 studies in the difficult-to-treat tumors, but the stakes were upped with the trials being presented back-to-back here at the European Society for Medical Oncology’s annual conference. A single discussant also analyzed the results together, parsing the outcomes for Gilead’s Trodelvy as well as for Datroway, made by AstraZeneca and its partner Daiichi Sankyo.” 
  • and
    • “mRNA-based Covid vaccines from Pfizer-BioNTech or Moderna may have an unexpected benefit for cancer patients who undergo immunotherapy. 
    • “A new study suggests that these vaccines might boost the effects of immunotherapy drugs, perhaps by alerting the immune system and helping direct immune cells to attack tumors. That’s in addition to helping protect against Covid, which can be particularly important for cancer patients who can sometimes have weakened immune systems. 
    • “The study found that advanced cancer patients who received a Covid vaccine within 100 days before taking an immunotherapy drug during the pandemic lived longer than patients who did not, in a retrospective analysis. Researchers from MD Anderson Cancer Center presented the study at the European Society for Medical Oncology conference in Berlin on Sunday. 
    • ‘The results are intriguing cancer immunologists and oncologists, who reacted with both excitement and caution.” 
  • Fierce Pharma adds,
    • “Novartis has shared detailed data showing its radioligand therapy Pluvicto could slow the progression of certain hormone-sensitive prostate cancers ahead of a planned application with the FDA.
    • “Pluvicto plus standard of care significantly reduced the risk of radiographic progression or death by 28% versus standard of care alone in patients with PSMA-positive metastatic hormone-sensitive prostate cancer (mHSPC), according to Novartis. The standard of care includes androgen deprivation therapy (ADT) and an androgen receptor pathway inhibitor (ARPI) such as Pfizer and Astellas’ Xtandi.
    • “Details from the phase 3 PSMAddition trial will be presented Sunday at the 2025 European Society for Medical Oncology congress in Berlin.”
  • and
    • “The standing ovation for Keytruda and Padcev in metastatic bladder cancer at the 2023 European Society for Medical Oncology (ESMO) Congress still echoes, and, now, the pair from Merck & Co., Pfizer and Astellas has pulled off similarly showstopping results in certain patients with muscle-invasive bladder cancer (MIBC).
    • “The combination of Merck’s Keytruda and Pfizer and Astellas’ Padcev reduced patients’ risk of death by a whopping 50% when used before and after bladder removal surgery in those with MIBC who are not eligible for or declined cisplatin-based chemotherapy compared with surgery alone, according to results to be presented at the 2025 ESMO Congress.
    • “The PD-1/antibody-drug conjugate combo also significantly improved event-free survival (EFS) by 60% versus surgery alone. A negative event includes progression of disease that precludes surgery or failure to undergo surgery, gross residual disease left behind during surgery, cancer recurrence or death.”
  • and
    • “Merck’s efforts to make headway in a cancer type that was an elusive target for its superstar oncology med Keytruda prove to be fruitful, as demonstrated through its Keynote-B96 trial in ovarian cancer. 
    • “The latest data drop is a more detailed look at a win from previously reported positive analyses of the phase 3 study, which tested Keytruda plus chemotherapy with or without Roche’s Avastin in patients with platinum-resistant recurrent ovarian cancer who have tried one or two prior lines of therapy, including at least one platinum-based chemotherapy.”

From the public health and medical / Rx research front,

  • The Washington Posts offers expert advice on when to obtain Covid and flu boosters for this coming, winter infection season. Both infectious disease physicians encouraged getting the shots in October.
    • “[Dr.] Pavia encourages getting a shot whenever you have an easy opportunity. If you’re getting groceries and the pharmacy is offering flu shots, take five minutes to get one, because you are less likely to follow through by scheduling an appointment, Pavia said.
    • “The Centers for Disease Control and Prevention now recommends that people consult a clinician before receiving a coronavirus shot, but that process can be as simple as a brief conversation with a pharmacist. The Post previously published a guide to getting covid shots under these new conditions.
    • “By now, many people know how they react to flu and coronavirus shots. The coronavirus shot can give some people quite a sore arm. If that’s the case, avoid getting both shots in the same arm, they said. [Dr.] Rivers got her shots in two different arms during the same visit, but the rest of her family got them in the same arm. For people who don’t have much a reaction, there is no disadvantage to getting two shots at the same time, [Dr.] Pavia said. He got his shots at different times because that’s when it was convenient for him.”
  • The American Medical Association offers healthcare providers advice on how to answer patients’ questions about vaccinations.
  • The New York Times explains why more older adults have turned to cochlear implants after Medicare expanded eligibility for the devices.
    • “Twenty-five years ago, “it was a novelty to implant people over 80,” said Dr. Charles C. Della Santina, director of the Johns Hopkins Cochlear Implant Center. “Now, it’s pretty routine practice.”
    • “In fact, a study published in 2023 in the journal Otology & Neurotology reported that cochlear implantation was increasing at a higher rate in patients over 80 than in any other age group.
    • “Until recently, Medicare covered the procedure for only those with extremely limited hearing who could correctly repeat less than 40 percent of the words on a word recognition test. Without insurance — cochlear implantation can cost $100,000 or more for the device, surgery, counseling and follow-up — many older people don’t have the option.
    • “It was incredibly frustrating, because patients on Medicare were being excluded,” Dr. Della Santina said. (Similarly, traditional Medicare doesn’t cover hearing aids, and Medicare Advantage plans with hearing benefits still leave patients paying most of the tab.)
    • “Then, in 2022, Medicare expanded cochlear implant coverage to include older adults who could identify up to 60 percent of words on a speech recognition test, increasing the pool of eligible patients.”

From the U.S. healthcare business front,

  • Medscape considers whether the obesity drug battleground is offering wins for clinicians and patients?
  • TechTarget reports,
    • “Teladoc Health has launched new AI capabilities that enable care teams to monitor and mitigate violence in healthcare workplace settings.
    • “The virtual care provider has integrated the new AI features into its Clarity monitoring solution. The AI technology utilizes video and audio cues to assess facial expressions, gestures and language to determine threats. If a situation is deemed potentially aggressive and appears to be escalating, the solution will notify the appropriate care teams and staff. For example, it will identify safety risks, such as a person aggressively tampering with medical equipment.”
  • The Wall Street Journal relates,
    • Provalus, an outsourcing company, is expanding revenue by 35% to 40% annually as it invests in rural American towns.
    • “The company recruits and trains individuals from small towns, offering jobs in IT and professional services with competitive benefits.
    • “Provalus aims to create middle-class jobs in overlooked areas.”
  • Per HR Dive,
    • “While 7 in 10 U.S. hiring managers say they typically consider overqualified candidates, many also express concerns about low engagement and quick exits, according to an Oct. 8 report from Express Employment Professionals and The Harris Poll.
    • “In fact, three-quarters of employers said they believe overqualified hires struggle to stay motivated in lower-level roles, and they worry these hires will leave as soon as a better opportunity comes along. In response, 58% said they’d rather train someone new than risk disengagement.”

Columbus Day Holiday Report

David ErmerFederal employment benefits, Medical / Rx research, No Surprises Act, OPM, U.S. Healthcare, Uncategorized

Supplementing yesterday’s Weekend Update

From Washington, DC,

  • The AP reports,
    • “President Donald Trump said Saturday that he has directed the Defense Department to use “all available funds” to ensure U.S. troops are paid Wednesday despite the government shutdown, a short-term fix that will not apply to the hundreds of thousands of federal workers who have been furloughed.
    • “Trump said in a social media post that he was acting because “our Brave Troops will miss the paychecks they are rightfully due on October 15th.”
    • ‘The Republican president’s directive removes one of the pressure points that could have forced Congress into action, likely ensuring that the shutdown — now in its 11th day and counting — extends into a third week and possibly beyond. But no similar action seems forthcoming for federal employees also working without pay while thousands are now being laid off during the lapse in government operations.”
  • Federal News Network tells us,
    • “The number of federal employees filing retirement claims in September was the lowest all year. Just over 6,300 employees submitted their retirement paperwork to the Office of Personnel Management. At the same time, OPM also processed the fewest number of current claims in September, just over 7,900. Despite the lower number of claims, OPM said it took six days longer, on average, in September than in August to process claims. The current retirement claims backlog is at 23,500, which dropped for the fourth straight month.”
  • The Washington Post interviews OPM Director Scott Kupor and others about the coming surge of retirement applications.
  • Per Beckers Payer Issues,
    • “The No Surprises Act is succeeding in protecting patients from unexpected medical bills, but insurers and provider groups remain divided on what is driving rising costs tied to the Independent Dispute Resolution process and how regulators should respond.
    • “Since the arbitration system launched in 2022, providers have won the vast majority of disputes. In 2024, they prevailed in about 85% of cases, with median payment determinations reaching 459% of the qualifying payment amount in the fourth quarter. The process has also generated at least $5 billion in costs, much of it from administrative fees and higher payments.
    • “As those costs have climbed, payers have said that the system is inflating prices across the healthcare system, while providers say it is correcting years of underpayment.
    • “The concern now is that the law hasn’t met its second objective, to contain costs,” Jennifer Jones, senior director of legislative and regulatory policy at the Blue Cross Blue Shield Association, told Becker’s. “That’s primarily because of the challenges we’re seeing with the independent dispute resolution process.”
  • The FEHBlog agrees with Ms. Jones.

From the public health and medical / Rx research front,

  • MedPage Today informs us,
    • “Among older adults who received at least one dose of the recombinant shingles vaccine, vaccine effectiveness against any herpes zoster-related outcome was 56.1%.
    • “Getting a second dose yielded a relative vaccine effectiveness of 67.9% against any herpes zoster outcome.
    • “The findings emphasize the importance of completing the full vaccination series.”
  • The Washington Post reports,
    • “The tendency to use cannabis is associated with genes linked to impulsive behavior, obesity, schizophrenia and bipolar disorder, among other traits, according to a study released Monday by researchers at the University of California at San Diego.
    • “The research, published in the journal Molecular Psychiatry, explored the genetic traits of casual and frequent cannabis users in hopes of eventually identifying medications and other therapies to treat or prevent problematic marijuana use.
    • “The study adds to a growing body of genetics research into cannabis use as policymakers and researchers weigh how to balance the benefits and consequences of the drug’s growing popularity.”

From the U.S. healthcare business front,

  • Beckers Hospital Review relates,
    • “Many nonprofit hospitals and health systems have made steady progress on financial turnarounds since the end of the COVID-19 pandemic — though others continue to struggle — but new and persistent challenges threaten to derail those efforts.
    • “Operating margins have inched upward across the sector, yet most remain far below the pre-pandemic “magic number” of 3%. The latest data from Strata Decision Technology shows that health system margins improved slightly to 1% in August, up from 0.9% in July, but remain relatively unchanged for the year. 
    • “While operating revenue has generally increased, it continues to be offset by rising costs — particularly in non-labor categories (such as supply and drug costs), which rose 5.7% year over year compared to a 4.6% rise in labor expenses.
    • “These pressures could intensify in the months ahead.” 
  • Beckers Payer Issues adds,
    • “When a critical patient’s prognosis is unclear, often because they are unable to wean from the ventilator, care teams begin to discuss palliative care, advance care planning, and even hospice.  Making decisions about long-term care goals can be challenging for patients and their families as they navigate the complexities of their conditions. Discussions often take place over many days while patients and families evaluate the options.  Including long-term-acute care hospital (LTACH) referral in these discussions benefits the patient for three reasons [explained in the article].

Cybersecurity Saturday

David ErmerCybersecurity, Generative AI, Uncategorized

From the cybersecurity policy front,

  • Federal News Network reports,
    • “The Cybersecurity and Infrastructure Security Agency typically marks October’s awareness month with a range of public engagements and outreach campaigns. But under the ongoing government shutdown, CISA has furloughed nearly two-thirds of its staff and curtailed most public communication.
    • “CISA is not actively managing its website under the shutdown. But the agency did establish a landing webpage for cybersecurity awareness month prior to the shutdown, detailing the campaign’s theme and linking to a toolkit.
    • “CISA Director of Public Affairs Marci McCarthy said, “CISA remains fully committed to safeguarding the nation’s critical infrastructure,” as part of a statement.” * * *
    • “Chris Cummiskey, a former state chief information officer and former chief management officer at DHS, said CISA typically retains enough employees to staff the agency’s watch floor, maintain technology that monitors federal networks for cyber threats, and collaborate with cyber defenders at other federal organizations, like U.S. Cyber Command.
    • “But if a major cyber incident were to occur, CISA may not have enough staff immediately on hand to manage the event.
    • “A key concern is, do you need to start recalling people?” Cummiskey said. “You probably wouldn’t have the onsite capacity to cover a major exploit without the additional help.”
    • “In addition to the shutdown, key privacy and liability protections under the Cybersecurity Information Sharing Act of 2015 expired on Sept. 30. Those protections had been pivotal to encouraging the private companies to share cyber threat data with each other and with government agencies, including CISA.
    • “Cyber experts say companies may be more hesitant to share information about new cyber threats and vulnerabilities without the statute’s protections.”
  • Cybersecurity Dive adds,
    • “Michael Daniel, president of the Cyber Threat Alliance, an information-sharing group, predicted that some companies will “suspend some sharing activities with the government,” but he added that a lot will depend on “each company’s risk tolerance.”
    • “I think some collaboration will continue,” he said, “but likely at reduced levels and requiring more human oversight.”
    • “Ari Schwartz, managing director of cybersecurity services at the law firm Venable, said, “There will just be many more lawyers involved, and it will all go slower, particularly new sharing agreements.” Venable has advised clients on what to consider when establishing such agreements.
    • “As for companies sharing information with each other, that likely will continue for now because of a lack of near-term concern about antitrust investigations, Daniel said. But companies’ attitudes could change if the program isn’t reauthorized.”
  • The National Institute of Standards announced on September 29, 2025,
    • “As part of ongoing efforts to strengthen the protections for securing controlled unclassified information (CUI) in nonfederal systems [which includes FEHB and PSHB claims data], NIST has released the following drafts for comment:
    • SP 800-172r3 (Revision 3) fpd (final public draft)Enhanced Security Requirements for Protecting Controlled Unclassified Information, provides new enhanced security requirements that support cyber resiliency objectives, focus on protecting CUI, and are consistent with the source controls in SP 800-53r5.
    • SP 800-172Ar3 ipd (initial public draft)Assessing Enhanced Security Requirements for Controlled Unclassified Information, provides a set of assessment procedures for the enhanced security requirements. These procedures are based on the source assessment procedures in SP 800-53Ar5.” * * *
    • “A public comment period will be open from September 29 through November 14, 2025. Reviewers should submit comments on all or parts of the drafts to 800-171comments@list.nist.gov.”
  • Cybersecurity Dive tells us,
    • “Barely any U.S. defense contractors say they’re fully prepared to comply with the Department of Defense’s new cybersecurity assessment program.
    • “Only 1% of companies say they’re completely ready to be assessed through the Cybersecurity Maturity Model Certification (CMMC) program, which takes effect on Nov. 10, according to a report that the managed security provider CyberSheath published on Wednesday.
    • “The percentage of respondents expressing confidence in their readiness has dropped over the past two years.”

From the cybersecurity vulnerabilities and breaches front,

  • NextGov/FCW reports on September 29, 2025,
    • “A “widespread cybersecurity incident” at the Federal Emergency Management Agency allowed hackers to make off with employee data from both the disaster management office and U.S. Customs and Border Protection, according to a screenshot of an incident overview presentation obtained by Nextgov/FCW.
    • “The hack is also suspected to have later triggered the dismissal of two dozen Federal Emergency Management Agency technology employees announced late last month, according to internal meeting notes and a person familiar with the matter.
    • “The initial compromise began June 22, when hackers accessed Citrix virtual desktop infrastructure inside FEMA using compromised login credentials. Data was exfiltrated from Region 6 servers, the image says. That FEMA region services Arkansas, Louisiana, New Mexico, Oklahoma and Texas, as well as nearly 70 tribal nations.” * * *
    • “DHS security operations staff were notified of the breach on July 7, the screenshot adds. On July 14, the unnamed threat actor used an account with high-level access and attempted to install virtual networking software that could allow them to extract information. Initial remediation steps were taken on July 16. 
    • “On Sept. 5, additional remediation actions were taken, including changing FEMA Zscaler policies and blocking certain websites, the screenshot says. Those actions were previously reported by Nextgov/FCW.”
  • Following up on last Saturday’s post about the Cisco KVEs, Cybersecurity Dive lets us know,
    • “Nearly 50,000 Cisco firewall devices with recently disclosed vulnerabilities are connected to the internet, according to new data.
    • Statistics from the Shadowserver Foundation illustrate the extent of the world’s exposure to the three flaws in Cisco’s Adaptive Security Appliance devices and Firepower Threat Defense devices, which earned a rare emergency patching directive from the Cybersecurity and Infrastructure Security Agency (CISA) after the Sept. 25 disclosure.
    • “The United States has by far the most devices that have not been patched to block exploitation of the flaws, with Shadowserver tallying more than 19,000 vulnerable U.S. devices. The U.K. ranks second, with more than 2,700 vulnerable devices, followed by Japan, Germany and Russia. Other European countries have fewer than 1,000 vulnerable devices each.
    • “Shadowserver’s records will reveal how quickly different countries are reducing their exposure as the organization continues collecting data in the coming days and weeks.
    • “A sophisticated threat actor has been using two of the new Cisco flaws, CVE-2025-20362 and CVE-2025-20333, in a stealthy cyberattack campaign that has breached multiple federal agencies and other organizations worldwide. Both vulnerabilities involve improper validation of HTTPS requests, which could allow Cisco firewalls to accept malicious requests that bypass authentication. CVE-2025-20362 could allow hackers to access restricted VPN-related URLs, while CVE-2025-20333 could let intruders run arbitrary code as root.”
  • Cyberscoop points out,
    • “Red Hat on Thursday [October, 2, 2025] confirmed an attacker gained access to and stole data from a GitLab instance used by its consulting team, exposing some customer data. The open-source software company, a subsidiary of IBM, said the breach is contained and an investigation into the attack is underway. 
    • “Upon detection, we promptly launched a thorough investigation, removed the unauthorized party’s access, isolated the instance, and contacted the appropriate authorities,” Red Hat said in a security update. “Our investigation, which is ongoing, found that an unauthorized third party had accessed and copied some data from this instance.”
    • “Red Hat said the compromised GitLab instance contained work related to consulting engagements with some customers, including project specifications, example code snippets and internal communications about the consulting services. 
    • “This GitLab instance typically does not house sensitive personal data,” Red Hat said. “While our analysis remains ongoing, we have not identified sensitive personal data within the impacted data at this time.”
  • Dark Reading informs us,
    • “The month-long outage for luxury car maker Jaguar Land Rover appears to be at an end, with the company working through a “controlled, phased restart” of its manufacturing operations this week, following a massive cyberattack that forced the company to shut down its systems.
    • “JLR said on Sept. 2 that it had “proactively” shut down operations following a cyber incident, initially stating that customer data did not seem to be stolen, but revising that statement a week later. JLR, a subsidiary of Tata Motors, likely suffered $50 million to $70 million in lost revenue per week, with the total cost of the incident estimated at a staggering $1.7 billion to $2.4 billion.
    • “The attack, and its vast impact, should be a warning for companies, says Chris Gibson, executive director of the Forum of Incident Response and Security Teams (FIRST).
    • “The outage “highlights that even large corporations with substantial resources can be completely disrupted and that critical industries may be more vulnerable than previously thought,” he says. “This was far beyond data theft; it was a complete operational outage.”
  • Security Week adds,
    • “Japanese brewing giant Asahi Group Holdings on Monday [September 29, 2025] announced that its operations in the country have been disrupted by a cyberattack.
    • “The incident, the company said, resulted in system failures that affected orders and shipments at all its subsidiaries in the country, as well as call center operations, customer service desks included.
    • “Reuters reported that production at some of Asahi’s 30 domestic factories has been suspended due to the cyberattack.
    • “At this time, there has been no confirmed leakage of personal information or customer data to external parties,” the company said in a Monday notice.
    • “Asahi said it is investigating the attack and working on restoring the affected systems but could not provide an estimated timeline for recovery.
    • “The system failure is limited to our operations within Japan,” it said.
    • “The company has not disclosed the nature of the cyberattack it fell victim to, but the system-wide outage could indicate that file-encrypting ransomware might have been used.”

From the ransomware front,

  • Cybersecurity Dive reports,
    • “Corporate executives are being targeted in an email-based extortion campaign by a threat actor claiming affiliation with the notorious Clop ransomware gang, according to security researchers from Google Threat Intelligence Group and Kroll. 
    • “The hacker claims to have data stolen from breached Oracle E-Business Suite applications and has been demanding payment from various corporate executives, according to a LinkedIn post from Austin Larsen, principal threat analyst at GTIG.
    • “While researchers have not been able to substantiate the claims of a data breach, they have confirmed important links to a financially motivated threat group tracked under the name FIN11, which has prior associations with Clop.” 
  • Cyberscoop provides us with “the email Clop attackers sent to Oracle customers. The emails, which are littered with broken English, aim to instill fear, apply pressure, threaten public exposure and seek negotiation for a ransom payment.”
  • Dark Reading adds,
    • After announcing its farewell last month, the cyber extortion group known as Scattered Lapsus$ Hunters returned on Friday with a website featuring stolen Salesforce data and a list of dozens of alleged victims.
    • Scattered Lapsus$ Hunters is an apparent combination of the Scattered Spider, Lapsus$, and ShinyHunters cybercriminal groups, which first emerged over the summer in a public Telegram channel. However, just a few weeks later, the collective published a goodbye letter on Telegram and the Dark Web marketplace BreachForums, saying the three groups, as well as other threat actors, had “decided to go dark.”
    • “But Scattered Lapsus$ Hunters burst back into the limelight this week with a Dark Web leak site devoted to the recent spate of Salesforce data thefts; one of the two distinct campaigns targeting Salesforce environments recently has been attributed to a threat group tracked by Google as UNC6040, which has claimed to be ShinyHunters in its extortion attempts.
    • “According to Google, UNC6040 actors used vishing calls to convince IT support personnel at targeted organizations to grant them access to or credentials for the organizations’ Salesforce environments. Mandiant researchers this week said the threat actors have impersonated third-party vendors in the vishing calls and had also targeted users in victim organizations with elevated access to other SaaS applications.’
  • The American Hospital Association points out,
    • “A Health-ISAC (Information Sharing and Analysis Center) bulletin released Oct. 1 warns of a recently released LockBit 5.0 ransomware variant that poses a threat to health care and other sectors. LockBit 5.0 is the latest version of the ransomware-as-a-service group that has previously attacked hospitals and other organizations in the U.S. and abroad. The notice said the new variant directly targets virtual environments and has improved and enhanced technical capabilities, evasion techniques and affiliate engagement. The variant is known to target Windows, Linux and VMware ESXi software. Health-ISAC said the new variant’s technical capabilities make it faster, more flexible for affiliates and harder for security to detect and analyze. LockBit was disrupted by authorities last year before resurfacing last month.
    • “This is a very technical bulletin, but it’s important to note that it addresses a new version of a well-known ransomware,” said Scott Gee, AHA deputy national advisor for cybersecurity and risk. “Hospitals should ensure that they have defensive measures in place and that those measures are tuned and working properly.”
  • HackRead reports on September 29,
    • “The Medusa ransomware group is claiming responsibility for a ransomware attack on Comcast Corporation, a global media and technology company best known for its broadband, television, and film businesses.
    • “According to the group’s dark web leak site, they exfiltrated 834.4 gigabytes of data and are demanding $1.2 million for interested buyers to download it. The same sum has been set as ransom for Comcast if the company wants the data deleted rather than leaked or sold.
    • “To back its claims, Medusa has posted around 20 screenshots allegedly showing internal Comcast files. The group also shared a massive file listing of 167,121 entries, suggesting access to actuarial reports, product management data, insurance modelling scripts, and claim analytics.” * * *
    • “Medusa ransomware is known for publishing file listings and partial screenshots as proof of compromise while holding back the bulk of the data to increase ransom pressure. In this case, the nature of the files points toward actuarial and financial datasets, some of which appear to involve insurance calculations, customer data processing, and claim management systems.”
  • HelpNetSecurity provides us background about and advice on how to avoid Akira ransomware.
  • Wired notes that “Google has launched a new AI-based protection in Drive for desktop that can shut down a [ransomware] attack before it spreads—but its benefits have their limits.”

From the cybersecurity defenses front,

  • Per ISACA,
    • “Cybersecurity professionals from around the world recently weighed in on some of the key findings from ISACA’s latest State of Cybersecurity survey report. Aparna Achanta, security leader, IBM (US); Simon Backwell, head of information security, Benefex (UK); Donavan Cheah, senior cybersecurity consultant, Thales (Singapore); Jenai Marinkovic, vCISO/CTO, Tiro Security, and CEO & chairman of the board, GRCIE (US); Kannammal Gopalakrishnan, cybersecurity and GRC professional (India), and Carlos Portuguez, Sr. Director BISO, Concentrix (Costa Rica)—all of whom are also members of ISACA’s Emerging Trends Working Group—reflect on how these stats show up for them in the profession.”
  • and
    • “Phishing has escalated beyond masquerading techniques. Traditional attacks depended on typos, being in a rush and not so well-disguised social engineering. But hackers today use generative AI, such as WormGPT or FraudGPT, and even deepfakes, to create perfect messages with contextual background that can effortlessly be mixed with everyday corporate messages. Cofense has noted that it receives an AI-enhanced malicious email every 42 seconds, with that pace expected to accelerate in the months to come. This hypergrowth is an indication that phishing is not an outlying issue anymore but a mainstream cyber-crime, now with AI-driven precision. 
    • “The next pivot is neuro-phishing, which can tie in the details of biometric and psycho-physiological indicators, like the EEG, micro-hesitation spikes, blink frequency, and the focus of the eyes, to see the response of the user in real-time and work a different approach. Previous and extensive studies have already established the reliability of finding recognition and stress using the EEG, when users are stimulated with phishing. This is not passive baiting anymore, but a dynamic, cognitive feedback loop, which transforms human users into interactive targets.”
    • The article offers advice on creating resilience against neuro-phishing.
  • Dark Reading adds,
    • “Email security has long dominated the enterprise security conversation — and rightfully so. It remains a key vector for phishing, credential theft, and social engineering. But in 2025, the threat landscape has shifted. Quietly yet decisively, attackers increasingly are bypassing the inbox and expanding their reach across multiple channels. 
    • “Recent data from TechMagic shows that 41% of phishing incidents now employ multichannel tactics, including SMS (smishing), voice calls (vishing), and QR codes (quishing). The trend is clear: While email still matters, adversaries are shifting to mobile-first platforms like text, iMessage, WhatsApp, and social direct messages. These attacks are harder to spot, more difficult to control, and more likely to succeed, because they target the most vulnerable point in the chain: the human behind the screen.
    • “To address this growing threat to mobile platforms, new security approaches are emerging that leverage AI-driven defenses to identify and prevent social engineering attacks in real-time. By training large language models (LLMs) to understand the content and intent behind messages, these systems can flag suspicious activity and enforce protective measures before users fall victim. Whether it’s a text message posing as IT support or impersonating a vendor, these next-generation solutions focus on stopping threats at the human layer — not just at the device.”
  • Infosecurity Magazine explains how “AI-Generated Code Used in Phishing Campaign Blocked by Microsoft.”
  • Per CISO Online,
    • “A surge in vulnerabilities and exploits leaving overloaded security teams with little recourse but to embrace risk-based approaches to patching what they can.
    • “Enterprise attack surfaces continue to expand rapidly, with more than 20,000 new vulnerabilities disclosed in the first half of 2025, straining already hard-pressed security teams.
    • “Nearly 35% (6,992) of these vulnerabilities have publicly available exploit code, according to the Global Threat Intelligence Index study by threat intel firm Flashpoint.
    • “The volume of disclosed vulnerabilities has more than tripled while the amount of exploit code has more than doubled since the end of February 2025 alone.
    • “These increases make it no longer feasible for most organizations to triage, remediate, or mitigate every vulnerability, Flashpoint argues, suggesting enterprises need to apply a risk-based patching framework. But some experts quizzed by CSO went further — arguing a complete operational overhaul of vulnerability management practices is needed.
    • The article delves into that approach.
  • Per the National Institute of Standards,
    • “The NIST National Cybersecurity Center of Excellence (NCCoE) has finalized a guide, NIST Special Publication (SP) 1334, Reducing the Cybersecurity Risks of Portable Storage Media in Operational Technology (OT) Environments, to help organizations protect their industrial control systems from cybersecurity threats when using removable media devices.
    • “Portable storage media devices, like USB flash drives, are commonly used to transfer data between computers. However, using them in OT environments and industrial control systems, such as those used in power plants or manufacturing facilities, can pose a cybersecurity risk. If a USB device is infected with malware, it can spread to the industrial control system and cause problems, such as disrupting operations or compromising safety.
    • “This NCCoE resource suggests implementing physical and technical controls to limit access to these devices and ensure they are used securely.”
  • Here is a link to Dark Readings’ CISO Corner.

Friday report

David ErmerCDC, CMS, Congress, COVID-19, Medical / Rx research, Medicare, Mental health care, NCQA, U.S. Healthcare, Uncategorized

From Washington, DC,

  • Govexec tells us,
    • “Federal employees have been asking a lot of questions since the White House put out guidance this week suggesting large swaths of them would face layoffs under a government shutdown if one occurs next week.
    • “So far the answer many of them are getting is: we are planning to send you home without pay, but only until the shutdown ends. That is to say, agency officials are telling employees they will face their normal shutdown furloughs, but not reduction-in-force notices. 
    • “We were told we won’t be RIF’d, regardless of whether we have to work,” said one General Services Administration employee, whose office is typically furloughed during a funding lapse. 
  • The Centers for Medicare and Medicaid Services announced,
    • [A]verage premiums, benefits, and plan choices for Medicare Advantage (MA) and the Medicare Part D prescription drug program are expected to remain stable in 2026. Average premiums are projected to decline in both the MA and Part D programs from 2025 to 2026.
    • CMS is committed to ensuring these programs work for Medicare beneficiaries while maintaining access to high-quality, affordable healthcare options, safeguarding taxpayer dollars, and making sure beneficiaries have the information they need to make informed choices about what is best for them. 
    • CMS releases this key information, including 2026 premiums, benefits, and access to plan options for MA and Medicare Part D prescription drug plans, ahead of the upcoming Medicare Open Enrollment, which runs from October 15, 2025, to December 7, 2025.
    • “Millions of Medicare beneficiaries will continue to have access to a broad range of affordable coverage options in 2026,” said CMS Administrator Dr. Mehmet Oz. “We want every beneficiary to take advantage of Open Enrollment—compare your options and choose the plan that gives you the right care at the best price.”
  • The American Hospital Association News informs us,
    • President Trump, late Sept. 25, announced that starting Oct. 1, the U.S. will impose a 100% tariff on any branded or patented pharmaceutical product, unless a company is building its pharmaceutical manufacturing plant in America. The president’s post on Truth Social said “is building” will be defined as “breaking ground” or “under construction” and that there would be no tariff on “these Pharmaceutical Products if construction has started.”   
    • As of 3 p.m. ET on Sept. 26, the administration has not released any official documents related to the tariff announcement.  
  • BioPharma Dive adds,
    • “The new pharmaceutical tariffs President Donald Trump announced on Thursday, which will go into effect on Oct. 1, could have a limited impact on the pharmaceutical industry due to multiple exemptions for generics, exports from Europe and companies already onshoring manufacturing.
    • “The tariffs, unveiled via a post on the social media platform Truth Social, haven’t been accompanied by legal documents, leaving key details unclear. However, the 100% levies, which are much smaller than the figure previously floated by the Trump administration, alleviate some uncertainty around U.S. drug pricing policy.
    • “The announcement comes days before the expected release of programs meant to align U.S. drug prices with what’s paid in Europe and elsewhere. Published reports have suggested those policies may be more modest than Trump originally proposed, however.”
  • FedWeek points out,
    • “A new bipartisan group of House members has been formed with a focus on the impact on jobs and delivery performance of the Delivering for America reorganization initiative.
    • “The Congressional Postal Service Caucus will focus on improving on-time delivery rates, protecting postal employees, and stopping harmful facility consolidations that reduce access in rural and underserved areas,” said a statement from the founding members. A caucus is a less formal organization than a congressional committee, typically focusing on issues—and trying to build consensus on them—that cross committee areas of jurisdiction.”
  • NCQA, writing in LinkedIn, lets us know about NCQA researchers sharing findings on emerging topics in health care.

From the public health and medical research front,

  • The Centers for Disease Control and Prevention announced today,
    • “COVID-19 activity has peaked and is declining in many areas of the country, but emergency department visits and hospitalizations are elevated nationally. Seasonal influenza and RSV activity is low.
    • “COVID-19
      • “The percentage of COVID-19 laboratory tests that are positive is declining nationally. The percentage of emergency department visits for COVID-19 are highest in children 0-4 years old. Hospitalization numbers and the percentage of emergency department visits are elevated in adults 65 years and older.
    • “Influenza
    • “RSV
      • “RSV activity is low nationally.
  • The University of Minnesota CIDRAP adds,
    • “The current COVID wave began in June, marked by a slow rise that never approached levels seen last summer.
    • “Wastewater SARS-CoV-2 detections are now at the moderate level and are highest in Northeast, followed by the West and the South.”
  • Prevention notes,
    • “The Stratus COVID variant, a.k.a. XFG, is currently the dominant strain of the virus in the U.S., causing 78% of cases in the country, according to CDC data.
    • “It’s an Omicron variant, and it’s a hybrid of two strains—LF.7 and LP.8.1.2,” says Thomas Russo, M.D., professor and chief of infectious disease at the University at Buffalo in New York.
    • Stratus has several mutations to the spike protein, which the virus uses to infect your cells and make you sick, per the World Health Organization (WHO). But the WHO also notes that the threat posed by Stratus is “low.”
  • The Wall Street Journal reports,
    • “President Trump’s return to office has supercharged the debate about childhood vaccinations. Trump himself recently stated that “children get these massive vaccines…like you give to a horse…they get like 80 vaccines,” while Health Secretary Robert F. Kennedy Jr. asserts that babies get up to 92 vaccine doses. In justifying Florida’s decision to end mandatory vaccine mandates for children, state surgeon general Joseph Lapado asked: “Who am I to tell you what your child should put in [their] body? I don’t have that right.”  
    • “These statements misstate the amount and number of vaccines administered to children. Over the course of 18 years, it’s typically 30 doses—in quantities about a tenth of a teaspoon—for about 16 different pathogens. But the critics raise important questions that parents have every right to ask. Why give vaccines so early in a baby’s life? And why shouldn’t parents just pick and choose what goes into their child?  
    • “The crucial context for this discussion is two facts. First, vaccines constitute only a minuscule fraction of the exposure to pathogens that children’s immune systems must contend with. Second, our bodies develop the most enduring antibodies in the early years of life.”
  • JAMA relates,
    • “For years, most observers attributed the higher number of Alzheimer disease cases among women to the simple fact that they live longer than men on average.
    • “Recently, though, scientists have come to recognize that the explanation for the sex gap in the prevalence of Alzheimer disease, the cause of most cases of dementia, is far more nuanced and complex, involving both biological and sociocultural factors.
    • “Research has focused on such potential contributors as women’s exposure to sex hormones, the genes in the X chromosome, the prevalence and effect of risk factors such as hearing loss, the apolipoprotein E ε4 (APOE4) variant, and diminished cognitive reserve related to lower education levels.
    • “Approximately 2 out of every 3 people living with Alzheimer disease in the US is a woman, Harvard neuropsychologist Rachel Buckley, PhD, noted. “Women actually tend to live with dementia for much longer than men.”
  • Per Health Day,
    • “An experimental pill can significantly reduce hot flashes and night sweats for women after menopause a new clinical trial has determined.
    • “Elinzanetant produced a nearly 74% reduction in the frequency and severity of these menopause symptoms within three months, researchers reported recently in JAMA Internal Medicine.
    • “Further, this relief lasted for a year, the trial found.
    • “This yearlong study not only confirmed the initial findings of rapid and significant reduction in the frequency and severity of hot flashes and night sweats but also provided evidence that these effects were sustained over a year, offering hope for longer-term relief,” researcher Dr. JoAnn Pinkerton said in a news release. She’s director of midlife health at University of Virginia Health in Richmond.”
  • and
    • “Routine screening can help find kids who are suffering from undiagnosed asthma in communities with high levels of the breathing disorder, a new study says.
    • “Asthma screening during well-child visits found that more than two-thirds (35%) of children with no previous diagnosis of asthma had at least one risk factor for the disease, researchers will report Monday at an American Academy of Pediatrics’ meeting in Denver.
    • “Further, about 24% of kids with risk factors were subsequently diagnosed with asthma, researchers said.”

From the U.S. healthcare business front,

  • Beckers Payer Issues reports,
    • “Commercially insured patients pay substantially different rates for the same procedure, with negotiated costs for inpatient procedures varying by an average ratio of 9.1, according to an August report from market intelligence firm Trilliant Health.
    • “The report reviewed health plan transparency data from Aetna and UnitedHealthcare, focusing on 11 inpatient and outpatient procedures.
    • “A coronary bypass without cardiac catheterization, excluding major complications or comorbidities, had negotiated rates ranging from $27,683 to $247,902. Another finding: Outpatient procedures at ambulatory surgery centers would often cost less than those taking place in a hospital’s outpatient department. Colonoscopies, for example, would cost 67.5% less on average than the median hospital rate.
    • “By reviewing a sample of 10 hospitals featured on a collection of “best hospitals” rankings, the researchers also found no correlation between cost and quality.”
  • and
    • “Regional, nonprofit health plans are falling behind large national insurers, with 71% recording an operating loss in 2024 and more than half having two years or less before regulatory intervention is triggered, according to a Sept. 24 report from HealthScape Advisors.
    • “Executives and boards of directors now face the most important decision of their leadership tenures: How do we survive?” the report said.” 
  • Kauffman Hall explains,
    • “The rise of ambulatory surgery centers (ASCs) marks a shift in how surgical care is delivered across the U.S. Amid soaring healthcare costs, tighter reimbursement and advancing surgical technology, health systems are rethinking where and how procedures are done. Many are moving complex surgeries like total joint replacement and spine out of hospitals and into ambulatory settings. Once limited in scope, ASCs are becoming key players in strategically important service lines like orthopedics.” * * *
    • “ASCs are not a magic wand for health systems. While they offer savings to payers, the economics are fragile for providers. Healthy margins require lean operations, smart sourcing and trusted partnerships.
    • “There’s a growing demand for more complex procedures in outpatient settings, but ASCs need to strategically position themselves to meet this demand in an operationally and financially sustainable way.
    • “With advances in surgical technology and care coordination, ASCs are ready to deliver on the promise of value-based care. The challenge for health systems isn’t just to shift where care is delivered, but to rethink how surgical care is structured, managed and financed for long-term performance.”
  • Optum, writing in LinkedIn, discusses how “breakthrough cancer drugs offer better outcomes – but soaring costs pose challenges.”
  • The Wall Street Journal reports,
    • AstraZeneca AZN said it will offer its asthma and diabetes drugs at an up to 70% discount in the U.S. ahead of a Trump administration deadline for pharmaceutical companies to cut drug prices.
    • “The company said it would launch a direct-to-consumer platform on which eligible patients with prescriptions will be able to purchase its Airsupra and Farxiga drugs in cash at a discount. The platform will be available beginning Oct. 1.
    • “In July, President Trump sent pharmaceutical companies a letter setting a Sept. 29 deadline to propose cuts to their drug prices.
    • “In response, several drugmakers have rolled out direct-to-consumer platforms to offer discounted drugs. Earlier this week, Bristol Myers Squibb said it would offer its plaque psoriasis drug at an up to 80% discount, expanding on its discounted program for blood clot drug Eliquis, which it announced in July.”
  • Fierce Pharma adds,
    • “In an expansion of its previous moves to cut insulin prices, Sanofi will cap the price of each of its insulin products at $35 per month in the U.S. regardless of a patient’s insurance status.
    • “The move, which goes into effect at the start of next year, comes two years after the company slashed the price of its most popular insulin, Lantus, to $35 monthly for those with commercial insurance.
    • “Before that, in June of 2022, Sanofi reduced the price of an unbranded Lantus biologic from $99 per month to $35 for those in the U.S. without insurance.
    • “Sanofi’s cost-cutting efforts have mirrored those of the world’s other two primary sellers of insulin—Novo Nordisk and Eli Lilly—and come as advanced insulin products and insulin biosimilars are reaching the market.”


Tuesday Report

David ErmerAHRQ, CDC, CMS, Electronic health records, FDA, Medical / Rx research, Medicare, Rx coverage, U.S. Healthcare, Uncategorized

From Washington, DC,

  • The American Hospital Association News tells us,
    • “The Department of Health and Human Services today announced prescription drug reforms that will become effective Oct. 1 originating from the Health Data, Technology, and Interoperability: Electronic Prescribing, Real-Time Prescription Benefit and Electronic Prior Authorization (HTI-4) final rule. Health IT tools certified by the HHS Assistant Secretary for Technology Policy/Office of the National Coordinator for Health Information Technology will allow drug prescribers to compare drug prices in real time and identify lower-cost alternatives available under a patient’s insurance coverage, particularly if they are covered under Medicare Part D. Providers will also be able to submit prior authorizations for medical services electronically to accelerate the process. The HTI-4 rule was released in July as part of the Centers for Medicare & Medicaid Services’ inpatient prospective payment system final rule for fiscal year 2026.”
  • Beckers Hospital Review informs us,
    • “HHS launched a [public] dashboard Aug. 27 to track organ transplants that skip patients next in line on transplant waiting lists. 
    • “The practice, called “allocation out of sequence,” is growing in frequency. In 2024, organ procurement organizations skipped waitlisted patients for 19% of transplants from deceased donors, six times more often than from a few years prior. The frequency increase is partly driven by clinicians prioritizing favoritism and ease over fairness, according to The New York Times
    • “The Organ Procurement and Transplantation Network’s policies and national law mandates organ allocation follow a “match run” to rank eligible recipients based on medical urgency, distance and other factors, according to HHS. 
  • Beckers Payer Issues points out,
    • “Medicare Shared Savings Program Accountable Care Organizations generated record savings and continued to improve quality performance in 2024, CMS said Aug. 28.
    • “In 2023, the program saw $2.1 billion in net savings.” * * *
    • “Nearly all ACOs met quality reporting requirements, with more shifting to digital measures that use electronic health information. ACOs also saw health outcomes improve around controlled blood pressure, poor A1c control and depression screenings.” 
  • Per an OPM news release,
    • The U.S. Office of Personnel Management (OPM), in collaboration with the Assistant to the President for Domestic Policy, today sent a comprehensive Frequently Asked Questions (FAQ) document to agencies to help support the implementation of the Merit Hiring Plan, pursuant to President Trump’s Executive Order 14170. The FAQ provides detailed guidance to federal agencies on reforming the hiring process to prioritize merit and fairness.
    • A key highlight of the Merit Hiring Plan is the introduction of a two-page resume limit for federal job applications submitted through USAJOBS, taking effect September 27, 2025. This reform ensures hiring managers focus on the most relevant qualifications and experience, streamlining the review process. OPM is providing a transition period until the deadline, along with updated USAJOBS guidance and resume-building tools online to assist applicants in meeting the new standard.
  • The Government Accountability Office released a report titled “Illicit Fentanyl: DHS Has Various Efforts to Combat Trafficking but Could Better Assess Effectiveness.
    • “With about 48,000 deaths in 2024, fentanyl continues to be the primary cause of overdose deaths in the United States.
    • “The Department of Homeland Security has various efforts to combat the trafficking of illicit fentanyl. For example, it inspects incoming travelers and shipments and conducts patrols along the border.
    • “We reviewed these efforts and found issues with how DHS assesses their effectiveness. For example, DHS hasn’t set performance goals and measures—so it’s hard to know if DHS is making progress in its efforts to stop the flow of fentanyl.
    • ‘We recommended, among other things, that DHS set such performance goals and measures.”

From the Food and Drug Administration front,

  • Per an FDA news release,
    • “The U.S. Food and Drug Administration calls on nicotine pouch manufacturers to use child-resistant packaging to protect American children from accidental, harmful exposure. From April 1, 2022, to March 31, 2025, the number of reported nicotine pouch exposure cases reported to U.S. Poison Centers steadily increased. Approximately 72% of nicotine pouch exposure cases occurred in children under 5 years of age.
    • Nicotine pouches contain concentrated nicotine that can be harmful or potentially fatal to young children, even in small amounts. Toxic effects in young children have been reported with nicotine doses as low as 1 to 4 milligrams. Symptoms of nicotine poisoning may include confusion, vomiting, and loss of consciousness. 
    • “I am concerned about rising reports of nicotine exposures in young children caused by nicotine pouches,” said FDA Commissioner Marty Makary, M.D., M.P.H. “The fruity flavors and bright, colorful designs of nicotine pouch products could resemble candy and seem attractive to children. Manufacturers should consider what steps they can take to prevent accidental exposures and ingestion.” 
    • “The FDA is also issuing information for consumers on how to properly store nicotine pouches and prevent accidental exposure to children.” * * *
    • To date, the FDA has authorized 20 nicotine pouch products, all of which make use of child-resistant packaging, which are listed at www.fda.gov/authorizednicotinepouches.  

From the public health and medical/Rx research front,

  • The AP reports,
    • “A New York City hospital and another city-run building were sources for a deadly outbreak of Legionnaires’ disease in Harlem that killed seven people and sickened dozens of others, health officials announced Friday. 
    • “The New York City Health Department said bacteria from cooling towers atop Harlem Hospital and a nearby construction site where the city’s public health lab is located matched samples from some of the ill patients.
    • “The agency said they consider the bacterial cluster officially over since the last day anyone reported symptoms of Legionnaires’ disease was three weeks ago on Aug. 9. Since the outbreak, seven people have died and 114 people have been diagnosed with Legionnaires’ disease, while six people are in the hospital.” * * *
    • “City health officials said all facilities in the affected area have cleaned and disinfected their cooling towers. 
    • “They also are considering a series of changes to try to prevent future outbreaks. Among them are requiring building owners to test for Legionella every 30 days instead of the current 90-days and increasing the fines for violations for failure to comply with local cooling tower regulations.”
  • Beckers Hospital Review points out,
    • “Following almost a decade of decline, prostate cancer incidence in the U.S. increased 3.0% per year between 2014 through 2021, according to a report published Sept. 2 in CA: A Cancer Journal for Clinicians. Incidence of advanced-stage prostate cancer at diagnosis had the highest rate of increase at about 4.7% per year.
    • “At the same time, prostate cancer mortality continued to decline, though at a slower rate than the previous two decades. Prostate cancer mortality declined by 0.06% over the past decade, compared to the 3% to 4% annual decline seen in the late 20th and into the early 21st centuries.
    • “For the report, researchers analyzed cancer incidence and mortality data collected by the CDC and the National Cancer Institute through 2021 and 2023, respectively.” * * *
    • “Read the full report here.” 
  • NPR Shots relates
    • “People who inherit two copies of a gene variant called APOE4 have a 60% chance of developing Alzheimer’s by age 85.
    • “Only about 2% to 3% of people in the U.S. have this genetic profile, and most of them don’t know it because they’ve never sought genetic testing.
    • “But three scientists are among those who did get tested and learned that they are in the high-risk group. Now, each is making an effort to protect not only their own brain, but the brains of others with the genotype known as APOE4-4.”
  • Check out their stories.
  • Per Health Day,
    • “Common over-the counter painkillers might be quietly fueling antibiotic resistance, a new study warns.
    • Ibuprofen and acetaminophen appear to enhance mutations in E. coli, making the common bacteria more resistant to the broad-spectrum antibiotic ciprofloxacin, researchers reported in the journal npj Antimicrobials and Resistance.
    • “What’s more, the two drugs amplify this effect when used together, researchers found.
    • “Antibiotic resistance isn’t just about antibiotics anymore,” said lead researcher Rietie Venter, an associate professor with the University of South Australia.
    • “This study is a clear reminder that we need to carefully consider the risks of using multiple medications – particularly in aged care where residents are often prescribed a mix of long-term treatments,” she said in a news release.”
  • BioPharma Dive relates,
    • “Ionis on Tuesday said its new lipid-lowering drug Tryngolza met the main goals of two Phase 3 clinical trials that could expand its use. Results showed the drug significantly reduced triglyceride levels in people with severely elevated levels of the fat in their bloods and prevented accompanying pancreatitis episodes.
    • “The company will ask the Food and Drug Administration by the end of the year to add severe hypertriglyceridemia to Tryngolza’s label. The drug, Ionis’ first wholly owned product, gained approval in December for a rare inherited condition called familial chylomicronemia syndrome, for which it recorded $25.6 million in sales over the first six months of 2025.”
  • Per a corporate news release,
    • “United Therapeutics Corporation (Nasdaq: UTHR), a public benefit corporation, today announced that its TETON-2 study evaluating the use of nebulized Tyvaso® (treprostinil) Inhalation Solution for the treatment of idiopathic pulmonary fibrosis (IPF) met its primary efficacy endpoint of demonstrating improvement in absolute forced vital capacity (FVC) relative to placebo.
    • “Tyvaso demonstrated superiority over placebo for the change in absolute FVC by 95.6 mL (Hodges-Lehmann estimate, p <0.0001) from baseline to week 52 in patients with IPF. Benefits of Tyvaso were observed across all subgroups, such as use of background therapy (nintedanib, pirfenidone, or no background therapy), smoking status, and supplemental oxygen use.
    • “Statistically significant improvements relative to placebo were also observed in most secondary endpoints, including time to first clinical worsening event, as well as changes from baseline to week 52 in percent predicted FVC, King’s Brief Interstitial Lung Disease quality of life questionnaire (K-BILD), and diffusion capacity of lungs for carbon monoxide (DLCO). While not statistically significant, both time to first acute exacerbation of IPF and overall survival at week 52 trended in favor of Tyvaso. Treatment with Tyvaso was well-tolerated, and the safety profile was consistent with previous Tyvaso studies and known prostacyclin-related adverse events. No new safety signal was seen.
    • “It is a profound honor to witness the power of scientific innovation realized for patients in need,” said Martine Rothblatt, Ph.D., Chairperson and Chief Executive Officer of United Therapeutics. “TETON-2’ssuccessful outcomeaffirms the anti-fibrotic power of Tyvaso. We have unlocked new hope for patients with IPF and their families.”
  • The American Medical Association lets us know what doctors wish their patients knew about rebound congestion.
  • Per MedPage Today,
    • “Patients with type 2 diabetes who were treated with GLP-1 receptor agonists were less likely to develop peptic ulcer disease (PUD), a nationwide study found.
    • “In an analysis of more than 65,000 patients, GLP-1 users had 44% lower odds of PUD compared with non-users (adjusted OR 0.56, 95% CI 0.45-0.71, P<0.001), reported Trisha Pasricha, MD, MPH, of Beth Israel Deaconess Medical Center in Boston, and colleagues.
    • “In a subgroup of patients with a history of metformin use, switching to a GLP-1 receptor agonist for second-line treatment was associated with a 56% lower hazard of PUD compared with switching to insulin (adjusted HR 0.44, 95% CI 0.30-0.63, P<0.001). By 2 years, the cumulative PUD risk was 1.8% in the GLP-1 group versus 4.5% in the insulin group, the authors reported in Clinical Gastroenterology and Hepatology.”
  • and
    • “A personalized message about advanced colorectal neoplasia risk to patients and providers had no effect on colorectal cancer screening uptake, a randomized trial showed.
    • “Among 1,084 average-risk patients, the predicted probability of completing colorectal cancer screening with a personalized decision aid was 36.8% versus 41% with a generic decision aid (P=0.18), reported Peter H. Schwartz, MD, PhD, of the Indiana University School of Medicine in Indianapolis, and colleagues.
    • “For the 214 providers who were sent personalized notifications about patients’ risk, the predicted probability of the patient completing screening was 41.5% versus 36.4% for those who received a generic notification (P=0.135), they noted in the Annals of Internal Medicine.
    • “The overall result was negative, although there were some really interesting results in subgroups,” Schwartz told MedPage Today.”
  • and
    • “Among older adults, the incidence of myocarditis or pericarditis was lower among those who received the high-dose inactivated flu vaccine versus the standard-dose vaccine.
    • “There were only two cases of myocarditis observed among over 300,000 study participants, both in the standard-dose group.
    • “These results may not be generalizable to younger people, who are at greater risk of inflammatory cardiac conditions.”

From the U.S. healthcare business front,

  • Healthcare Dive reports,
    • “Cigna’s health services division Evernorth has invested $3.5 billion in Shields Health Solutions as the company continues to build out its lucrative specialty pharmacy business.
    • “Shields, which helps hospitals and other providers create and manage their own specialty pharmacies, is one of five standalone businesses created from pharmacy behemoth Walgreens, which was acquired and chopped up by private equity firm Sycamore Partners last week.
    • Evernorth’s investment in the form of preferred stock does not give Evernorth a controlling stake in Shields and is not expected to materially impact Cigna’s earnings guidance for 2025. The deal does give the company the option to invest more in Shields in the future.”
  • Fierce Healthcare announced its “FIERCE 50 OF 2025, the people and organizations advancing what’s possible in health, science and patient care.”
  • Beckers Hospital Review tells us,
    • “The University of Texas at San Antonio merged with The University of Texas Health Science Center at San Antonio on Sept. 1 to become The University of Texas at San Antonio. 
    • “The University of Texas System shared plans to merge the two entities into a unified institution in late August 2024. 
    • “The institution, which is now Texas’ third-largest public research university, comprises 15 colleges and schools across six campuses, around 40,000 students, 17,000 employees, more than 320 undergraduate and graduate degrees, $486 million in annual research expenditures and a $1.3 billion endowment, according to a Sept. 1 news release.”
  • Hook’em. 
  • Per an ICER news release,
    • “The Institute for Clinical and Economic Review (ICER) today released a Final Evidence Report assessing the comparative effectiveness of apitegromab (Scholar Rock Holdings), as well as the disease-modifying therapies nusinersen (Spinraza®, Biogen), onasemnogene abeparvovec-xioi (Zolgensma®, Novartis), and risdiplam (Evrysdi®, Genentech) for spinal muscular atrophy (SMA). Apitegromab is an investigational new drug seeking FDA approval for improving motor function in patients with SMA.” * * *
    • ICER has calculated a health benefit price benchmark (HBPB) to be between $4,600 and $30,200 per year.\
    • ICER’s independent assessment of value informs the critical decisions that stakeholders across the US health system need to make around pricing and coverage. Following the voting session, a policy roundtable of experts — including clinical experts, carers and patient advocates, and representatives from US payers — convened to discuss the pricing implications and recommendations to ensure fair access. Key recommendations stemming from the roundtable discussion include: 
      • The manufacturer should set prices that will foster affordability and good access for all patients by aligning prices with the patient-centered therapeutic value of their treatments. Given the small average improvement in motor function for patients treated with apitegromab and the uncertainty about serious adverse events, manufacturer pricing should reflect ICER’s value-based price range in moderating launch pricing.
      • The use of SMN-directed therapy after gene therapy or in combination should only be done in the context of research studies.
      • A randomized trial should be performed of first-line therapy in asymptomatic patients identified through newborn screening to better understand the comparative advantages and disadvantages of each of the three SMN-directed therapies.
    • ICER’s detailed set of policy recommendations is available in the Final Evidence Report and in the standalone Policy Recommendations document. 
  • Per Healthcare Dive,
    • “Artificial intelligence-enabled medical devices with no clinical validation were more likely to be the subject of recalls, according to a study published in JAMA Health Forum. 
    • “The study, published on Aug. 22, looked at 950 AI medical devices authorized by the Food and Drug Administration through November 2024. Sixty of the devices were associated with 182 recall events. 
    • ‘The most common causes of recalls were diagnostic or measurement errors, followed by functionality delay or loss. About 43% of all recalls also took place within one year of FDA authorization. 
    • “Tinglong Dai, lead author of the study and a professor at the Johns Hopkins Carey Business School, said the “vast majority” of recalled devices had not undergone clinical trials. For the majority of AI-enabled devices, which went through the FDA’s 510(k) pathway, clinical studies are not required. 
    • “Unfortunately, it’s not required, and so people don’t do it,” Dai said in an interview. “So, that’s why we believe it is one of the most important drivers of the recalls.”
    • “By comparison, the study found that devices that had gone through retrospective or prospective validation were subject to fewer recalls.” 
  • Per BioPharma Dive,
    • “Novartis is once again taking aim at Parkinson’s disease, through a deal with Arrowhead Pharmaceuticals that could be worth billions of dollars.
    • “The deal, announced Monday, revolves around a preclinical drug that Arrowhead designed to silence the genetic instructions for “alpha-synuclein,” a protein tied to Parkinson’s disease and other brain-eroding illnesses. Novartis has now agreed to pay $200 million for an exclusive license to research, develop, manufacture and commercialize the drug.
    • “Arrowhead could receive an extra $2 billion or more by hitting certain development goals and collecting royalties on any resulting products. Per deal terms, Novartis will also be able to select additional disease targets outside of Arrowhead’s current pipeline to advance using the latter’s drug making technology, which centers on a technique called RNA interference.
    • “The companies plan to close their agreement sometime this year.”
  • and
    • “The biotechnology careers of John Maraganore and Clive Meanwell have brought them into collaboration time and time again.
    • “As the respective founders of Alnylam Pharmaceuticals and The Medicines Company, the two previously partnered on the drug that would ultimately become Leqvio, which was later bought in a $10 billion acquisition of Medicines Co. by Novartis. And before Alnylam, Maraganore had led development at Biogen of Angiomax, which was later licensed to Meanwell’s company.
    • “Now, the two have partnered to launch and run Corsera Health, which aims to make a preventive medicine for cardiovascular disease as well as an artificial intelligence tool to identify who could benefit from earlier heart intervention. 
    • “Corsera’s target are younger people who are not “willing to wait 40 years to see whether they have a heart attack,” Meanwell said. “They’re saying, ‘What can I find that will help me?’”
    • “Corsera’s lead drug, an RNA interference therapeutic now in preclinical testing, is designed to be a once-yearly injection that blocks two targets known to drive cardiovascular disease: PCSK9 and angiotensinogen. The company expects to begin clinical testing by the end of the year.”

Friday report

David ErmerCDC, COVID-19, FDA, Medical / Rx research, Medicare, No Surprises Act, OPM, U.S. Healthcare, Uncategorized

From Washington, DC,

  • Here’s a link to this week’s blog post from the OPM Director Scott Kupor. The week’s post concerns the federal government’s budget.
  • Per an OPM news release,
    • The U.S. Office of Personnel Management (OPM) today announced that its guidance memorandums to federal agencies will now be housed directly on OPM.gov to make them easier to find and more accessible. The former page will be transitioned to a new page on OPM’s website and will also be available here.
  • The New York Times reports,
    • “CVS and Walgreens, the country’s two largest pharmacy chains, are for now clamping down on offering Covid vaccines in more than a dozen states, even to people who meet newly restricted criteria from the Food and Drug Administration.
    • “On Thursday, Amy Thibault, a spokeswoman for CVS, said the vaccine was not available at pharmacies in 16 states, citing “the current regulatory environment” and emphasizing that the list could change.
    • “On Friday, CVS issued an update: It could administer vaccines in 13 of the 16 states, and in the District of Columbia, to people who had obtained a prescription from a doctor or other medical provider. (As of Friday morning, its online scheduling tool still did not allow anybody to book an appointment in those places; Ms. Thibault said an update was in progress.) In Massachusetts, Nevada and New Mexico, CVS still cannot offer the shots at all, Ms. Thibault said.
    • “She did not provide an explanation for the change.
    • “Walgreens said in a statement that it was “prepared to offer the vaccine in states where we are able to do so” to people who met the F.D.A. criteria. When a New York Times reporter tried to schedule vaccine appointments in all 50 states, the Walgreens website said patients would need a prescription in 16 of them. Though there is some overlap, it’s not the same set of 16 as CVS, underscoring the level of confusion.” * * *
    • “CVS will make the vaccines readily available nationwide if the advisory panel recommends them, Ms. Thibault said. (In the 34 states where the company hasn’t set limits, people can simply check a box when they make an appointment online to attest that they meet the F.D.A. criteria, without a prescription or other documentation.) But since the panel hasn’t yet made a decision, the company is holding back in states where it believes its pharmacists need a C.D.C. endorsement.”
  • Fierce Healthcare informs us,
    • “While data released earlier this week raised questions about the administrative costs associated with No Surprises Act (NSA) arbitrations, a second study suggests the legislation is working to reduce out-of-pocket costs for members.
    • “Researchers at Harvard University and Mass General Brigham examined a sample of 17,351 privately insured adults, 8,204 of which lived in states that gained protections against surprise billing thanks to the legislation. The remaining 9,147 lived in states where some kind of program was already in place to protect consumers against these costs.
    • “The study found a significant decrease in out-of-pocket spending for people living in the new intervention states. The study attributes savings of $567 in yearly out-of-pocket costs to the protections.
    • “In fact, the study suggests that these protections are leading to greater savings for consumers than other policy changes such as Medicaid expansion and the drug pricing policies under the Inflation Reduction Act (IRA). Expanded Medicaid was tied to a $152 decrease in annual out-of-pocket spending, while the IRA is estimated to drive $400 in savings each year for people with Medicare Part D coverage.”
    • “Our study findings support anecdotal reports that the NSA has successfully shielded patients from surprise billing,” the researchers wrote.
  • FEHBlog note — The two studies do not contradict each other.
  • The American Academy of Actuaries released a report on Medicare’s financial condition.
    • “Consistent with prior trustees’ reports, the 2025 Medicare Trustees Report stresses the serious financial challenges facing the Medicare program. It remains critical to address the HI [Medicare Part A trust fund] shortfall sooner rather than later. In addition, Medicare spending will continue to grow faster than the economy, increasing the pressure on beneficiary household budgets as well as the federal budget, threatening the program’s sustainability.
    • Medicare’s financial challenges could be more severe than projected, which leaves policymakers with the challenge to address the short- and longer-term challenges of program solvency while understanding the potential implications on beneficiary’s ability to afford and receive appropriate health care. Understanding the implicit and explicit consequences of any potential change or lack thereof requires continued collaboration between actuaries, program and agency staff, consumer advocates, and Congress.

From the Food and Drug Administration (FDA) front,

  • Fierce Pharma reports,
    • “While Sanofi originally had its eye on tolebrutinib when it purchased its partner Principia Biopharma for $3.7 billion five years ago, another one of the BTK inhibitors inherited from the biotech has made it across the FDA finish line first.
    • “The drug rilzabrutinib, which is now approved as Wayrilz in immune thrombocytopenia (ITP), has been hailed (PDF) by Sanofi as a potential “multi-indication blockbuster” that could deliver 2 billion to 5 billion euros at its sales peak. 
    • “The FDA’s approval on Fridayspecifically clears Wayrilz for use in adults with persistent or chronic ITP who haven’t responded to prior therapy. 
    • “The regulatory endorsement marks the first approval for a Bruton tyrosine kinase (BTK) inhibitor to treat ITP in the U.S., where the condition is estimated to affect around 100,000 people, Mike Quigley, Ph.D., Sanofi’s CSO and global head of research, said in an interview with Fierce.”
  • and
    • “Aiming to deliver blockbuster sales of its Alzheimer’s disease-fighting antibody Leqembi in its 2027 fiscal year, Eisai has cleared a key regulatory hurdle in its quest to grow the medicine’s reach.
    • “The FDA has approved a once-weekly subcutaneous maintenance dose of the drug in an autoinjector, dubbed Leqembi IQLIK, according to a joint press release from the Japanese pharma and its commercialization partner Biogen.
    • “In line with the label of the drug’s intravenously infused formulation, Leqembi IQLIK is cleared for use in Alzheimer’s patients with mild cognitive impairment or mild dementia. Patients may switch to the new subcutaneous maintenance dose after 18 months of intravenous (IV) initiation treatment every two weeks, or they can opt to stick with infusions every four weeks for maintenance therapy, Eisai said in its release.
    • “IQLIK’s approval could be a “gamer changer” in Alzheimer’s treatment, Katsuya Haruna, senior group officer and EVP of US business operations at Eisai, said in an interview with Fierce Pharma, noting that the 15-second injection is now the first and only amyloid therapy that can be administered at home.”

From the public health and medical research front,

  • The Centers for Disease Control and Prevention announced today,
    • “COVID-19 activity is increasing in many areas of the country. Seasonal influenza activity is low, and RSV activity is very low.
    • “COVID-19
      • “The percentage of COVID-19 laboratory tests that are positive is going up across the country. Emergency department visits for COVID-19 are increasing among all ages. COVID-19 wastewater activity levels and model-based epidemic trends (Rt) indicate that COVID-19 infections are growing or likely growing in most states.
    • “Influenza
    • “RSV
      • “RSV activity is very low.
  • The University of Minnesota’s CIDRAP adds,
    • “SARS-CoV-2 detections in wastewater are “very high” in Alabama, Hawaii, Louisiana, Nebraska, Nevada, South Carolina, Texas, Utah, and Washington, DC. They are high in 11 states. “Nationally, the wastewater viral activity level for COVID-19 is currently moderate,” the CDC said.
    • “In comparison, flu and respiratory syncytial virus (RSV) wastewater levels are listed as very low nationwide. ED visits for those two diseases are also listed as very low, but they are increasing for flu.”
  • Per Medscape,
    • “For older adults, the vaccine against respiratory syncytial virus (RSV) appears to be most effective in the first year after administration, according to new researchthat shows the benefits of the immunization fall roughly 60% within about 1.5 years.
    • “The database analysis showed that among adults aged 60 years or older, the effectiveness of the RSV vaccine at preventing infections fell from 71% at the 4-month mark to 40% 19 months after receipt.
    • “For clinicians, “the big takeaway is that the RSV vaccine works well, especially in the first year, and remains worth recommending to older patients, especially those at higher risk,” said Kersten Bartelt, RN, a research clinician at Epic Research, an arm of the records company, who helped conduct the analysis.”
  • The New York Times reports,
    • “A salmonella outbreak linked to eggs has sickened 95 people across 14 states, federal health officials said on Thursday. Eighteen people have been hospitalized.
    • “The company Country Eggs, of Lucerne Valley, Calif., has issued a recall of its large brown cage free “sunshine yolks” and “omega-3 golden yolks” eggs, according to the Food and Drug Administration.
    • “The recalled eggs were sold in grocery stores and delivered to food service distributors in California and Nevada between June 16 and July 9 and have sell-by dates between July 1 and Sept. 18. The recalled cartons were also sold under the brand names Nagatoshi Produce, Misuho and Nijiya Markets.
    • “Most of the people who have become ill so far — 73 of the 95 — are from California, according to the Centers for Disease Control and Prevention. But infections have been reported in 13 other states across the country, including in Washington State, Minnesota, New York and Pennsylvania. No one has died.”
  • Kaufmann Hall lets us know,
    • “A new report shows that the difference between expected and observed mortality rates for hospitalized surgical patients continues to improve. Hospitals have achieved nearly a 20% increase in survival rates for these patients compared with expected, reflecting advances in evidence-based care and safety practices. However, the analysis, from Vizient and the American Hospital Association, also finds that the average length of stay has risen by almost a full day over the past five years, due to increasing patient acuity and insurer-related delays in post-acute care placement, particularly in Medicare Advantage plans. This trend suggests ongoing challenges in balancing improved patient outcomes with efficient hospital throughput.”
  • Per Fierce Pharma,
    • “Flying high after an FDA approval four months ago to treat generalized myasthenia gravis (gMG), Johnson & Johnson’s much-touted Imaavy (nipocalimab) has taken a hit, coming up short as part of a combination therapy in a rheumatoid arthritis (RA) trial.
    • “Without revealing data from the phase 2a Daisy proof-of-concept study, J&J said that after 12 weeks, Imaavy provided no added benefit when added to an anti-TNFα therapy in patients with refractory RA.
    • “Based on these findings, Johnson & Johnson has decided not to proceed with the clinical development of nipocalimab in combination with an anti-TNFα therapy for RA,” the company said in its release.
    • “Despite the setback, J&J added that it is still “confident” that Imaavy can live up to the $5 billion-plus peak sales potential the company has pegged for the FcRn-blocking monoclonal antibody.”
  • Per Fierce Biotech,
    • “Zydus Therapeutics has racked up a phase 2b/3 win in primary biliary cholangitis (PBC), clearing the path to a filing to establish the company as a challenger to Gilead Sciences, Intercept Pharmaceuticals and Ipsen.
    • “The phase 3 part of the trial randomized 149 people to receive the PPAR agonist saroglitazar or placebo. After 52 weeks of daily oral dosing, 48.5% of patients on the Zydus drug met the biochemical response, achieving the primary endpoint of the trial. Zydus plans to discuss the data with the FDA with hopes of filing for approval in the first quarter of 2026.
    • “If approved, saroglitazar will enter a market served by other drugs, including rival PPAR agonists. The FDA approved two PPAR agonists in PBC last year, clearing Gilead’s Livdelzi and Ipsen’s Iqirvo to compete for the market with Intercept’s FXR agonist Ocaliva.
    • “Gilead reported (PDF) a 62% biochemical response rate in the study that supported approval of Livdelzi. Ipsen’s Iqirvo achieved (PDF) a 51% biochemical response rate in its pivotal trial.
    • “Unlike the PPAR agonists, Intercept’s Ocaliva carries a boxed warning. The FDA rejected a filing for full approval of the product in November—while leaving the accelerated nod in place—and flagged liver injury reports in December.”

From the U.S. healthcare business front,

  • Fierce Healthcare reports,
    • “The University of Pennsylvania Medical Center (UPMC) continues to flip last year’s losses, reporting this week a $348.6 million operating income (2.1% operating margin) for the six months ended June 30 thanks to increased volumes and a tighter underwriting margin.
    • “The integrated nonprofit had posted a $313.3 million operating loss (-2.2%) during the same period a year prior. Both half-year periods included tens of millions in restructuring costs—$30 million in 2025 and $87.8 million in 2024—under an effort the system had launched last year.
    • “For its second quarter alone, UPMC notched a $111.2 million operating gain compared to the prior year’s $210.3 million operating loss, both inclusive of restructuring costs. Total operating revenue during the first half of 2025 came to $16.5 billion.”
  • Beckers Payer Issues points out “Californians enrolled in Medicare Advantage are facing slower growth in healthcare costs compared to those in traditional Medicare, according to new research from the UCLA Center for Health Policy Research.”
  • Genetic Engineering and BioTechnology News offers its “updated A-List of the top 10 best-selling prescription drugs based on 2024 sales. Top-selling drugs are ranked based on sales or revenue reported for 2024 by biopharma companies in press announcements, annual reports, investor materials, and/or conference calls. Each drug is listed by name, sponsor(s), 2024 sales, 2023 sales, and the percentage change between those years.”
  • BioPharma Dive tells us,
    • “Novo Nordisk is again looking for help outside its own laboratories as it works to build on the success of Ozempic and its sister medicine Wegovy.
    • “In the latest deal, Novo will provide research funding for Replicate Bioscience as well as up to $550 million in payments to work on new treatments for obesity, Type 2 diabetes and other cardiometabolic disorders.
    • “The agreement includes an unspecified amount of cash upfront as well as money tied to certain milestones, Replicate said Thursday.”
  • Per Fierce Pharma,
    • “Pfizer is taking a curtain call for Vyndaqel, the low-dose version of its blockbuster tafamidis franchise for the rare heart disease transthyretin amyloid cardiomyopathy (ATTR-CM).
    • “Pfizer will discontinue Vyndaqel in the U.S. by the end of 2025, multiple amyloidosis patient groups alerted their members on social media earlier this month.
    • “The move will leave the high-dose Vyndamax as the only tafamidis brand on the market.
    • “This decision was made to enhance patient-centered care and convenience as Vyndamax offers the same active ingredient and clinical benefits as Vyndaqel, but in a single capsule taken once daily, making it easier for patients to take their prescription,” according to the posts, which appear to be relaying a message from Pfizer.”

Midweek Update

David ErmerCDC, CMS, COVID-19 vaccine, Generative AI, Government Contracting, Medical / Rx research, Medicare, No Surprises Act, OPM, Patient safety, U.S. Healthcare, Uncategorized

From Washington, DC,

  • Meritalk reports,
    • “With the Office of Personnel Management (OPM) on track to lose one-third of its workforce by the end of the year, OPM Director Scott Kupor said on Tuesday that he’s looking to technology to help steady the agency during its ongoing restructuring.
    • “Kupor, who the Senate confirmed as OPM director last month, said that his team is currently conducting a “reprioritization” effort to determine the top critical areas for the agency to focus on – and whether or not they need more headcount to get the job done.
    • “There may be cases where maybe we actually are short people,” Kupor said during an Aug. 26 event hosted by Federal News Network.
    • “We’re not perfect, and I fully acknowledge that there just may be areas where we need to revisit. So, there will be, I’m sure, some places where we have cut deeper than was appropriate, and we’ll have to make some changes,” he said.
    • “Some of those hiring efforts could target fresh talent, but Kupor said the agency may also look to rehire some employees who chose to participate in the deferred resignation program.”
  • The Wall Street Journal reports at 8:35 pm ET Wednesday,
    • “Susan Monarez, the director of the Centers for Disease Control and Prevention, has been pushed out of the job, a senior Trump administration official said Wednesday.
    • “Monarez, who led the agency for less than a month, clashed with Health and Human Services Secretary Robert F. Kennedy Jr. and members of his staff, the official said. President Trump had nominated her to lead the CDC in March after dropping his first pick. Previously the agency’s acting director, Monarez was the first CDC head without a medical degree in more than 70 years.
    • “Lawyers for Monarez said in a statement that she has neither resigned nor received notification from the White House that she has been fired. They also said she will not resign. “When CDC Director Susan Monarez refused to rubber-stamp unscientific, reckless directives and fire dedicated health experts, she chose protecting the public over serving a political agenda,” they said. “For that, she has been targeted.”
    • “Three senior CDC leaders, including Dr. Debra Houry, the agency’s chief medical officer, submitted their resignations Wednesday, according to emails viewed by The Wall Street Journal.”
  • Healthcare Dive tells us,
    • “The process set up by the No Surprises Act to settle disputes between providers and insurers about out-of-network claims is generating billions of dollars in extra costs for the healthcare system — costs that could trickle down in the form of higher consumer premiums, according to a new analysis.
    • “Independent dispute resolution, or IDR, has created an estimated $5 billion in total costs between its inception in 2022 and the end of last year, according to the report published in Health Affairs on Monday. The high amount of claims, significant provider participation and lofty offer amounts are driving the spending, researchers found.
    • “The analysis raises questions for policymakers concerned about curbing healthcare costs. In particular, Washington should consider tackling the high volume of ineligible disputes clogging up the process — and scrutinize the role of private equity, given providers backed by the firms are responsible for an outsized portion of disputes, researchers said.”
  • FEHBlog note — The No Surprises Act arbitration which is supposed to resemble baseball arbitration fails to include the safeguards found in actual baseball arbitration like a hearing at which the parties have access to both offers and can debate them before the decisionmakers.
  • Fierce Healthcare informs us,
    • “The National Committee on Quality Assurance (NCQA) has launched an artificial intelligence working group to determine how to best measure performance of high-risk AI once it has been deployed by health plans and providers. 
    • “The 35-year-old organization runs a spate of quality measurement and reporting programs, like health plan accreditation and the Healthcare Effectiveness Data and Information Set (HEDIS) measures used by 90% of health plans, according to the Office of the Assistant Secretary for Planning and Evaluation. 
    • “The NCQA has convened more than 30 organizations to share their experiences using AI and help create standards for the technology. Some members of its AI working group are the American Academy of Family Physicians, America’s Health Insurance Plans, Blue Cross Blue Shield of Tennessee, the Community Care Plan, Covered California, the Kaiser Foundation Health Plan and United HealthCare.
    • “As the modality of care, as the channels of healthcare delivery continue to evolve, and as we continue to see a very evolving healthcare delivery landscape, we do want to take a very hard look at what additional things we can do to continue putting that lens on quality and putting quality front and center,” Vik Wadhwani, chief transformation officer at NCQA, said in an interview.”
  • Kushner & Co. reminds us that the time for circulating Medicare prescription drug creditable coverage notices is approaching. The deadline is October 15, 2025.
    • For 2025, with the Inflation Reduction Act lowering the out-of-pocket maximum to $2,000 (from $8,000 in 2024), many employer prescription drug plans—and especially those with High-Deductible Health Plans—may find that their plans are no longer creditable. Further, new changes for 2026 may also impact these notices. Be sure to check with your group medical plan insurance carrier or TPA [or PBM] to ensure you’re in compliance in determining whether your prescription drug plan is creditable or noncreditable.
  • The FAR Council today finalized the inflation adjustments to FAR thresholds which take effect on October 1, 2025. The key change for FEHB carriers is the following:
    • “The cost or pricing data threshold at FAR 15.403–4, for contracts awarded before July 1, 2018, increases from $750,000 to $950,000. For contracts issued on or after July 1, 2018, the threshold increases from $2 million to $2.5 million.”
    • 90 Fed. Reg. 41873 (August 27, 2025)
    • OPM’s FEHBAR treats this threshold as the subcontract preapproval threshold for experience rated carriers and the flow down trigger for the significant events clause. 48 C.F.R. Secs. 1652.222-701652.244-70.

From the Food and Drug Administration (FDA) front,

  • The Wall Street Journal reports,
    • “The Food and Drug Administration authorized three new Covid-19 vaccines—from Pfizer and its partner BioNTech, and Moderna and Novavax—that target a variant of the coronavirus known as LP.8.1. This was the dominant circulating strain when FDA advisers picked a target in May. 
    • “The companies are expected to begin shipping doses to pharmacies and other vaccination sites within days. This is the fourth-year companies have updated Covid shots to target the primary variant that is circulating, in hopes the shots will better protect people from severe illness through the fall and winter months.
    • “In a change this year, the FDA cleared use of the updated vaccines in a smaller population. The three vaccines are cleared for everyone 65 and older, and for people in younger populations who have underlying conditions that put them at higher risk of severe Covid-19. 
    • “Pfizer’s vaccine was cleared for at-risk people ages 5 through 64, Moderna’s in at-risk people six months and older, and Novavax for at-risk people 12 and older.
    • “In previous years, U.S. health officials recommended the booster shots in most people six months and older, even if they didn’t have at-risk conditions.” * * *
    • “In deciding on vaccine coverage, health insurers typically follow recommendations by the Advisory Committee on Immunization Practices, or ACIP, which advises the CDC. They may also consider clinical recommendations from medical societies. 
    • “No meeting has been scheduled for ACIP to consider the new updated boosters. Kennedy fired all members of the ACIP in June and replaced them with people including some vaccine skeptics.
    • “A trade group for health-insurance companies, America’s Health Insurance Plans, said health plans will continue to follow requirements for ACIP-recommended vaccines.”
  • FEHBlog note — Indeed, the Affordable Care Act requires that health plans waive cost sharing for in-network administration of vaccines recommended by ACIP and confirmed by the CDC (or the HHS Secretary in the event of a vacancy in the CDC directorship.).
  • Cardiovascular Business adds,
    • “The U.S. Food and Drug Administration (FDA) is warning the public about a new safety issue associated with Johnson & Johnson MedTech’s Automated Impella Controller (AIC)
    • “This latest alert was put in place after Johnson & Johnson MedTech received reports that some of the Pump Driver Circuit Assemblies of its AICs contain 25V-rated tantalum capacitors instead of the expected 35V-related tantalum capacitors. This can cause the pump’s performance to suffer, and there a risk of the pump stopping altogether and triggering an “Impella Failure” or “Impella Stopped. Controller Failure” alarm. 
    • “One patient death has been linked to this issue. 
    • “This alert covers a total of 69 AICs. Full lists of the affected product codes and serial numbers are available as part of the FDA’s advisory. Anyone with one of the affected devices is urged not to use it any longer. Instead, the device should be quarantined until additional information is made available.
    • “The FDA is currently reviewing information about this potentially high-risk device issue and will keep the public informed as significant new information becomes available,” according to the advisory.”

From the judicial front,

  • Bloomberg Law reports,
    • “Cigna Health & Life Insurance Co. reached a class-wide settlement in a family’s lawsuit saying the insurer breached its fiduciary duties by failing to maintain an up-to-date list of in-network medical providers.
    • “The parties reached a preliminary agreement after a mediation session with a retired judge and plan to file details of the deal for court approval by Sept. 19, they said in a status report docketed Monday in the US District Court for the Northern District of Illinois. The filing didn’t include details about the terms of the settlement.” * * *
    • “Judge Manish S. Shah allowed portions of the case to advance in February, saying the family has a viable fiduciary breach claim based on Cigna’s failure to properly resolve the matter in a way that didn’t force them to foot the bill. But Shah dismissed the family’s claim for wrongfully denied benefits under the Employee Retirement Income Security Act because Cigna correctly paid their benefits according to the terms of their health plan.”

From the public health and medical research front,

  • Fierce Healthcare lets us know,
    • “Advancements in technology, testing and imaging have transformed cancer detection and risk assessment, enabling them to be faster and more precise.
    • “But providing patients with a cancer risk score or identifying those at high risk is only one step in cancer prevention. Getting patients to act on their cancer risk and get supplemental screening is the next big leap, and CancerIQ is focused on closing this gap.
    • “The company, which offers healthcare providers a cancer-focused precision health platform, developed new capabilities to provide patients at elevated risk for cancer with “hyper-personalized” patient education, engagement and navigation support. The new features were built on insights from thousands of high-risk patient journeys and backed by behavioral science with the aim to drive sustained follow-through on supplemental screenings that detect cancer earlier, according to executives.
    • “The first release focuses on screening breast MRI, with plans to support additional patient populations, including those eligible for low-dose lung CT.”
  • BioPharma Dive reports,
    • “People with early breast cancer who were treated in a late-stage study with Eli Lilly’s drug Verzenio and standard hormone therapy lived longer than those given hormone therapy alone, the company reported Wednesday.
    • “The summary results come from Lilly’s monarchE study, which began in 2017 and enrolled more than 5,600 adults with high-risk breast cancer that tested positive for hormone receptors but negative for a protein called HER2. Lilly said the improvement in survival was “statistically significant and clinically meaningful.”
    • “The study previously met its main goal, showing the addition of Verzenio improved invasive disease-free survival — data that supported a 2021 approval in this treatment setting. The overall survival findings, which were a secondary endpoint, will be presented at an upcoming medical meeting, Lilly said.”
  • STAT News relates,
    • “Akeso, a Chinese biotech with a drug positioned to rival Merck’s megablockbuster Keytruda, has reported for the first time that the therapy can improve patient survival.
    • “The therapy, ivonescimab, showed a statistically significant survival benefit as a second-line treatment when combined with chemotherapy to treat non-small cell lung cancers. The patients’ cancers had progressed after getting therapies targeting EGFR, a protein that can drive tumor growth. 
    • “The company described the results of the Chinese trial as clinically meaningful in a report for the first half of the year released on Tuesday. But it didn’t delve into details, which Akeso plans to share at an upcoming medical conference.”
  • Per Fierce BioTech,
    • “Amylyx’s withdrawn-from-market Relyvrio has failed to make an impact on primary or secondary endpoints in a rare neurodegenerative disease, prompting the company to discontinue the program.
    • “Oral therapy Relyvrio, which Amylyx is again referring to as AMX0035, was tested in progressive supranuclear palsy (PSP), a fatal and rapidly progressing condition that impacts mobility, eye movements, swallowing and speech. Currently, there aren’t any approved treatments for the disease.”
    • “Amylyx’s phase 2/3b study was measuring AMX0035’s impact on disease progression and severity using a 28-item, condition-specific scale. The phase 2 portion of the trial found no difference in patients receiving AMX0035 compared to placebo at 24 weeks, according to an Aug. 27 company release.
    • “Given the results, the company has discontinued the phase 2b trial, plus a related open-label extension study. Amylyx has also terminated plans for the phase 3 portion of the study.”
  • Per Health Day,
    • ‘Few teens with depression receive treatment, with disparities seen based on residence, gender, and race, according to a study published online Aug. 20 in PLOS Mental Health.
    • “Su Chen Tan, from the University of Tennessee in Knoxville, and colleagues used data from adolescents (aged 12 to 17 years) with major depressive episodes (MDE) participating in the 2022 U.S. National Survey on Drug Use and Health to assess mental health service utilization by rurality, race/ethnicity, gender, age, health insurance coverage, and poverty level.
    • “The researchers found that 19.2 percent of adolescents experienced MDE, but only 47.5 percent received treatment within the past year. There were significantly lower odds of receiving specialist treatment for adolescents in rural areas versus their urban counterparts (adjusted odds ratio [aOR], 0.64). Further, odds of receiving telehealth services were significantly lower for rural adolescents (aOR, 0.64) but were significantly higher for adolescents with insurance (public insurance: aOR, 2.99; private insurance: aOR, 3.82). Compared with younger adolescents, older adolescents had lower odds of utilizing school-based services (aOR, 0.52). Female adolescents had greater odds of utilizing any mental health treatment than male adolescents (aOR, 1.59), while Black adolescents had significantly lower odds of utilizing any mental health treatment versus non-Hispanic White adolescents (aOR, 0.36).”
  • and
    • “Two-thirds of women in their child-bearing years have an increased risk for birth defects due to a lifestyle factor they can change, a new study says.
    • “These risk factors — low levels of vitamin B9 (folate), unmanaged diabetes or exposure to tobacco smoke — increase the odds of a serious birth defect in any child they might have, researchers said.
    • “Heart defects, cleft palates and defects of the brain and spinal cord are among the problems that could be headed off if women took steps to improve their health prior to pregnancy, researchers reported today in the American Journal of Preventive Medicine.”

From the U.S. healthcare business front,

  • Healthcare Dive points out Blue Shield of California names interim CEO Mike Stuart to permanent chief executive.
  • Beckers Payer Issues notes,
    • “AM Best has downgraded its outlook for the health insurance sector from stable to negative, citing escalating medical costs and increased utilization across government, commercial and ACA plans.
    • “The credit rating agency noted higher utilization of specialty drugs, increased physician visits, more inpatient admissions and a surge in behavioral health claims. The coding intensity of medical services has also increased, according to an Aug. 25 news release.”
  • STAT News reports,
    • “Dressed in red and black jackets reminiscent of Star Trek uniforms, the heads of Epic’s data and AI divisions, Phil Lindemann and Seth Hain, described an aspirational vision for artificial intelligence at the end of last week’s Epic UGM keynote. Using the data stored in Cosmos — Epic’s de-identified patient record research database — the company trained an AI model that can generate many possible future timelines for a patient, then tell the doctor which outcomes are most likely, like what might happen during a hospital stay, or if the patient might end up in the emergency department in the next year. 
    • “Just as a large language model can be trained once and then used to generate different kinds of text, like an email or a poem, without being specifically trained on how to write either emails or poems, Epic’s “large medical model,” trained on all sorts of medical events and outcomes, could replace individual predictive medical algorithms. If the model, which Epic calls CoMET — the Cosmos Medical Event Transformer — can achieve performance similar to machine learning algorithms specifically trained to predict readmissions or asthma attacks, “that’s a breakthrough in how we can get risk prediction embedded into clinical care,” said Lindemann.
    • “This idea isn’t entirely new. Researchers like Arkadiusz Sitek at Massachusetts General Hospital have built models that predict future patient medical events before. But, Sitek told STAT, the scale of CoMET is impressive and suggests this approach will work in a large population. Epic trained and evaluated its model on 115 billion medical events from 118 million unique patient records collected from January 2012 to April 2025. The work was detailed in a preprint posted last week with Microsoft and Yale researchers.”
  • FIerce Healthcare informs us,
    • “Four hospitals are sending heart failure patients home with a virtual care support team under a newly unveiled collaboration between the American Heart Association (AHA) and remote chronic disease monitoring platform Cadence.
    • “The American Heart Association Connected Care pilot program aims to reduce 30-day readmissions by addressing “critical gaps in heart failure care” that occur after heart failure patients leave the hospital.
    • “It will see the participating hospitals integrate program referrals into their discharge workflows. Enrolled patients are given and taught to use connected vital sign monitors, which a Cadence virtual care team uses to provide ongoing clinical support, adjust treatments or direct the patient to an in-person provider if necessary.
    • Almost one in four heart failure patients are readmitted to the hospital within 30 days of discharge, and fewer than a fifth receive post-discharge medical therapies in line with clinical guidelines, according to study data cited in the announcement.”
  • Beckers Hospital Review identifies “five new drug shortages and discontinuations, according to drug supply databases from the FDA and the American Society of Health-System Pharmacists.”