We envision a world in which agents operate across individual, organizational, team and end-to-end business contexts. This emerging vision of the internet is an open agentic web, where AI agents make decisions and perform tasks on behalf of users or organizations.
In the current mad rush to advance AI agents – which represent autonomous tools operating in the “real world” picking and choosing what comes after a user’s initial AI prompts, companies are paying little heed to existing guardrails.
Indeed, commerce titans are falling all over themselves to get in front of Agentic AI. MasterCard recently announced its launch of an Agentic Payments Program, Mastercard Agent Pay. According to MasterCard’s April 29, 2025 press release, this “groundbreaking solution integrates with agentic AI to revolutionize commerce.”
An agentic web lacking in “privacy by design”, strong cybersecurity hygiene, and proper adherence to regulatory and common law constraints regarding consent, will not likely mainstream agentic AI no matter how many developers are tasked with moving this infrastructure forward.
To fully grasp what needs to be done in this area, all one needs to do is read a description of Stanford Health Care’s implementation of Microsoft’s healthcare agent orchestrator. According to Microsoft, the healthcare agent orchestrator “has helped the Stanford team build and test autonomous AI agents that consult disparate data sources and collaborate on tasks that might otherwise take hours – building a chronological patient timeline, synthesizing current literature, referencing treatment guidelines, sourcing clinical trials and generating reports – using clinically grounded knowledge to deliver accurate and reliable results.”
The compliance landmines referenced in this short blurb read like they are straight from a law school exam.
The REvil ransomware-as-a-service operation now picks up the phone to add a threatening personal touch to its exploits: “Calling gives a very good result. We call each target as well as their partners and journalists—the pressure increases significantly.” According to a published March 16, 2021 interview with a representative of REvil – also known as Sodinokibi, the group has “big plans for 2021.”
Probably the more interesting point made by this REvil representative was the answer to the following question: “Do your operators target organizations that have cyber insurance?” The answer is not much of a surprise: “Yes, this is one of the tastiest morsels. Especially to hack the insurers first—to get their customer base and work in a targeted way from there. And after you go through the list, then hit the insurer themselves.” This is the first confirmation from an actual ransomware gang that they target cyber insurance policyholders.
Articles from the Associated Press and ProPublica years earlier suggest that cyber insurers were inadvertently driving up ransomware attacks but neither outlet provided any hard facts to back up their supposition. Indeed, a leading broker took the natural counterpoint: “[A]lthough no one wants to support cyber criminals, organizations are forced to weigh the option of paying ransoms against the risk of operational disruptions that could last weeks or months and cost far more.”
It was never hard to imagine, however, that buying cyber insurance actually places a target on those companies who buy it and do not likely have the security resources necessary to stop ransomware gangs – especially given carriers may be inadvertently providing a roadmap to their house. Indeed, last year one major cyber insurer was purportedly targeted by the Maze ransomware gang. And, as of March 2021, there were at least two ongoing investigations involving attacks on major cyber insurers. Unless things change, it will only get worse for insurers and brokers given they are the new holders of the crown jewels.
One tactic that can impede the current claims challenge facing the industry is building on what was recently begun by AIG – a thought leader in this space for over two decades. In January 2021, AIG became the first lead cyber insurer to require ransomware co-insurance across the board – mandating that insureds share in paying a ransom payment. Following this lead, the larger markets began hardening on price and their underwriting requirements. Other markets immediately began to take advantage – only temporarily repairing the holes in the dike. As pointed out by Inside P&C: “The retrenchment of capacity and continued upward pricing pressure also continues a reordering of the market in which some of the largest names in US cyber insurance cede market share to upstart InsurTechs.”
Despite the fact cyber insurer MGAs are heavily funded and are now grabbing as much market share as they can, they still use paper backed by the largest reinsurers in the world – who frankly probably care more about their own profits rather than the market growth strategies of unrelated companies. In other words, any retrenchment may also eventually hit the MGAs when treaties get renegotiated.
This is not K&R coverage where lives are typically at stake. Once the ransomware gangs recalibrate knowing there is no available insurance payment, the incidents will resemble earlier times, namely demands that are less frequent and for lower amounts. These threat actors want to go in and out as fast as possible given they know that the data itself likely has very little real value on the Dark Web – it’s the urgent threat of release that has exploitive value. If there is no expeditious insurance payment, the actual value of the target diminishes.
Insurance dollars are actually better spent helping insureds bolster their security rather than the coffers of criminals – especially because even with a payment there is no guarantee that data would be properly decrypted or that a Dark Web release or sale would not take place. There is much that can be done to assist insureds improve their risk profile and better avoid ransomware exploits. Some very basic steps include developing trusted partner relationships with vendors and law enforcement before an incident takes place; retaining a security expert to evaluate the current readiness profile; providing consistent education and training of staff; and developing or updating a Business Continuity Plan.
On a more technical level, full and incremental backups should be consistently performed like your company’s life depended on it; weak passwords of service accounts should be removed; system logs should be maintained and monitored; employee access to sensitive data and information limited; operating systems and applications timely patched; users with admin privileges evaluated to ensure passwords are strong and secure; system safeguards such as Windows Defender Credential Guard deployed; port connections monitored and unnecessary ones removed, etc., etc., etc. The relevant protocols all have a common goal – harden security sufficiently so that the bear decides to run after the slower runner. If everyone ends up becoming a fast runner, the hungry bear will eventually tire of the chase and just eat something else for food.
With a robust cyber insurance policy in place, most every resource necessary to assist a ransomware victim is already available to an insured. By focusing on these other valuable first-party coverages, improving an insured’s risk management profile, and curtailing ever increasing payouts to criminals, the industry will continue with its meteoric rise.
The day before the Colonial Pipeline ransomware attack went public, global insurer AXA announced it would cease writing cyber-insurance policies in France that reimburse policyholders for ransomware extortion payments. This is hopefully the start of a much larger trend.
On November 18, 2021, North Carolina relied on its Operations Appropriations Act of 2021 to add a new article to Chapter 143 of the State’s General Statutes which now reads in part: “No State agency or local government entity shall submit payment or otherwise communicate with an entity that has engaged in a cybersecurity incident on an information technology system by encrypting data and then subsequently offering to decrypt that data in exchange for a ransom payment.” This is the first effort by a governmental entity to bar ransomware payments.
On February 16, 2021, The Sedona Conference (TSC) – a nonpartisan, nonprofit research and educational institute “dedicated to the advanced study of law and policy in the areas of antitrust law, complex litigation and intellectual property rights”, released its final “Commentary on a Reasonable Security Test“. TSC is well known for previously helping Courts around the country determine the proper contours of e-discovery.
The Sedona Conference Reasonable Security Test consists of “B2 – B1 < (P x H)1 – (P x H)2” where B represents the burden, P represents the probability of harm, H represents the magnitude of harm, subscript 1 represents the controls (or lack thereof) at the time the information steward allegedly had unreasonable security in place, and subscript 2 represents the alternative or supplementary control. 22 SEDONA CONF. J.at 360.
TSC’s Commentary should be carefully studied for numerous reasons, including the fact TSC applies it to actual recent enforcement actions and provides solid arguments for its judicial application. No different than its highly cited e-discovery initiatives, this new TSC approach may very well be relied on by courts tackling the important question of what constitutes reasonable security in the context of a data breach litigation or enforcement action.
A recent phase of the ongoing two-pronged cyber war between Russia/Iran/North Korea and China against the United States has taken an ugly turn. The Russian faction has launched various sophisticated ransomware attacks against healthcare providers and hospital systems across the United States.
Taking into consideration the old adage: “If you fail to plan, you plan to fail,” healthcare providers and hospital systems should immediately seek out specialized cybersecurity experts who are currently fighting this battle before it is too late.
On November 5, 2019, the University of Rochester Medical Center (URMC) agreed to a corrective action plan and payment of $3 million due to the 2013 and 2017 loss of an unencrypted flash drive and theft of an unencrypted laptop, respectively.
The apparent reason for the large fine was the fact that “in 2010, [the Office for Civil Rights (OCR)] investigated URMC concerning a similar breach involving a lost unencrypted flash drive and provided technical assistance to URMC. Despite the previous OCR investigation, and URMC’s own identification of a lack of encryption as a high risk to ePHI, URMC permitted the continued use of unencrypted mobile devices.”
As with most OCR enforcement actions, there is typically an industry wide message with each large fine – in this case there are two, namely the failure to encrypt will simply no longer be tolerated and once given a pass by OCR be sure not to waste it.
UPDATE: December 3,
2019
In keeping with its apparent practice of announcing HIPAA violation resolutions in clusters, on November 7, 2019, OCR announced a $1.6 million penalty against the Texas Health and Human Services Commission for violations of the Privacy and Security Rules had between 2013 and 2017. The primary breach occurred when “an internal application was moved from a private, secure server to a public server and a flaw in the software code allowed access to ePHI without access credentials.” OCR also determined that in addition to the impermissible disclosure, there was a failure “to perform an accurate, thorough, and enterprise-wide risk analysis that meets the requirements of45 C.F.R. § 164.308(a)(l)(ii)(a) [Security Rule].” Interestingly, the OCR applied its new civil money penalty caps published in April.
And, on November 27, 2019, OCR revealed its enforcement settlement with a hospital network that sent bills to patients containing “the patient names, account numbers, and dates of service” of 577 other patients. Sentara Hospitals – based in Virginia and North Carolina, did not think such information was protected health information (PHI) and only notified the 8 patients where there was also a disclosure of treatment information. Given that Sentara “persisted in its refusal to properly report the breach even after being explicitly advised of their duty to do so by OCR”, it was stuck with a $2.175 million penalty. Given that PHI has been interpreted to include healthcare payment information linked to a specific individual, Sentara was obviously taking a chance when it ignored OCR’s advice. On the other hand, protected health information is expressly defined to mean “individually identifiable health information” so there was at least a colorable argument that payment information – even if related to the provision of healthcare, is not “health information” in any direct sense. 45 CFR § 160.401.
Providing some year-end advice that should also not be disregarded, on December 2, 2019, OCR released its Fall 2019 Cybersecurity Newsletter focusing on ransomware and how covered entities and business associates should apply the Security Rule as a mitigation tool against this threat.
These latest announcements were clustered to push one primary message, namely do not disregard explicit counsel from OCR given that when it comes to the OCR it most certainly holds a grudge when ignored. In addition, CE’s and BA’s are well advised to deploy an enterprise-wide risk analysis that determines whether there are out-facing vulnerabilities that should be patched. And finally, as shown by the significant amount assessed against the University of Rochester Medical Center, future disregard of encryption as a risk mitigation tool will likely lead to enhanced penalties going forward.
On June 6, 2019, Maine joined a chorus of state legislatures moving on data privacy – this time requiring providers of broadband Internet services to obtain express consent before using a consumer’s personal information. Specifically, the new Maine law reads: “A provider may use, disclose, sell or permit access to a customer’s customer personal information if the customer gives the provider express, affirmative consent to such use, disclosure, sale or access. A customer may revoke the customer’s consent under this paragraph at any time.”
Maine’s law is even more restrictive than California’s Consumer Privacy Act which will deploy an “opt out” mechanism requiring the consumer to inform data processors of their preference. Both Californians and Mainers will have to wait until 2020 to benefit from their respective data privacy laws – with the Maine statute taking effect on July 1, 2020.
As reported in The Hill, tech lobbyists are now exerting their best efforts on obtaining a federal law that will moderate this and other consumer privacy state gains – which is not surprising given even stricter data privacy laws percolating in other states. Whether or not certain data privacy provisions die in a preemption skirmish, data rights will continue their reimagination by market forces so lobbyists alone can never prevail in their clients’ war against true individual data ownership.
On May 6, 2019, the Office for Civil Rights (OCR) announced that Tennessee-based Touchstone Medical Imaging agreed to pay $3,000,000 and adopt a corrective action plan that includes the adoption of business associate agreements, completion of an enterprise-wide risk analysis, and additional comprehensive policies and procedures applying HIPAA Rules. Touchstone – which provides diagnostic medical imaging services, was notified in May 2014 by the FBI that one of its FTP servers allowed uncontrolled access to protected health information (PHI). This uncontrolled access “permitted search engines to index the PHI of Touchstone’s patients, which remained visible on the Internet even after the server was taken offline.”
During OCR’s investigation, Touchstone acknowledged that the PHI of more than 300,000 patients was exposed including, names, birth dates, social security numbers, and addresses. OCR’s investigation found that Touchstone “did not thoroughly investigate the security incident until several months after notice of the breach”. As a result, Touchstone’s notification to individuals affected by the breach was considered untimely.
Given last year’s summary judgment win by OCR and the facts presented by the Touchstone incident, it is not surprising that this significant settlement – which was one of the largest to date, was reached. FTP servers have long been a threat vector – even if set up and run properly, so not unlike the clarion calls initiated for encryption and social engineering training, back office IT support should be sophisticated enough to adopt a means of file transfer that applies state of the art security.
On June 18, 2018, the the Office for Civil Rights (OCR) posted a press release announcing its summary judgment victory against the University of Texas MD Anderson Cancer Center (MD Anderson) – a ruling that will require MD Anderson to pay $4,348,000 in civil money penalties to OCR. According to the press release, this is only the second HIPAA summary judgment victory in OCR’s history and the $4.3 million is the fourth largest amount ever awarded to OCR for HIPAA violations.
The June 1, 2018 Administrative Law Judge’s decision ultimately hinged on a stolen unencrypted laptop and several lost unencrypted USB thumb drives containing “identifying information such as patient names, addresses, and Social Security numbers; and clinical information such as diagnoses, assessments, prognoses, and treatment regimes” of a total of 33,500 individuals. Decision at 2.
The hefty fine was based on the fact MD Anderson knew encryption was an essential risk management tool since 2006 yet did not get around to fully deploying encrypted devices until after the losses in question. According to the ALJ, MD Anderson before then made only “half-hearted and incomplete efforts at encryption”. Decision at 5.
According to the ALJ:
The question is whether Respondent took the necessary steps to address the risk that it had identified – the potential for data loss due to the storage of ePHI on unencrypted devices. As I have explained, the failure to address that risk is the sum and substance ofRespondent’s noncompliance. Had it done so, then unauthorized acts by Respondent’s employees might be relevant to the issue of compliance. But, failure by Respondent to take the security measures that it had identified as necessary renders irrelevant the issue of whether employees were playing by the rules, because that failure created a risk whether or not Respondent’s employees did so.
Ransomware is quite effective given it purposefully seeks to panic victims into clicking additional links thereby causing a user’s system to become infected with more pernicious malware. For example, after seeing a screen blink on and off several times ransomware victims may next see the following message on their screen: “Your computer has been infected with a virus. Click here to resolve the issue.” Clicking on that link, however, will download additional malware to the system – thereby precluding possible quick fixes to the initial exploit. It is such additional malware – coupled with very vulnerable legacy systems and procedures, that likely helped WannaCry promulgate so quickly.
Given slow patching and continued widespread use of legacy Windows products, Microsoft sought to slow the spread of WannaCry by offering free patches for its older Windows systems such as Windows XP. Although helpful in curtailing replication, timely patching will not completely stem this threat. Newer exploits such as WannaCry likely exist – and will continue to exist for some time, given the underlying code was reportedly created by the National Security Agency and is only a small sample of the “treasure trove” of spying tools released by WikiLeaks in March. In fact, the WikiLeaks released material includes the source code used to evade anti-virus detection so entry-level hackers apparently now have the ability to immediately up their game.
In addition to security procedures and implementations – such as whitelisting acceptable programs, aggresive email settings, and limiting user permissions, proper training remains the best antidote to both an exploit as well as an OCR or some other regulatory fine if an exploit ultimately succeeds. And, the best training remains having users react to a continuous barrage of decoy exploits aimed at sharpening their skills.
Today’s phishing exploits that are being used to transmit ransomware often rely on some other person’s scraped contact information so that they can appear to come from known associates of the user. These exploits may also use content that appear relevant to the user – such as a bar association communication. And, finally the links themselves are masked so that it is not even possible to accurately determine where a link takes the user. Given these indicia of authenticity, users often click on the embedded link rather than hit the delete button. After exposure to numerous training exploits users are in a much better position to make sound decisions on how to treat actual exploits. During the course of security training, it is suggested that some form of reward be given to those users who score the highest on the phishing training exercises – any money spent today to build an effective training program will pay significant dividends down the road.
On March 24, 2017, the Office for Civil Rights (OCR) announced the first settlement and corrective action plan involving a wireless health services provider when it announced a $2.5 million settlement with CardioNet – a provider of “remote mobile monitoring of and rapid response to patients at risk for cardiac arrhythmias.” According to the Resolution Agreement and Corrective Action Plan, CardioNet sustained breaches of unsecured electronic protected health information (ePHI) resulting from lost laptops. And, given that the lost laptops in question were unencrypted, CardioNet’s Corrective Action Plan required that CardioNet provide HHS with a certification that “all laptops, flashdrives, SD cards, and other portable media devices are encrypted, together with a description of the encryption methods used.”
In keeping with OCR’s apparent practice of announcing resolutions in groups – with a distinctive lesson to be made with each resolution, there was another settlement announced on April 20, 2017. This time a fine of $31,000 was levied against the Center for Children’s Digestive Health (“CCDH”) after it could not produce a business associate agreement. According to the negotiated Resolution Agreement and Corrective Action Plan, protected health information (PHI) was released to a third-party vendor who stored inactive paper medical records for patients of CCDH without satisfactory assurances in the form of a written business associate agreement that the vendor would appropriately safeguard the PHI in the vendor’s possession or control. As done in the past when it came to the need for properly-worded business associate agreements, OCR made the point that business associate agreements are a necessary component of the HIPAA framework and the failure to have one when necessary would be a costly error. See 45 C.F.R § 164.502(e).
OCR’s investigation revealed that MCPN took necessary corrective action related to the phishing incident; however, the investigation also revealed that MCPN failed to conduct a risk analysis until mid-February 2012. Prior to the breach incident, MCPN had not conducted a risk analysis to assess the risks and vulnerabilities in its ePHI environment, and, consequently, had not implemented any corresponding risk management plans to address the risks and vulnerabilities identified in a risk analysis. When MCPN finally conducted a risk analysis, that risk analysis, as well as all subsequent risk analyses, were insufficient to meet the requirements of the Security Rule.
Despite being a non-profit that provides primary medical care, dental care, pharmacies, social work, and behavioral care services “to approximately 43,000 patients per year, a large majority of who have incomes at or below the poverty level”, MCPN was hit with a $400,000 fine for its lack of an adequate risk management plan.
To sum up, this most recent grouping of OCR settlements highlights yet again the need for encryption, business associate agreements, and a working risk management plan. Given that OCR settlements often take years to mature, investigative costs and legal expenses should also be factored into the mix when weighing the benefits of initial compliance. With this latest round of settlements, it, however, appears clearer and clearer that an ounce of prevention is worth a pound of cure.
