Approximately 2.5 million patients had their records stolen by hackers in a data breach at Norton Healthcare, in today's bite-sized hospital and health industry news from California, the District of Columbia, and Maine.

• California: Sanofi last week canceled its $750 million drug licensing deal with Maze Therapeutics after the Federal Trade Commission (FTC) sued to block the arrangement. The deal was for a Phase 1 drug candidate aimed at treating Pompe disease, a rare genetic condition, and included $150 million in cash upfront as well as $600 million in earnouts. Sanofi said it disagreed with FTC's move to block the deal and determined that fighting FTC in court was "not in the best interest of patients." Maze CEO Jason Coloma said he was "personally disappointed that we didn't get to see this through." (Primack, Axios, 12/12; Feuerstein, STAT+ [subscription required], 12/12)
• District of Columbia: HHS last week finalized a rule that will set transparency standards for the development of artificial intelligence (AI) in health IT software. According to HHS' Office of the National Coordinator for Health Information Technology (ONC), the rule will set technical transparency and risk-management requirements for some software systems that utilize AI and other predictive algorithms. Any developers wishing to certify their AI-enabled health IT products through ONC will be required to explain how their algorithm was designed, developed, and trained, and will have to inform ONC whether patient demographic, social determinants of health, or any other equity-related data was used in training the model. Developers will also be required to provide information for clinical users around how to assess them for fairness, appropriateness, validity, effectiveness, and safety. (DeSilva, Modern Healthcare, 12/13)
• Maine: Approximately 2.5 million patients had their records stolen by hackers in a data breach at Norton Healthcare between May 7 and May 9, according to a legal filing published last week by Maine's Attorney General. Records that were accessed contained personal information regarding patients, employees, and their dependents. Norton also said Social Security and driver's license numbers, dates of birth, health and insurance information, and financial account information may have been compromised. (Turner, Modern Healthcare, 12/11)