CVS has dropped another sandal as to their quest to add primary care and home health to their portfolio [TTA 5 Aug]. Reports indicates that CVS Health is bidding to acquire Signify Health, which is up for sale. Signify is best known as a major provider of in-home health care in both evaluations and community-based services, with users such as health plans, health systems, community groups, non-profits, and government. In March, they added provider value-based care with Caravan Health, a mid-sized Accountable Care Organization (ACO) management service organization (MSO), for $250 million.  This would give CVS both leverage in in-home care and access to value-based care models in health systems and practices, adding a network of jumbo (100,000 lives+) ACOs to Aetna’s 500 ACOs.

Signify did take a bit of a bath with its acquisition/merger of Remedy Partners in 2019 which marked their entry into the Federal shared savings programs around Episodes of Care. While it created a $600 million company. Remedy’s Episodes of Care in the CMS Bundled Payments for Care Improvement (BPCI) program was always problematic for Signify on multiple levels (Editor’s experience). Signify announced its exit from the successor BPCI-A (Advanced) model last month to concentrate on home care and the Caravan business. The wind-down, which will take some time as these are Federal programs through CMS, will save Signify about $115-120 million in costs, compared to their annual direct and shared costs of $145 million. Restructuring costs such as severance may be only $35 million. After IPO-ing in February 2021 at $24 per share, it has only recently climbed to $23, having recently hit a 52-week low of $10.70. FierceHealthcare, HealthcareFinanceNews

Updated Perhaps in preparation for acquisition, Signify Health is shedding 489 people starting 1 October, including 45 in Connecticut, with the remainder in Texas, South Dakota, and New York. The information comes from required notices to the Connecticut Department of Labor. The majority of employees affected are remote workers. It appears to be related to Signify’s winding up of BPCI and Episodes of Care activity which are likely on calendar year contracts. The legacy company, Remedy Partners, had been headquartered in Connecticut with staff in New York. Moving forward with layoffs now makes the company more attractive for sale, as the separation expenses will not be an acquiring company liability. The 1 October start date is also a tell.  CT Insider, Becker’s

A mixed picture for Babylon Health. Its Q2 results were up substantially in revenue–4.6x year-over-year from $57.5 million to $265.4 million–along with key indicators such as US members up 220% and a 7.5% improvement in medical margins over three quarters. The US has been very very good to Babylon with value-based care membership growing 3.2x year-on-year to a total of approximately 269,000 US VBC members with 40% of its VBC revenue from Medicare contracts. However, losses are up along with growth–$157.1 million compared to $64.9 million loss PY. Babylon at end of July announced worldwide layoffs of at least 100 people of its current 2,500 in their bid to save $100 million in Q3. Babylon release, Mobihealthnews

Geisinger Health was one of the pioneers in telehealth and remote patient monitoring, from ur-days in the early 2010s to today. Much of its patient base in Pennsylvania is rural or semi-rural, living well away from care centers, with a clinician base equally scattered. They went with a single system–Teladoc–integrated into Epic. By the early days of the pandemic, Geisinger was able to expand their telehealth coverage from 20 to more than 70 specialties, 200 providers to more than 2,000 providers, and over two years (2020-2022) completing over 784,000 telehealth visits to homes, local clinics, or local hospitals. Case study in HealthcareITNews

If you’re a health system CIO managing lots of connected devices, you may need to go to a psychiatrist with your feelings of insecurity. That’s the gist of a new report, the Insecurity of Connected Devices in Healthcare 2022. A new-to-this-Editor cybersecurity firm, Cynerio, partnered with researchers at the Ponemon Institute to survey 517 executives at US health systems to find that their Internet of Medical Things (IoMT)/Internet of Things (IoT) vulnerabilities haven’t changed much since this Editor banged the gong about them well before the pandemic:

• Cyberattacks–frequent: 56% of respondents experienced 1+ cyberattacks in the past 24 months involving IoMT/IoT devices; 58% averaged 9+ cyberattacks. Adverse impacts on patient care were reported by 45% and 53% of those resulted in increased mortality rates. 24% of hospitals noted an impact on their mortality rates.
• Data breaches are routine: 43% of hospitals had one in the past two years
• Risks may be high, but the reaction is sluggish: 71% rated security risks as high or very high, but only 21% report a mature stage of proactive security actions. 46% performed accepted procedures such as scanning for devices, but only 33% keep inventory.
• Ka-ching! Goes the ransomware! When attacked, 47% paid the ransom, and 32% were in the $250-500,000 range.

The full report is available for download here. Those who prefer a webinar must wait till 17 August at 2pm (EDT)–registration here.  Cynerio release, HealthcareITNews

Updated. Having sat in on the webinar, some further information points from the Ponemon survey deepen the ‘gravity of the risk’:

• IoT is different because a hack or cyberransoming prevents the device from working. It isn’t fixed by backup as data can be.
• Health systems are still using IoT computer systems running Windows XT/95–and earlier (!)
• The average total cost of the largest data breaches is $13 million–the most common cost is in the $1-5 million range. 
• 88% of these data breaches involved at least one IoT/MT device
• Risks are known, but action is lagging. 72% of health organizations report a high level of urgency in securing devices–yet 67% of organizations do not keep an inventory of IoT/IoMT devices that they scan
• 79% don’t consider their activities to be ‘mature’
• Security investment doesn’t reflect the gravity of the risk–only 3.4% of IT budgets focus on IoT/MT device security.

And in sad layoff news, Owlet Baby Care is shedding an unknown number of employees. Here is the notice on LinkedIn. We noted their FDA problems and a fast pivot last in February, but their going public via a SPAC has been rocky at best with shares lingering at $2 from the IPO at $8. Marketing a pricey baby monitor direct to consumer is expensive, even if it meets a need, and this is likely a cash crunch. At least the ‘leader of people & culture’ is giving them a proper sendoff of thanks–and more usefully, providing their contact information for potential job openings with other companies.

[This is in contrast to the gone-viral spectacle of the CEO of something called HyperSocial posting on LinkedIn his angst about laying off staff–along with a selfie of him weeping. Not exactly confidence-making and All About Him. This Editor’s comment is one of 6,000-odd posts which are largely doubtful to negative.]