• California: Hims & Hers Health recently announced that it is adding generic liraglutide and Eli Lilly's Zepbound as new weight-loss treatments available for patients. Previously, Hims focused on providing cheaper versions of weight-loss drugs made by compounding pharmacies. According to the company's website, a prescription of Zepbound costs $1,899 a month, or roughly $800 more than Eli Lilly's list price for the drug. The monthly cost of Zepbound through Hims includes a company membership, unlimited consultations with a provider, and treatment support. "All of this is part of our long-term commitment to build the most comprehensive and personalized digital health platform for weight loss and beyond," Hims said. In response to Hims' announcement, Eli Lilly said it is not affiliated with the company and added that there are cheaper ways for patients to access Zepbound, both through insurance and self-pay options. (Ojea, Wall Street Journal, 4/1; Muller, Bloomberg/Modern Healthcare, 4/1)
• District of Columbia: FBI and CISA have issued a warning to healthcare organizations and other critical sectors about Medusa ransomware that can affect vulnerable software. According to investigators, Medusa affiliates typically use phishing campaigns to steal credentials and may exploit vulnerabilities in certain software, like ConnectWise ScreenConnect. Since 2021, Medusa ransomware has compromised over 300 organizations across several critical infrastructure sectors, including a state health insurer. Rural hospitals may be particularly vulnerable to Medusa ransomware since they may not have the resources or capacity to improve their cybersecurity measures. To reduce the potential risks of ransomware, FBI and CISA recommend organizations ensure that their operating systems, software, and firmware are all patched and up to date, segment their networks, and filter network traffic to prevent unknown or untrusted origins from accessing remote services on internal systems. (Fox, Healthcare IT News, 3/31)
• Maryland: HHS' Office of Civil Rights (OCR) is investigating an unnamed medical school in California for potential discrimination in its admission practices. According to OCR, it received complaints that the California school had allegedly admitted students based on their race, color, or national origin — violating an executive order from President Donald Trump that targets diversity, equity, and inclusion (DEI) initiatives. So far, HHS has announced five investigations against medical or hospitals over their DEI practices. These investigations are part of a long-term plan that requires each government agency to complete nine potential civil compliance investigations of corporations, foundations, associations, and higher education institutions with endowments of over $1 billion by May 21. (DeSilva, Modern Healthcare, 3/27)

Healthcare organizations must adopt cyber-resilience to effectively handle constant cyber threats. With systems highly interconnected, a breach in one can impact many, disrupting patient care. Proactive strategies, continuity planning, and learning from past incidents are crucial for enduring and recovering from cyberattacks while protecting sensitive patient information.