TTA’s April Showers 2: Teladoc, Amwell’s future, VillageMD’s new COO, Change data on sale, digital health funding limps along, pending delistings, innovations sprout, more!

 

 

This packed week is about righting listing ships. Teladoc’s CEO suddenly departs, Amwell at risk of a NYSE delisting–we look at What Happened and what needs to be done. VillageMD gets new COO to manage the shrinkage. And Change Healthcare data on sale from disgruntled ALPHV affiliate. Digital health funding continues to limp along. Clover looks at another delisting, Walmart Health applies the brakes. And we highlight innovations from Novosound, Biolinq, Eko, Universal Brain. 

Digital health’s Q1 according to Rock Health: the New Reality is a flat spin back to 2019 (Limping, but alive)
VillageMD names new president and COO as it shrinks to 620 locations (Ex Centene, Humana exec comes out of short retirement to clean up)
News roundup: Now Clover Health faces delisting; BlackCat/ALPHV affiliate with 4TB of data puts it up for sale; $58M for Biolinq’s ‘smallest blood glucose biosensor’ (Will UHG pay more ransom?)
Opinion: Further thoughts on Teladoc, Amwell, and the future of telehealth–what happens next? (A hard look at the follies, mistakes, and saving ships)
News roundup: Amwell faces NYSE delisting; Walmart Health slows Health Centers, except Texas; Novosound’s ultrasound patent; Eko’s Low EF AI; Universal Brain; Elizabeth Holmes in ‘Dropout’ + update
Teladoc CEO Jason Gorevic steps down immediately in shock announcement (Now what?)

A damp start to April leads with puzzling news. NeueHealth loses plans and big money in ’23–but gives a big bonus to its CEO. Cano Health reorganizing or selling by June. ATA kicks DOJ about expediting controlled substance telehealth regs. Apple keeps kicking around the ‘Davids’, but Davids won’t stop slinging either. And if you work with a PR or marketing agency, our Perspectives has some advice for you.

More New Reality: NeueHealth (Bright Health) CEO’s $1.9M bonus, 2023 financials–and does Cano Health have a future? (Two stories gone way sideways)
ATA requests expediting of revised proposed rule on controlled substance telehealth prescribing; announces Nexus 2024 meeting 5-7 May (DEA needs to get moving now, not later)
Davids (AliveCor, Masimo) v. Goliath (Apple): the patent infringement game *not* over; Masimo’s messy proxy fight with Politan (updated) (Seeing value in Masimo?)
Perspectives: Working with a PR Agency–How to Make the Most of the Partnership (Expert advice if you manage communications)

It was a pre-Easter week that started as quiet and got VERY LOUD at the end. Walgreens took the hard road, writing down VillageMD even before the closures were final and lowering forecasts. An important metastudy+ casts doubt on the efficacy of present digital health diabetes solutions but provides solid direction forward. And it’s definitely an early sunny spring for funding, but there’s continued bad weather forecast for UnitedHealth Group and Oracle Cerner’s VA implementation.

Facing Future 2: Walgreens writes down $5.8B for VillageMD in Q2, lowers 2024 earnings on ‘challenging’ retail outlook (Biting bullet early and hard)
Short takes: PocketHealth, Brightside fundings; VA OIG reports hit Oracle Cerner; Change cyberattack/legal updates; UHG-Amedisys reviewed in Oregon; Optum to buy Steward Health practices (UHG carries on as does company funding)
Can digital health RPM achieve meaningful change with type 2 diabetics? New metastudy expresses doubt. (Major digital health findings from PHTI)

This week’s Big Quake was DOJ’s antitrust suit against Apple for smartphone monopoly and control over apps. Another quake: 2023 data breaches were up 187%–when a medical record is worth $60, it’s logical. Early-stage funding and partnerships are back with a roar when AI’s in your portfolio. And Walgreens shrinks both VillageMD and distribution.

2023 US data breaches topped 171M records, up 187% versus 2022: Protenus Breach Barometer (And that was LAST year!)
Why is the US DOJ filing an antitrust lawsuit against Apple–on monopolizing the smartphone market? (One wonders)
Mid-week roundup: UK startup Anima gains $12M, Hippocratic AI $53M, Assort Health $3.5M; Abridge partners with NVIDIA; VillageMD sells 11 Rhode Island clinics; $60 for that medical record on the dark web (Funding’s back and AI’s got it)
Walgreens’ latest cuts affect 646 at Florida, Connecticut distribution centers (More in next week’s financial call)

A lighter week with the Change hacking starting to recede (pharmacy back up on Wed 13 March) and most industry types at HIMSS, we caught up with the first VA go-live in a year, Dexcom’s cleared OTC CGM, WebMD doubles down on health ed with Healthwise buy, Centene may sell abandoned HQ building. And Friday’s news is on a big cyberattack of an NHS Scotland region.

Weekend roundup: NHS Dumfries (Scotland) cyberattacked; delisted Veradigm’s strong financials; One Medical NY patients’ coverage clash; Suki voice AI integrates with Amwell; Legrand and Possum extended; Zephyr AI’s $111M Series A

News roundup: Cerner goes live at VA, DOD Lovell Center; WebMD expands education with Healthwise buy; Dexcom has FDA OK for OTC glucose sensor; Centene may have buyer for abandoned Charlotte HQ (Back to normal news!)
Updates on Change cyberattack: UHG’s timeline for system restorations, key updates around claims and payments in next weeks (updated) (Saving the analysis for later)

The Change Healthcare/Optum cyberattack entered a second week with no restoration of services in sight; how providers and pharmacies are coping without their primary means of processing patient claims and furnishing care–and the psychological toll; and the uncertain future of Walgreens, WBA, and the rapid downsizing of their provider arm, VillageMD. To add further insult to UHG, now DOJ is putting them under antitrust scrutiny.

Is BlackCat/ALPHV faking its own ‘death’? (updated) HHS and CMS come to Change affected providers’ assistance with ‘flexibilities’
Update: VillageMD lays off 49 in first two of six Village Medical closures in Illinois
Reality Bites Again: UHG being probed by DOJ on antitrust, One Medical layoffs “not related” to Amazon, the psychological effects of cyberattacks
Facing Future: Walgreens CEO moves company into strategic review–will he get WBA board alignment? (‘Go big’ now in reverse)
Week 2: Change Healthcare’s BlackCat hack may last “for the next couple of weeks”, UHG provides temp funding to providers, AHA slams it as a ‘band aid”–but did Optum already pay BlackCat a $22M ransom? (updated) (When will it end? Providers. staff, and patients are hurting)

Three major stories lead this packed week. Change Healthcare’s and Optum’s week-long struggle to get 100 or so BlackCat hacked systems up and running again for pharmacies and hospitals–no end in sight. Walgreens keeps closing Village MD locations–up to 85. But the funding freeze seems to be thawing, with M&A and lettered funding rounds suddenly poking through like daffodils–though the structure of one (Dario-Twill) is puzzling and another may be contested (R1 RCM). And Veradigm finally delists–while buying ScienceIO.

BlackCat is back, claims theft of 6TB of Change Healthcare data (Latest breaking news)

Breaking: VillageMD exiting Illinois clinics–in its home state–as closures top 80 locations (Something not good in the Village)
Short takes on a springlike ‘defrosting’: Redi Health’s $14M Series B, Dario Health buys Twill for ~$30M (About time for a Spring thaw)
Roundup: Walgreens’ new chief legal officer; Digital Health Collaborative launched; fundings/M&A defrosting for b.well, R1 RCM, Abridge, Reveleer; Veradigm likely delists, buys ScienceIO–mystery? (updated)
Change Healthcare cyberattack persists–is the BlackCat gang back and using LockBit malware? BlackCat taking credit. (update 28 Feb #2) (100 systems down, BlackCat’s back)


Have a job to fill? Seeking a position? See jobs listed with our new job search partner Jooble in the right sidebar!


Read Telehealth and Telecare Aware: https://telecareaware.com/  @telecareaware

Follow our pages on LinkedIn and on Facebook

We thank our advertisers and supporters: Legrand, UK Telehealthcare, ATA, The King’s Fund, DHACA, HIMSS, MedStartr, and Parks Associates.

Reach international leaders in health tech by advertising your company or event/conference in TTA–contact Donna for more information on how we help and who we reach. 


Telehealth & Telecare Aware: covering the news on latest developments in telecare, telehealth, telemedicine, and health tech, worldwide–thoughtfully and from the view of fellow professionals

Thanks for asking for update emails. Please tell your colleagues about this news service and, if you have relevant information to share with the rest of the world, please let me know.

Donna Cusano, Editor In Chief
donna.cusano@telecareaware.com

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

News roundup: Now Clover Health faces delisting; BlackCat/ALPHV affiliate with 4TB of data puts it up for sale; $58M for Biolinq’s ‘smallest blood glucose biosensor’

Clover Health takes another pass at Nasdaq delisting. Once again, Clover’s Class A shares (CLOV) have been trading with an average closing price of below $1.00 over a consecutive 30 trading-day period, which violates Nasdaq’s continued listing minimum price criteria for the Nasdaq Global Select Market. This was announced in their most recent 8-K filed with the SEC 2 April. Clover has until 30 September to remedy the situation. An additional 180-day period may be elected if Clover transfers to the Nasdaq Capital Market. FierceHealthcare, Becker’s

The delisting is a rerun of their situation last year at this time. Clover considered a reverse stock split to be approved by shareholders but the share price improved on its own and the action was not necessary. This year, it may be. Clover is currently trading at $0.7365. Last August, it hit a high of $1.55 before sliding to below $1.00. An example of a SPAC through Social Capital Hedosophia Holdings, it hit a high of over $15 on 8 January 2021 before cracking that year based on revelations that Clover did not reveal a Department of Justice investigation starting the prior year, which prompted an SEC investigation [TTA 9 Feb 2021], triggering seven shareholder lawsuits that were not settled until December 2023. Clover Health exited the advanced value-based primary care program, ACO REACH, at the end of the 2023 performance year after two years to focus on their Medicare Advantage and Clover Assistant businesses [TTA 6 Dec 2023]. Financially, Clover closed 2023 with revenue of $2.033 billion (down from 2022’s $3.5 billion), net loss of $213.4 million, and an adjusted EBITDA loss of $44.7 million, with the losses improved over 2022. Clover release 

As predicted, 4TB of Change Healthcare data is up for sale. In a typical ransomwareiste move, the affiliate making nasty comments about BlackCat/ALPHV and claiming it had 4TB of data now has put the specs out on a dark web site called Ransomhub. The post first accuses ALPHV of stealing the $22 million ransom paid by UnitedHealth Group and not sharing it with the affiliate. It then claims it has highly sensitive data from multiple Change customers including active military PII (from Tricare), patient PII, payment and claims data, and much more. If Change/UHG isn’t interested, it will be up for sale to the highest bidder. Readers will recall the claims of ‘notchy’ early in the Change Healthcare attack [TTA 7 Mar] though UHG has not confirmed any payment to ALPHV. The demand for payment for the 4TB of data that ‘notchy’ claimed to possess was hardly unexpected. DataBreaches.net

A non-invasive “smallest ever” transdermal biosensor in development may turn the CGM business upside down. Biolinq’s latest round of $58 million will fund a pivotal clinical trial and FDA submission of its intradermal glucose sensor. The funding was led by Alpha Wave Ventures, with participation from Niterra’s corporate venture capital fund jointly operated with Pegasus Tech Ventures and existing investors RiverVest Venture Partners, AXA IM Alts, Global Health Investment Corporation, and four others, for a total since 2014 of $254 million. Crunchbase Current blood glucose sensors penetrate the skin with tiny needles. The Biolinq biosensor uses electrochemical sensors to measure glucose levels from the intradermal space just beneath the surface of the skin, on top of the capillary layer avoiding scarring. To access the intradermal layer, the sensors must be “200 times smaller than a human hair filament” according to Biolinq CEO Rich Yang. It also can combine blood glucose information with relative levels of activity in one device to eventually measure other analytes. The device as currently designed displays key information directly on the sensor–yellow light for high blood glucose, blue for normal. Release, MedCityNews

TTA’s Finally Spring: DOJ sues Apple on monopoly, ’23 breached records up 187%, funding’s back and AI’s got it, Walgreens shrinkage, more!

 

 

A mixed week with the Change/Optum hack gradually resolving and receding. The Big Quake was DOJ’s antitrust suit against Apple for smartphone monopoly and control over apps. Another quake is that 2023 data breaches were up 187%–when a medical record is worth $60, it’s logical. Early stage funding and partnerships are back with a roar when AI’s in your portfolio. And Walgreens shrinks both VillageMD and distribution.

2023 US data breaches topped 171M records, up 187% versus 2022: Protenus Breach Barometer (And that was LAST year!)
Why is the US DOJ filing an antitrust lawsuit against Apple–on monopolizing the smartphone market? (One wonders)
Mid-week roundup: UK startup Anima gains $12M, Hippocratic AI $53M, Assort Health $3.5M; Abridge partners with NVIDIA; VillageMD sells 11 Rhode Island clinics; $60 for that medical record on the dark web (Funding’s back and AI’s got it)
Walgreens’ latest cuts affect 646 at Florida, Connecticut distribution centers (More in next week’s financial call)

A lighter week with the Change hacking starting to recede (pharmacy back up on Wed 13 March) and most industry types at HIMSS, we caught up with the first VA go-live in a year, Dexcom’s cleared OTC CGM, WebMD doubles down on health ed with Healthwise buy, Centene may sell abandoned HQ building. And Friday’s news is on a big cyberattack of an NHS Scotland region.

Weekend roundup: NHS Dumfries (Scotland) cyberattacked; delisted Veradigm’s strong financials; One Medical NY patients’ coverage clash; Suki voice AI integrates with Amwell; Legrand and Possum extended; Zephyr AI’s $111M Series A

News roundup: Cerner goes live at VA, DOD Lovell Center; WebMD expands education with Healthwise buy; Dexcom has FDA OK for OTC glucose sensor; Centene may have buyer for abandoned Charlotte HQ (Back to normal news!)
Updates on Change cyberattack: UHG’s timeline for system restorations, key updates around claims and payments in next weeks (updated) (Saving the analysis for later)

The Change Healthcare/Optum cyberattack entered a second week with no restoration of services in sight; how providers and pharmacies are coping without their primary means of processing patient claims and furnishing care–and the psychological toll; and the uncertain future of Walgreens, WBA, and the rapid downsizing of their provider arm, VillageMD. To add further insult to UHG, now DOJ is putting them under antitrust scrutiny.

Is BlackCat/ALPHV faking its own ‘death’? (updated) HHS and CMS come to Change affected providers’ assistance with ‘flexibilities’
Update: VillageMD lays off 49 in first two of six Village Medical closures in Illinois
Reality Bites Again: UHG being probed by DOJ on antitrust, One Medical layoffs “not related” to Amazon, the psychological effects of cyberattacks
Facing Future: Walgreens CEO moves company into strategic review–will he get WBA board alignment? (‘Go big’ now in reverse)
Week 2: Change Healthcare’s BlackCat hack may last “for the next couple of weeks”, UHG provides temp funding to providers, AHA slams it as a ‘band aid”–but did Optum already pay BlackCat a $22M ransom? (updated) (When will it end? Providers. staff, and patients are hurting)

Three major stories lead this packed week. Change Healthcare’s and Optum’s week-long struggle to get 100 or so BlackCat hacked systems up and running again for pharmacies and hospitals–no end in sight. Walgreens keeps closing Village MD locations–up to 85. But the funding freeze seems to be thawing, with M&A and lettered funding rounds suddenly poking through like daffodils–though the structure of one (Dario-Twill) is puzzling and another may be contested (R1 RCM). And Veradigm finally delists–while buying ScienceIO.

BlackCat is back, claims theft of 6TB of Change Healthcare data (Latest breaking news)

Breaking: VillageMD exiting Illinois clinics–in its home state–as closures top 80 locations (Something not good in the Village)
Short takes on a springlike ‘defrosting’: Redi Health’s $14M Series B, Dario Health buys Twill for ~$30M (About time for a Spring thaw)
Roundup: Walgreens’ new chief legal officer; Digital Health Collaborative launched; fundings/M&A defrosting for b.well, R1 RCM, Abridge, Reveleer; Veradigm likely delists, buys ScienceIO–mystery? (updated)
Change Healthcare cyberattack persists–is the BlackCat gang back and using LockBit malware? BlackCat taking credit. (update 28 Feb #2) (100 systems down, BlackCat’s back)

A few surprises at week’s end, with what appears to be a cyberattack taking down Change Healthcare’s systems and Walgreens’ VillageMD exiting Florida. There’s life in funding and stock buybacks but Oracle Cerner’s in the same-old with the VA. Teladoc on slow recovery road, telemental health coming back, LockBit busted, Musk’s Neuralink implant, and a few thoughts on AI. 

Weekend reading: AI cybersecurity tools no panacea, reality v. illusion in healthcare AI, RPM in transitioning to hospital-at-home, Korean study on older adult health tech usage (AI obsession?)
Breaking: Walgreens’ VillageMD shutting in Florida; Change Healthcare system websites cyberattacked (updated) (Two shockers)
Mid-week roundup: Cotiviti’s $10.5B stake to KKR; Cigna buys back $3.2B shares; VA Oracle Cerner faulty med records; LockBit ransomware websites cold-busted at every level, principals indicted; Trualta partners with PointClickCare
Teladoc closes 2023 with improved $220M loss, but weak forecast for 2024 leads to stock skid (Teladoc in recovery)
Telemental news roundup: Brightside Health expands Medicaid/Medicare partners; Blackbird Health gains $17M Series A; Nema Health’s PTSD partnership with Horizon BCBSNJ (A comeback badly needed)
Neuralink BCI human implant subject moving computer mouse by thought: Elon Musk (Controversy)

A week with a lot of Facing The Music, as the snow and chill continue as we’re ready for spring, already. Four payers scuttle mergers, Walgreens and Amazon are reorganizing big time, and the losses (Amwell especially) and layoffs continue. Apple wins a round in its patent fight with AliveCor. It’s the New Reality and let’s hope we get to a Newer, Better Reality soon. Maybe it’s time to focus on designing tech that is older adult (and not so older adult) friendly–and yes, there are some ‘green shoots’.

Weekend reading: why the tech experience for older adults needs a reboot (a boot in the….?), health tech takeaways from CES (Must reads)
Mid-week news roundup: Elevance-BCBSLA, SCAN-CareOregon mergers scuttled; Amwell’s $679M loss, layoffs; Invitae genetics files Ch. 11; innovations released from DeepScribe, Essence SmartCare (DE), fall detection at Atrium Health (SC)
Further confirmation of the New Reality for digital health–lower valuations, more exits, fewer startups, tech buyers not seeing ROI (The cleanout continues)
AliveCor v. Apple latest: Federal court tosses AliveCor suit on heart rate app data monopolization (This David v. Goliath round goes to Goliath)
Facing the Music of the New Reality: Amazon Pharmacy & One Medical restructure; Walgreens shakes up health exec suites again, cashes out $992M in Cencora; new takes on NeueHealth; Cue Health, Nomad Health layoffs


Have a job to fill? Seeking a position? See jobs listed with our new job search partner Jooble in the right sidebar!


Read Telehealth and Telecare Aware: https://telecareaware.com/  @telecareaware

Follow our pages on LinkedIn and on Facebook

We thank our advertisers and supporters: Legrand, UK Telehealthcare, ATA, The King’s Fund, DHACA, HIMSS, MedStartr, and Parks Associates.

Reach international leaders in health tech by advertising your company or event/conference in TTA–contact Donna for more information on how we help and who we reach. 


Telehealth & Telecare Aware: covering the news on latest developments in telecare, telehealth, telemedicine, and health tech, worldwide–thoughtfully and from the view of fellow professionals

Thanks for asking for update emails. Please tell your colleagues about this news service and, if you have relevant information to share with the rest of the world, please let me know.

Donna Cusano, Editor In Chief
donna.cusano@telecareaware.com

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Mid-week roundup: UK startup Anima gains $12M, Hippocratic AI $53M, Assort Health $3.5M; Abridge partners with NVIDIA; VillageMD sells 11 Rhode Island clinics; $60 for that medical record on the dark web

It may be a little chilly out, but it feels like Springtime For Early Round Funding and Big Partnerships.

Anima, a London-based startup fresh out of Y Combinator, now has a $12 million Series A raise. It was led by Molten Ventures, with participation from existing investors Hummingbird Ventures, Amino Collective and Y Combinator. Its platform combines online consultation with productivity tools for integrated care enablement in one dashboard for primary care. Their founders position it as a single source for patient truth across care settings, avoiding missed diagnoses. As of today, Anima is deployed in over 200 NHS clinics in England caring for a combined 2 million patients and a monthly request volume of over 400,000 requests. They also claim to halve the time the time practices spend on coding, processing, and filing documents and resolve 85% of patient inquiries within a day. Shun Pang, co-founder and CEO of Anima, who trained as a doctor at Cambridge University, told TechCrunch. “The entire clinic collaborates in a real-time multiplayer dashboard, like Figma, and can ping cases to each other, and chat with a Slack-like UX.” he said. He also added that Anima’s processing system can “autonomously ingest any document, like handwritten, diagrams, imaging, and output a summary, with structured fields.” Anima has not entered the US market yet. Anima blog/release, Tech.EU

Hippocratic AI raised a jumbo $53 million Series A for what they term the first safety-focused Large Language Model (LLM) for healthcare. AI of course is the hottest funding area in healthcare. With two previous rounds raised in mid-2023, their total funding is $118 million (Crunchbase), creating a valuation estimated at $500 million. Investors were co-led by Premji Invest and General Catalyst with participation from SV Angel and Memorial Hermann Health System as well as existing investors Andreessen Horowitz (a16z) Bio + Health, Cincinnati Children’s, WellSpan Health, and Universal Health Services (UHS). Their product is a novel staffing marketplace where health systems, payors, and others can “hire” auto-pilot generative AI-powered agents to conduct low-risk, non-diagnostic, patient-facing services to help solve the massive healthcare staffing crisis. This is now being released for phase three safety testing with 5,000 licensed nurses, 500 licensed physicians, and the company’s health system partners. Release

San Francisco-based startup Assort Health now has a seed round of $3.5 million to advance its generative AI approach to healthcare call centers. Its goal is to eliminate front desk stress and call center/service holds. Their system in development uses AI and NLP (natural language processing) to understand a caller’s intent, then to integrates with the medical providers’ EHR, including Epic, to resolve patient inquiries without human intervention. Funding was led by Quiet Capital (!) joined by Four Acres, Tau Ventures, and a number of angel investors from tech companies. Release

Another generative AI company with a substantial Series C under its belt, Abridge, is partnering with super-hot NVIDIA.  The partnership also comes with undisclosed funding from NVIDIA’s VC arm, NVentures, to add to last month’s $150 million raise. Abridge is developing conversational AI technology using LLM and speech recognition to ease the burden of taking notes during the doctor’s appointment, with fluency in 14 languages across 55 medical specialties. Abridge’s technology is designed to capture clinician-patient conversations and structure the scribing. NVIDIA’s partnership will give Abridge access to NVIDIA’s computing resources, foundation models, and expertise in efficiently deploying AI systems at scale. Release

Another episode in the continuing Walgreens Restructuring Saga has VillageMD selling 11 practices to Arches Medical Partners. The practices are located in the Providence metro area of Rhode Island and consist of three urgent cares and eight offices with a total of 50 physicians and 75,000 patients. It is unusual because it is the first time that VillageMD sold their practices instead of closing the offices, which they are doing with 85 to 90 offices. Transaction cost was not disclosed but closed on 2 March. Arches is based in Cambridge, Massachusetts. They acquired these practices but also deploy software from its wholly-owned technology subsidiary, New Era Medical Operations (NEMO), to enable IPAs to negotiate and manage global risk contracts. Arches release, Becker’s, Crain’s Chicago Business

Wondering why ransomwareistes, their affiliates, and hackers in general are attracted to healthcare? It’s the value of a medical record. Going rates on the ‘dark web’ are now topping $60, according to CNBC’s source, a cybersecurity researcher Jeremiah Fowler. By comparison, Social Security number are a bargain $15 and a credit card number but $3. It’s also easier to hack than ever due to affiliate relationships termed ransomware-as-a-service or RaaS. The ransomware is supplied, the affiliate hackers do the work, and they share in the rewards–most of the time (see ‘notchy’ being scammed by BlackCat/ALPHV on the Change Healthcare cyberattack TTA 5 Mar). But this doubles or triples the potential for company extortion, with multiple ‘actors’ attacking a company, extorting a ransom, and then keeping healthcare data and selling it through their channels.

The article concludes that healthcare execs need to get very, very serious about protecting their data. Yet this year has marked healthcare downsizing IT departments in order to save money. This is as security software has proliferated–but has to be purchased and managed. Another distressing fact: this Editor only last week attended a major NYC conference on cybersecurity. Healthcare was mentioned only in passing as a market. Worse, till this Editor questioned a speaker from the floor, was the massive Change Healthcare attack even mentioned–and unfortunately she knew more about it than the speaker!

Is BlackCat/ALPHV faking its own ‘death’? (updated) HHS and CMS come to Change affected providers’ assistance with ‘flexibilities’

BlackCat/ALPHV blames the FBI for another ‘shutdown’ and exits, stage left. BlackCat put up a copy of the shutdown screen (left) that appeared on their old leak website back in December [TTA 22 Dec 23] on their new leak website, claiming that law enforcement shut them down. This was not confirmed by the FBI either way, but Europol and the NCA confirmed to Bleeping Computer that they had no recent activity involving BlackCat. The other tell was that the source code on both screens was different–it was served up on another server.

On a Russian hacker forum called Ramp, BlackCat/ALPHV claimed that they “decided to completely close the project” and “we can officially declare that the feds screwed us over. The source code will be sold, the deal is already being negotiated”. The source code is reportedly up for sale for $5 million.

As to the $22 million, BlackCat/ALPHV never admitted it was paid by Optum/Change (nor is Optum confirming), but the affiliate called “notchy” which didn’t get paid [TTA 5 Mar] shared (to Bleeping Computer) that “a cryptocurrency payment address that recorded only one incoming transfer of 350 bitcoins (about $23 million) from a wallet that appears to have been used specifically for this transaction on March 2nd.” That wallet distributed (seven) equal payments of $3.3 million in bitcoin to other wallets.

(Update) Speaking of “notchy”, let’s not forget that this affiliate claims to have 4 TB of PHI/PII data from Change that could be sold or leaked. Since they never got paid by BlackCat/ALPHV, it’s safe to assume that information will be up, so to speak, for grabs.

When it all adds up–the fake FBI ‘raid’, shutting down servers, the signoff on Tox of “GG’ (good game?), the cutting off of affiliates (which also confirmed this to DataBreaches.net–and may or may not have been paid)–it resembles an exit scam.

(Update) Another excellent summary about ALPHV in Krebs On Security also updates LockBit, which was seized in an international takedown in February, and about governmental entities they ransomwared.  To be continued….

The lobbying of HHS by Congress, the American Hospital Association, and UHG to help out providers has produced some results. On 5 March, Health and Human Services (HHS) issued a statement that summarized various ‘flexibilities’ and workarounds to aid providers who cannot access systems or have to resort to alternatives to ensure continuity of services to patients. These will be administered through the Center for Medicare & Medicaid Services (CMS) and range from prior authorization, advance funding, and claims processing for Medicare. From the statement:

  • Medicare providers needing to change clearinghouses that they use for claims processing during these outages should contact their Medicare Administrative Contractor (MAC) to request a new electronic data interchange (EDI) enrollment for the switch.
  • CMS will issue guidance to Medicare Advantage (MA) organizations and Part D sponsors encouraging them to remove or relax prior authorization, other utilization management, and timely filing requirements during these system outages.
  • CMS is also encouraging MA plans to offer advance funding to providers most affected by this cyberattack.
  • CMS strongly encourages Medicaid and CHIP managed care plans to adopt the same strategies
  • If Medicare providers are having trouble filing claims or other necessary notices or other submissions, they should contact their MAC for details on exceptions, waivers, or extensions, or contact CMS regarding quality reporting programs. CMS has contacted all of the MACs to make sure they are prepared to accept paper claims from providers who need to file them.

Many payers are also making funds available while systems are offline. Hospitals may also face “significant cash flow problems from the unusual circumstances impacting hospitals’ operations, and – during outages arising from this event – facilities may submit accelerated payment requests to their respective servicing MACs for individual consideration.”

The statement closes with a reminder of HHS’ December concept paper on cybersecurity strategy for healthcare. DataBreaches.net (full statement), Becker’s

(Update) More on how this is affecting patient care focusing on cancer treatment, from the point of view of a Community Oncology Alliance spokesman. In addition, how consolidation is making healthcare more vulnerable to cybercriminals, and comments on UHG and Federal processes and payment offers to date. HealthcareITNews.

And DDoS attacks and questionable downtimes are now common.

Editor’s Update 11 Mar: The DataBreaches.net website had a major DDoS attack on 7 March and was down for two days thru 8 March. It is now fully up and running with our links working.

Multiple US Government websites went down Thursday evening 7 March based on news reports: Department of Homeland Security (DHS), Customs and Border Protection (CBP), Immigration & Customs Enforcement (ICE), Citizenship and Immigration Services (USCIS), US Secret Service and Federal Emergency Management Agency (FEMA). The timing based on the State of the Union address to Congress is, well, interesting. Daily Express   Later reports announced restoration later in evening. Cyberincidents are not exactly unknown on government websites.

Week 2: Change Healthcare’s BlackCat hack may last “for the next couple of weeks”, UHG provides temp funding to providers, AHA slams it as a ‘band aid”–but did Optum already pay BlackCat a $22M ransom? (updated)

The BlackCat/ALPHV ransomware attack on Change Healthcare’s systems continues. At this point, the Optum systems website doesn’t show anything other than a chronological trail of updates and a long list in very small gray type of Change Healthcare systems affected–no more individual checks on working systems and red Xs on the ones that weren’t. 

  • UnitedHealth Group is setting up a program to loan funds, the “Temporary Funding Assistance Program,” to providers who cannot receive payments while Change systems are down. While without fees or interest, the loans will have to be repaid.
  • In a Tuesday 27 Feb conference call with hospital cybersecurity officers reported by STAT, UHG Chief Operating Officer Dirk McMahon said that the program will continue “for the next couple of weeks as this continues to go on.” This is more of a timeline than UHG has otherwise disclosed.
  • The American Hospital Association (AHA) on Monday slammed the “Temporary Funding Assistance Program” as “not even a band-aid on the payment problems” that hospitals are experiencing. The program is, in their view 1) “available to an exceedingly small number of hospitals and health systems” and with “shockingly onerous” and “one-sided contractual terms” and conditions for payback and verification through access to claims payment data. For their members, “their financial future becomes more unpredictable the longer Change Healthcare is unavailable. UnitedHealth Group, which is a Fortune 5 company that brought in more than $370 billion in revenue and $22 billion in profit in 2023, can — and should — be doing more to address the far-reaching consequences that result from Change Healthcare’s inability to provide these essential hospital revenue cycle functions nearly two weeks after the attack.” 4 March letter to UHG   AHA maintains an update page for members and other providers.
  • US Senator Chuck Schumer wrote 1 March to the Center for Medicare and Medicare Services (CMS) requesting that CMS accelerate payments to hospitals, pharmacies and other providers. Also Becker’s
  • AHA wrote 4 March to all four Congressional leaders detailing the effect on providers, UHG’s assistance program’s inadequacies, and requesting assistance from HHS including requesting “Medicare Administrative Contractors to prioritize and expedite review and approval of hospital requests for Medicare advanced payments.”  

Update: According to First Health Advisory, a cybersecurity firm in healthcare, some large providers are losing $100 million daily because of the interruptions to Change/Optum’s payer systems. CNN, Becker’s

And BlackCat went All Quiet on the Ransomware Front. Bleeping Computer confirmed that BlackCat turned off their servers and took their negotiation website offline over the weekend. “The Tox messaging platform used by the BlackCat ransomware operator contained a message that does does not provide any details about what the gang plans next: “Все выключено, решаем,” which translates to “Everything is off, we decide.”” It has now been changed to “GG”.

This may or may not be related to another development–an affiliate of BlackCat/ALPHV claiming that they were scammed of a $22 million ransomware payment from Optum. These affiliates actually carry out the attacks on cybervictims using encryptors from the main entity. Dmitry Smilyanets of threat intelligence company Recorded Future picked up a message posted by “notchy” that said Change/Optum paid $22 million on 1 March to “prevent leakage and decryption key.” ALPHV suspended their account after receiving the payment and never paid them. This affiliate also claims they still have 4 terabytes of data from Change that goes deep into Tricare, Medicare, MetLife, CVS, and many other payers. As proof on the ransom, “notchy” provided a cryptocurrency payment address with a total of nine transactions. In the ultimate irony, “notchy” warned other affiliates to stop dealing with ALPHV. Cutting off affiliate ties and walking away with the cash, preliminary to another rebrand of BlackCat/ALPHV, formerly DarkSide and Black Matter? Also The Registerand DataBreaches.net–which commented that while Optum may have gotten a decryptor, what about All That Data?

Change Healthcare cyberattack persists–is the BlackCat gang back and using LockBit malware? BlackCat taking credit. (update 28 Feb #2)

On Day 7, reports, like recollections, may differ. Today’s Reuters report (26 Feb) attributes the attack on Change Healthcare, which has snarled pharmacies and hospitals since Wednesday [TTA 23 Feb], to a revived BlackCat (a/k/a ALPHV) ransomware operation. Readers will recall that the FBI busted BlackCat right before Christmas last year, seizing their operational darknet websites and putting up a most showy home screen. They worked their way into the BlackCat operation via their affiliate operation. However, BlackCat rebooted a few days later, made an appearance, and went back underground. As Bleeping Computer predicted then, BlackCat is apparently back and, adding insult, not even under a new name. 

Bleeping Computer today reported that BlackCat’s hack went through a critical ConnectWise ScreenConnect auth bypass flaw (CVE-2024-1708 and 1709) which was actively exploited in attacks to deploy ransomware on unpatched servers. This was confirmed by Reuters and Health-ISAC, a healthcare-focused organization engaged in cyber best practices and threat intelligence, via the American Hospital Association’s AHA Cybersecurity Advisory today (26 Feb). AHA is advising healthcare organizations to actively reevaluate their connection or disconnection status of Change Healthcare systems which have been deemed safe by Optum.

As of today, BlackCat did not claim credit for taking down Change’s systems nor is there any report of a ransom demand. It is perhaps too early to determine if there has been any data theft. Nor are there reports of other healthcare or other organizations being attacked through the ScreenConnect flaw.

Optum has a page detailing the status of Change Healthcare’s individual systems here. Optum has a statement that has remained nearly the same on issues with connectivity since last Wednesday.* This Editor’s experience of the page is that it needs refreshing to view the full version. Regarding the systems, they are a long list to scroll through and your Editor lost count after 100. Most have red Xs by them. Some systems are checked green. Change is also holding Zoom calls to update partners. Reuters reported that Alphabet’s cybersecurity unit Mandiant is in charge of investigating the attack.

Change Healthcare processes 15 billion healthcare claims annually. This attack seems to have hit their pharmacy software the hardest. These software tools are used to verify patient eligibility for specific medication and also their insurance coverage. The outage not only covers the big chains like CVS and Walgreens, but also Tricare and the Military Health System (MHS) globally. TTA 22 Feb, updated 23 Feb.

A Friday report in SC Magazine indicated that the malware used by BlackCat was a strain of LockBit malware going through the ConnectWise ScreenConnect bypass flaw. Their source, Toby Goucker, chief security officer at First Health Advisory, stated that their firm found the ScreenConnect flaws and sent out a notification on 19 February. Goucker noted that bad actors prey on the gap between when these vulnerabilities are uncovered and announced, but before when patches are applied. However, Goucker was not able to confirm that Change uses ScreenConnect.

Ironically, the LockBit ransomwareistes were busted only last week by a combined UK NCA and US DOJ/FBI effort. Like weeds, they never go away entirely.

Oddly, Change Healthcare’s website home page does not have a notice about their problem or direct to a page on their or UHG’s site about it for assistance. We know you’re busy, guys, but from this Editor’s marketing perspective not having an information banner and redirect to the Optum page is a basic communication failure.

**This is a developing story and will be updated.**

*Update 27 Feb 9am Eastern Time.

A repeat of Optum’s boilerplate statement on their page today indicates this cyberattack is still unresolved for most of Change Healthcare–and will remain unresolved at least through today:

Update – Change Healthcare is experiencing a cyber security issue, and our experts are working to address the matter. Once we became aware of the outside threat, and in the interest of protecting our partners and patients, we took immediate action to disconnect Change Healthcare’s systems to prevent further impact. This action was taken so our customers and partners do not need to. We have a high-level of confidence that Optum, UnitedHealthcare and UnitedHealth Group systems have not been affected by this issue.

We are working on multiple approaches to restore the impacted environment and will not take any shortcuts or take any additional risk as we bring our systems back online. We will continue to be proactive and aggressive with all our systems and if we suspect any issue with the system, we will immediately take action and disconnect. The disruption is expected to last at least through the day. We will provide updates as more information becomes available.
Feb 272024 – 09:03 EST

Identical message 28 Feb 10:48am ET indicating that the effects of this attack are now one week old.

Updated 28 Feb: DataBreaches.net (“The Office of Inadequate Security”) reports that BlackCat is taking credit for it.

“BlackCat informed DataBreaches that yes, they are responsible for the attack. DataBreaches has asked them if they are willing to share any additional details and will update this post if any are received.”

This Editor is also following coverage in the usually reliable The Register which added a reply they obtained from Optum: “Since identifying the cyber incident, we have worked closely with customers and clients to ensure people have access to the medications and the care they need. We also continue to work closely with law enforcement and a number of third parties, including Mandiant and Palo Alto Networks, on this attack against Change Healthcare’s systems.” They are not confirming the perpetrators. 

#2 update from DataBreaches may point to Change Healthcare as well as healthcare in general. Here is part of a Cybersecurity Advisory (CSA) that is an ongoing #StopRansomware effort by the Cybersecurity and Infrastructure Security Agency (CISA). CISA was joined by the FBI and interestingly, the Department of Health and Human Services (HHS). They “are releasing this joint CSA to disseminate known IOCs and TTPs associated with the ALPHV Blackcat ransomware as a service (RaaS) identified through FBI investigations as recently as February 2024.” The addition of HHS as well as February 2024 should be noted. “FBI, CISA, and HHS encourage critical infrastructure organizations to implement the recommendations in the Mitigations section of this CSA to reduce the likelihood and impact of ALPHV Blackcat ransomware and data extortion incidents.” Could this be behind what is going on at Change Healthcare–a BlackCat full-court press versus US healthcare?

And at least one major hospital CEO wants answers now. Tampa General Hospital CEO John Couris went up to Optum’s CEO Amar Desai in the speaker room at the ViVE conference in Los Angeles on Monday, and the answer was far less than satisfactory. “And his answer to me was, ‘We’ll have an update in two days.’ So I don’t think he knows.” Mr. Couris’ speculates that Change Healthcare will 1) not pay ransom and 2) will rebuild its systems in maybe four weeks–and how that puts hospitals like his that use Change as a clearing house for claims in, to put it mildly, a pickle. MedCityNews

2023’s global cyberattack disaster: healthcare #3 in weekly attacks, 10% of organizations ransomwared–report

An average of 1,100+ cyberattacks per organization per week. Let that sink in.  While it represents only a 1% increase over 2022, and averages are well…averages, this is a lot to handle for any organization even if nowhere near the weekly average.

The report from Check Point Software Technologies, Ltd. an Israel (Tel Aviv HQ) and US-based IT security organization, is depressing reading for any company, especially for healthcare. (Editor’s note: Check Point’s data is derived from ThreatCloud AI, their intelligence engine.) Many of the large numbers are boiled down to averages per organization per week.

  • In terms of general cyber attacks globally, healthcare is #3 with an above-average 1,500 per organization per week attacks on average, right behind #2 government and military, with education far ahead, #1, with 2,046 per organization per week. It was up 3% versus 2022.
  • Retail and wholesale attacks are up 22% annually–a cautionary note for healthcare organizations engaging in retail operations.
  • Regionally, APAC (1,930 attacks) and Africa (1,900 attacks) led with increases at 3% and 12% respectively.

We not only must be concerned with ransomware–but mega-ransomware. These include zero-day exploits (a software flaw exploited by the hacker/ransomwareiste before the vendor or developer finds it). Rather than being content with encrypting data and demanding bitcoin for its release, the hyper version is now data theft followed by extortion campaigns threatening public disclosure of the stolen data, such as by MOVEit and GoAnywhere. Not mentioned here is another vector–business associates and vendors, using ‘social engineering’ tactics to steal passwords and other secure information to gain access into the larger system [TTA 24 Jan

  • 10% of global organizations were targeted by a ransomware attack, up 3 percentage points from 2022
  • Healthcare again was above average, #3 with 12% of organizations experiencing attacks. Government/military was #2 with 16% and education/research with 22% of organizations. 
  • The Americas went up from 5% in 2022 to 9% in 2023. APAC and EMEA were higher and also increased

Advice they give on security is logical: robust data backup, cyber awareness training, up-to-date patches, stronger user authentication, implementing anti-ransomware solutions, and utilizing better threat prevention. Can healthcare do this while leaning out IT, fighting collapsing margins, and transforming care delivery?

Another turkey: potential 9M patients affected by medical transcription vendor data breach

Vendors are hot, hot, hot…with hackers. In another notable vendor data incident, Perry Johnson & Associates (PJ&A), a Henderson Nevada-based provider of transcription services for hospitals and physician practices, reported a data security incident to the US Health & Human Services (HHS) Office of Civil Rights (OCR) on 3 November. The breach occurred in the network and files were copied 27 March-2 May, when it was detected. 8.95 million individuals were affected, with over 4 million individuals in NYC and Syracuse at Northwell Health, the largest health provider in New York State, and Crouse Health. Northwell hasn’t had much luck with transcription providers, having been affected by Nuance Communications’ hack earlier this year by one of their vendors–the Progress Software MOVEit file transfer protocol (FTP) theft traced back to ransomwareistes CLOP [TTA 3 Aug].

Personal health information stolen for all included name, date of birth, address, medical record number, hospital account number, admission diagnosis, and date(s) and time(s) of service. While the records didn’t contain financial information, some patients may have had breaches of their Social Security numbers, insurance information and clinical information from medical transcription files, such as laboratory and diagnostic testing results, medications, the name of the treatment facility, and the name of healthcare providers.

PJ&A notified affected providers on 29 September and affected patients on 31 October. In addition to the 4 million+ in New York, 1.2 million individuals were served by Cook County Health in Illinois. The rest have not been identified. TechCrunch, News4NY, PJ&A notice 

A Thanksgiving turkey for hospitals: multiple cyber and ransomware attacks

IT incidents were on the Thanksgiving menu at many US hospitals. It was no holiday for the hospitals experiencing attacks and outages, forcing ERs to divert to other hospitals and resort to downtime procedures. The hospitals reporting them are part of Ardent Health Services, a 30-hospital operator. Ransomware has been reported for some as the cause. Not all Ardent hospitals have been reported as affected.

A rundown of what was attacked, and where:

  • The 10-hospital UT Health East Texas (Tyler, Texas) network reverted to downtime procedures after a security incident, outage, and locked down its systems. Ambulances heading to its ERs were diverted to other hospitals.
  • Lovelace Health System in Albuquerque, New Mexico, affecting six hospitals, 33 health care clinics and seven outpatient therapy clinics. 
  • BSA Health System in Amarillo, Texas 
  • The University of Kansas Health System St. Francis Campus in Topeka 
  • Hillcrest HealthCare System (Tulsa, Oklahoma) 
  • Closer to this Editor’s home, two Hackensack Meridian hospitals in New Jersey served by Ardent were ransomwared starting on Thanksgiving: Pascack Valley in Westwood and Mountainside Medical Center in Montclair. Local reports indicated a ransomware attack. The outage continued through the weekend. Other Hackensack Meridian hospitals are not served by Ardent and were not affected.

Ardent has reported this to law enforcement and in their release, stated they are still determining the full impact of the event, though working with partners to restore access to electronic medical records and operations. 

In addition to the Ardent hospitals, on Thursday the six-hospital Vanderbilt University Medical Center (Nashville, Tennessee) reported a cyberattack that compromised a database and was contained. Ransomwareistas Meow claimed that their information was leaked on the dark web. VUMC is not confirming a ransomware attack and stated that the “compromised database did not contain personal or protected information about patients or employees.”

Becker’s 27 Nov, 27 Nov (Hackensack), Asbury Park Press, News12NJ, Ardent Health release, The Record

Killnet racks up 22 more healthcare cybervictims and data thefts; whitepaper on best defense practices

Ransomware attacks keep rolling through healthcare organizations. The latest tally just for Killnet, the rogue group of pro-Russian hacktivists, is up to 22 hospitals from Los Angeles to Egg Harbor, NJ. Becker’s HealthIT on Tuesday reported on 17 listed by BetterCyber on 31 January with another six yesterday. (BetterCyber’s Twitter feed subtracted Dartmouth Health Cheshire Medical Center from the victim list yesterday, thus 22.) Most affected are regional and community hospitals.

According to SC Media’s report on an HHS Cybersecurity Coordination Center (HC3) Alert, health and personal data were ‘exfiltrated’ onto the Killnet list. Quite oddly, and this Editor is sure it’s just a coincidence, the HC3 analyst note linked is offline; on a search to cross-check the link, the HHS pages show up in index form. Also Becker’s HealthIT 1 Feb 

The attacks were DDoS (distributed denial of service), described by HC3 as “thousands of connection requests and packets to be sent to the target server or website per minute, slowing down or even stopping vulnerable systems.” This ties up IT and slows down services such as websites or information portals. The danger in DDoS attacks, as noted in previous coverage [TTA 22 Dec 22] is that DDoS can be cover for other cybercrimes or information gathering in preparation for same. 

How can a healthcare organization ‘keep calm’ and lessen the impact of cyberattack, as it’s ‘not if, but when?’ A whitepaper by Cynerio,  focuses on microsegmentation, a network security technique that logically divides the data center into distinct security segments down to the individual workload/workflow level, and then defines security controls. (In marketing, market profiling down to buyer personas is similar.) The paper looks at how organizations should focus on four areas: visibility, risk mitigation, real-time defense, and regulatory compliance, then work through multiple considerations. Happily, the whitepaper (no registration required) is mostly understandable to those outside of IT. It also provides three case studies and checklists. Cynerio is a NYC-based healthcare-focused cybersecurity management company that helps hospitals to manage risk and secure their IoT, IoMT, and unmanaged IT and mobile devices.

Healthcare cyberattack latest: NextGen EHR ransomwared by AlphV/BlackCat, back to normal – 93% of healthcare orgs had 1-5 ransomware incidents

Cyberattacks on healthcare continue their drip-drip-drip. The latest is on an EHR/practice management platform used by small to enterprise-sized specialty practices, NextGen Healthcare. The hacker group associated with the AlphV/BlackCat ransomware moved into the system on 17 January. For a short time, they reportedly exhibited NextGen information on their extortion site but later took it down. NextGen reported a short-term disruption to operations. A NextGen spokesperson stated that “We immediately contained the threat, secured our network, and have returned to normal operations,” the spokesperson said. “Our forensic review is ongoing and, to date, we have not uncovered any evidence of access to or exfiltration of client data. The privacy and security of our client information is of the utmost importance to us.”  NextGen has also stated to this Editor that no patient data was affected.

NextGen is used by about 2,500 practices in the US, UK, India, and Canada, including over 20 specialties.

The group behind AlphV/BlackCat ransomware has an infamous history. Reputedly, the gang has been kicking around since 2012 and was the same group of charmers that attacked the Colonial Pipeline in 2021, using the Darkside ransomware in May 2021 that dried out gas stations across the US East Coast. Their next ransomware edition, BlackMatter, targeted agriculture during fall 2021. Healthcare IT News, The Record/Recorded Future News

More severe attacks affecting 93% of healthcare organizations. While NextGen contained the attack quickly, both the Censinet/Ponemon Institute and Fortified Health Security’s 2023 Horizon Report tracked 2022 healthcare data breaches and concluded that while the number of incidents didn’t change much, their severity ramped up. More according to SC Media in these reports: 

  • Over a dozen of the biggest incidents in 2022 each impacted well over 1 million records
  • Nearly half of the respondents experienced a ransomware attack in the last two years
  • 93% faced between one to five ransomware-related incidents
  • Outages lasted upwards of 35 days

The common ground with NextGen is danger to patient safety, because electronic record damage can translate quickly into unavailable patient care.

Updated PharmaCare Services, a pharmacy management company based in Texas, is listed as a victim on BlackCat’s extortion site. They were exhibited with NextGen and remained when NextGen’s listing was challenged and then taken down. PharmaCare is staying mum on any ransomware disruptions, according to GovInfoSecurity.

One ray of hope is improved medical device security, included in the ‘omnibus’ budget package approved in late 2022. FDA will be required to enforce new standards for premarket device submissions. One is a software bill of materials, adequate evidence to demonstrate the product can be updated and patched, and a description of security testing and controls. This was before Congress in the Protecting and Transforming Cyber Health Care (PATCH) Act which didn’t go far, but elements of which found their way into the omnibus. A needed change for medical devices and long expected by manufacturers. SC Media

Weekend news roundup: Teladoc adds to Primary360; Novartis, Medtronic support UK digital cardiac startups; Bluestream adds PrimaryOne Health; NoKo ransomware threatens healthcare; more Fed scrutiny on telehealth Rx, billed time may be coming

Teladoc had some positive news this week with additions to Primary360, its new primary care service for the provider/payer market. It added in-network referrals and care coordination capabilities, free, same-day prescription delivery from Capsule, and in-home, on-demand phlebotomy from Scarlet Health. The release notes that about half of patients fail to pick up their prescriptions. In addition, Priority Health, a nonprofit health benefits company serving Michigan, has added Primary360 to its fully insured virtual first plan design for employers. FierceHealthcare

Some good news from the UK in a time of government upheaval. Novartis is supporting cardiac digital health startups through the Novartis Biome UK Heart Health Catalyst 2022. This investor partnership is to identify and scale innovations for non-invasive lipid testing and at-home blood pressure testing using software as a medical device. Partners in support are Medtronic, RYSE Asset Management and Chelsea and Westminster Hospital NHS Foundation Trust and its official charity CW+. Successful applicants will receive support from partners during the competition process, the opportunity of investment up to £3 million provided by RYSE Asset Management, subject to due diligence at RYSE`s discretion, access to the Novartis Biome UK eco-system located in White City, and opportunities to work with our NHS partners to set up and deliver a pilot evaluation of the winning innovation. Applications must be in by 31 August–form is here. FierceBiotech

Bluestream Health adds PrimaryOne Health. Bluestream provides a white-labeled customized virtual care service that will be integrated into PrimaryOne’s services. This medical group of 11 community healthcare facilities across central Ohio serves 48,000 patients with primary care, OB-GYN, pediatric, vision, dental, behavioral health, nutrition, pharmacy, physical therapy, and specialty care.  Release

North Korea’s Maui Ransomware is no Hawaiian vacation. The threat has built enough since May 2021 for the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of the Treasury (Treasury) to release a joint Cybersecurity Advisory (CSA) on Thursday warning healthcare and public sector health organizations. It is state-sponsored North Korean malicious cyber activity. The CSA provides a sample of how it executes, what it targets, how it encrypts files, and how to respond. Hackermania, NoKo Style, is Running Wild with breaches piling up [TTA 7 July], and not only in healthcare. Healthcare Dive, Healthcare IT News

And in Dog Bites Man News, a former US assistant district attorney for Massachusetts predicts that Federal entities such as the Department of Justice (DOJ) may not stop with telemental prescribing. They will not only be ramping up their scrutiny of telemental health companies–but also telehealth billing. For Cerebral and Done Health that facilitate the prescribing of Schedule 2 drugs, this assumption of scrutiny has become a no-brainer. What it also is: a caution for mainstream telehealth providers such as Teladoc and Amwell charging into psychiatric telehealth.  But the former ADA, Miranda Hooker, now a health sciences area partner with Troutman Pepper in Boston, makes a broader prediction. Prosecuted telehealth fraud, as this Editor has noted, has grown in other areas, such as prescriptions for durable medical equipment (DME) billed to Medicare [TTA 6 May] and cardiologists moonlighting as Dr. Mabuse, Master Cybercriminal [TTA 19 May]. But the next frontier may be time-specified telehealth consults billed to Medicare under various CPT codes (e.g. 994XX). A 15-minute consult billed as a more lucrative 30-minute consult can be considered fraud. The Cerebral investigation, according to Hooker, marks a shift by the DOJ into investigating the actual provision of telehealth services and whether they are being billed properly. FierceHealthcare

Thursday news roundup: IBM Watson Health sale closed, now Merative; OneMedical inviting buyers–maybe; worst healthcare data breaches rounded up

It’s a post-Independence Day and early summer holiday relatively quiet week….

It’s Merative, not IBM Watson Health anymore. Francisco Partners‘ buy from IBM of Watson Health closed last Thursday (30 June) but didn’t make the news until after the holiday. The announcement of the new brand, Merative, was splashed on HLTH’s website today (not HIMSS) with the usual language about how their data connects and transforms health through pioneering “cloud, real-world data and industry-leading AI” through health systems, hospitals, health plans, life sciences, and government. Speaking of data points:

  • HQ now in Ann Arbor, MI
  • New CEO Gerry McCarthy from CEO of eSolutions, a former Francisco Partners portfolio company that exited to Waystar in October 2020
  • The former general manager, Paul Roma, will be a Senior Advisor to Francisco Partners
  • Merative will have six product families: Health Insights; MarketScan; Clinical Development; Social Program Management and Phytel; Micromedex, and Merge Imaging 
  • Other investors include True Wind Capital and Sixth Street

Since 2015, IBM had built up Watson Health through four acquisitions and over $4 billion in investment. They sold it for perhaps $1 billion to get it off their books. Once upon a time they were the leader, now they’re up against Oracle and a dozen other competitors like IQVIA that sell connectedness and ‘actionable insights’ across and in chunks of their business (example, life sciences). Given the track record of the controlling private equity partner, Merative needs to become profitable quickly. Merative will not be a long term investment for them. FierceHealthcare. Our prior coverage: 7 Jan, 22 Jan, 25 Feb (Who needs Watson Health?)

Also apparently up for sale to the right buyer is One Medical. The clinic group flirted with but ultimately sent packing CVS Health. One Medical offers concierge in-person and telehealth primary care in seven metros and has over 700,000 members. They bought Medicare value-based primary care provider group Iora Health a year ago [TTA 11 June] but since then their stock (trading under 1Life Healthcare) and valuation has cracked by 75%. Not mentioned in the Bloomberg article is whether Iora is included in the possible deal.

And for those who like their Hackermania on the Wild Side, there’s a massive list over at Wired that racks up the Greatest Hits. It’s only halfway through 2022, but the data breaching and ransomware perps have multiplied. From Russia/Ukraine to extortion gangs like Conti and Lapsus$ to cryptocurrency theft and China, the Old Reliable Healthcare continues to star. Our recent list is here but topping out the Wired list are Shields Health Care Group, Baptist Health System, Resolute Health Hospital, Kaiser Permanente, and Yuma Regional Medical Center. Also Becker’s.

Thursday news roundup: FTC now investigating Cerebral, Balwani’s Theranos trial rests at last, Proscia pathology AI $37M Series C, health data breaches pile up

Telemental health Cerebral’s miseries pile on. The Federal Trade Commission (FTC) is now investigating Cerebral on deceptive advertising and marketing practices. The Wall Street Journal (may be paywalled) reviewed the 1 June letter sent to the company. The letter requests the usual preservation of documents and asks ‘dozens of questions’ related to their business. Of particular interest to the FTC is the ‘negative option’ practice that continues the subscription fee unless the subscriber takes positive action to cancel it. Subscribers have complained that Cerebral did not cancel their subscriptions after repeated attempts to do so and did not refund their money. Reuters, FierceHealthcare

Also of interest to the FTC will be the dodgy advertising claims about ADHD and obesity which ran on TikTok and Instagram [TTA 10 May]. The WSJ reported that their ad spend topped $65 million for this year–$13 million on TikTok alone from January to May this year, making Cerebral the third-largest advertiser behind HBO and Amazon, according to research firm Pathmatics.

The FTC action follows the Department of Justice (DOJ) investigation of their prescribing of controlled (Schedule 2, high potential for abuse) substances such as Adderall and Xanax, CVS and Walmart refusing their prescriptions, the unceremonious booting of the CEO and co-founder, and a wrongful dismissal lawsuit by a former VP of product and engineering, Matthew Truebe. Certainly, its investors led by SoftBank, which raised $300 million in December less than six months after a raise of $127 million, are unhappy at watching their $4.8 billion baby crash and burn.

The second “rerun” Theranos trial of Sunny Balwani rests. This much-muted trial is winding towards its close. Receiving much less breathless and near-sensational coverage than Elizabeth Holmes’, Theranos president Balwani was tried in the same San Jose Federal district court, with the same prosecutor (Robert Leach), just about the same charges (12 counts of wire fraud), and Judge Davila presiding. Holmes was convicted and her sentencing is scheduled for September.

The prosecution rested on 20 May and the defense on 9 June. The trial took some delays due to at least two jurors falling ill from Covid. The defense strategy rested on Holmes’ founding and operating the company without Balwani for a few years and that he never sold his shares, making him as victimized as any ordinary investor. The prosecution is relying on how close Holmes and Balwani were, that he had great power at Theranos–and used it, plus in his position was well aware of the problems with the lab machines and deliberately sought to defraud investors by covering it up. Unsurprisingly, Holmes did not testify at his trial, although she was a looming presence at his as he was somewhat at hers, especially in her testimony about their relationship. Closing arguments took place on Tuesday (14 June) and the jury will be charged after their conclusion. NBC Bay Area, New York Post, Wall Street Journal

Happier news comes from Proscia, a pathology software company, funding a $37 million Series C. Highline Capital Management, Triangle Peak Partners, and Alpha Intelligence Capital led the round along with participation from five earlier investors. Their total funding is up to $72 million. Their AI-enabled Concentriq platform combines “enterprise scalability with a broad portfolio of AI applications to accelerate breakthroughs and unlock clinical insights that advance precision medicine.” Clients include 10 of the top 20 pharmaceutical companies as well as the Joint Pathology Center, Proscia release, Becker’s 

Adding to the tally of healthcare data breaches are several this week. The year-to-date winner, of course, are the 2 million at Shields Health Care Group in Massachusetts [TTA 10 June], but this week, reports have been breaking out like late spring roses:

  •  A clinical guidance software vendor’s breach reported 10 June has exposed the protected health information (PHI) of patients at Omaha, Nebraska-based CHI Health and Sioux Falls, South Dakota based Avera Health. Avera has about 900 exposed patients, but the number at CHI is not yet known. MCG Health is the vendor. Becker’s
  • Yuma (Ariz.) Regional Medical Center reported an April ransomware attack that while short in duration, exposed PHI of 700,000 patients. An unauthorized user removed files from the hospital’s system that included patient health information such as names, social security numbers, health insurance information, and limited medical information relating to care. The hospital went offline until it was resolved, including reporting to law enforcement. Becker’s, Healthcare Dive
  • UChicago Medicine had its employee accounts hacked in March by an unauthorized user. It exposed about 2,500 patient records that included patient first and last names, social security numbers, health information, legacy Medicare beneficiary identification numbers, health insurance policy numbers, and driver’s license numbers. Becker’s
  • And Kaiser Foundation Health Plan of Washington had about 70,000 patient PHIs exposed on 5 April when an unauthorized user gained access to one employee’s emails with information on patient first and last names, dates of service, laboratory test information, and medical record numbers.

Short, but certainly not sweet, and expensive.

Thursday legal news roundup: Oscar Health accused of IPO securities fraud; Venezuelan cardiologist moonlights as cybercriminal, faces slammer; Change Healthcare sues former employee now at Olive AI

To use a cliché, what a difference a year makes. In March 2021, insurtech Oscar Health successfully raised $1,4 billion in its IPO with shares at $39. Heady times didn’t last long, with shares tumbling to $5.67 as of this writing. Now the shareholder lawsuits have begun, with the complaint stating that negative effects of COVID-19 on Oscar’s business were not disclosed, specifically the growing cost of the pandemic on testing and treatment costs they would cover, and “Oscar would be negatively impacted by an unfavorable prior year Risk Adjustment Data Validation (RADV) result relating to 2019 and 2020 [and] that Oscar was on track to be negatively impacted by significant SEP membership growth”. The lack of forward-looking disclosure at an IPO is a violation of the Securities Act. The initial lawsuit has been filed in the US District Court for the Southern District Court of New York by shareholder Lorin Carpenter. Multiple law firms have invited shareholders to join in the suit — example from PR Newswire. Also named in the suit are Oscar Health co-founders CEO Mario Schlosser and Vice Chairman Joshua Kushner, plus several investment banks.

Oscar started the year with a Q1 loss of $0.36 per share versus an estimate of a loss of $0.40, but this is less than half of last year’s loss of $0.98 per share. They are also exiting the Arkansas and Colorado markets in 2023. Healthcare Dive

Cardiologist, master cybercriminal, a new Dr. Mabuse? Accused of the creation, use, and sale of ransomware is one Venezuelan doctor and practicing cardiologist, Moises Luis Zagala Gonzalez, a dual citizen of Venezuela and France. The charges by the Department of Justice (DOJ) in the Eastern District of New York also detail his “extensive support of, and profit sharing arrangements with, the cybercriminals who used his ransomware programs.” SaaS can’t hold a candle to the RaaS–ransomware-as-a-service–operation he created to sell what he dubbed ‘Thanos,’ allegedly named after a fictional cartoon villain responsible for destroying half of all life in the universe. Turns out that Iranian state-sponsored hackers and fellow ransomware designers really liked it too. If convicted, he faces 10 years in Club Fed–five years for attempted computer intrusion, and five years for conspiracy to commit computer intrusions. Designing criminal software really does test the limits of moonlighting. DOJ release, TechCrunch

Change Healthcare sues former employee at competitor Olive AI. While their merger with UnitedHealthcare is tied up in the US District Court in DC [TTA 23 Mar], Change Healthcare is not letting any courtroom grass grow under their feet. They are suing a former employee, Michael Feeney, with violating the non-compete clauses of his employment contract. The suit was filed in Tennessee Chancery Court, its HQ state. Mr. Feeney has countersued in his state of residence, stating that the non-compete violates Massachusetts law. He was VP, strategy and operations at Change handling physician revenue cycle management. At Olive AI, he is currently SVP, provider market operations. Information is a bit scarce on this and the free article this Editor has found reads machine-translated. If you have access to the Nashville Post or Modern Healthcare it’s probably more decipherable.

As to the lawsuit affecting non-competes due to the tight labor market–don’t count on it. It’s a conflict between the state the company is in enforcing non-competes, versus a state which restricts (or negates) them that is the former employee’s state of residence and work. What wins out will be the interesting part and affect many of us in the US.