🔬 The Big Thing

Oracle Fires 30,000 People to Fund AI — and May Sell Cerner to Cover the Tab

Oracle began laying off up to 30,000 employees on March 31, notifying workers via a 6 AM email from “Oracle Leadership.” No advance warning. No manager conversation. The cuts span divisions globally, with India reportedly losing 12,000 positions alone. TD Cowen estimates the workforce reduction will free up $8-10 billion in cash flow — money Oracle needs because US banks have roughly doubled interest rate premiums for data center financing since September, and Oracle’s $156 billion AI infrastructure buildout needs capital from somewhere.

The health tech angle is the one nobody’s talking about yet: Oracle is weighing a sale of Cerner, the healthcare EHR platform it acquired for $28.3 billion in 2022. Cerner has already been gutted by repeated post-acquisition layoffs, and Oracle’s cloud infrastructure revenue grew 66% year-over-year while Cerner sputtered. The math is simple: Oracle needs cash for AI, Cerner isn’t generating it, and the acquisition has been described by multiple analysts as a bet that hasn’t paid off.

For clinician-builders, this is a platform risk lesson playing out in real time. Hundreds of health systems run on Oracle Health. If Cerner changes hands again, every integration, every API dependency, every workflow automation built on that platform enters a period of uncertainty. The VA’s troubled Cerner modernization is already a cautionary tale. An ownership change adds another layer of instability to an already shaky foundation.

😤 Haters

“Oracle clarified the 30K number is just analyst speculation — the actual cuts might be smaller.” Oracle issued a vague clarification but hasn’t denied layoffs are happening. Employees across the US, India, and Europe received termination emails on the same morning. Whether it’s 20,000 or 30,000, the scale is unprecedented for Oracle, and the Cerner sale discussion is coming from analysts who cover the company’s debt structure, not from rumor mills.

“Cerner getting sold could actually be good — a focused health IT buyer might invest more than Oracle did.” That’s possible. But the transition period is the problem. Acquisitions of this scale take 12-18 months to close, during which product roadmaps freeze, engineering talent leaves, and clients can’t get straight answers about their contracts. If you’re mid-build on an Oracle Health integration, you’re now building on sand for at least a year.

“This is just corporate restructuring — it doesn’t affect the actual EHR product.” It already has. Oracle has repeatedly cut Cerner headcount since 2022. The VA EHR modernization has been plagued with issues. When you remove that many engineers from a health IT platform, the product degrades whether the org chart says so or not.

💡 80/20: Platform dependency is a clinical risk, not just a technical one. If your tools run on Oracle Health, start mapping which integrations are FHIR-standard (portable) versus proprietary (locked in). Try: audit your API dependencies this week — anything that only works on Oracle Health is now a liability, not a feature.

→ Full write-up

📡 Builder’s Radar

North Korea Just Backdoored the Most Popular JavaScript Library — and Vibe Coders Should Pay Attention

On March 31, a North Korea-linked threat actor (UNC1069) compromised the axios npm package — the most popular JavaScript HTTP library, with roughly 100 million weekly downloads and presence in an estimated 80% of cloud environments. The attacker hijacked a maintainer account, injected a malicious dependency that deployed a cross-platform remote access trojan (WAVESHAPER.V2), and had the backdoor live for about three hours before removal. Wiz has already detected the malicious versions in roughly 3% of scanned environments.

😤 Haters

“Three hours isn’t long enough to matter — most people wouldn’t have pulled the update.” With 100 million weekly downloads, even a three-hour window means thousands of installations. CI/CD pipelines that auto-install latest versions are particularly exposed. And the malicious package was designed to persist — it installs a backdoor, not a one-time exploit.

“This is a general dev problem, not a health tech problem.” It is specifically a health tech problem. If you’re a clinician vibe-coding a patient-facing tool with npm packages — and many of you are — your dependency tree is your attack surface. As one clinician-builder put it: “This is the biggest issue with using CLI or consumer vibe code models without proper harnesses.”

💡 80/20: Your vibe-coded clinical tool inherits every vulnerability in its dependency tree. Try: run npm audit on every project you have in production today, and pin your package versions instead of using ranges. If you don’t know what that means, that’s the point — npm audit is a one-liner that tells you if you’re exposed.

→ Full write-up

Avo Raises $10M to Put an AI Copilot Inside Your EHR

Avo closed a $10 million Series A led by Noro-Moseley Partners, with participation from AlleyCorp. The company started during COVID as a no-code tool helping hospitals operationalize clinical protocols — and has evolved into an LLM-powered AI platform that sits inside Epic, athenahealth, and MEDITECH. Its copilots (Chart Assist, Ask Avo) synthesize patient data, draft documentation, and pull guidelines into the physician’s workflow. Mass General Brigham is among its users. The round also brings a strategic partnership with EBSCO DynaMed to integrate evidence-based clinical decision support directly into the overlay.

😤 Haters

“Another AI documentation tool — the market is saturated.” Avo isn’t just documentation. The DynaMed integration is the interesting part: evidence-based guidelines pulled directly into the EHR context, not as a separate app you have to alt-tab to. That’s a different value proposition than another scribe.

“$10M is small — can they compete with Abridge and Nuance?” Different play. Abridge and Nuance are ambient listening. Avo is an interactive copilot inside the EHR itself. The question isn’t who wins ambient — it’s whether the copilot layer becomes a separate product category. Mass General Brigham thinks so.

💡 80/20: Avo’s trajectory — COVID-era no-code tool → LLM-powered AI platform — is the clinician-builder growth pattern. Try: if you built a clinical protocol tool during the pandemic, ask yourself what it becomes with an LLM backbone. The answer might be your Series A.

→ Full write-up

Headway Acquires Tezi’s AI Team to Reduce Mental Health Admin Friction

Headway, the largest mental health provider network in the US (70,000+ providers, all 50 states), acqui-hired the team behind Tezi — an AI company that built systems combining human judgment with AI agents for complex workflows. Tezi cofounder Raghavendra Prabhu (ex-Google, Microsoft, Twitter, Pinterest) joins as VP of Engineering. CEO Andrew Adams: “AI can help improve the infrastructure around care so clinicians can spend more time with patients and less time navigating complexity.”

😤 Haters

“Acqui-hires rarely produce real product changes — they’re talent grabs.” Sometimes. But Headway has a specific problem to solve: matching 70,000 providers with patients across insurance networks, credentialing, and scheduling. That’s exactly the kind of complex workflow Tezi built AI for. The talent has a target.

“After Jimini and Doctronic, do we need another mental health AI story?” This is the infrastructure play, not the clinical play. Headway isn’t building a therapy chatbot — they’re reducing the operational friction that makes it hard for therapists to take insurance. Different layer, same ecosystem.

💡 80/20: The mental health AI landscape is splitting into clinical tools (Jimini, Doctronic) and infrastructure tools (Headway). Reframe: if you’re building in behavioral health, decide which layer you’re on — the patient-facing conversation or the operational plumbing underneath it. Both need builders. The plumbing might be the bigger opportunity.

→ Full write-up

ONC Is Back — ASTP Name Reverts, and the Office Loses Its AI and Cyber Roles

The Federal Register confirmed what the health IT community expected: ASTP is reverting to ONC. But it’s not just a name change. The Chief Technology Officer, Chief Data Officer, and Chief AI Officer roles — plus some cybersecurity functions — are moving out of ONC and back under HHS’s Chief Information Officer. ONC is being narrowed to focus on two things: getting patients their health data and reducing friction in health record sharing. The community discussion has been substantive, with former ONC officials and standards experts weighing in.

😤 Haters

“It’s a name change. Nobody cares.” The name is cosmetic. The scope change isn’t. Stripping the AI, data, and cyber roles out of ONC means the office that certifies health IT no longer oversees the AI and cybersecurity standards that health IT increasingly depends on. That’s a governance gap worth watching.

“Narrowing ONC’s focus is actually good — they should focus on interoperability.” Fair. ONC trying to be the AI, cyber, data, AND interoperability office was arguably too much scope. But the question is whether the CIO’s office will prioritize health-specific AI guidance the way ONC would have. Internal IT priorities and external health tech standards are different conversations.

💡 80/20: ONC narrowing to interoperability + patient access might mean less regulatory friction for health IT builders in the near term — especially with HTI-5 proposing to cut 50% of certification criteria. Try: if you’ve been waiting for certification clarity before building, the window of regulatory flexibility is opening. Ship now.

→ Full write-up

🎯 Clinician-Builder Tip of the Day

Lock your dependencies. If you’re using npm, pip, or any package manager for a clinical tool — even a prototype — pin your package versions to exact numbers instead of ranges. The axios attack hit because automated installs pulled the latest malicious version. In your package.json, change "axios": "^1.14.0" to "axios": "1.14.0" (no caret). In Python, use pip freeze > requirements.txt and commit that file. It takes five minutes and it means a compromised upstream package doesn’t silently infect your project overnight. Your patients don’t know what a dependency tree is. That’s why you need to.

What are you building this week? Reply and tell me — I read every one.

— Kevin