Posts

Showing posts with the label Shumaker Loop & Kendrick LLP

Delaware Supreme Court Expands Cyber Liability Exposure for SaaS & Managed Service Providers

What the Blackbaud decision means for managed service providers (MSPs) and the clients who rely on them A recent decision by the Delaware Supreme Court in  Travelers Casualty and Surety Company of America v. Blackbaud, Inc.   materially shifts the litigation landscape for cybersecurity incidents involving Software as a Service (SaaS) providers and MSPs. Key takeaways: Lower pleading burden for plaintiffs (including insurers) Less emphasis on proximate cause at early stages Aggregated claims allowed across multiple customers Higher litigation costs and increased settlement pressure Expanded expectations around what constitutes "commercially reasonable" cybersecurity Bottom line: Cyber incidents are now significantly more likely to survive early dismissal and proceed into expensive discovery. What Happened Blackbaud, a SaaS provider hosting sensitive donor data, experienced a ransomware attack exposing highly sensitive personal and financial information. Its customers (nonprof...

Client Alert: What Do Your Third-Party Payor Agreements Actually Require?

How in-depth has your entity reviewed its third-party payor agreements? Have your billing team, Compliance Officer, Privacy Officer, and Legal team all been made aware of requirements or, better yet, were they involved in the agreements' approval? Navigating the “fine print” in payor agreements can be the difference between a smooth operation and a compliance nightmare. Here are five critical areas where providers often get tripped up—and what you should be asking your team right now. Breach Notification Requirements Some provider agreements require that entities notify the payor within 24 hours of a Health Insurance Portability and Accountability Act (HIPAA) breach . While often unrealistic, it's a standard clause that frequently lacks clarity as to whether an unsuccessful security penetration attempt must be reported. The Checkup:  Have you determined what your reporting requirements are? Have you implemented a process to meet those requirements? Change of Ownership or Cont...

Chatty Chatbots: Why AI Agents are the Silent Threat to your Company’s IP

Agentic AI is one of the buzziest concepts in business today. There's no mystery why—the promise of dramatic increases in efficiency, and ones that actually accelerate over time as the agents get better at their jobs, all for what is advertised as a fraction of the cost of the employees who currently do the job . Unfortunately, AI Agents carry a hidden risk that your business may not have accounted for. The Risk: Most Agentic AI was engineered to complete tasks reliably, rather than prioritizing the protection of specific types of data. The focus on completing operations first creates a bias within the system that establishes concrete pathways for confidential information, personal data, and intellectual property (IP) to leak from Agent to Agent, across memories, and through over-permitted integrations. In other words, putting any data that you entrust to the AI Agent at risk. HOW LEAKS ACTUALLY HAPPEN That sounds ominous, but also a bit "shrouded in mystery." The good ...