Monday Roundup

Uncategorized

Monday Roundup

David ErmerCongress, COVID-19, OPM, Rx coverage, U.S. Healthcare, Uncategorized
Photo by Sven Read on Unsplash

From Washington, DC,

  • The Wall Street Journal reports,
    • “House Republicans’ speaker nominee Rep. Jim Jordan (R., Ohio) won over some pivotal holdouts Monday as broader GOP opposition to his bid appeared to crumble, moving him closer to winning the gavel in a floor vote as soon as Tuesday afternoon.
    • “I feel real good about the momentum we have. It’s real close,” Jordan told reporters, citing recent endorsements and saying he was ready to move forward on Tuesday at noon. “We’re going to elect a speaker tomorrow; that’s what I think is going to happen.”
  • The U.S. Office of Personnel Management announced,
    • “[T]he Biden Administration has exceeded its goal of selecting 5,800 targeted positions helping implement the Bipartisan Infrastructure Law (BIL), a once-in-a-generation investment in America’s infrastructure and competitiveness. Over the last two years, OPM has served as a strategic workforce partner for seven federal agencies and supported surge hiring for key positions, including engineers, scientists, project managers, IT & HR specialists, construction managers, and many more. 
    • “The agencies included in targeted hiring positions are the Department of Agriculture, Department of Commerce, Department of Energy, Department of Homeland Security, Department of the Interior, Department of Transportation, and the Environmental Protection Agency.”
  • Govexec introduces us to the Partnership for Public Service’s Service to America Medal winners. Mazaal tov to the winners.
  • Thompson Reuters points out that last week, the Internal Revenue Service “released the final versions of the following 2023 Affordable Care Act (ACA) forms:
    • “(1) Form 1094-BTransmittal of Health Coverage Information Returns;
    • “(2) Form 1094-CTransmittal of Employer-Provided Health Insurance Offer and Coverage Information Returns;
    • “(3) Form 1095-BHealth Coverage; and
    • “(4) Form 1095-CEmployer-Provided Health Insurance Offer and Coverage.
    • The forms do not contain substantive changes.”

From the public health front,

  • The New York Times reports,
    • “A team of scientists is proposing a new explanation for some cases of long Covid, based on their findings that serotonin levels were lower in people with the complex condition.
    • “In their study, published on Monday in the journal Cell, researchers at the University of Pennsylvania suggest that serotonin reduction is triggered by remnants of the virus lingering in the gut. Depleted serotonin could especially explain memory problems and some neurological and cognitive symptoms of long Covid, they say.
    • “This is one of several new studies documenting distinct biological changes in the bodies of people with long Covid — offering important discoveries for a condition that takes many forms and often does not register on standard diagnostic tools like X-rays.
    • “The research could point the way toward possible treatments, including medications that boost serotonin. And the authors said the biological pathway that their research outlines could unite many of the major theories of what causes long Covid: lingering remnants of the virus, inflammation, increased blood clotting and dysfunction of the autonomic nervous system.
    • “All these different hypotheses might be connected through the serotonin pathway,” said Christoph Thaiss, a lead author of the study and an assistant professor of microbiology at the Perelman School of Medicine at the University of Pennsylvania.
    • “Second of all, even if not everybody experiences difficulties in the serotonin pathway, at least a subset might respond to therapies that activate this pathway,” he said.”
  • Last Friday, the Department of Health and Human Services announced,
    • “[T]he selection of initial next-generation vaccine candidates and more than $500 million in awards for Project NextGen – kick-starting planning for Phase 2b clinical trials and technologies that advance innovative next-generation vaccine and therapeutics platforms.
    • “The Biden-Harris Administration is committed to keeping people safe from COVID-19,” said HHS Secretary Xavier Becerra. “By investing in next-generation vaccines and treatments, we can improve our ability to respond to new variants, reduce transmission, stop infections, and save lives. Through Project NextGen, we are combining research and development expertise at HHS with the lessons learned throughout the pandemic to protect our nation from COVID-19.” 
    • “The over $500 million announced today builds on the over $1.4 billion awarded in August – accelerating products toward clinical trials and potential commercial availability.”
    • “The vaccine selections and funding announced today are important steps forward for Project NextGen – with vaccine and therapeutics candidates moving quickly to clinical trials that will start in the coming months,” said Assistant Secretary for Preparedness and Response Dawn O’Connell. “The technologies that BARDA is investing in, from intranasal vaccines to self-amplifying mRNA, will bolster our protection against COVID-19 for years to come.”

From the U.S. healthcare business front,

  • Beckers Payer Issues tells us that UnitedHealth Group executives and the FEHBlog are of one mind.
    • “UnitedHealth Group wants to lower the price of GLP-1 drugs such as Ozempic and Wegovy, but it needs drug manufacturers to get on board, executives said. 
    • “On an Oct. 13 call with investors, UnitedHealth Group CEO Andrew Witty said prices have to come down for more people to access the drugs. 
    • “We’re very positive about the potential for another tool in the toolbox to help folks manage their weight,” Mr. Witty said. “We recognize that has potential benefits, but we’re struggling, and frankly our clients are struggling, with the list prices which have been demanded of these products in the U.S., which are running at about 10 times the level of prices paid in Western Europe.” 
  • Per Biopharma Dive,
    • “Novo Nordisk said Monday it will spend up to $1.3 billion to buy an experimental hypertension drug from Singapore-based KBP Biosciences, adding to a string of acquisitions that builds out its metabolic disease business behind the blockbuster diabetes drug Ozempic.
    • “The pill, called ocedurenone, is in a Phase 3 trial in people with chronic kidney disease and uncontrolled high blood pressure. Results are due next year, and Novo said it plans to begin additional Phase 3 trials in other cardiovascular and kidney disease indications.
    • “Novo is putting its profits from accelerating Ozempic sales to work, having cut late-summer deals to buy a Danish metabolic startup called Embark Biotech and a Canadian metabolic company called Iversago. That followed on the billion-dollar-plus deals to buy rare disease drug developer Forma Therapeutics in 2022 and genetic medicine company Dicerna in 2021.”
  • Fierce Healthcare tells us why Amazon’s chief medical officer believes Amazon can make a big impact in tackling chronic illness.

Weekend update

David ErmerUncategorized
Photo by Dane Deaner on Unsplash

From Washington, DC,

From the public health front,

  • The New York Times reports
    • “A steady uptick in [COVID-19] cases since July and reports of worrisome new variants have fueled concern that the virus is poised to make a comeback this fall and winter. But in interviews, experts offered reassurances that the country will not see a return to the nightmarish scenarios of previous years.
    • “There is no evidence that any of the variants in circulation cause more severe disease or evade immunity adroitly enough to render vaccines ineffective. And although hospitalizations and deaths are increasing week by week, the numbers remain low, noted Gigi Gronvall, a biosecurity expert at the Johns Hopkins Center for Health Security.
    • “These increases are more alarming by statistics than in reality,” Dr. Gronvall said.” 
  • Roll Call tells us
    • “During the same week that naloxone — a nasal spray that reverses opioid overdoses — became available for purchase without a prescription, the nation’s top substance use officials called for greater availability and training for the drug, with five federal officials receiving training to administer it during a public demonstration at Health and Human Services headquarters Friday. 
    • * * * “While the Food and Drug Administration initially approved naloxone in 1971 as an injectable drug used in medical settings, it wasn’t until 2015 that the FDA approved a nasal spray version for prescription use. But the agency only approved the first over-the-counter versions of the drug this year. It became available without prescription this week, with Emergent BioSolutions’ 4 mg nasal spray selling for $44.99 for a two-dose product. Harm Reduction Therapeutics’s RiVive, is expected to become available in eBloomarly 2024.
    • “The price point has been a concern for some advocates who worry it could limit accessibility and use. In an interview, Rahul Gupta, director of the White House Office of National Drug Control Policy, said the administration is working to bring the price point down as part of a larger effort to reduce healthcare costs.
    • “We’re constantly working with manufacturers because we’ve got to make this accessible and affordable. So we’re on this, and we’re exploring every pathway working with HHS and our other government partners as well,” he said.
  • Bloomberg offers a fascinating article about Lyme Disease. This tick-borne disease first made its appearance in the 1990s. An effective vaccine was made available in 1998, but the ultimately discredited “vaccines cause autism” campaign killed the vaccine in its cradle. Pfizer is now developing a new Lyme Disease vaccine, which is expected to receive FDA approval in 2026.
  • NPR Shots offers a comic strip explaining how to take care of your ears.

From the U.S. healthcare business front,

  • The Washington Post reports
    • “Kroger, one of the nation’s largest supermarket chains, has agreed to pay more than $1 billion to settle lawsuits alleging it failed to monitor suspicious orders of addictive pain pills that fueled the nation’s opioid crisis.
    • “The company announced Friday it will pay up to $1.2 billion to states and local governments, and $36 million to Native American tribes over 11 years.
    • “The money adds to more than $50 billion in settlements obtained by state and local governments suing opioid-industry players alleged to have flooded the nation with addictive pills, despite red flags that they were being diverted to the black market.
    • “Governments aim to use the money to ease the opioid crisis and save lives. Among the ways: paying for drugs to reverse overdoses, bolstering addiction treatment services and creating education campaigns.”
  • KFF Health News is tracking the distribution of these opioid-related class action settlements across the fifty states and DC.

 

Cybersecurity Saturday

David ErmerCybersecurity, Uncategorized

From the cybersecurity vulnerabilities and breaches front,

  • Cyberscoop reports
    • “An international law enforcement operation disrupted the Qakbot botnet and associated malware that has been connected with countless cyberattacks and nearly $60 million in losses from victims around the world, the U.S. Department of Justice announced Tuesday. 
    • “The operation that included the FBI, DOJ and authorities in France, Germany, the Netherlands, Romania, Latvia and the United Kingdom — is “one of the largest U.S.-led disruptions of a botnet infrastructure” used by criminals to facilitate ransomware, financial fraud and other cyber-enabled criminal activity, the FBI said in a statement.
    • “There were no arrests in connection with the operation but the investigation remains ongoing, a senior FBI official told reporters Tuesday.
    • “Qakbot, also known as Qbot or Pinksipbot, is malware first detected in 2008 that has been associated with hundreds of millions of dollars in losses to individuals and businesses in the U.S. and around the world, according to the FBI. The malware has been an initial entry mechanism for a variety of ransomware groups over the years. Groups such as Conti, ProLock, Egregor, REvil, MegaCortex and Black Basta have been known to use it. Between October 2021 and April 2023, the FBI said, Qakbot administrators have received fees corresponding to approximately $58 million in ransoms paid by victims.
  • Cybersecurity Dive adds
    • “The FBI was able to redirect botnet traffic toward servers it controlled and disrupt the operation. More than 200,000 computers in the U.S. alone were found to be infected. Authorities also seized $8.6 million in illicit cryptocurrency as part of the takedown. ***
    • “The FBI and Dutch National Police have set up website links where stolen credentials can be accessed to find out if they were used.” 
  • Here are links to the related CISA announcement and Security Week’s report on industry reaction to this news.
  • Krebs on Security informs us,
    • “Domain names ending in “.US” — the top-level domain for the United States — are among the most prevalent in phishing scams, new research shows. This is noteworthy because .US is overseen by the U.S. government, which is frequently the target of phishing domains ending in .US. Also, .US domains are only supposed to be available to U.S. citizens and to those who can demonstrate that they have a physical presence in the United States.
    • “.US is the “country code top-level domain” or ccTLD of the United States. Most countries have their own ccTLDs: .MX for Mexico, for example, or .CA for Canada. But few other major countries in the world have anywhere near as many phishing domains each year as .US.
    • “That’s according to The Interisle Consulting Group, which gathers phishing data from multiple industry sources and publishes an annual report on the latest trends. Interisle’s newest study examined six million phishing reports between May 1, 2022, and April 30, 2023, and found 30,000 .US phishing domains.
    • “.US is overseen by the National Telecommunications and Information Administration(NTIA), an executive branch agency of the U.S. Department of Commerce. However, NTIA currently contracts out the management of the .US domain to GoDaddy, by far the world’s largest domain registrar.”
  • Go figure.
  • Cybersecurity Dive tells us last Monday
    • “The blast radius from the mass exploit of a zero-day vulnerability in the MOVEit file transfer service reached another milestone in its destructive spread: more than 1,000 organizations are impacted, according to Emsisoft and KonBriefing Research.
    • “The number of organizations hit by the wide-scale attack increased nearly 40% last week, underscoring the scope of impact and challenge organizations are encountering as they work to determine potential exposure.
    • “The pool of victims from Clop’s attack spree, which was discovered Memorial Day weekend, continues to grow as downstream victims, which lead to more downstream victims, are identified via public disclosures and the threat actor’s website.
  • Health IT Security adds
    • “This week, Singing River Health System in Mississippi is actively facing system downtime as it investigates a cyberattack on its network. What’s more, Prospect Medical Holdings, which operates 16 hospitals and more than 165 clinics across Southern California, Rhode Island, Pennsylvania, and Connecticut, is still experiencing a systemwide outage that began on August 9.
    • “As these incidents continue to develop, other entities have continued to report confirmed data breaches to HHS, as exemplified in this week’s data breach roundup. Third-party data breaches continue to dominate breach notifications, causing breaches across the country.”
    • The article goes on to highlight recent breach announcements. 

From the cybersecurity defenses front,

  • Per Cybersecurity Dive,
    • “Organizations are facing more obstacles obtaining or renewing cyber insurance coverage,  according to a survey of 300 organizations conducted by Censuswide, on behalf of Delinea. Organizations also face strict requirements to get a claim covered.
    • “The majority of organizations, 4 in 5,  said their insurance rates went up when they submitted a new application or applied for policy renewals, with two-thirds reporting premium hikes of between 50% and 100%. 
    • “It is also taking organizations longer to obtain new coverage. The process for 20 of those surveyed, roughly 7%, took six months or longer.”
  • The Healthcare and Public Sector Critical Infrastructure Security and Resilience Partnership released an updated version of its Health Industry Cybersecurity Tactical Crisis Response Guide.
  • An ISACA expert discusses “Contending with Artificially Intelligent Ransomware.”
  • HHS’s 405(d) group released a cyber-hygiene poster oriented toward healthcare providers. Nevertheless, it can be adapted for health plan use.
  • Forbes identifies ten “captivating” cybersecurity conferences being held in Fall 2023.

Tuesday Tidbits

David ErmerCDC, Electronic health records, FDA, Generative AI, Medicare, Telehealth, U.S. Healthcare, Uncategorized
Photo by Patrick Fore on Unsplash

From Washington, DC,

  • Healio informs us,
    • “An FDA panel voted that for adults with uncontrolled hypertension, the benefits of an ultrasound renal denervation device outweigh its risks.
    • Concerns about long-term durability of effect were expressed.”
  • The Department of Health and Human Services announced
    • “award[ing] more than $1.4 billion for Project NextGen to support the development of a new generation of tools and technologies to protect against COVID-19 for years to come.
    • “The awards announced today follow extensive coordination with industry partners and include support for clinical trials that will enable the rapid development of even more effective and longer-lasting coronavirus vaccines, a new monoclonal antibody, and transformative technologies to streamline manufacturing processes.”
  • The U.S. Preventive Services Task Force reaffirmed its 2019 Grade A recommendation that “clinicians prescribe preexposure prophylaxis using effective antiretroviral therapy to persons who are at increased risk of HIV acquisition to decrease the risk of acquiring HIV.”
  • The Centers for Disease Control lets us know, based on a survey,
    • About 20% of women reported mistreatment while receiving maternity care.
    • About 30% of Black, Hispanic, and multiracial women reported mistreatment. 
    • Almost half (45%) of women held back from asking questions or sharing concerns during their maternity. * * *
    • Mistreatment was reported most often by Black, Hispanic, and multiracial moms and those with public insurance or no insurance.
  • That’s a big bowl of wrong. The CDC observes,
    • Respectful maternity care is free from harm and mistreatment, maintains privacy, confidentiality, and dignity, and allows for shared decision-making and continuous support.
  • The Department of Justice announced yesterday,
    • [“D]eferred prosecution agreements resolving criminal antitrust charges against Teva Pharmaceuticals USA, Inc. and Glenmark Pharmaceuticals Inc., USA. As part of those agreements, both companies will divest a key business line involved in the misconduct, and as an additional remedial measure, Teva will make a $50 million drug donation to humanitarian organizations. Teva will pay a $225 million criminal penalty — the largest to date for a domestic antitrust cartel — and Glenmark will pay a $30 million criminal penalty. Both companies will face prosecution if they violate the terms of the agreements, and if convicted, would likely face mandatory debarment from federal health care programs.
    • “The agreements each require the companies to undertake remedial measures, including the timely divestiture of their respective drug lines for pravastatin, a widely used cholesterol medicine that was a core part of the companies’ price-fixing conspiracy. This extraordinary remedy forces the companies to divest a business line that was central to the misconduct. Teva must also donate $50 million worth of clotrimazole and tobramycin, two additional drugs with prices affected by Teva’s criminal schemes, to humanitarian organizations that provide medication to Americans in need. Both Teva and Glenmark have agreed, among other things, to cooperate with the department in the ongoing criminal investigations and resulting prosecutions, report to the department on their compliance programs, and modify those compliance programs where necessary and appropriate.” 
  • Federal New Network reports that OPM released guidance for hybrid teleworkers who are covered under the Fair Labor Standards Act.
  • The Equal Employment Opportunity Commission released its new strategic plan for fiscal years 2022 through 2026
    • “The new Strategic Plan reflects our thoughtful assessment of the agency’s mission, goals, and objectives in light of current conditions and what we expect in the next few years,” said EEOC Chair Charlotte A Burrows. “It emphasizes expanding the EEOC’s capacity to eliminate systemic barriers to equal opportunity in the workplace, using technology and other tools to improve our services to the public, and achieving organizational excellence with a culture of accountability, inclusivity, and accessibility. I am grateful for the hard work of our staff across the agency who assisted in developing this plan and look forward to its successful implementation.”.

From the public health front,

  • The Washington Post explains
    • how to address the factors that may underlie the growing number of women under age 40 who are afflicted with breast cancer,
  • and
    • how to guard against germs in leafy green salads.

From the U.S. healthcare business front,

  • The FEHBlog was surprised to read in the Wall Street Journal that
    • “America’s nursing homes are fading away.
    • “The U.S. has at least 600 fewer nursing homes than it did six years ago, according to a Wall Street Journal analysis of federal data. More senior care is happening at home, and the Covid-19 pandemic caused many families to shun nursing homes while draining workers from an already short-staffed industry.
    • “The result? Frail elderly patients are stuck in hospitals, a dangerous place for seniors, waiting for somewhere to go—sometimes for months. Beds are disappearing while the need for senior care is growing. The American population 65 and older is expected to swell from 56 million in 2020 to 81 million by 2040.
  • MedPage Today notes.
    • “States that recently adopted less-restrictive policies surrounding the use of telepharmacy had fewer pharmacy deserts in the following year, a cohort study involving a dozen states showed.
    • “Compared with nearby states that made no changes, states that formally implemented or updated pro-telepharmacy policies had a 4.5% relative decrease (95% CI 1.6-7.4) in the percentage of regions defined as pharmacy deserts (P=0.001) and an 11.1% relative decrease (95% CI 2.4-22.6) in the proportion of people living in one of these deserts (P=0.03).
    • “And in general, telepharmacies tended to serve areas of high medical need, reported Jessica Adams, PharmD, of TelePharm in Iowa City, Iowa, and colleagues.
    • “As pharmacy closures and socioeconomic factors persist, pharmacy deserts are likely to expand unless policies are implemented to ensure continued access to pharmacy services,” the researchers wrote in JAMA Network Open
  • The Business Group on Health points out,
    • “Mental health needs among workforces continued to climb this year, with 77% of large employers reporting an increase and another 16% anticipating one in the future, according to Business Group on Health’s 2024 Large Employer Health Care Strategy Survey.
    • “This represents a 33 percentage-point surge over last year, when 44% of employers saw an increase in employee mental health concerns.
    • “The Business Group survey, released today in Washington, DC, also showed that cancer was still the top driver of large companies’ health care costs while rising prescription drug costs also proved to be a leading concern. Cancer overtook musculoskeletal conditions last year as the top driver of large companies’ healthcare costs and shows no sign of abating in the coming years.
    • “Yet as businesses respond to the increase in mental health needs, grapple with soaring health care costs and address issues of health equity and affordability, they will continue to invest strategically in diverse health and well-being offerings for the upcoming year, the survey also showed.”
  • Axios reports that “Middle-class Americans [who earn $50,000 to $100,000 annually] are the most likely to be saddled with medical debt, with nearly 1 in 4 — or roughly 17 million people — having unpaid medical bills, according to a report shared first with Axios from center-left think tank Third Way.”
  • Per Healthcare Dive,
    • “Epic and Microsoft announced on Tuesday an expanded collaboration focused on integrating generative artificial intelligence tools in the vendor’s electronic health records system. 
    • “The partners are working to “rapidly deploy dozens” of AI technologies, including clinical note summarization, medical coding suggestions and data exploration tools that aim to fill gaps in clinical evidence by using real-world data. 
    • “The expanded partnership is intended to speed the development of AI tools in healthcare, bringing the technology as “quickly as possible, responsibly and in partnership with providers,” according to a blog post by Eric Boyd, corporate vice president of AI platform at Microsoft.”

Midweek Update

David ErmerCongress, COVID-19, Government Contracting, Rx coverage, U.S. Healthcare, Uncategorized
Photo by Manasvita S on Unsplash

From Washington DC,

  • Govexec informs us,
    • “The House and Senate appeared headed for a short-term spending deal when lawmakers return to Washington following the August recess, with leaders from both chambers suggesting they are pursuing that path to avoid a shutdown in October. 
    • “The continuing resolution would keep agencies funded at their current levels through early December, House Speaker Kevin McCarthy, R-Calif., told his caucus this week. Senate Majority Leader Chuck Schumer, D-N.Y., said on Wednesday he met with McCarthy a few weeks ago, and the two leaders agreed to pass a stopgap that would last “a few months.” 
    • “I thought that was a good sign,” Schumer told MSNBC
    • “Separately on Tuesday, Schumer said the short-term measure would allow lawmakers to come together on full-year appropriations.”
  • Federal News Network says,
    • For the second year in a row, the General Services Administration announced an increase to per diem lodging rates for federal employees.
    • Starting Oct. 1, base daily traveling allowances for feds will increase to $166 from $157 last year. That increase is thanks to an uptick in the standard per diem lodging rate for the Continental United States (CONUS), which will increase from $98 to $107. GSA did not make any changes to the per diem tiers for meals and incidental expenses. Those will remain in the range of $59 to $79, with the standard rate remaining at $59. * * *
    • GSA also offers a calculator tool to let feds search by city, state, zip code or map to figure out the exact amount of their per diem.
  • The Federal Acquisition Regulation cost principles apply these per diems to official travel by FEHB experience-rated carriers.

From the public health front,

  • The Washington Post reports,
    • Most cancers in the United States are found in people age 65 and older, but a new study shows a concerning trend: Cancer among younger Americans, particularly women, is on the rise, with gastrointestinal, endocrine and breast cancers climbing at the fastest rates.
    • A study published Wednesday in JAMA Network Open showed that while cancers among older adults have declined, cancers among people younger than 50 have increased slightly overall, with the largest increases among those aged 30 to 39.
    • “This is a population that has had less focus in cancer research, and their numbers are getting bigger, so it’s important to do more research to understand why this is happening,” said Paul Oberstein, director of the Gastrointestinal Medical Oncology Program at NYU Langone’s Perlmutter Cancer Center, who was not involved in the study.
  • STAT News points out
    • “Cancer patients, doctors, and patient advocates alike are struggling with the wide-ranging effects of the ongoing chemotherapy drug shortages. The platinum-based drugs carboplatin and cisplatin have been hard to keep in stock for months now, affecting most U.S. cancer centers: 93% have reported carboplatin shortages, and 70% have reported shortages of cisplatin.
    • “While patients with various types of cancer have been impacted by the shortages, those with ovarian cancer are among the groups most affected — both because the disease is relatively common, with women having a 1 in 78 chance of getting it in their lifetime, and because the drugs that are most effective in treating it are the ones now in short supply.
    • “While there are alternatives to the use of platinum drugs to treat ovarian cancer, none of them work quite as well. Carboplatin, in particular — in combination with the chemotherapy drug paclitaxel — has remained unchallenged as the go-to for ovarian cancer, in particular when the treatment could be curative rather than palliative.
  • Forbes relates
    • “New Covid omicron subvariant EG.5, or “Eris,” is now the dominant strain in the U.S., surpassing XBB.1.16 (or “Arcturus”), according to new data from the Centers for Disease Control and Prevention.
    • “EG.5 made up 17.3% of all cases in the two-week period from July 23 to August 5, a large jump from the 0.4% of cases it made up between April 30 and May 13.
    • “The World Health Organization classified EG.5 as a “variant of interest” Wednesday, which is a step below a variant of concern—WHO previously labeled it a “variant under monitoring” on July 19.
    • “While EG.5 may cause an increase in cases, WHO said it poses a low risk to public health in comparison to other omicron offspring because there’s no evidence it causes more severe cases.
    • “It is a recombinant strain—the result of two Covid variants combining during the replication process, which can occur if a person is infected with two variants at the same time—of the omicron family and a descendant of another strain labeled XBB.1.9.2.
    • “EG.5 has an extra mutation on its spike called mutation 465, which is present in about 35% of coronavirus sequences worldwide—a lot of the XBB variants have mutation 465, though experts don’t know what comes with the mutation.”

From the judicial front,

  • The Wall Street Journal reports,
    • “A federal appeals panel ruled that the Food and Drug Administration improperly expanded access to the widely used abortion pill mifepristone over the last seven years but left in place the drug’s original approval, teeing up the issue for review by the Supreme Court. 
    • “The ruling by a three-judge panel of the New Orleans-based Fifth U.S. Circuit Court of Appeals is the latest twist in a case that has at times threatened to pull the pill from the market nationwide.
    • “The appeals panel said pill opponents who sued the FDA had likely waited too long to challenge the drug’s original approval in 2000, and it also left in place the agency’s 2019 approval of the generic version of the pill. But the court said the FDA failed to properly scrutinize changes that eased access to mifepristone in recent years, such as allowing the drug to be administered without an in-person visit with a medical provider. * * *
    • “The appeals court decision doesn’t have immediate practical consequences because the Supreme Court in April issued an order allowing current broad levels of access to mifepristone while litigation proceeds. That is likely to ensure availability for months.”

From the U.S. healthcare business front,

  • Per Forbes
    • “Demand for nurse practitioners and primary care physicians is escalating along with their compensation as retailers from Amazon and CVS Health to Walmart and Walgreens build primary care clinics across the country.
    • A new report from AMN Healthcare shows nurse practitioners—not doctors—topped the staffing company’s list of “most requested search engagements for the third consecutive year,” according to an annual report released Monday from AMN Healthcare’s Physician Solutions division, formerly known as Merritt Hawkins.
    • “Demand for NPs is being driven by a growing number of ‘convenient care’ providers, including retail clinics, urgent care centers and telemedicine platforms, which employ large numbers of NPs,” the report said.”
  • Beckers Hospital Review notes,
    • “Ozempic might find itself in CMS’ hands soon.
    • “Sales of the Type 2 diabetes drug in the U.S. have reached more than $3 billion so far in 2023, according to an Aug. 10 quarterly report from the drug’s maker, Novo Nordisk. CMS might try to influence the company to lower the medication’s cost, which sits at about $1,000 per month.
    • “In August 2022, President Joe Biden signed the Inflation Reduction Act, which gave Medicare Parts B and D negotiation powers for costly drugs with no generic or biosimilar competition. CMS said it will reveal by Sept. 1 which are the first 10 drugs that will see price negotiations, which are effective in 2026. This allowance will add more drugs each year. 
    • “Researchers from the Washington, D.C.-based West Health Policy Center and the University of California San Diego predicted Ozempic would be chosen for these negotiations in 2027 — when it passes 10 years on the market, one of the rules of the Inflation Reduction Act provision — according to a study published in March.”
  • Business Insurance adds,
    • “The U.S. Department of Justice has contested the Chamber of Commerce’s move to block the Medicare drug price negotiation program, stating the Chamber lacks the standing for the lawsuit and that halting the program would be detrimental to the public, The Hill reports. The Chamber had previously filed for an injunction against the program, citing potential harm to businesses and patients.”
  • Fierce Healthcare identifies “22 health systems that are charging for certain patient-provider electronic messages as of Aug. 16.” These systems are trying to squeeze the last golden egg out of the goose, in the FEHBlog’s opinion.

 

Thursday Miscellany

David ErmerUncategorized
Photo by Josh Mills on Unsplash

From Washington DC,

  • The Wall Street Journal reports
    • “The [U.S.] Supreme Court blocked Purdue Pharma’s $6 billion settlement of opioid lawsuits against its Sackler family owners, agreeing to hear the Justice Department’s claim that the drugmaker’s bankruptcy plan improperly wipes out potential liability to additional parties for allegedly fueling the opioid addiction crisis.”
  • and
    • “Social Security recipients are on track to pocket a significantly smaller raise in 2024 because of a slowdown in inflation.
    • “If inflation climbs in line with its recent trend over the next two months, recipients’ monthly checks will rise by about 3% in 2024, according to estimates from analysts and nonprofits. The estimates follow an 8.7% cost-of-living increase in 2023 as inflation soared.”
  • The Centers for Medicare and Medicaid Services updated its recent No Surprises Act website notice to read,
    • Effective August 8, 2023, the Departments have directed certified IDR entities to resume processing single and bundled disputes initiated in 2022, as well as single and bundled disputes initiated in 2023 where the administrative fees have been paid (or the deadline for collecting fees expired) before August 3, 2023. Additionally, the Departments have directed certified IDR entities to resume processing batched disputes where the IDR entity determined that the batched dispute was eligible and administrative fees have been paid (or the deadline for collecting fees expired) before August 3, 2023. Processing of other disputes remains temporarily suspended.
  • The FEHBlog checked the status of the August 3, 2023, decision in the Texas Medical Association versus HHS case, filed in the Eastern District of Texas, and he found that as of today, the Justice Department has not noticed an appeal from that final decision.
  • The Department of Health and Human Services announced,
    • “Today, the Health Resources and Services Administration (HRSA), an agency of the U.S. Department of Health and Human Services, announced awards of more than $100 million to train more nurses and grow the nursing workforce. These investments will address the increasing demand for registered nurses, nurse practitioners, certified nurse midwives, and nurse faculty.
    • “Nurses are an essential part of our nation’s health care system,” said HHS Secretary Xavier Becerra. “Now more than ever, we need to double down on our investments in nurses who care for communities across the country.”

From the public health and Rx coverage fronts,

  • The Wall Street Journal reports
    • “Health officials, vaccine makers and doctors are gearing up for a fall vaccination campaign that will look different from previous ones: Vaccines will be distributed to pharmacies and doctors’ offices through the commercial market, not government purchases. The vaccines are targeting the recently dominant XBB.1.5 strain in line with instructions the Food and Drug Administration set earlier this year. 
    • “Boosters updated to target XBB.1.5 should retain good protection against EG.5, because the Omicron subvariants are similar, Kanter said. It is difficult to predict how long the protection might last, he said.
    • Pfizer expects its new shots to win approval this month, with vaccinations likely starting in September, Chief Executive Albert Bourla said this month. Pfizer expects the booster to work against EG.5 because it is an offshoot of Omicron—but is conducting laboratory tests to be sure, a spokeswoman said. Pfizer and partner BioNTech presented animal testing to FDA advisers at a June meeting about how to update the vaccine. * * *
    • “Moderna has ample supply of its updated vaccine and is waiting for FDA signoff to distribute doses, a spokesman said. He said that preliminary testing shows the shot works against EG.5 and that more testing is under way.
    • Novavax, whose Covid-19 vaccine uses a different technology, is submitting data to regulators to authorize its booster and expects to win clearance and ship doses in September, a spokeswoman said.”
  • Cost curve up for health plans.
  • Fierce Healthcare says,
    • “Medicare Part D drug prices have increased by an average of 226% since market entry. These 25 drugs are responsible for $80.9 billion in total Part D spending in 2021.
    • “The new report (PDF) from AARP’s Public Policy Institute shows that high pharmaceutical drug prices are placing an unwelcome burden on customers. Overall, lifetime price increases among 25 name-brand drugs have increased by 20% to 739%, with just one drug exceeding the annual rate of inflation over the same period of time.”
  • The Wall Street Journal adds,
    • “Weight-loss drugs such as Wegovy will continue to be tough to find for the foreseeable future, as demand outpaces drugmakers’ ability to make enough.
    • “Denmark-based Novo Nordisk said Thursday it will continue to reduce the availability of lower doses of Wegovy that are meant for new patients starting out on the drug in the U.S. Capacity limitations at some manufacturing sites will cause continued periodic supply constraints across a number of products and geographies.
    • “Novo Nordisk started this rationing in May as a way to conserve supplies for existing patients who take higher doses of the drug to lose weight and keep it off. The company had said previously the reduction in starting doses would last through September, but Novo Nordisk executives said Thursday that they expect to continue to manage the starting dose supply after September.”

From the healthcare business front,

  • BioPharma Dive informs us
    • “Novo Nordisk agreed to buy metabolic disorder specialist Inversago Pharma in a deal worth as much as about $1.1 billion as the Danish company works to strengthen its leading position in the obesity drug market.
    • “Inversago’s lead experimental drug has shown promise for weight loss in a Phase 1b trial and is being tested in Phase 2 for diabetic kidney disease, Novo said Thursday. The privately held Canadian company is also developing treatments for other metabolic and fibrotic disorders.
    • “Novo didn’t release further financial details of the transaction, which includes potential payments for reaching certain developmental and commercial goals. The companies expect the acquisition to close by the end of the year, after which Novo intends to investigate the potential of Inversago’s lead drug in “obesity and obesity-related complications.”
  • Per Healthcare Dive,
    • “America’s largest for-profit health systems reported higher-than-anticipated revenues this quarter, driven by rebounding admissions and increased demand for elective surgeries.
    • “HCA and Tenet, which both posted revenues that surpassed Wall Street estimates, raised their full revenue forecasts for the year in light of their second quarter performance, and UHS raised its lower-bound revenue guidance. CHS was an outlier, posting a net income loss of $38 million, which analysts said was still an improvement compared to the health system’s net loss of $326 million in the same period last year.
    • “Hospitals said normalizing labor conditions post-pandemic and proactive cost-cutting initiatives helped keep operating margins stable, even as expenses rose year over year.
    • “The reported revenues and cost-cutting initiatives for for-profit hospitals is a contrast to last year, when operators struggled to meet targets during the second quarter amid lower admissions and challenging labor market conditions.”
  • Per Fierce Healthcare
    • “Cigna is teaming up with Virgin Pulse to launch a new, personalized digital health program for its members.
    • “The new platform will be available through the myCigna portal and allows users to set their personal health goals and track daily progress. They can then receive real-time feedback and guidance that’s based on the data they’ve submitted, according to an announcement.
    • “The tool will be offered to nearly 11 million members, Cigna said.
    • “Cigna said it will make the platform available beginning Jan. 1 to people enrolled in its employer plans. It intends to expand further over time.”

Tuesday Tidbits

David ErmerFDA, Federal employment benefits, Mental health care, OPM, Rx coverage, U.S. Healthcare, Uncategorized
Photo by Patrick Fore on Unsplash

From Washington DC —

  • FedScoop reports
    • “Amid scrutiny of the retirement services division within the Office of Personnel Management, congressional inquiries to the agency have grown drastically, according to a February letter sent by Retirement Services Associate Director Margaret Pearson.
    • “According to the missive, which was sent in response to questions from House lawmakers, OPM’s Congressional, Legislative, and Intergovernmental Affairs branch received more than 9,000 congressional inquiries in 2022, compared with more than 3,000 in 2020. In other words, the number of inquiries from Congress to the agency has approximately tripled in three years.”
  • Fedsmith adds
    • “The latest data from the Office of Personnel Management (OPM) show that the backlog of outstanding retirement claims now stands at 17,047, 4.1% higher than at the end of June. The number of incoming claims was much higher in July than in June, 7,261 versus 4,854, respectively, a difference of 50%. Although OPM still processed nearly the same number of claims in July (6,584) as in June (6,609), this served to drive the backlog higher.
    • “Another contributing factor was that the monthly average processing time was higher in July than in June. It took OPM 85 days on average in July to process retirement applications versus 74 days in June. July was the second-highest monthly average processing time so far in 2023, second only to January (93 days).”
  • The Labor Department’s Assistant Secretary for Employee Benefits Security, Lisa Gomez, blogs about the ACA regulator’s proposed amendments to the federal mental health and substance use disorder rule. Why must all of the pressure to improve mental health care be placed on health plans?
  • Federal News Network says,
    • “The Postal Service is falling short of its goal to turn around its financial losses this year, but is pointing to an ongoing shakeup of its nationwide delivery network as a critical part of its plan to break even by the end of the decade.
    • “Postmaster General Louis DeJoy said Tuesday that “more aggressive cost reductions to operations” are needed to keep USPS’ long-term financial goals within reach — and that USPS reshaping its nationwide delivery network is key to those savings.
    • “This undertaking is massive and long overdue, and time is of the essence if we wish to enjoy the benefits of this cherished institution for years to come,” DeJoy told the USPS Board of Governors.
    • “USPS reported a $1.7 billion net loss for the third quarter of fiscal 2023, and is expected to see a net loss for the entire fiscal year.”

From the public health and Rx coverage fronts–

  • STAT News informs us
    • “The momentum around weight loss drugs is about to get even bigger in the wake of Novo Nordisk’s announcement that its semaglutide drug Wegovy cut the risk of cardiovascular disease by 20% in its large SELECT trial.
    • “The full results of the study, funded by Novo, will be presented at the American Heart Association meeting in November. Doctors and researchers say they expect the findings to have a big impact on how clinicians approach the treatment of both obesity and cardiovascular disease, as well as increase the likelihood that prescriptions for obesity drugs will be covered by insurance.
    • “But experts who spoke with STAT also cautioned that the long-term safety and efficacy of Wegovy and other weight loss drugs remain unknown. The SELECT study has yet to be peer-reviewed, and not enough information is yet available to make independent assessments of the results.”
  • The Wall Street Journal adds,
    • “The surging demand for GLP-1s has prompted analysts to raise their forecasts for the global obesity market, with Morgan Stanley recently revising its estimate to $77 billion in annual sales by 2030, up from $54 billion.
    • “For now, doctors are prescribing more of Mounjaro and Wegovy than the companies can make, with a lack of manufacturing capacity frequently leading to shortages. Eli Lilly on Tuesday reported $980 million in Mounjaro sales in the second quarter, trouncing analyst estimates of $740 million on FactSet. The Mounjaro beat allowed the company to raise its annual guidance as well. Mounjaro is approved for diabetes and is expected to receive Food and Drug Administration approval for obesity treatment this year, though doctors are already prescribing it off-label.”
  • The Wall Street Journal also lets us know,
    • “Women are closing a gender gap, but it isn’t a good one: They’re catching up to men when it comes to problem drinking.
    • “Women’s drinking, on the rise for the past two decades, jumped during the pandemic as women reported more stress. Although men still drink more alcohol than women and have higher alcohol-related mortality rates, doctors and public health experts say women are narrowing that divide.
    • “Alcohol-related emergency department visits, hospitalizations and deaths are increasing faster for women than for men. And studies suggest that women are more susceptible to alcohol-related liver inflammation, heart disease and certain cancers.”
  • Independence Blue Cross announced,
    • ” Independence Blue Cross (Independence) and the Colorectal Cancer Alliance (the Alliance) announced the launch of 45+ Reasons, a campaign to get more than 5,000 Black Philadelphians ages 45-75 screened for colorectal cancer to reduce the significantly higher incidence and mortality rates of Black Americans. The campaign supports the Cycles of Impact initiative launched by Independence and the Alliance in 2022.
    • T”he campaign is a flagship program of Philadelphia’s Accelerate Health Equitya city-wide initiative to produce tangible improvement in health inequities, and ultimately achieve measurable, positive changes in health outcomes in Philadelphia. Colorectal cancer screening and treatment is a priority area for Accelerate Health Equity.”
  • The All of Us Program released its August 2023 newsletter.
  • Fierce Healthcare tells us,
    • “There has been a 2% rise in maternity care deserts since 2020—meaning 1,119 additional counties, a new analysis suggests.
    • “The latest 2022 report on maternity care deserts, put together by nonprofit March of Dimes (PDF), relied mostly on 2019-20 data for its analysis.
    • “It classified more than a third of all U.S. counties as maternity care deserts in the report. These were defined as counties with no hospitals or birth centers offering obstetric care and no obstetric providers. 
    • “Nationwide, 5% of counties have less maternity access than two years ago while 3% shifted to higher access. Florida had the most women impacted by improvements to maternity care access, while Ohio had the most women impacted by overall reductions in access to care.” 

From the U.S. healthcare business front —

  • BioPharma Dive relates
    • “Eli Lilly became the most valuable healthcare company in the U.S. after a stock price surge Tuesday morning propelled the Indianapolis drugmaker’s market value above $500 billion for the first time in its 147-year history.
    • “Shares jumped 15% on second-quarter earnings that showed the company’s revenue rose by 28%, driven by fast sales of its diabetes medicine Mounjaro. The drug has attracted intense interest for its potential as an obesity treatment, a use for which it’s expected to earn Food and Drug Administration approval later this year.”
  • STAT News reports that Sage Therapeutics finds itself under financial pressure due to the FDA’s decision to approve its new drug for postpartum depression but not other types of depression.
    • “Sage’s chief business officer, Chris Benecchi, declined to name a price or a price range for Zurzuvae, saying that the company is working together with its partner Biogen to “determine adjustments for thinking on price given the PPD label.” Sage expects the drug to be available in the fourth quarter following its scheduling by the Drug Enforcement Administration because of the drug’s low potential for misuse.
    • “Sage hosted the pre-market call without Biogen, raising analysts’ eyebrows as the two companies signed a commercialization deal in 2020 valued at over $1.5 billion, predicated on the hope that zuranolone would become a blockbuster drug for major depression. Despite many questions about what exactly would be needed for the drug to get FDA approval for major depression and whether Biogen would continue its partnership with Sage, Greene declined to give any insight into how committed Sage and Biogen are to pursuing the MDD indication, or whether Biogen was going to vacate the partnership.”
  • Healthcare Dive offers five takeaways from the health insurers’ second-quarter earnings.
    • “Major health insurers saw their shares dip coming into the second quarter, as investors prepared themselves for skyrocketing medical costs due to seniors returning for outpatient care.
    • “But health insurers generally outperformed market expectations in the quarter, helped by cost control measures.”
  • Meanwhile, the American Hospital Association’s President takes these health insurers to task in U.S. News and World Report for imposing cost control measures.

Weekend update

David ErmerCongress, FDA, Rx coverage, U.S. Healthcare, Uncategorized

From Washington, DC —

  • While on August recess, Congress is holding four out-of-town hearings.
  • The recently proposed mental health parity rule was published in the Federal Register last Thursday. The deadline for public comments is October 2, 2023.
  • WTOP reports,
    • “President Joe Biden has asked Cabinet officials to “aggressively execute” plans to bring federal employees back to their offices, ending a precedent of remote work that started during the COVID-19 pandemic three years ago, according to multiple sources.
    • Axios first reported that White House Chief of Staff Jeff Zients sent an email on Friday to every member of the Cabinet saying federal agencies must return to in-person work “because it is critical to the well-being of our teams and will enable us to deliver better results for the American people.”
    • “Zients said remote work won’t be completely eliminated, but that in-person time will be prioritized to “build a strong culture, trust, and interpersonal connections” within agencies, according to The Washington Post.”

From the public health front —

  • Fortune Well provides more background on the new Sage Therapeutics drug that the Food and Drug Administration approved to treat post-partum depression last Friday.
    • “In trials, zuranolone [trade name Zurzuvae] showed a “rapid reduction of depressive symptoms starting as early as day three—after two doses of medicine—and showed continued improvement through day 15,” Deligiannidis said, adding that the drug continues to work even after patients stop taking it, for 45 days in all.
    • “The fast-acting, temporary nature of the drug stands in contrast to standard-of-care antidepressants that might otherwise be prescribed. Such medications—typically SSRIs, or selective serotonin reuptake inhibitors, which increase serotonin levels in the brain—usually take four to six weeks to begin to work, and two to three months to fully kick in, according to Deligiannidis. * * *
    • “Because zuranolone is a controlled substance, the U.S. Drug Enforcement Administration now has 90 days to assign a schedule to it. Earlier this week, Chepke predicted it would be designated a Schedule IV drug or one with a low potential for abuse and dependence like Xanax, Valium, Ativan, and Ambien.
    • “From there, he anticipated it would soon be in the hands of prescribers and patients, where it’s sorely needed. * * *
    • “Sage Therapeutics and co-developer Biogen had also applied for approval to use the drug in cases of major depressive disorder. The federal agency on Friday did not issue a ruling on such use.”
  • NPR Shot tells us “Testing your genes for cancer risk is way cheaper now — and it could save your life.”

From the Rx coverage front —

  • The FEHBlog wants to point out the Center for Biosimilars website, which is chock-a-block full of useful articles on this important topic.
  • BioPharma Dive reports
    • “The Food and Drug Administration on Friday approved a second medicine for a common type of vision loss, clearing a drug developed by biotechnology company Iveric Bio for geographic atrophy.
    • “The monthly eye injection, which will be sold as Izervay, is meant to slow the progression of the condition, which Iveric and its new owner, Japanese drugmaker Astellas Pharma, estimate affects 1.5 million people in the U.S.
    • “The FDA’s decision on Izervay follows about six months after the agency greenlighted the first geographic atrophy treatment, Apellis Pharmaceuticals’ Syfovre. Both drugs work by blocking a part of the immune system, slowing the growth of eye lesions and, in theory, preserving vision. Such a benefit on visual function hasn’t been proven yet, however.
    • “The medicines are expected to become blockbuster sellers.”

From the U.S. healthcare business front —

  • KFF News offers “An Early Look at What is Driving Health Costs in 2024 ACA Markets.”
    • “This updated analysis of marketplace insurers’ early rate filings are requesting a median premium increase of 6% for 2024, which they say is largely due to price increases for medical care and prescription drugs. Insurers’ rate requests are preliminary and may change during the review process before being finalized in late summer.
    • “In addition to inflation’s impact on medical costs, insurers say the higher premiums are a result of growth in the utilization of health care, which fell in 2020 but has since returned to more normal levels.
    • “The analysis is available on the Peterson-KFF Health System Tracker, an online information hub dedicated to monitoring and assessing the performance of the U.S. health system.”
  • Although the FEHB is affected by the same cost drivers, OPM’s wise decision to approve the use of Part D EGWPs in the FEHB for 2024 will offset these cost drivers to a substantial extent.

Cybersecurity Saturday

David ErmerCybersecurity, Generative AI, Uncategorized

From the cybersecurity policy front —

  • Cyberscoop reports
    • “President Biden on Wednesday nominated Harry Coker, a long-time CIA and National Security Agency official, to serve as the next national cyber director, a choice that elevates a relatively unknown official to take on a high-profile assignment as the president’s leading cybersecurity adviser. 
    • “Coker’s nomination ends a protracted search to replace Chris Inglis, who led the Office of the National Cyber Director until February after leading efforts to draft the administration’s cybersecurity strategy. 
    • “Leading voices in Capitol Hill have urged Biden in recent weeks to nominate Inglis’s deputy, Kemba Walden, who has been serving as the acting director. Despite the support of key lawmakers, the White House passed on elevating Walden to the permanent position — reportedly out of concern that her significant financial debts might hinder her confirmation before the Senate.”
  • The Cybersecurity and Infrastructure Security Agency tells us,
    • “Now that the cross-sector CPGs have been published, CISA is working with Sector Risk Management Agencies (SRMAs) to directly engage with each critical infrastructure sector to develop Sector-Specific Goals (SSGs).  In most instances, these goals will likely consist of either new, unique additional goals with direct applicability to a given sector or, materials to assist sector constituents with effective implementation of the existing cross-sector CPGs. Sector-specific goals will be developed by:
    • “Identifying any additional cybersecurity practices not already included in the Common Baseline, needed to ensure the safe and reliable operation of critical infrastructure in that sector.  
    • “Providing examples for recommended actions specific to the infrastructure and entities in that sector; and  
    • “Mapping any existing requirements (e.g., regulations or security directives) to the Common Baseline and sector-specific objectives and/or recommended actions so stakeholders can see how their existing compliance practices fulfill certain objectives.  
    • “As there are 16 Critical Infrastructure sectors with varying needs, CISA will be tackling this effort in several phases. The first four sectors CISA is working with include the Energy, Financial Services, IT, and Chemical Sectors. In addition, CISA will be working throughout the year with the Water/Wastewater Sector, Healthcare Sector, and K-12 Subsector on identifying approaches for how organizations in those sectors/subsectors can enhance their cybersecurity posture through the implementation of the existing body of cross-sector goals.”
  • Here is a link to the website for the healthcare sector coordinating council (HSCC), whose work the FEHBlog will begin to track. Surprisingly to the FEHBlog, OPM is not an HSCC member.

From the cybersecurity breaches and vulnerabilities front —

  • Cybersecurity Dive informs us,
    • “Healthcare continues to be the most expensive industry for data breaches, beating out other sectors for the 13th year in a row, according to research conducted by the Ponemon Institute and published by IBM Security
    • “The average cost of a healthcare data breach reached nearly $11 million in 2023, an increase of 8% from last year and a 53% jump since 2020, the report found. 
    • “Although the healthcare sector faces high levels of industry regulation, expenses accrued from data breaches in the sector were almost double compared to the financial industry, which saw the second-most expensive data breaches at $5.9 million.”
  • Cybersecurity Dive adds
    • “The investigation phase of data breaches is the fastest growing and costliest category of data breach expenses, contributing to the consistent year-over-year increase in costs. Detection and escalation costs jumped almost 10% to nearly $1.6 million per incident, IBM found.
    • “The breadth and depth of incident response investigations are scaling up directly with the overall costs, along with the off tempo of the criminal,” John Dwyer, head of research at IBM Security X-Force, told Cybersecurity Dive.”
  • On a related topic, Cybersecurity Dive lets us know,
    • “Valid account credentials are at the root of most successful threat actor intrusions of critical infrastructure networks and state and local agencies, according to the Cybersecurity and Infrastructure Security Agency.
    • “Valid credential compromise combined with spear-phishing attacks accounted for nearly 90% of infiltrations last year.
    • Valid accounts, including former employee accounts, not removed from the Active Directory and default administrator credentials, were responsible for 54% of all attacks studied in the agency’s annual risk and vulnerability assessment released Wednesday.
    • Spear-phishing links — malware-laced emails sent to targeted individuals — were responsible for 1 in 3 attacks, the report found.
    • The success rate of these techniques underscores the staying power of the most common methods threat actors use to gain initial access to targeted systems.
  • Cyberscoop relates
    • “Apple on Monday issued its third security update in roughly a month to remedy vulnerabilities exploited in Operation Triangulation, a spyware campaign that researchers say specifically targeted iMessage users in Russia. 
    • “The Russian arm of cybersecurity firm Kaspersky on June 1 revealed the details of a zero-click iOS exploit. The company’s researchers said they discovered it while monitoring the company’s own corporate Wi-Fi network dedicated to mobile devices. The findings were released the same day Russia’s Federal Security Service, or FSB, said it had uncovered an American espionage operation targeting Apple devices in Russia in cooperation with Apple. 
    • “Apple told CyberScoop at the time that it had “never worked with any government to insert a backdoor into any Apple product and never will.”
  • Per Cyberscoop,
    • “Executives, researchers and engineers at big tech companies and startups alike working on artificial intelligence face a growing threat from criminal and nation-state hackers looking to pilfer intellectual property or data that underlies powerful chatbots, the FBI warned on Friday.
    • “The growing risk coincides with the increasing availability of AI tools and services to the general public in the form of products such as OpenAI’s ChatGPT, or Google’s Bard, for instance, as well as the increasing ease and ability for many companies to develop AI language models.
    • “The warning comes two days after FBI Director Christopher Wray and Bryan Vorndran, the agency’s assistant director, cyber division, warned about the distinct AI-related threats from China, which political leaders in the U.S. and Europe have long warned wants to dominate all aspects of AI research and implementation.”
  • Per Security Week,
    • “New guidance from the Australian Cyber Security Centre (ACSC), the US Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) warns developers, vendors, and organizations of access control vulnerabilities in web applications.
    • “Described as insecure direct object reference (IDOR) issues, they allow threat actors to read or tamper with sensitive data via application programming interface (API) requests that include the identifier of a valid user.
    • “These requests are successful because the authentication or authorization of the user submitting the request is not properly validated, the three agencies explain.”
  • CISA added an additional known exploited vulnerability to its catalog on July 25, July 26, and July 27, 2023.
  • Yesterday CISA “published three malware analysis reports on malware variants associated with the exploitation of CVE-2023-2868. CVE-2023-2868 is a remote command injection vulnerability affecting Barracuda Email Security Gateway (ESG) Appliance, versions 5.1.3.001-9.2.0.006. It was exploited as a zero-day as early as October 2022 to gain access to ESG appliances. According to industry reporting, the actors exploited the vulnerability to gain initial access to victim systems and then implanted backdoors to establish and maintain persistence.”
  • Also, yesterday, CMS shared its MOVEIt breach notice to Medicare beneficiaries.

From the ransomware front —

  • HelpNet Security points out that “In the Q2 2023, GuidePoint Research and Intelligence Team (GRIT) tracked 1,177 total publicly posted ransomware victims claimed by 41 different threat groups.”
  • Here is a link to yesterday’s The Week in Ransomware from Bleeping Computer.
    • “With ransom payments declining, ransomware gangs are evolving their extortion tactics to utilize new methods to pressure victims.
    • “This was seen by both the Clop and BlackCat/ALPHV ransomware gangs, who began utilizing new tactics as part of their extortion schemes.
    • “Clop has begun to create clear websites to leak data stolen during the MOVEit Transfer attacks, similar to a tactic introduced by ALPHV in 2022.”

From the cybersecurity defenses front —

  • TechRepublic shares cybersecurity defense ideas included in the Ponemon/IBM report.
  • Forbes offers a cybersecurity expert’s view on adopting a new paradigm in cybersecurity stemming from this conundrum:
    • Today, companies that house secure data and information are encountering an accessibility dilemma: On the one hand, they face an increased need for security and privacy of data, particularly as cyber threats become self-generating and more sophisticated. On the other hand, the value in securing assets lies in being able to utilize them, share them, and transact them effectively and efficiently with intended stakeholders so as to improve customer service and attain competitive differentiators. Companies struggle to balance these needs with the imperative to secure these data, particularly in accordance with certain industry standards or digital privacy regulations

Weekend update

David ErmerCongress, SCOTUS, U.S. Healthcare
Photo by Dane Deaner on Unsplash

From Washington, DC —

  • The Wall Street Journal reports
    • “President Biden signed into law bipartisan legislation that suspends the $31.4 trillion debt ceiling, narrowly avoiding an unprecedented U.S. default that could have pushed the economy into a recession and touched off a financial crisis.
    • “The president signed the bill on Saturday afternoon, just two days before the government was set to run out of money to pay all of its bills, according to Treasury Department estimates.
    • “The legislation’s enactment caps weeks of tense negotiations between the White House and House Republicans that were spurred by GOP lawmakers’ demands to cut spending in exchange for raising the nation’s borrowing limit.
    • “The Fiscal Responsibility Act suspends the debt ceiling through Jan. 1, 2025, pushing the issue beyond the 2024 elections, in exchange for cuts in unspecified domestic programs and a 3% cap on increases for military spending in fiscal 2024.
    • “It provides $45 billion for a recently created program expanding coverage for veterans exposed to toxic burn pits, formally ends a three-year freeze on student-loan payments, expedites large-scale energy and infrastructure projects and raises to 54 the age at which able-bodied, low-income adults without dependents must work to receive food aid.”
  • The Supreme Court will continue to issue opinions from its October 2022 term. The Supreme Court now releases opinions on Thursdays, instead of Mondays.

From the miscellany front —

  • NPR Shots reports that “Vaccination and awareness could help keep mpox in check this summer.”
  • Health Payer Intelligence informs us
    • “After engaging in a free program provided by Capital Blue Cross (Capital), type 2 diabetes patients experienced a variety of health improvements along with noticeable financial benefits, according to a press release that HealthPayerIntelligence received by email.
    • “According to the Centers for Disease Control and Prevention (CDC), about 37 million people in the US have diabetes, accounting for 11 percent of the population. The CDC also noted that about 1 in 3 Americans will develop diabetes at some point during life.
    • “However, in 2021, Capital [which serves central Pennsylvania] began providing a program that aimed to lessen the effects of type 2 diabetes. Along with this, the insurer launched a program that aimed to lessen the risk of developing the disease, while helping those with the disease handle its effects.
    • “According to a Capital update released earlier this month, the program has led to various positive effects.”
  • HR Dive tells us
    • “Employees who take Family and Medical Leave Act leave in partial or intermittent increments during a week may not have holidays that fall during the same week counted against their FMLA leave, U.S. Department of Labor Principal Deputy Administrator Jessica Looman wrote in an opinion letter May 30. 
    • “On the other hand, if an employee uses a full workweek of FMLA leave during a week that includes a holiday, that holiday counts against their FMLA leave allotment, she said.
    • “This method of counting holidays is not a change from past provisions, Looman clarified, saying the department has used the same approach since the first publication of its FMLA regulations in 1995.”