Mid-week short takes: Ireland’s HealthBeacon bought by Hamilton Beach (!), Ambience AI raises $70M, VA to develop VR mental health app with Mynd Immersive

February 7, 2024 | by

Dublin’s HealthBeacon PLC has been sold to Hamilton Beach Health. HealthBeacon is an app platform/device/injection care management system that integrates with patient support programs to remind them to inject their medications on schedule. Since its formation in 2021, Hamilton Beach Health has marketed the HealthBeacon Smart Sharps Bin in the US. HealthBeacon was founded in 2013, currently has 50 employees and operates in the UK, Europe, North America, and Australia. Acquisition cost was not disclosed, but HealthBeacon’s current investors over 10%, according to their investor page, are Cantor Fitzgerald Ireland Client Nominees Limited, Oyster Capital Investments Limited, James Joyce (CEO), and Canaccord Genuity Wealth Management.

Kieran Daly, a co-founder of HealthBeacon, will run day-to-day operations reporting to Rob George, VP of Hamilton Beach Brands, now Global General Manager. This Editor had surprisingly never heard that Hamilton Beach, associated more with kitchen appliances, had a Health division among the mixers, electric kettles, and garment steamers. Release

Ambience Healthcare raised a healthy $70 million Series B. It was led by Kleiner Perkins and OpenAI Startup Fund. Ambience Healthcare is (naturally) in the hot healthcare AI sector with four applications (soon to be five) described as an ‘operating system’ for the end-to-end patient journey through nearly all specialties and integration with six major EHRs. Current deployments are with UCSF, Memorial Hermann Health System, John Muir Health, The Oncology Institute, GI Alliance, Midi Health, and Eventus WholeHealth. Results claimed are reduction in documentation time by an average of 78%, improvement in coding integrity, and at least a 5X return on investment. Release

VA to develop VR extended reality (XR) mental health app with Mynd Immersive. Mynd’s market has generally been in senior and post-acute care as a digital therapeutic using the HTC Vive VR glasses and programming ranging from speech, cognition, and behavioral therapies to recreation and pleasant distraction. Mynd is used by the VA in 100 long-term care facilities across the country. The new VA/Mynd partnership is targeted to Vietnam veterans to provide them with virtual journeys created specifically for Vietnam veterans via a project titled “Virtual Vietnam: A Path to Peace.” As this generation is now reaching their senior years, old conditions such as PTSD and new ones such as isolation occur, reviving or exacerbating Vietnam War memories. The Virtual Vietnam project is a three-year cooperative research and development agreement. Healthcare IT News, VA/Mynd release  TTA 9 Nov 23 on Mynd’s recent study on effectiveness with Stanford University’s Virtual Human Interaction Lab. 

Two Must Reads: Is AI the next hype bubble replacing crypto–and capable of great harm?

February 7, 2024 | by

crystal-ballTwo articles that consider the current state of AI to read and ponder. On one hand, far less than what it’s hyped to business–especially healthcare–and on the other, more malevolent with great potential for harm.

The first article by Gintaras Radauskas in Cybernews confirmed this Editor’s misgivings on exactly what is artificial intelligence (AI) and the unrealistic expectations around it. It seems that a lot of the thinking around AI is doubletalk–gibberish, as he put it, leading off with analyzing a recent interview of Sam Altman of Microsoft-backed OpenAI and its chatbot ChatGPT. 

“To me, AI looks like a solution to a problem that’s not a problem – or, actually, a non-solution to the very real problems that are not going away.”

  • He draws parallels to cryptocurrency, which was widely hyped in the past few years as a secure alternative currency that was off the dollar and global bank grid. Even large banks, financial institutions, and big VCs like Sequoia Capital were sucked in. And real people did lose real money–famous football quarterback Tom Brady to African and Indian students.

This Editor knew the high and nonsensical point of the bubble was when she was in her local Shoprite perhaps two years ago and after checkout, next to the NJ Lottery machine and containers of sidewalk deicer, there was a machine that would convert my very real US greenbacks to crypto. The end of the bubble was the FTX bankruptcy in November 2022, then the arrest followed by last year’s trial and conviction of FTX’s Sam Bankman-Fried. Gaining little notice was that FTX was itself hacked and drained in a SIM-card swapping scheme in late 2022 before its collapse that emptied the accounts of 50 people. Those three perpetrators were indicted earlier this month. CNBC

  • When crypto imploded, ChatGPT took its place in the TechWorld Hype Universe. Bank of America terms it a ‘defining moment–like the internet in the ’90s’. For those of us who were around then, there were bulletin boards (!), multiple platforms (AOL), something called search engines (AltaVista, Dogpile), and lots of websites that surfaced and then went under the waves. A lot of money changed hands and a lot of parties were thrown before the dot.com bust. Unlike the internet boom, AI is already dominated by the tech giants like Microsoft (OpenAI) and Google (Bard, now Gemini) so it’s actually less of a risk for the large companies eager to use it.

But then why are these large companies not on board yet? “Only 3.8% of businesses reported using AI to produce goods and services, according to November’s Business Trends and Outlook Survey. It’s safe to say we’re very, very far away from mass adoption and use of AI.”

Perhaps it’s this. AI has already been parodied as a highly sophisticated long-form autocomplete tool. Your Editor has experimented with generative AI via Microsoft’s Bing. Example: an article on a non-healthcare topic, antique auto restoration. It was largely but not entirely accurate. But it was written at about a fifth-grade level in a style that was flat and uninteresting–the dumbing-down of the value of copy to inform and persuade continues. (Companies look at writers and marketers as an expense to be eliminated, not managed. As a marketer from the start of my career, and who worked for or with some of the best-known US agencies renowned for creativity, I would not recommend that career path to anyone today.) 

  • And finally, the ultimate use of AI is to get rid of people. That is what automation does. And while it can increase accuracy, speed, and take away drudgery in tasks like healthcare billing and coding, healthcare is about people–and while it can make it appear more responsive, when the humans are gone, will only the chatbots be left, with coding that endlessly replicates itself, like the automated phone menus that leave you in the ether with your questions unanswered–except it’s your diagnosis or information that your doctor’s trying to obtain? And what happens to the professionals trained to do these tasks and who already use automation tools to do their work? What happens when AI picks up and propagates a wrong treatment or surgical technique? This is not quite the analogy of the blacksmith and horseshoes or film versus video. We are ill equipped to deal with the societal effects of training people for jobs that no longer exist and concentration of technology into a very few companies.

And if we leave these tasks to AI without human intervention and supervision, what will happen?

The second article, linked to in the first, could be titled after the 1960s movie ‘Experiment in Terror’. Imagine asking AI about you. It tells you you’ve died and gives links to your obituary. Alexander Hanff, a founder of IT companies, computer scientist, and privacy technologist did. And ChatGPT repeatedly told him he was dead, complete with fake links to his obit in the Guardian and very convincing text. Now imagine you’re applying for a job, a loan, a mortgage, or a passport. The AI tool tells the employer, the bank, and the Feds that you’re dead. Hanff was already warned by a professional colleague who conducted the same exercise and received a bio back with false information. This deep fakery, origin unknown and undiscoverable, is huge potential for harm. Conclusion:

“Based on all the evidence we have seen over the past four months with regards to ChatGPT and how it can be manipulated or even how it will lie without manipulation, it is very clear ChatGPT is, or can be manipulated into being, malevolent. As such it should be destroyed.” ®

Hanff has company with Steve Wozniak of Apple on this [TTA 5 May 2023]. Read this one all the way through. And be scared. The Register

News roundup: Cano Health files Ch. 11 bankruptcy, delisted (updated), Walgreens lays off more, Allina Health outsources 2,000 RCM jobs to Optum

February 6, 2024 | by

Cano Health’s telenovela moved to a Delaware court, where it filed for Chapter 11 bankruptcy. This prearranged voluntary Chapter 11 was filed on Sunday 4 February in the US Bankruptcy Court for the District of Delaware. Based on this Editor’s reading of their release, it’s a prepackaged reorganization of this beleaguered primary care provider. It also promises an exit by Q2 2024. It features several parts that have to be approved by the Court in short order:

  • A Restructuring Support Agreement (the “RSA”) with major lenders (the “Ad Hoc Lender Group”). They hold approximately 86% of Cano’s secured revolving and term loan debt and 92% of its senior unsecured notes. The RSA provides for the conversion of nearly $1 billion in secured debt to a combination of new debt and full equity ownership in the reorganized company. (See below as to what that means for Class A shareholders.)
  • Securing liquidity via a commitment for $150 million in new debtor-in-possession financing from certain of its existing secured lenders. 

In addition, Cano itemized several ‘first day’ motions to ensure continuity of operations–these also have to be approved by the Court: 

  • Paying associate wages, including for its doctors and nurses, without interruption
  • Continuing operations and honoring obligations to its affiliate physician groups
  • Ensuring patients at its clinics continue to receive quality value-based healthcare
  • Seeking authority to pay the existing pre-petition claims of certain vendors that are critical to the health and safety of Cano Health’s patients and critical to the operation of the Company’s medical centers.
  • Cano has authority to continue making ordinary course payments for all authorized goods and services provided on or after the filing date.

Earlier actions by their CEO laid groundwork for this reorganization through selling off operations and divesting staff. In September, they sold their Texas and Nevada operations to CenterWell Senior Primary Care, a unit of Humana, for $66.7 million, and exited California, New Mexico and Illinois late last year, with Puerto Rico winding up this quarter. Cano also cut 21% of staff (842 people) by November .

No comfort for their common Class A shareholders, though. Shareholders approved a 1 share for 100 reverse share split to buoy price last December, though the NYSE had notified Cano on 29 December of delisting based on their market capitalization not meeting their standards. Cano’s shares stopped trading as of last Friday at $2.30. What is usual, and signaled by the RSA conversion, is that common shareholders–probably including the infamous Cano 3 who owned about 35% of the shares–will receive bupkis, nada, zip, zero in the reorganization.

Update: The NYSE delisted Cano Health’s (CANO) stock late on Monday, citing the RSA conversion. Press release, Healthcare Dive.  The Class A shares are now listed OTC (the ‘pink sheets’) under CANOQ at $0.70. Shareholders are wholesale unloading with the day’s volume over 580,000 compared to the previous average of 340,000 shares.

Cano remains for sale during this process according to the release.

Here’s the 36-page filing, courtesy of Industry Dive. Healthcare Dive. FierceHealthcare dubbed this a ‘spectacular collapse’ (which it isn’t–that was Babylon Health) but includes some speculation from Ari Gottlieb, a principal at A2 Strategy Group whom this Editor has quoted before, that since Humana has a stake in and partnered with Cano, they should simply pick up what’s left. However, Humana may not be in a cash position to do so, given its recent losses in its Medicare Advantage business that also helped to sink Cano (partly paywalled). The local take in the Sun-Sentinel.

Less drastic but equally, more signs of the times:

Walgreens laid off 145 more staff, primarily in corporate. This follows on November’s 5% corporate layoff. No WARN notices have been filed and all are mum on what areas or states are affected. Nor is there any confirmation that this will be the end. Speculation is that more store closings are in the offing and once leaned down, Walgreens Boots Alliance will be sold off or parted out, with Shields Health Solutions perhaps the first on the block [TTA 25 Jan]. Healthcare Dive, Becker’s

Allina Health, a 10-hospital non-profit health system based in Minneapolis, Minnesota, is outsourcing 2,000 IT and revenue cycle management jobs to Optum. Happily, this is being done as a transition on 5 May from Allina to Optum with no layoffs or shift in workplace, as of this time. Rationale given is to trim needed expenses and ‘deliver on emerging spaces’, whatever that means.   Star-Tribune

*Updated for Cano Health delisting and additional information on Walgreens’ layoffs.

Sell NHS medical records to fund AI, biotech? Not quite what’s in the Blair-Hague report. (updated)

February 2, 2024 | by

A ‘sale’ not quite what the press reports. The former political rivals of the 1990s and early 2000s, Sir Tony Blair and Lord William Hague, joined forces again last week to release their third report.  “A New National Purpose: Leading the Biotech Revolution”, the third joint report available on Lord Hague’s website, would be to capitalize on what they described as “the fastest and most far-reaching [technological] revolution in the history of human civilisation” to make Britain a world leader in developing “gene therapies, of discovering new antibiotics and of building molecular factories.”

The three major points of the report are:

  1. Formation of a new laboratory, the Laboratory of Biodesign, to focus on the invention of new biotechnology, biomolecules, and therapeutics that are at too early a stage for commercial investors.
  2. Establishment of an NHS Data Trust (NHSDT, pages 33-36),designed for public benefit, with a controlling stake owned by NHS England and additional investments from companies. 
  3. For scaling up biotech, an expansion of the work of the British Business Bank, improved rules for Venture Capital Trusts and consideration of scale-up grants where companies will list in Britain. The recommendations go further into reforms in venture capital funds and capital markets.

#2 is the point making the headlines in the Independent and Sky News. The reports do not explain that the sale of the NHS medical records would be done through the NHSDT.  It would negotiate data-sharing agreements with external organizations and be capable of joining profit-sharing arrangements, while guarding that data would not be sold to third parties and be strictly anonymized. The plain language of the recommendation: “Provide research entities with access to the anonymised data in return for financial profit, which would benefit the NHS. This could happen via a range of mechanisms, varying from direct financial payment to negotiating cost-price access for the NHS to any medicines developed based on the data provided.” (page 35) Profits would be reinvested into the NHS. The analogy is to the for-profit parts of the BBC.

The report goes on to stress producing high-scale companies that stay in the UK, versus the current situation of exporting technology to the US. It also proposes a Biosecurity Task Force “to keep Britain and the rest of the world safe from biotech accidents and bad actors.”

It also addresses how the UK should address a future pandemic as a national security issue (pages 55-58) and restructure the UK Health Security Agency.

In AI, the report recommends the formation of the MediMind laboratory network that would work towards relieving pressure on the NHS through creating personalized AI doctors. This would be done in partnership with industry and the NHS. Last June’s report concentrated on AI.

(Update 2 Feb, Editor’s note: It dismays me again that professional reporters writing for reputable news websites misinterpreted the report as advocating the straight-up sale of NHS medical data. All one had to do was what this poor Yank marketer/writer did–search within the report, past the executive summary, into that section. But ‘selling NHS data’ is more ‘clickbaity’. 

Unfortunately, this Editor believes that these reports will be read, filed, and the same mistakes will be made, putting the UK further behind the proverbial 8-Ball…standard operating procedure.

Open forum below for our UK (and elsewhere) Readers.)

23andMe data breach may have targeted those of Jewish and Chinese heritage; company valuation crashes (updated)

February 2, 2024 | by

23andMe’s hole gets deeper. And deeper. As more dots are connected on their data breach–and financial situation.

Part 1: The data breach that exposed 6.9 million records at genetic testing and data company 23andMe isn’t only being fought in the courts as to who to blame (customers recycling already corrupted passwords versus a site vulnerability to brute-force hacking). It appears the hackers had specifically targeted people with Chinese or Ashkenazi Jewish heritage. Worse, 23andMe is not addressing that. The evidence was there as early as October.

  • 1 October: an unknown person posts on the 23andMe subReddit that they had customer records, posting a sample of the stolen data. Supposedly this is how 23andMe found out that their user data had been hacked and stolen. (Editor’s note–this zero-trust breach beggars credibility in a tech-oriented company.)
  • 6 October: 23andMe’s blog post announcement of the initial 14,000 records hacked in their customer base, which later grew to 6.9 million records revealed through the links to MyHeritage, in adding functionality to Family Tree, or sharing their information by opting into 23andMe’s DNA Relatives feature. 
  • 6 October: Wired’s reveal that earlier in that week, a hacker posted on BreachForums a data sample of what they claimed were 1 million records exclusively on those of Ashkenazi Jewish heritage, plus hundreds of thousands of records on those of Chinese heritage. By Wednesday, the hacker was selling what was claimed as 23andMe profiles with information on display name, sex, birth year, and details on genetic ancestry results, but not raw genetic data. Pricing was between $1 and $10 per account depending on number purchased.
  • By December, 23andMe was squarely blaming users for reusing passwords (credential stuffing), even if they created a unique password, and denigrating their right to demand legal accountability from 23andMe on their lax security procedures. [TTA 6 Dec 23, 19 Jan]

None of the contacts that 23andMe has made with users since October, including the letter sent to breached users (via TechCrunch) refers to any specific ethnic group targeting. 

World events made this targeting and timing very important. The brutal attack by Hamas in the south of Israel was the very next day after the breach was disclosed, 7 October. It killed 1,200 civilians, with over 200 hostages. Israel declared war on Hamas in Gaza which still goes on, as do the demonstrations against Israel and overt anti-semitism. Given the targeting evident in this breach of individuals with information for sale, by 11 January Representative Josh Gottheimer (CD-5, NJ) sent a letter to the director of the FBI to investigate the hacking, specifically because the information could be purchased via sites used by hackers to merch this type of information–and used to target Jews globally.

Third-party data included in the hack? There is also the possibility that DNA information from third parties such as Sequencing entered 23andMe’s database. In Illinois and other states, this type of sharing is illegal without specific consent. This information could also have been stolen without the knowledge of the individual. This has sparked additional class action lawsuits. The Times of Israel

Part 2: 23andMe is in poor shape financially. Like all too many companies that went public in 2021, 23andMe is a cracked SPAC that debuted in February 2021 above $16, with a company valuation of $6 billion, and now is trading on Nasdaq at $0.73 which gives the company a negligible value. Revenue is upside down and the company is torching through the $1.4 billion it raised both in the market and through private investment. The WSJ’s estimate in a far-reaching article is that it is 80% gone. Founder Anne Wojcicki’s stock has supervoting privileges which means she effectively controls the company, not the shareholders.

Both Ancestry (remember them?) and 23andMe had ups and downs from 2015 but the hype, especially after the Theranos implosion that year, was stunning. Genetics became The Next Big Thing That Would Save Health Tech. The large flaw–the market for genetic testing for ancestry and/or health is a ‘one and done’, which TTA predicted back in 2020 and earlier. Wojcicki guessed early on that a revenue model lay in selling de-identified genetic information to pharma. But their five-year exclusive deal with GSK ended last year and led to an 11% layoff [TTA 10 Aug 23]. Subscriptions for lifestyle counseling starting at $200 and exceeding $1,100 never took off. Growing their $4oo million Lemonaid buy from fall 2021 into a more robust and integrated telehealth platform never happened. Her long-term bet was moving into drug discovery using all that DNA data, but only two drugs of 50 have reached early-stage human trials.

Whether 23andMe will climb out of this crater, both financial and data security, as they did several times in early days, is to be seen. But Wojcicki’s personal brand apparently remains in great shape, unlike their data security. Also Futurism

*Updated 2 Feb for additional references, content, and copy editing

Short takes: Orion digital pain therapeutic to be commercialized by Newel Health; Verma to head Oracle Health; CVS to shut 25 LA-area MinuteClinics

February 2, 2024 | by

Orion Health licenses its chronic pain therapeutic to Newel Health. Orion’s ODD-533 (Rohkea), classified by FDA and the EU MDR as software as a medical device (MDSW or SaMD) will be developed, manufactured, and commercialized by Newel. Newel, located in Salerno, Italy, designs and commercializes digital medicine and digital therapeutics (DTx) for the US and EU such as Soturi, a digital therapeutic app for Parkinson’s Disease [TTA 23 Feb 23], Orion, located in Espoo, Finland, develops primarily human and animal pharmaceutical products. Orion release

Oracle wastes no time in finding a new Oracle Health head, Seema Verma. Conveniently in-house, the former head of the Center for Medicare and Medicaid Services (CMS) from April 2017 to January 2021 joined Oracle in April last year as senior VP in charge of life sciences.  As executive VP, she will oversee both Oracle Health and life sciences as general manager. Verma’s appointment was announced internally in December, according to Bloomberg. In January, Oracle Health’s general manager, Travis Dalton, announced his departure effective 1 March to join MultiPlan as CEO and president. Verma’s government experience will come in handy, as she has the difficult situation of the stalled Millenium EHR at the VA as well as finalizing the Military Health System rollout, ensuring interoperability–as well as growing the faltering hospital EHR business. By combining the positions, Oracle also eliminates one large C-suite salary. Becker’s

And confirming signs of softness in the clinic business [TTA 24 Jan, JPM’s new reality], CVS announced the closure of 25 MinuteClinics in the Los Angeles area. Closing date is 25 February. They will retain 11 MinuteClinic locations in the Los Angeles area, including an on-demand virtual care practice. Clinics are losing out to virtual care and for more immediate needs, urgent care. This follows Walgreens’ closure of a planned 60 VillageMD adjacent practice locations and softness in their CityMD clinic group. List of 25 closures (LA Times), Becker’s

2023’s global cyberattack disaster: healthcare #3 in weekly attacks, 10% of organizations ransomwared–report

February 1, 2024 | by

An average of 1,100+ cyberattacks per organization per week. Let that sink in.  While it represents only a 1% increase over 2022, and averages are well…averages, this is a lot to handle for any organization even if nowhere near the weekly average.

The report from Check Point Software Technologies, Ltd. an Israel (Tel Aviv HQ) and US-based IT security organization, is depressing reading for any company, especially for healthcare. (Editor’s note: Check Point’s data is derived from ThreatCloud AI, their intelligence engine.) Many of the large numbers are boiled down to averages per organization per week.

  • In terms of general cyber attacks globally, healthcare is #3 with an above-average 1,500 per organization per week attacks on average, right behind #2 government and military, with education far ahead, #1, with 2,046 per organization per week. It was up 3% versus 2022.
  • Retail and wholesale attacks are up 22% annually–a cautionary note for healthcare organizations engaging in retail operations.
  • Regionally, APAC (1,930 attacks) and Africa (1,900 attacks) led with increases at 3% and 12% respectively.

We not only must be concerned with ransomware–but mega-ransomware. These include zero-day exploits (a software flaw exploited by the hacker/ransomwareiste before the vendor or developer finds it). Rather than being content with encrypting data and demanding bitcoin for its release, the hyper version is now data theft followed by extortion campaigns threatening public disclosure of the stolen data, such as by MOVEit and GoAnywhere. Not mentioned here is another vector–business associates and vendors, using ‘social engineering’ tactics to steal passwords and other secure information to gain access into the larger system [TTA 24 Jan

  • 10% of global organizations were targeted by a ransomware attack, up 3 percentage points from 2022
  • Healthcare again was above average, #3 with 12% of organizations experiencing attacks. Government/military was #2 with 16% and education/research with 22% of organizations. 
  • The Americas went up from 5% in 2022 to 9% in 2023. APAC and EMEA were higher and also increased

Advice they give on security is logical: robust data backup, cyber awareness training, up-to-date patches, stronger user authentication, implementing anti-ransomware solutions, and utilizing better threat prevention. Can healthcare do this while leaning out IT, fighting collapsing margins, and transforming care delivery?

News roundup: Musk’s Neuralink implants first human BCI; Cigna’s $3.7B MA sale to HCSC; no Amazon deal for iRobot; DispatchHealth-Instacart food Rx; 5 India health tech fundings (updated)

February 1, 2024 | by

Elon Musk first out (again) with a human brain-computer interface (BCI). Announced Monday by Neuralink, founded by Elon Musk, is the first human implant of a BCI. No details in the tweet beyond “recovering well’ and “promising neuron spike detection”. The device is a cosmetically invisible implant (N1) in the part of the brain that plans movements. It interprets neural activity, sending a signal to a computer or smartphone through thought. The N1 device, containing several dozen threads holding over 1,000 electrodes, is implanted by a R1 robot. FierceBiotech, MM+M Online

The subjects of the PRIME study are likely those recruited last fall after the FDA approved proceeding with a clinical trial. A blog post on the Neuralink website recruited adult volunteers with quadriplegia–paralysis of the arms and legs caused by a cervical spinal cord injury or amyotrophic lateral sclerosis (ALS). Earlier, Neuralink raised $280 million in a Series D led by Founders Fund. FierceBiotech 8 Aug 2023  There were difficulties, however. Within the past two years, Reuters reported 1,500 animal deaths over four years of research that attracted the attention of the Department of Transportation (DOT) (!) and the Department of Agriculture’s inspector general. FDA held up approval of human clinical trials until last year.

Research and companies in the BCI race have been making news since at least 2016 but have not reached clinical trials. In 2022 Synchron had an oversubscribed Series C of $75 million for the Stentrode blood vessel device (in clinical trials) and Synchron Switch BCI devices [TTA 17 Dec 22]. Last year, Precision Neuroscience raised $41 million in a Series B [TTA 28 Jan 23]. Their focus is on treatment of neurological illnesses and events such as stroke, traumatic brain injury, and dementia. Of course, one could debate implant ethics, but not for these limited uses right now.

To no one’s surprise including the relatively low price of $3.7 billion, Cigna sold its 600,000-member Medicare Advantage business to HCSC, beating out Elevance (the former Anthem). Cigna is also selling its supplemental benefits and Medicare Part D plans, along with CareAllies, a subsidiary that assists primary care practices with value-based care in Medicare and commercial plans. Together, they cover 3.6 million people, but the now-money-losing MA business represented only 2% of the total MA market. Closing is expected to be in 2025, subject to the usual regulatory approvals. HCSC currently operates in five states and this marks a major growth opportunity for them, if they pass state and Federal scrutiny.

Update: Some speculation remains that now that Cigna has agreed to sell the MA and other businesses, a Humana buy may be more of a go–at a reduced price given Humana’s recent earnings difficulties. This feels, to this Editor, like whistling in the dark. Prima facie, it ignores two factors: the major stumbling block was their respective strengths in pharmacy benefit management (PBM) though with different focuses, and that Cigna, having rid themselves of a money loser in MA, would buy it back and take on short term pain just to get bigger. Perhaps the two, because they seem to like dancing with each other, may partner in some areas like home health or other services, but for now the regulatory landscape is waaaay too hostile to mega-mergers in healthcare and the shareholders feel the same. Why buy the cow, etc.? MedCityNews  Further evidence? The CEO bragged about the sale as moving towards a leaner and more focused organization (the new catchphrase) on the 2 February earning call, as well as their interest in providing services via their Evernorth unit to MA providers, such as tying pharmacy services to the MA plans for four years after the HCSC buy. Healthcare Dive

iRobot sale to Amazon fails due to “no path to regulatory approval”, company lays off 31% of staff. In more bad news for Amazon, regulatory disapproval by the EU finally put paid to the deal for the Roomba maker. The EU found that Amazon’s ownership would have restricted competition in the robot vacuum cleaner category by restricting access to Amazon’s marketplace. This is no different than the FTC and DOJ in the US which blocked it for two years. Amazon will pay iRobot a $94 million breakup fee, which the latter will need as their market capitalization has crashed to $400 million from the $1.7 billion original sales price.  iRobot is reducing staff by 350, its CEO is also stepping down immediately, and they are concentrating now on margin improvements, restricting lines of business, and reducing R&D. CNBC  Consider this Lina Khan’s first ‘scalp’ in her War on Amazon.

DispatchHealth, an in-home care provider, has a new partnership with Instacart, a food delivery service, to directly address nutrition needs for their advanced care patients being treated at home.  Dispatch provides same-day, urgent medical care; hospital alternative care; and recovery care. With Instacart Health, Dispatch creates meal plans and medically tailored meals through shopping lists on Instacart that can be delivered direct to home. Payment must be made by the patient or if their Medicare Advantage plan permits. Food is a significant part of social determinants of health (SDOH) and Dispatch has found that 33% of their patients struggle with this and 22% have serious food insecurity. Orders can be made by phone, phone app, or website. McKnights Home Care, Mobihealthnews, DispatchHealth release   DispatchHealth has also experienced recent layoffs of 88 employees. Home Health Care News

And now for something completely different. India has been buzzing with several fundings in digital health. The roundup’s from Mobihealthnews with additional information from other sources:

  • CureBay, a rural-focused e-clinic from visits to lab tests and prescriptions with 90 locations, scored another Rs 620 million ($7.5 million) in funding as part of a Series A round led by Elevar Equity. IndianStartUpTimes
  • Mental health platform Amaha raised over Rs 50 million ($6 million) in an extended Series A funding round. The app-based treatement platform connects members with clinicians and psychiatrists. It also acquired the Delhi NCR-based Child and Adolescent Mental Health Institute, Children First, that has been providing support to 12,000+ families since its inception in 2008. Release
  • Healspan, an insurance tech startup that manages cashless health insurance claims for 60 hospitals, raised Rs 1.2 million (over $100,000) in pre-seed funding from a round led by startup accelerator PedalStart. ExpressHealthcare India
  • FlexifyMe, a chronic pain digital therapeutics platform with AI-powered patient scanning, gained pre-seed funding from angel platform ah! Ventures Angel Platform. Based in India but with operations in the US and Dubai, their therapy addresses back pain, cervical pain, spondylosis, and other conditions via what they term a unique combination of online physiotherapy, yoga therapy, and AI. BiospectrumIndia  In October, they had raised $1 million from Flipkart Ventures. Times of India
  • Docosage, described as an AI-driven health solutions provider with a telehealth consult, e-prescribing, lab testing, and genetic studies platform, also has an undisclosed amount of pre-seed funding from an individual angel investor. The funding will be used for strategic partnerships by exploring collaborations with hospitals, clinics, insurance companies, and incorporating tech advancements to enhance product features. ExpressHealthcare India 

*Updated 2 Feb for additional analysis around Cigna MA sale to HCSC and copy editing

Short takes: Humana’s big MA loss (updated); Medicare telemental care bill back in Senate; HHS releases cybersecurity performance goals; Texas Healthcare Challenge hackathon 23-24 February

January 26, 2024 | by

Humana apparently surprised Wall Street with their Q4 losses, driven by escalating Medicare Advantage (MA) costs.  While revenues ($26.5 billion) for MA’s second largest plan provider were up from prior year’s $24 billion, MA expenses drove an adjusted Q4 loss of $361 million under the insurance segment. From Humana’s earnings statement: “The sector is navigating significant regulatory changes while also absorbing unprecedented increases in medical cost trends. We believe the elevated MA medical costs are an industry dynamic, not specific to Humana, and that they may persist for an extended period or, in some cases, permanently reset the baseline.” On the earnings call, their CFO cited increased inpatient costs, especially for short stays, and more spending in outpatient surgeries and supplemental benefits–trends that Humana expects to continue into 2024 and even into 2025. Home health under CenterWell were tidily profitable and growing. Perhaps MA’s sector problems were the reasons why Cigna, selling off their MA plans, backed out of their acquisition/merger? Q4 press release, management remarks, Becker’s, Healthcare Dive

Updated Humana announced the appointment of a President of Enterprise Growth, David Dintenfass, to spearhead customer growth and retention. His background is not healthcare but Fidelity Emerging Growth Markets, with previous stints at Procter & Gamble and Bank of America. This assumes that the cost problem can be grown out of. Expect more departures and arrivals to roil Humana, as their current CEO moves to a planned retirement transition later this year and has already laid off staff in January Healthcare Dive

A bipartisan Senate bill proposes to continue coverage of virtual-only telemental health for Medicare beneficiaries. The ‘Telemental Health Care Access Act of 2023″ is sponsored by four Senators: Bill Cassidy, R-La., Tina Smith, D-Minn., John Thune, R-S.D., and Ben Cardin, D-Md. and is designed to make permanent the pandemic waiver of in-person requirements that expires at the end of 2024. The senators cited rural health and overall access to mental healthcare. Mental health remains the leading claim line for telehealth. Healthcare Dive, draft bill

The Department of Health and Human Services (HHS) published voluntary cybersecurity performance goals for healthcare and public health organizations. These fit within the HHS 405(d) Program and Health Sector Coordinating Council Cybersecurity Working Group’s Healthcare Industry Cybersecurity Practices as well as the NIST Cybersecurity Framework and the Cybersecurity and Infrastructure Security Agency’s National Cybersecurity Strategy. (Whew!) The two voluminous sets of goals, Essential and Enhanced, directly address common attack vectors against U.S. domestic hospitals as identified in the 2023 Hospital Cyber Resiliency Landscape Analysis. As noted earlier this week, there were 116 million patient records exposed in 2023 data breaches, doubling that in 2022.

HHS means well, but this is another ‘blood out of a rock’ situation. Health IT departments all over the US, from providers to payers, have had or are facing layoffs in the ongoing clash of business versus technology, which won’t cease because HHS would like it to. HealthcareDive, HealthcareITNews

The Texas Healthcare Challenge Hackathon is back! After three years dark, this year’s edition will be held this year 23-24 February in Dallas. Sponsored by the Health Wildcatters, a Dallas-based accelerator in the DFW area, it is open to just about anyone who can apply–you don’t have to code or hack. Friday kicks off with “problem pitching,” where participants form teams around identified issues, with Saturday starting with morning motivation and intensive team hacking, moving to participants developing viable solutions, assessing market potential, creating functional business models, and addressing risks with mentor support from industry experts. The day culminates in team presentations, with judges awarding cash and in-kind prizes to winning solutions. Learn more and apply here (application form is under the numbers, click on “Hackathon Sign-Up”). Sponsorship is the second button.

Midweek updates: Walgreens may sell Shields Health after 2 years; Ventric Health’s home cardiac RPM; Singapore military medical corps upgrades PACES 3 EMR

January 25, 2024 | by

Walgreens reportedly looking to sell Shields Health Solutions, working with advisers on a valuation to raise cash. That valuation may bring $4 billion in a sale. Shields provides specialty pharmacy services and is part of its US Healthcare division. Criticism of the possible sale breaking in Bloomberg 23 January was hardly muted. TD Cowen analysts cited in Healthcare Dive called it “a strange move” to sell what could be Walgreens’ highest margin business with a knock-on effect of slowing a return to profitability. They even proposed that a sale of Boots in the UK might make more sense. A Bloomberg analyst called it “a pointed reversal of the prior CEO’s strategy to diversify” but also stated that “the strategic rationale for owning it remains strong”. It is perhaps the most salable of US Healthcare’s assets, with excellent growth of 27% in its last quarter. WBA bought a minority stake in Shields  in 2019, spent $970 million to take majority control in 2021, and bought out the last 30% for $1.37 billion in 2022.

The impression left by these articles and in FierceHealthcare was that WBA is a “troubled drug-store chain in turnaround mode” (Bloomberg). That isn’t a good look.

Heart failure is a major disease, with 6.5 million in the US diagnosed and joined by 550,000 every year. Ventric Health has a newly FDA-cleared non-invasive cardiac diagnostic system for remote patient monitoring (RPM) that can be used in the home as well as clinical settings. A trained clinician can use Ventric’s Vivio system to perform an evaluation in the home or a clinic that could only previously be done in the hospital. An EKG patch and arm cuff are placed on the patient, connected to a tablet with the Vivio app and its advanced algorithms via Bluetooth, and in under five minutes–two minutes for the data collection and about a minute for the analysis, can evaluate patient heart failure. The portability of the system eliminates a lot of care barriers to cardiovascular health by being more accessible to clinicians and patients in non-hospital settings, reduces time wasted on initial diagnosis, improves support of diagnosed patients, and promotes better outcomes. Healthcare IT News

The Singapore Armed Forces (SAF) Medical Corps upgraded its EMR for the first time in a decade. The SAF’s Patient Care Enhancement System 3 (PACES 3) runs both the Sunrise EMR system and the newly implemented Altera Opal by Altera Digital Health. This is Sunrise’s first upgrade in Asia-Pacific. Soldiers can now access information on their medical history, manage and book their medical appointments. Also upgraded: document management, clinical and financial applications, including enhanced workflows, improved system performance, enabled compliance with regulatory obligations, and improved overall usability. It also connects securely to Singapore’s National Electronic Health Record system and other local health IT infrastructures via internet. The EMR is the responsibility of the Ministry of Defence (MINDEF) of Singapore. Healthcare IT News

Peering through the cloudy crystal ball into 2024 healthcare investment and company health

January 25, 2024 | by

crystal-ballWill 2024 be the mirror image of 2023? This time last year, signs pointed to slow, steady growth after the bubble bath of 2020-early 2022 was followed by failures of tech-leveraged banks (SVB and Signature in March 2023) leading to a mid-year bust [TTA 11 Aug 23]. Some big deals kicked off the year (CVS’ Carbon Health investment, Oak Street mega-buy TTA 16 Feb 23). Then as the year went on, they were followed by sheer turmoil–huge losses and business divestitures (Cano Health, Bright Health, insurtechs like Clover and Oscar), bankruptcies and shutdowns (Babylon, Pear, Quil, OliveAI, Smile Direct, Cureatr, Rite Aid), IP lawsuits (Apple-Masimo, Apple-AliveCor, FruitStreet-Sharecare), C-levels walking the plank (Walgreens, Noom), and big layoffs nearly every week. Cigna and Humana called off merging again, perhaps because Cigna didn’t like what it saw. M&A fell to its lowest level in years and IPOs fell to zero.

To cap the year, the Federal Trade Commission (FTC) and the Department of Justice (DOJ) issued new Merger Guidelines that made the M&A mountain even steeper, and will follow up this year with Pre-Merger Notification guidelines that will make that part even more costly. Both signal hard times for M&A. Add to that the overt hostility the chair of the FTC has to any kind of M&A and the weaponization of the tools government has at hand…..Even early-stage, independent companies which allegedly these agencies are trying to foster don’t catch a break. A change in the tax law hitting hardest in 2023 forces annual expenses in research and experimentation (R&E) to be amortized over five years versus one year which severely affects their financials. (Section 174 explained here)

The crystal ball promises to be more like a Magic 8 Ball this year. Other than a flurry of smaller-scale investments, a rumor of a $5 billion EHR company sale (Netsmart), and predictable layoffs in health systems, the start of the year in healthcare has been fairly (ominously?) quiet.

HealthcareFinance talked to two partners in law firm Akerman’s healthcare practice group to get their take, weaving in some findings from a PWC report: 

  • Buyer interest in acquiring practices and surgery centers
  • Partnerships on rise, for example Amazon’s One Medical with health systems 
  • Smaller hospitals in mid-America will merge as there is “safety in numbers’
  • More investment in life sciences and drug development, especially diabetes/weight loss drugs in the GLP-1 category
  • Anything around AI attracts interest

The two big factors: interest rates (the Federal Reserve has signaled no further increases, and maybe cuts in 2024) and (of course) a presidential election as well as all of the House, much of the Senate, and state gubernatorial offices.

Bubbling under this are reports of two big pending IPOs:

  • Home health, pharmacy, and eldercare services provider BrightSpring Health filed with the SEC on 3 January for a near-billion dollar IPO (publicly released on 17th). This is estimated to raise $960 million, valuing the company at about $3 billion. Common stock will debut between $15 and $18 on Nasdaq under the symbol BTSG. They are also selling 8 million tangible equity units at $50. Proceeds will go from the offerings to repay outstanding debt under various credit facilities and pay penalties associated with terminating its monitoring agreement with Kohlberg Kravis Roberts & Co. L.P. (KKR, the current owner) and Walgreens Boots Alliance. BrightSpring serves 400,000 daily patients and dispensed 34 million prescriptions in 2022. IPO timing is still to be announced. This is the second time the company has filed, abandoning its first attempt in late 2021 as the market softened in 2022. KKR is signalling an exit…will it happen this time? Release, FierceHealthcare
  • Waystar’s IPO is still pending after being announced late last year [TTA 26 Oct 23]. The RCM and payments software company delayed it to 2024 due to an uncertain market at year’s end. Reportedly the roadshows were postponed to December but there has been no confirmation that they took place. Will it happen?

Fasten your seatbelts…it may be a bumpy ride.

News roundup: Bright Health now NeueHealth; breached patient records double, RCM as vector for hacking; Amazon’s CCM marketplace; JPM reflects the new reality; fundings for Vita Health, Turquoise, CardioSignal

January 24, 2024 | by

Bright Health Group switches off, takes on NeueHealth name. Now that Bright Health has sold its remaining operating health plans to Molina Healthcare [TTA 3 Jan] with others closed down or insolvent like Texas [TTA 12 Dec 23], they have smartly pivoted to the name of their remaining value-based primary care operation, NeueHealth. (Inexpensive, too) Accordingly, on 29 January, their NYSE listing will convert from BHG to NEUE. The stock value closed today at $13.25, well down from its 52-week high of $79.04. NeueHealth’s operations are divided into NeueCare, which is comprised of their owned clinics and partnerships with affiliated providers, and NeueSolutions, which is a management services entity that organizes independent providers and physician groups into performance-based ACA Marketplace, Medicare, and Medicaid-based ACOs models, including the advanced performance ACO REACH program which covered 60,000 beneficiaries in 2023. Unsurprisingly, the company HQ is moving from chilly Minneapolis to much warmer Doral, Florida, nearer to three of their major clinic networks and 150,000 of its claimed 275-295,000 ‘health consumers’ forecast for 2023. 2023 revenue forecasts for NeueCare are $250-275 million and NeueSolutions $890 million. They have also stated that the corporate move will not affect jobs remaining in Minneapolis, which may be few.

As to the bills coming due for CMS liabilities and debt owed to New Enterprise Associates now that JP Morgan has been paid…not a word. We continue to hand it to Bright, now NeueHealth, for the Best Gordian Knots in Healthcare. Release, Healthcare Dive

Patient records exposed in data breaches doubled in 2023 versus 2022. According to an analysis by cybersecurity firm Fortified Health Security of HHS’ Office of Civil Rights (OCR), which tracks data breaches, in 2023 there were 116 million patient records exposed, topping the over 100 million of 2015, with over 655 breaches, a decrease from 2022’s peak of 721. Of that 116 million, over 112 million were from three health plan breaches: Anthem, Premera Blue Cross, and Excellus, Ten-year total? A stunning 489 million. What also increased over those 10 years by 143% were breaches stemming from business associates–vendors providing services to the covered entity. The just-published Horizon Report (free, available for download here) also reveals that the average recovery cost for a breach is $9.48 million. And health plans and systems are cutting IT staff?  Healthcare Dive

One way that hackers are finding their way into healthcare organizations is via ‘social engineering’, but not always of employees. They’re targeting business associates at revenue cycle management (RCM) companies serving health systems and hospitals. The American Hospital Association is warning members that hackers are cannily evolving their tactics to defeat security procedures such as multi-factor authentication and they have to anticipate hacker tactics. From Becker’s, hackers “steal the identities of revenue cycle employees or other finance staffers, calling IT help desks and correctly answering security questions. They then request to reset their passwords and enroll new devices, getting full access to the employees’ accounts and diverting payments to fraudulent bank accounts.” These are based in the US and then diverted overseas. The AHA recommends at minimum a call back to the employee on these new device enrollments, a call to the person’s supervisor, or as in the case of one health system, a physical appearance at the help desk. AHA article

Amazon enters the chronic care management field through a tried-and-true (for them) vector–e-commerce. Search for a health device like a glucose monitor, a blood pressure cuff, or pulse oximetry, and receive a ‘direction’ to a management service that they may be eligible for at no or low cost through their employer or private health insurance. The kickoff partner with Amazon is chronic care management company Omada Health in the diabetes prevention, diabetes, and hypertension categories. Omada claims 20 million eligible members across 1,900 enterprises. This mode may get better traction with Amazon shoppers than directly providing them with health services such as Amazon Pharmacy, One Medical (primary care), and Amazon Clinic (asynchronous telemedicine). Omada didn’t disclose the revenue model. Omada release, Healthcare Dive

Wrapping up the JP Morgan healthcare conference, the New Reality permeated it, even if some didn’t want to admit it. As this Editor projected back in December, the board is being cleared of the also-rans and never-should-have-beens. You see a general cleansing of the cant and hype infecting a sector, which is initially unnerving. We are cycling through this stage fairly rapidly to emerge…where, we don’t quite know yet. Unlike some other publications, MedCityNews can never be mistaken for an industry cheerleader (even if you have to read between the lines). Their extensive coverage confirmed this emerging view of 2024.

  • Katie Adams didn’t make it to SF for her article on nine JPM takeaways, but she sussed out that life sciences isn’t ready for AI, GLP-1 drugs won’t solve obesity, transactional telehealth for urgent and behavioral care is over, founders are trying to figure out fundraising timelines, and retail clinics are suddenly Not All That. And more.
  • Arundhati Parmar profiled a companyone of all too many–that cycled from high to low–Butterfly Health. They started in 2011 to develop the first point-of-care handheld ultrasonic probe using a semiconductor chip that connected to a smartphone, became a unicorn by 2018, went public via a SPAC in 2021 at over $19, cracked hard, and now trades around $1. Their new CEO used the JPM platform to explain that their 2023 revenue slide wasn’t so bad because they were working their way through the longer-than-they-ever-imagined adoption curve by cutting $200 million in costs out of the company and building up their cash reserve. They may survive, or not, given that competition has names like GE Healthcare, Philips, and Siemens. But their ideas around selling the technology of the semiconductor chip to healthcare companies outside of ultrasound and opening their POCUS to developers (like Apple) are clever. It sounds like a company that could fit into a PE portfolio, if only some wallets and checkbooks opened.

And another marker of the New Reality: Scripps Health in San Francisco, hit hard by a cyberattack in 2021, announced at JPM that they hired Todd Walbridge, recently retired from the FBI as their supervising agent in their San Diego cybersecurity hub, as senior director for corporate and system safety and security. He had worked with Scripps on their cyberattack during his diverse career with the FBI. Mr. Walbridge is not only in charge of cyber, but also of physical security as workplace violence and assaults on staff have soared. FierceHealthcare

And we’ll wind up with some fundings, modest ‘green shoots’ in winter:

  • Vita Health, based in Connecticut, secured $22.5 million from seven investors for their suicide prevention and therapeutic telehealth platform. An 2022 seed raise totaled $8.38 million. Release, Mobihealthnews
  • Turquoise Health, based in San Diego, gained a $30 million Series B investment from four investors for expansion of its healthcare pricing platform used by 160 healthcare organizations. 2021-22 seed and Series A raises totaled $25 million. Price transparency is a 2024 hot button issue from government to enterprises to payers. Release, FierceHealthcare  
  • CardioSignal raised another $10 million in a Series A from three investors, bringing total funding to $23 million. Based in Finland and Palo Alto, CardioSignal uses a smartphone’s accelerometer and gyroscope sensors to analyze precordial micro-vibrations caused by cardiac motion. The initial analysis is completed in one minute and after a transfer to their cloud site for additional analysis, is returned in about one minute. Release, Mobihealthnews

Published: NHS guidance on integrating TEC providers into urgent community response (UCR) (UK)

January 23, 2024 | by

Filling a ‘donut hole’ gap between technology-enabled care (TEC) and emergency response by using urgent community response (UCR) organizations. A just-published NHS guidance document developed in partnership with the TSA (Technology Services Association) is designed to provide guidelines for how TEC providers can utilize local UCR organizations in situations that typically now are answered by emergency ambulance services. According to the report, ambulance services receive around 2,600 daily calls from over 200 TEC providers, approximately 3% of all calls. What if UCRs can effectively supplement this, providing timely response to these call, treating people safely at home, and reducing demand on emergency ambulance services?

The guidance provides five “Gold Standard” indicators on whether TEC providers are ready for using UCR as an option versus referring to the local ambulance service, and clear standards for operating the TEC-UCR pathway:

1. There are direct referral routes in place from locally operating [TSA] Quality Standards Framework (QSF*)-certified TEC responder services into the UCR service, which don’t rely on clinician-to-clinician referral. (*TSA’s QSF is a United Kingdom Accreditation Service (UKAS) accredited scheme for TEC providers which aligns with the standards of a regulated service.)

2. Only activity which is inappropriate for UCR response is directed to 999, with responsibility being maintained by the TEC provider until this transfer of care occurs.

3. The UCR service has open lines of communication into its locally operating QSF-certified TEC responder services, which limit the amount of rejected referrals due to capacity limitations.

4. Training on appropriate referral reasons is available to local QSF-certified TEC responder services, with the UCR service having an ‘accept all’ approach to referrals from providers who’ve completed this training.

5. Induction and refresher training for TEC to UCR pathway is co-designed and co-delivered frequently, with at least quarterly plan-do-study-act (PDSA) approaches to understand the reason for and mitigate against future rejected referrals.

For those unfamiliar with the organization of TECs in the UK, TECs can be commissioned by local governmental authorities (e.g. borough or county councils) but some are private. Some TECs are local/regional, while other providers are national.

An idea of how TEC providers can work with both UCRs and ambulance services is in Dudley in the West Midlands near Birmingham. A gauge of the volume of calls to the local ambulance service was in a six-month audit (October 2020 – April 2021) of the North West Ambulance Service. It showed that of the 3,000 calls from telecare services to the service, 32% (959) required conveyance to ED, but 45% (1,347) were seen and treated and 23% (694) ‘hear and treat’ disposition (referred elsewhere), or closed by the emergency operations centre. Once implemented, the collaboration between Dudley Telecare and local UCR teams saw the number of ambulance callouts for injured fallers reduced by 85% within a month, with response within 45 minutes. In Warrington, between Liverpool and Manchester, the 24/7 UCR service reduced pressure on ambulance services while responding in less than 60 minutes. Outcomes are positive with 80% of people remaining at home following a visit.

The guidance includes information on requirements and best practices on how to map the pathway, developing a project team, implementation, measurement, and continual reviews. TSA Voice release; NHS Guidance: web page, PDFHat tip to TSA’s post on LinkedIn

Got a data breach? Blame the victims like 23andMe did!

January 19, 2024 | by

23andMe wished its breached customers Happy New Year by putting the blame…on them!

The hacking that started with 14,000 records and grew to exposing the records and personally identifiable information (PII) of 6.9 million users, about half their customer database, has spawned over 30 class action lawsuits in the US, plus lawsuits in Ontario and British Columbia, Canada. 23andMe, in their responses to law firms and on their blog, told lawyers and users–not unexpectedly–that the data breaches were due to 23andMe users recycling log in credentials, such as passwords, that were used on other–breached–websites, and failed to update them on 23andMe after these incidents.

However, as this Editor noted when this first broke in December, this credential stuffing doesn’t account for the targeting nor the hacking of users who claimed they had unique credentials, including the US National Security Agency (NSA) cybersecurity director Rob Joyce who creates a unique email for each of his accounts (!). It also doesn’t account for how 14,000 brute-force hacked records grew exponentially to 6.9 million records. One reason may be data sharing with a partner, MyHeritage, in adding functionality to Family Tree, or sharing their information by opting into 23andMe’s DNA Relatives feature. 

It also does not account for how 23andMe squarely blamed users–that they were negligent in whatever passwords they used, that two-factor authentication was available since 2019 (but optional), that the information taken didn’t include highly sensitive information such as Social Security number, driver’s license number, or financial information. Therefore any lawsuits were futile, per a letter from 23andMe’s Greenberg Traurig to one of the class action firms, Tycko & Zavareei LLP. Afterwards, 23andMe reset all passwords and instituted mandatory multi-factor authentication, closing the barn door after the horse, cow, and goat got out and made it to the next county.

Playing into this is the weakness of US law around what constitutes ‘reasonable security procedures’ for securing personal information–and that is from the wording of the California Privacy Rights Act (CPRA), which may be the US’ toughest privacy law. On one hand, users have responsibility for a decent, unique password every time–but on the other hand, 23andMe bears responsibility for securing its shared data and not letting a breach get wildly out of hand like this one did. And what if next time it’s the actual DNA information?

The insult to injury: In December, 23andMe changed their terms of service to essentially indemnify themselves. Users had to agree, in the terms of service, exactly 30 days to opt out of the right to participate in a class action lawsuit and instead submit to private arbitration in the event of a dispute.

Not owning up to some fault is not the way to build customer confidence. Especially with a company in a faltering sector now trading around $0.70 per share. TechCrunch, ArsTechnica

News roundup #2: Bright.md sells remaining customers to 98point6; Netsmart EHR up for $5B possible sale; Caregility intros two new telehealth systems

January 19, 2024 | by

More from JP Morgan’s Healthcare Conference (JPM), CES, and after:

Bright.md’s remaining assets sold to 98point6. Now stay with your Editor as we sort through this. Bright.md was sold, we thought, to Cigna’s Evernorth MDLIVE telehealth unit last October, announcing at HLTH that MDLIVE would add Bright.md’s asynchronous telehealth technology to their platform. Evidently, Bright.md had other assets not included in that sale, namely the right to service 17 asynchronous telehealth provider customers such as Baptist Health and UAB Medicine. Those customers have been purchased by 98point6, a company that last year transitioned out of direct care into being a licensor of real-time and asynchronous telehealth, plus other software for clinical decision support and EMR integration.

98point6 pivoted last March by selling their physician group, self-insured employer business, and an irrevocable software license to Transcarent, in a deal worth potentially $100 million. What they bought from Bright.md can only be interpreted as those 17 customers were not obliged to go with MDLIVE in that earlier transaction. Those 17 customers now will license 98point6’s asynchronous telehealth. 98point6’s purchase price is 45% in cash and 55% in equity. 98point6 is also taking on six former Bright.md staff in commercial and sales. Another small puzzle is that the Bright.md website remains unchanged with last entries in July 2023 and no mention of MDLIVE. The company’s most recent LinkedIn posts also end in July 2023, yet a sample of the executive staff indicates that they remain employed at Bright.md. Axios, 98point6 release

Netsmart Technologies exploring $5 billion sale. The company is reportedly exploring a sale of its EHR and related software business via Goldman Sachs and William Blair in the coming weeks which could fetch up to $5 billion. The EHR has an estimated 754,000 users at community health centers, behavioral health centers, hospice care, and non-profits. This year’s EBITDA is estimated to be about $250 million. 

The current owners, GI Partners and TA Associates, bought it between 2016 and 2018, but its roots go back to 1992 (with an acquired company back to 1968). It went public in 1996, moved private in 2006, then went through various private equity owners including Allscripts, moving from NYC to Great River, Long Island and presently to Overland Park, Kansas. If the sale, likely to another group of PE investors, is successful, it would demonstrate signs of life in the dead healthcare M&A market.  Reuters   Axios’ sources estimate closer to a $4 billion sale

Another during CES announcement came from Caregility, which announced two new point of care telehealth edge devices. The APS200 Duo is the company’s first dual-camera, all-in-one system with onboard edge computing and a dedicated graphics engine. The new APS100 Pro is a second generation model of their all-in-one system with a wide-angle camera for remote patient observation. This can be upgraded with the APS FlexCam, an external high-definition 40x power zoom video camera for virtual nursing programs and remote patient examinations. The devices connect to the Caregility Cloud virtual care platform with multiple audio and video streams for clinical and care applications supporting workflows in acute and ambulatory settings. Release. Caregility also contributed a Perspectives on virtual nursing and telehealth in November.

Breaking: appeals court continues ITC ban on Apple Watches with working pulse oximetry (updated)

January 18, 2024 | by

Breaking  US appeals court lifts temporary injunction, bans sale of new pulse oximetry-functioning Watch 9 and Ultra 2. Yesterday, the US Appeals Court for the Federal Circuit dropped the first shoe and that landed against Apple’s head. The court ruled against continuing the short-term stay against the sale and importation of new Watch 9 and Ultra 2 watches equipped with functioning pulse oximetry (blood oxygen, SpO2). That ban is now in effect. The ban is a result of the International Trade Commission’s (ITC) Limited Exclusion Order that found that Apple violated Masimo’s patents on pulse oximetry (SpO2) sensors and software that became effective on 31 December.

Apple’s workaround was to disable the pulse oximetry software for new watches they sell in Apple Stores and ship to third parties.  The hardware is still inside, but readings are disabled by the watchOS. These new versions have a /A after the model number. This workaround allows the US Customs and Border Protection (CBP)’s Exclusion Order Enforcement (EOE) branch to permit new Watch 9 and Ultra 2 watches to be imported and sold. TTA 17 Jan

Reports have confirmed that existing models that were already sold or distributed before the ban through retailers will continue to have working SpO2 software. The court decision does not require pushing a software update that disables the blood oxygen reading. These pre-ban Watches sold by third parties and on the used market do not have the /A after the model number. Other Apple Watch models that never had the pulse oximetry feature were unaffected by the ban.

Of note, the appeals court cleverly separated the Apple Watch importation from the appeal of the ITC ruling. That ‘other shoe’ is a decision on whether Apple can appeal the ITC ruling, initiating the long appeals process. That decision is pending but due shortly. See TTA 28 Dec 2023 for the timeline.

Another possible outcome is that Apple settles with Masimo at some point, an action that seems obvious, but not in Apple’s suites. CNBC, 9to5Mac has the best explanation of the model changes with commenters reflecting the split jury on whether SpO2 readings are all that critical for Watchaholics. This story is developing and will be updated.

Update 19 Jan   This Editor enjoyed reading Strate-gee’s writeup on the latest developments in Masimo v. Apple. He digs into the roots of the dispute which go quite far back, to 2022 and Apple’s poaching of Masimo employees working directly on their pulse oximetry including their chief medical officer and chief scientist. The first employee went to Apple and then started his own company. He was found to have appropriated Masimo’s trade secrets and technology. Another finding: in the Masimo letter to the appeals court (included in the article) stating that the redesign of the Apple Watch “eliminates any irreparable harm”, part of the EOE proceeding is confidential and thus the EOE decision document is not public. His speculation is that this may be a key to whether the already in circulation Watch 9 and Ultra 2 models will in future have their blood oxygen reading disabled via an Apple software update.