Initially thought to be an attack by a nation-state, actual culprit turned out to be a known ransomware group and each day brings new revelations about the cyberattack
Fallout continues from cyberattack on Change Healthcare, the revenue cycle management (RCM) company that is a business unit of Optum, itself a division of UnitedHealth Group. Recent news accounts say providers are losing an estimated $100 million per day because they cannot submit claims to Change Healthcare nor receive reimbursement for these claims.
The cyberattack took place on February 21. The following day, UnitedHealth Group filed a Material Cybersecurity Incidents report (form 8-K) with the US Securities and Exchange Commission (SEC) in which it stated it had “identified a suspected nation-state associated cybersecurity threat actor [that] had gained access to some of the Change Healthcare information technology systems.”
A few days later the real identity of the threat actor was revealed to be a ransomware group known as “BlackCat” or “ALPHV,” according to Reuters.
Change Healthcare of Nashville, Tenn., is “one of the largest commercial prescription processors in the US,” Healthcare Dive reported, adding that hospitals, pharmacies, and military facilities had difficulty transmitting prescriptions “as a result of the outage.”
Change Healthcare handles about 15 billion payments each year.
According to a Change Healthcare statement, the company “became aware of the outside threat” and “took immediate action to disconnect Change Healthcare’s systems to prevent further impact.”
Change Healthcare has provided a website where parties that have been affected by the cyberattack can find assistance and updated information on Change’s response to the intrusion and theft of its data.
“The fallout is only starting to happen now. It will get worse for consumers,” Andrew Newman (above), founder and Chief Technology Officer, ReasonLabs, told FOX Business, adding, “We know that the likely destination for [the Change Healthcare] data is the Dark Web, where BlackCat will auction it all off to the highest bidder. From there, consumers could expect to suffer from things like identity theft, credit score downgrades, and more.” Clinical laboratories are also targets of cyberattacks due to the large amount of private patient data stored on their laboratory information systems. (Photo copyright: ReasonLabs.)
Millions of Records May be in Wrong Hands
Reuters reported that ALPHV/BlackCat admitted it “stole millions of sensitive records, including medical insurance and health data from the company.”
The ransomware group has been focusing its attacks on healthcare with 70 incidents since December, according to federal agencies.
In a letter to HHS, AHA warned, “Change Healthcare’s downed systems will have an immediate adverse impact on hospital finances. … Their interrupted technology controls providers’ ability to process claims for payment, patient billing, and patient cost estimation services.”
“My understanding is Change/Optum touches almost every hospital in the US in one way or another,” John Riggi, AHA’s National Advisor for Cybersecurity and Risk, told Chief Healthcare Executive. “It has sector wide impact in potential risk. So, really, this is an attack on the entire sector.” Riggi spent nearly 30 years with the FBI.
Some physician practices may also have been impacted by the Change Healthcare cyberattack, according to the Medical Group Management Association (MGMA). In a letter to HHS, MGMA described negative changes in processes at doctors’ offices. They include delays in paper and electronic statements “for the duration of the outage.”
In addition, “prescriptions are being called into pharmacies instead of being electronically sent, so patients’ insurance information cannot be verified by pharmacies, and [the patients] are forced to self-pay or go without necessary medication.”
Here are “just a few of the consequences medical groups have felt” since the Change Healthcare cyberattack, according to the MGMA:
Substantial billing and cash flow disruptions, such as a lack of electronic claims processing. Both paper and electronic statements have been delayed. Some groups have been without any outgoing charges or incoming payments for the duration of the outage.
Limited or no electronic remittance advice from health plans. Groups are having to manually pull and post from payer portals.
Prior authorization submissions have been rejected or have not been transmittable at all. This further exacerbates what is routinely ranked the number one regulatory burden by medical groups and jeopardizes patient care.
Groups have been unable to perform eligibility checks for patients.
Many electronic prescriptions have not been transmitted, resulting in call-in prescriptions to pharmacies or paper prescriptions for patients. Subsequently, patients’ insurance information cannot be verified by pharmacies, and they are forced to self-pay or go without necessary medication.
Lack of connectivity to important data infrastructure needed for success in value-based care arrangements, and other health information technology disruptions.
Medical laboratory leaders and pathologists are advised to consult with their colleagues in IT and cybersecurity on how to best prevent ransomware attacks. Labs hold vast amount of private patient information. Recent incidents suggest more steps and strategies may be needed to protect laboratory information systems and patient data.
Study findings could lead to new clinical laboratory testing biomarkers designed to assess for male infertility
Clinical laboratories are increasingly performing tests that have as their biomarkers the DNA and enzymes found in human microbiota. And microbiologists and epidemiologists know that like other environments within the human body, semen has its own microbiome. Now, a study conducted at the University of California, Los Angeles (UCLA) has found that the health of semen microbiome may be linked to male infertility.
The UCLA researchers discovered a small group of microorganisms within semen that may impair the sperm’s motility (its ability to swim) and affect fertility.
A total of 73 individuals were included in the study. About half of the subjects were fertile and already had children, while the remaining men were under consultation for fertility issues.
“These are people who have been trying to get pregnant with their partner, and they’ve been unsuccessful,” Sriram Eleswarapu, MD, PhD, a urologist at UCLA and co-author of the study, told Scientific American. “This latter group’s semen samples had a lower sperm count or motility, both of which can contribute to infertility.”
“There is much more to explore regarding the microbiome and its connection to male infertility,” said Vadim Osadchiy, MD (above), a resident in the Department of Urology at UCLA and lead author of the study, in a UCLA news release. “However, these findings provide valuable insights that can lead us in the right direction for a deeper understanding of this correlation.” Might it also lead to new biomarkers for clinical laboratory testing for male infertility? (Photo copyright: UCLA.)
Genetic Sequencing Used to Identify Bacteria in Semen Microbiome
Most of the microbes present in the semen microbiome originate in the glands of the male upper reproductive tract, including the testes, seminal vesicles and prostate, and contribute various components to semen. “Drifter” bacteria that comes from urine and the urethra can also accumulate in the fluid during ejaculation. Microbes from an individual’s blood, or his partner’s, may also aggregate in semen. It is unknown how these bacteria might affect health.
“I would assume that there are bacteria that are net beneficial, that maybe secrete certain kinds of cytokines or chemicals that improve the fertility milieu for a person, and then there are likely many that have negative side effects,” Eleswarapu told Scientific American.
The scientists used genetic sequencing to identify different bacteria species present within the semen microbiome. They found five species that were common among all the study participants. But men with more of the microbe Lactobacillus iners (L. iners) were likelier to have impaired sperm motility and experience fertility issues.
This discovery was of special interest to the team because L. iners is commonly found in the vaginal microbiome. In females, high levels of L. iners are associated with bacterial vaginosis and have been linked to infertility in women. This is the first study that found a negative association between L. iners and male fertility.
The researchers plan to investigate specific molecules and proteins contained in the bacteria to find out whether they slow down sperm in a clinical laboratory situation.
“If we can identify how they exert that influence, then we have some drug targets,” Eleswarapu noted.
Targeting Bacteria That Cause Infertility
The team also discovered that three types of bacteria found in the Pseudomonas genus were present in patients who had both normal and abnormal sperm concentrations. Patients with abnormal sperm concentrations had more Pseudomonas fluorescens and Pseudomonas stutzeri and less Pseudomonas putida in their samples.
According to the federal National Institute of Child Health and Human Development (NICHD), “one-third of infertility cases are caused by male reproductive issues, one-third by female reproductive issues, and the remaining one-third by both male and female reproductive issues or unknown factors.” Thus, learning more about how the semen microbiome may be involved in infertility could aid in the development of drugs that target specific bacteria.
“Our research aligns with evidence from smaller studies and will pave the way for future, more comprehensive investigations to unravel the complex relationship between the semen microbiome and fertility,” said urologist Vadim Osadchiy, MD, a resident in the Department of Urology at UCLA and lead author of the study, in a UCLA news release.
More research is needed. For example, it’s unclear if there are any links between the health of semen microbiome and other microbiomes that exist in the body, such as the gut microbiome, that cause infertility. Nevertheless, this research could lead to new biomarkers for clinical laboratory testing to help couples who are experiencing fertility issues.
HHS Office of Inspector General was the latest to examine the quality control problems that led to distribution of inaccurate test to clinical laboratories nationwide
Failure on the part of the Centers for Disease Control and Prevention (CDC) to produce accurate, dependable SARS-CoV-2 clinical laboratory test kits at the start of the COVID-19 pandemic continues to draw scrutiny and criticism of the actions taken by the federal agency.
In the early weeks of the COVID-19 pandemic, the CDC distributed faulty SARS-CoV-2 test kits to public health laboratories (PHLs), delaying the response to the outbreak at a critical juncture. That failure was widely publicized at the time. But within the past year, two reports have provided a more detailed look at the shortcomings that led to the snafu.
“We identified weaknesses in CDC’s COVID-19 test kit development processes and the agencywide laboratory quality processes that may have contributed to the failure of the initial COVID-19 test kits,” the OIG stated in its report.
Prior to the outbreak, the agency had internal documents that were supposed to provide guidance for how to respond to public health emergencies. However, “these documents do not address the development of a test kit,” the OIG stated.
“If the CDC can’t change, [its] importance in health in the nation will decline,” said microbiologist Jill Taylor, PhD (above), Senior Adviser for the Association of Public Health Laboratories in Washington, DC. “The coordination of public health emergency responses in the nation will be worse off.” Clinical laboratories that were blocked from developing their own SARS-CoV-2 test during the pandemic would certainly agree. (Photo copyright: Columbia University.)
Problems at the CDC’s RVD Lab
Much of the OIG’s report focused on the CDC’s Respiratory Virus Diagnostic (RVD) lab which was part of the CDC’s National Center for Immunization and Respiratory Diseases (NCIRD). The RVD lab had primary responsibility for developing, producing, and distributing the test kits. Because it was focused on research, it “was not set up to develop and manufacture test kits and therefore had no policies and procedures for developing and manufacturing test kits,” the report stated.
The RVD lab also lacked the staff and funding to handle test kit development in a public health emergency, the report stated. As a result, “the lead scientist not only managed but also participated in all test kit development processes,” the report stated. “In addition, when the initial test kit failed at some PHLs, the lead scientist was also responsible for troubleshooting and correcting the problem.”
To verify the test kit, the RVD lab needed samples of viral material from the agency’s Biotechnology Core Facility Branch (BCFB) CORE Lab, which also manufactured reagents for the kit.
“RVD Lab, which was under pressure to quickly create a test kit for the emerging health threat, insisted that CORE Lab deviate from its usual practices of segregating these two activities and fulfill orders for both reagents and viral material,” the report stated.
This increased the risk of contamination, the report said. An analysis by CDC scientists “did not determine whether a process error or contamination was at fault for the test kit failure; however, based on our interviews with CDC personnel, contamination could not be ruled out,” the report stated.
The report also cited the CDC’s lack of standardized systems for quality control and management of laboratory documents. Labs involved in test kit development used two different incompatible systems for tracking and managing documents, “resulting in staff being unable to distinguish between draft, obsolete, and current versions of laboratory procedures and forms.”
Outside Experts Weigh In
The OIG report followed an earlier review by the CDC’s Laboratory Workgroup (LW), which consists of 12 outside experts, including academics, clinical laboratory directors, state public health laboratory directors, and a science advisor from the Association of Public Health Laboratories. Members were appointed by the CDC Advisory Committee to the Director.
This group cited four major issues:
Lack of adequate planning: For the “rapid development, validation, manufacture, and distribution of a test for a novel pathogen.”
Ineffective governance: Three labs—the RVD Lab, CORE Lab, and Reagent and Diagnostic Services Branch—were involved in test kit development and manufacturing. “At no point, however, were these three laboratories brought together under unified leadership to develop the SARS-CoV-2 test,” the report stated.
Poor quality control and oversight: “Essentially, at the start of the pandemic, infectious disease clinical laboratories at CDC were not held to the same quality and regulatory standards that equivalent high-complexity public health, clinical and commercial reference laboratories in the United States are held,” the report stated.
Poor test design processes: The report noted that the test kit had three probes designed to bind to different parts of the SARS-CoV-2 nucleocapsid gene. The first two—N1 (topology) and N2 (intracellular localization)—were designed to match SARS-CoV-2 specifically, whereas the third—N3 (functions of the protein)—was designed to match all Sarbecoviruses, the family that includes SARS-CoV-2 as well as the coronavirus responsible for the 2002-2004 SARS outbreak.
The N1 probe was found to be contaminated, the group’s report stated, while the N3 probe was poorly designed. The report questioned the decision to include the N3 probe, which was not included in European tests.
Also lacking were “clearly defined pass/fail threshold criteria for test validation,” the report stated.
Advice to the CDC
Both reports made recommendations for changes at the CDC, but the LW’s were more far-reaching. For example, it advised the agency to establish a senior leader position “with major responsibility and authority for laboratories at the agency.” This individual would oversee a new Center that would “focus on clinical laboratory quality, laboratory safety, workforce training, readiness and response, and manufacturing.”
In addition, the CDC should consolidate its clinical diagnostic laboratories, the report advised, and “laboratories that follow a clinical quality management system should have separate technical staff and space from those that do not follow such a system, such as certain research laboratories.”
The report also called for collaboration with “high functioning public health laboratories, hospital and academic laboratories, and commercial reference laboratories.” For example, collaborating on test design and development “should eliminate the risk of a single point of failure for test design and validation,” the LW suggested.
CBS News reported in August that the CDC had already begun implementing some of the group’s suggestions, including agencywide quality standards and better coordination with state labs.
However, “recommendations for the agency to physically separate its clinical laboratories from its research laboratories, or to train researchers to uphold new quality standards, will be heavy lifts because they require continuous funding,” CBS News reported, citing an interview with Jim Pirkle, MD, PhD, Director, Division of Laboratory Sciences, National Center for Environmental Health, at the CDC.
Theranos founder and former CEO continues down the path she began by defrauding her investors and lying to clinical laboratory leaders about her technology’s capabilities
As a result of the ban, Holmes is “barred from receiving payments from federal health programs for services or products, which significantly restricts her ability to work in the healthcare sector,” ARS Technica reported.
So, Holmes, who is 39-years old, is basically banned for life. This is in addition to her 11-year prison sentence which was paired with $452,047,200 in restitution.
“The exclusion was announced by Inspector General Christi Grimm of the Department of Health and Human Services’ Office of Inspector General,” ARS Technica noted, adding that HHS-OIG also “excluded former Theranos President Ramesh “Sunny” Balwani from federal health programs for 90 years.” This is on top of the almost 13-year-long prison sentence he is serving for fraud.
“The Health and Human Services Department can exclude anyone convicted of certain felonies from Medicare, Medicaid, and Pentagon health programs,” STAT reported.
“Accurate and dependable diagnostic testing technology is imperative to our public health infrastructure,” said Inspector General Christi Grimm (above) in an HHS-OIG statement. “As technology evolves, so do our efforts to safeguard the health and safety of patients, and HHS-OIG will continue to use its exclusion authority to protect the public from bad actors.” Observant clinical laboratory leaders will recognize this as yet another episode in the Elizabeth Holmes/Theranos fraud saga they’ve been following for years. (Photo copyright: HHS-OIG.)
Why the Ban?
“The Office of Inspector General (OIG) for the Department of Health and Human Services (HHS) cited Holmes’ 2022 conviction for fraud and conspiracy to commit wire fraud as the reason for her ban,” The Hill reported.
“False statements related to the reliability of these medical products can endanger the health of patients and sow distrust in our healthcare system,” Grimm stated in the HHS-OIG statement, which noted, “The statutory minimum for an exclusion based on convictions like Holmes’ is five years.
“When certain aggravating factors are present, a longer period of exclusion is justified,” the statement continued. “The length of Holmes’ exclusion is based on the application of several aggravating factors, including the length of time the acts were committed, incarceration, and the amount of restitution ordered to be paid.”
Rise and Fall of Elizabeth Holmes
Readers of Dark Daily’s e-briefs covering the Holmes/Theranos fraud saga will recall details on Holmes’ journey from mega success to her current state of incarceration for defrauding her investors.
In November 2022, she was handed an 11-year prison sentence for not disclosing that Theranos’ innovative blood testing technology, Edison, was producing flawed and false results. Theranos had “raised hundreds of millions of dollars, named prominent former US officials to its board, and explored a partnership with the US military to use its tests on the battlefield,” STAT reported.
To get Holmes physically into prison was a journey unto itself. At one point, evidence showed her as a potential flight risk. “In the same court filings, prosecutors said Holmes and her partner, William Evans, bought one-way tickets to Mexico in December 2021, a fact confirmed by her lawyers,” Dark Daily’s sister publication The Dark Report revealed in “Elizabeth Holmes’ Appeal Questions Competence of CLIA Lab Director.”
Drama around her move into prison continued. “The former CEO’s attorneys are making last-minute legal moves to delay her prison sentence while she appeals her guilty verdict,” Dark Daily reported.
At the same time, Holmes appeared to be on a mission to revamp her public image.
In the Times piece, Holmes talked about her plans to continue to pursue a life in healthcare. “In the story, Holmes contended that she still thinks about contributing to the clinical laboratory field. Holmes told The Times that she still works on healthcare-related inventions and will continue to do so if she reports to prison,” The Dark Report covered in “Elizabeth Holmes Still Wants ‘To Contribute’ in Healthcare.”
In the meantime, her legal fees continued to mount beyond her ability to pay. “Holmes’ prior cadre of lawyers quit after she could not compensate them, The Times reported,” The Dark Report noted. “One pre-sentencing report by the government put her legal fees at more than $30 million,” according to The New York Times.
Apparently, this closes the latest chapter in the never-ending saga of Elizabeth Holmes’ fall from grace and ultimate conviction for defrauding her investors and lying to healthcare executives, pathologists, and clinical laboratory leaders.
By analyzing strains of the bacterium from a hospital ICU, the scientists learned that most infections were triggered within patients, not from cross-transmission
Tracking the source of Hospital-acquired infections (HAI) has long been centered around the assumption that most HAIs originate from cross-transmission within the hospital or healthcare setting. And prevention measures are costly for hospitals and medical laboratories. However, new research puts a surprising new angle on a different source for some proportion of these infections.
The study suggests that most infections caused by Clostridioides difficile (C. Diff), the bacterium most responsible for HAIs, arise not from cross-transmission in the hospital, but within patients who already carry the bacterium.
A researcher performed whole genome sequencing on 425 strains of the bacterium isolated from the samples and found “very little evidence that the strains of C. diff from one patient to the next were the same, which would imply in-hospital acquisition,” according to a UM news story.
“In fact, there were only six genomically supported transmissions over the study period. Instead, people who were already colonized were at greater risk of transitioning to infection,” UM stated.
Arianna Miles-Jay, PhD, a postdoctoral fellow in The Snitkin Lab at the University of Michigan and Manager of the Genomic Analysis Unit at the Michigan Department of Health and Human Services, performed the genomic sequencing. “By systematically culturing every patient, we thought we could understand how transmission was happening. The surprise was that, based on the genomics, there was very little transmission,” she said in the UM news story.
“Something happened to these patients that we still don’t understand to trigger the transition from C. diff hanging out in the gut to the organism causing diarrhea and the other complications resulting from infection,” said Evan Snitkin, PhD (above), Associate Professor of Microbiology and Immunology, and Associate Professor of Internal Medicine, Division of Infectious Diseases at University of Michigan, in a UM news story. Medical laboratories involved in hospital-acquired infection prevention understand the importance of this research and its effect on patient safety. (Photo copyright: University of Michigan.)
Only a Fraction of HAIs Are Through Cross-Transmission
In the study abstract, the researchers wrote that “despite enhanced infection prevention efforts, Clostridioides difficile remains the leading cause of healthcare-associated infections in the United States.”
Citing data from the US Centers for Disease Control and Prevention (CDC), HealthDay reported that “nearly half a million C. diff infections occur in the United States each year. Between 13,000 and 16,000 people die from the bacterium, which causes watery diarrhea and inflammation of the colon. Many of these infections and deaths have been blamed on transmission between hospitalized patients.”
The new study, however, notes that 9.3% of the patients admitted to the ICU carried toxigenic (produces toxins) C. diff, but only 1% acquired it via cross-transmission. The carriers, the study authors wrote, “posed minimal risk to others,” but were 24 times more likely to develop a C. diff infection than non-carriers.
“Our findings suggest that measures in place in the ICU at the time of the study—high rates of compliance with hand hygiene among healthcare personnel, routine environmental disinfection with an agent active against C. diff, and single patient rooms —were effective in preventing C. diff transmission,” Snitkin told HealthDay. “This indicates that to make further progress in protecting patients from developing C. diff infections will require improving our understanding of the triggers that lead patients asymptomatically carrying C. diff to transition to having infections.”
Recognizing Risk Factors
Despite the finding that infections were largely triggered within the patients, the researchers still emphasized the importance of taking measures to prevent hospital-acquired infections.
“In fact, the measures in place in the Rush ICU at the time of the study—high rates of compliance with hand hygiene among healthcare personnel, routine environmental disinfection with an agent active against C. diff, and single patient rooms—were likely responsible for the low transmission rate,” the UM news story noted.
One expert not involved with the study suggested that hospitals’ use of antibiotics may be a factor in causing C. diff carriers to develop infections.
“These findings suggest that while we should continue our current infection prevention strategies, attention should also be given to identifying the individuals who are asymptomatic carriers and finding ways to reduce their risk of developing an infection, like carefully optimizing antibiotic usage and recognizing other risk factors,” Hannah Newman, Senior Director of Infection Prevention at Lenox Hill Hospital in New York City, told HealthDay.
Snitkin, however, told HealthDay that other factors are likely at play. “There is support for antibiotic disruption of the microbiota being one type of trigger event, but there is certainly more to it than that, as not every patient who carries C. diff and receives antibiotics will develop an infection.”
Another expert not involved with the study told HealthDay that “many patients are already colonized,” especially older ones or those who have been previously hospitalized.
“A lot of their normal flora in their GI tract can be altered either through surgery or antibiotics or some other mechanism, and then symptoms occur, and that’s when they are treated with antibiotics,” said Donna Armellino, RN, Senior VP of Infection Prevention at Northwell Health in Manhasset, New York.
This research also demonstrates the value of faster, cheaper, more accurate gene sequencing for researching life-threatening conditions. Microbiologists, Clinical laboratory scientists, and pathologists will want monitor further developments involving these findings as researchers from University of Michigan and Rush University Medical Center continue to learn more about the source of C. diff infections.
