A $2.75B AI Bet, a 2.3/5 Governance Score, and Regulators Running Out of Patience

Lilly’s landmark deal resets the AI benchmark — the same week McKinsey data and converging FDA/EMA frameworks reveal how far most organizations have to close

March 30 – April 5, 2026 · ~13 min read

---

The week’s AI signal is clear and uncomfortable: Eli Lilly just placed a $2.75 billion bet that AI-native drug discovery is the primary engine of future R&D — while McKinsey data shows average responsible AI maturity sitting at 2.3 out of 5, with agentic controls lagging furthest behind. Two vendor breaches, 90-plus ransomware incidents in March, and an actively exploited 9.8-CVSS vulnerability in healthcare-facing networks describe a threat environment that isn’t slowing. And on both sides of the Atlantic, regulators moved from publishing AI principles to implementing them — three distinct framework advances in one week.

---

🤖 AI & Data

⚠️ Published March 28–29 — outside the March 30–April 5 coverage window

Lilly Signs $2.75B AI Drug Discovery Partnership with Insilico Medicine

On March 28–29, Eli Lilly announced an expanded global R&D collaboration with Insilico Medicine, committing $115 million upfront and up to $2.75 billion in total milestones and royalties for exclusive worldwide rights to Insilico’s Pharma.AI platform — a generative AI and large language model suite spanning target identification, molecular design, clinical study planning, and regulatory document generation. It is the largest AI-native drug discovery partnership disclosed to date.

What happened:

• Lilly commits $115M upfront with up to $2.75B total in milestones and royalties; deal covers oral therapeutics across undisclosed indications and builds on an earlier $100M collaboration from November 2025
• Pharma.AI integrates across target identification, molecular design, clinical study planning, and regulatory document generation — not a point-solution but a full-pipeline platform license
• Deal surpasses prior AI drug discovery benchmarks from Sanofi, AstraZeneca, and Lilly’s own previous AI agreements

Why it matters to you:

• Lilly is not licensing a tool to support existing discovery — it is committing to Insilico’s platform as the primary molecule design engine, integrated across its R&D informatics stack; this signals a shift from “AI-accelerated R&D” to “AI-native R&D” at the largest scale yet
• For CIOs evaluating AI vendor platforms, the immediate questions are architectural: how does the vendor platform interface with internal LIMS, ELN, and clinical systems; who owns IP on AI-generated candidates; and what data governance framework governs what the platform ingests — those questions need answers before the integration contract is signed

⚠️ Published March 11 — outside the March 30–April 5 coverage window

FDA Launches AEMS, Consolidating FAERS, MAUDE, and Legacy Adverse Event Systems

On March 11, FDA launched the Adverse Event Monitoring System (AEMS), consolidating FAERS (drugs/biologics), MAUDE (medical devices), VAERS (vaccines), and several other legacy repositories into a single platform with API access and AI-assisted signal detection. Phase 1 covers drugs and biologics; full device and vaccine integration is targeted for completion by end of May 2026.

What happened:

• AEMS exposes structured query APIs that sponsors, CROs, and safety teams can call programmatically — replacing screen-scraping workarounds most organizations have used for FAERS data pulls
• AI-assisted signal detection is built into the back end; FDA has indicated AEMS will also underpin its own pharmacovigilance workflows going forward
• Phase 2 (devices/vaccines) targets May 2026; legacy FAERS endpoints will be deprecated once migration is complete

Why it matters to you:

• AEMS is a forcing function: legacy FAERS ETL jobs, case processing integrations, and signal analytics systems will need to be updated to consume AEMS APIs before old endpoints are deprecated — this is a compliance-driven migration, not a discretionary upgrade
• Device teams face the shorter timeline — MAUDE integration is targeted for May; organizations still running MAUDE-dependent safety reporting workflows need to begin migration planning now

FDA’s Breakthrough AI Device Pathway Is Shifting Toward Multi-Indication Complexity

A STAT News analysis published April 2 finds that FDA is increasingly granting breakthrough device designation to AI systems that address multiple clinical problems simultaneously — multi-disease screening from a single scan, for example — rather than narrow single-task algorithms. The trend accelerated in 2025–2026 as generative and multimodal AI entered the device space.

What happened:

• Analysis based on FDA’s public list of 1,400+ authorized AI-enabled devices and interviews with reviewers; FDA has cleared tools handling up to 14 simultaneous clinical findings from a single CT scan
• Multi-indication AI devices face more complex validation, real-world performance monitoring, and post-market surveillance requirements than single-task predecessors
• FDA expects developers to submit Predetermined Change Control Plans (PCCPs) that account for model updates across multiple intended uses — raising the documentation bar significantly

Why it matters to you:

• For medtech CIOs: PCCP architecture for multi-indication AI requires continuous data feeds, model versioning controls, and audit trails spanning clinical and commercial systems — not just a one-time validation exercise
• For biopharma CIOs with companion diagnostics or digital biomarker programs: the multi-indication complexity shift means regulatory and IT teams must align on PCCP infrastructure before the next development cycle, not during it

---

⚖️ Regulatory & Policy

EMA Publishes NDSG Workplan Formalizing AI and Real-World Data Integration Through 2028

In March 2026, EMA published its Network Data Steering Group (NDSG) Workplan 2026–2028, a joint HMA-EMA document that formalizes how artificial intelligence and real-world data will be integrated into European medicines regulation over the next three years.

What happened:

• Workplan covers five domains: federated data infrastructure, AI validation frameworks for regulatory decision-making, real-world evidence methodology standards, pharmacovigilance AI, and data governance for cross-border sharing between national competent authorities and EMA
• Establishes the regulatory data standards and AI validation expectations that will be required for EU submissions using RWD or AI-generated evidence
• Sponsors are beginning to receive scientific advice that references NDSG workplan criteria — it is already influencing live regulatory interactions

Why it matters to you:

• For EU-active sponsors and CROs: gaps in your current RWD ingestion, federated analytics, and AI validation frameworks identified in 2026 will directly affect submission readiness as EMA embeds these expectations through 2027–2028
• The five workplan domains are a ready-made diagnostic: map your current capabilities against each domain and you have a gap analysis that is directly relevant to upcoming scientific advice interactions

FDA–EMA Joint AI Principles Move from Statement to Implementation

The January 2026 joint FDA–EMA statement on Good AI Practice (GAIP) — the first formal alignment between the two agencies on AI in medicines regulation — continued generating downstream regulatory activity during the coverage window. The NDSG workplan, the AEMS launch, and the evolving breakthrough device pathway are all implementation expressions of the GAIP principles. Sponsors are now receiving scientific advice that references GAIP as a benchmark.

What happened:

• EMA operationalizes GAIP through the NDSG workplan’s data standards and AI validation requirements; FDA operationalizes it through AEMS and the evolving breakthrough device pathway
• Implementation details remain unresolved — what constitutes sufficient “transparency” for an AI model used in a Phase III endpoint derivation is being worked out through individual submissions, not published guidance
• Both agencies are building case law in practice; organizations receiving scientific advice are already encountering GAIP as a working standard

Why it matters to you:

• GAIP compliance is no longer theoretical — it is already surfacing in regulatory interactions; organizations without a mapped inventory of AI-assisted systems and their data practices are unprepared for scientific advice encounters that reference it
• The window for proactive alignment is open; the window for reactive scrambling is shorter than most regulatory affairs IT timelines allow

---

🔒 Cybersecurity & Risk

⚠️ Added to CISA KEV catalog March 27 — outside the March 30–April 5 coverage window

Critical F5 BIG-IP Vulnerability Actively Exploited Across Healthcare Networks

On March 27, CISA added CVE-2025-53521 to its Known Exploited Vulnerabilities catalog — an F5 BIG-IP APM flaw reclassified from denial-of-service to unauthenticated remote code execution with a CVSS score of 9.8. Active exploitation is confirmed, with a federal agency remediation deadline of March 30.

What happened:

• Attackers are deploying memory-resident webshells that survive reboots; the vulnerability affects BIG-IP APM versions widely used across healthcare and pharma networks for SSL VPN, application delivery, and access policy management
• Health-ISAC and the AHA both circulated urgent advisories noting that successful exploitation could give attackers a persistent foothold for lateral movement into EHR, LIMS, or OT environments
• Memory-resident webshells bypass conventional file-based endpoint detection — standard scanning will not identify an active compromise

Why it matters to you:

• BIG-IP APM is a common perimeter component across clinical and enterprise networks — this vulnerability provides a direct path from internet-facing infrastructure into sensitive internal systems
• The combination of memory-resident persistence and widespread healthcare deployment makes this a Tier-0 emergency, not a next-scheduled-window patch

Cloud EHR Vendor CareCloud Discloses Breach Under SEC Material Incident Rules

On March 28, cloud-based EHR and practice management vendor CareCloud disclosed a cybersecurity incident to the SEC as a material event, reporting that an unauthorized actor accessed one of its six production EHR environments for approximately eight hours on March 16 — one of the first EHR vendor filings under the SEC’s expanded material cybersecurity incident reporting rules. CareCloud serves more than 45,000 providers; data exfiltration has not been confirmed.

What happened:

• Unauthorized access to one of six production environments for ~8 hours on March 16; patient medical records were accessible during that window
• CareCloud determined on March 24 that the incident was material and filed with the SEC — triggering simultaneous HIPAA breach notification obligations for its provider clients
• Multi-tenant architecture risk: a single compromised environment exposes records across thousands of provider organizations simultaneously

Why it matters to you:

• If your organization uses a cloud-based EHR or clinical data vendor, their breach triggers your HIPAA notification obligations on their timeline — not yours; vendor breach notification SLAs need to be in your contracts and actively monitored
• SEC and HIPAA disclosure timelines run in parallel and require different stakeholders; most incident response plans were written before the SEC cyber rules created this dual-track obligation

Medtech Manufacturer TriMed Confirms Breach Spanning OT and Patient Data Environments

TriMed, Inc., an orthopedic implant and medical device manufacturer, disclosed a data breach affecting patient-linked records following an intrusion detected in late 2025, reported March 31. The breach exposed names, dates of birth, and medical record numbers. TriMed operates both manufacturing and direct clinical support functions — making this a confirmed intrusion spanning both OT and patient-linked data environments.

What happened:

• Intrusion occurred September 2025; order forms and invoices — which typically don’t contain PHI but in this case did — were accessed without authorization; disclosure came months later
• The ISMG editorial panel cited TriMed and CareCloud together as evidence that vendor and supplier breaches are now the primary vector for large-scale patient data exposure
• Medtech supply chain specifically flagged as underprotected relative to the threat level it now faces — OT-adjacent environments holding both operational and PHI-class data with uneven security maturity

Why it matters to you:

• Device manufacturers that handle device registration, post-market surveillance, or field service data hold patient-linked information in environments designed primarily for operational continuity, not PHI-grade security
• For biopharma and provider organizations: your device supply chain and service partners now represent a patient data exposure vector that most third-party risk assessments don’t evaluate at adequate depth

Ransomware Against Healthcare Holds Above 90 Incidents Per Month for Second Consecutive Month

BlackFog’s State of Ransomware report for March 2026, published April 1, recorded 90 publicly disclosed ransomware attacks during the month — the second consecutive month above that threshold. Healthcare remained the most targeted sector with 18 attacks. Double-extortion now accounts for more than 80% of disclosed healthcare attacks.

What happened:

• Notable March incidents: University of Hawaii Cancer Center (1.2 million records) and TriZetto, a healthcare IT and claims processing platform (3.4 million records) — both involving confirmed data exfiltration and extortion
• 30 ransomware groups linked to March disclosures; Qilin leads with 8 attacks; U.S. organizations accounted for 60% of all reported incidents
• Combined with CareCloud and TriMed disclosures above, March data establishes a pattern: sustained high-tempo attacks with exfiltration components triggering simultaneous HIPAA and SEC obligations

Why it matters to you:

• Double-extortion means backup recovery is no longer a complete ransomware response — data exposure and the HIPAA/SEC disclosure obligations that follow are the primary risk regardless of operational recovery speed
• Most incident response and business continuity plans were written before the SEC cyber rules created dual-track disclosure obligations with different stakeholders and timelines — this is a gap in most current plans

---

🏢 Leadership & Operating Model

⚠️ McKinsey report published March 24 — outside the March 30–April 5 coverage window

Two research-driven perspectives this week converge on the same structural problem: organizations are deploying AI into operations before the governance architecture exists to manage it, and the operating model consequences of that sequencing will land on CIOs.

McKinsey’s “State of AI Trust in 2026” report, based on a survey of approximately 500 organizations, found average responsible AI maturity at 2.3 out of 5 — up from 2.0 in 2024, but with only 30% of organizations reaching Level 3 or above on governance and agentic AI controls. Seventy-four percent of respondents cite AI inaccuracy as a top concern; 64% identify security and risk as the primary barrier to scaling agentic AI in production. The ROI gap is material: organizations investing $25 million or more annually in responsible AI programs report significantly higher EBIT impact than those spending less, and the gap widens in regulated industries. The most common barrier to maturity is not tooling or budget — it is knowledge and training, cited by approximately 60% of respondents.

A March 31 analysis in pharmaphorum argues that agentic AI is driving a fundamental operating model shift in pharmaceutical R&D — from “Research and Development” to “Research and Prediction” — as autonomous agents begin handling end-to-end workflows in clinical study report generation, pharmacovigilance narrative writing, and regulatory submission management. The analysis argues that 2026 will see the first fully AI-predicted pipeline candidate enter Phase I without conventional wet-lab confirmation of every preclinical step, and that this shift requires IT organizations to build “agentic infrastructure” — orchestration layers, human-in-the-loop checkpoints, audit trail generation, and agent-to-agent communication protocols — before deployment, not after.

Taken together, the McKinsey maturity data and the pharmaphorum operating model analysis describe a sector-wide timing mismatch: organizations are moving toward AI-predicted pipelines architecturally while still operating at governance maturity that cannot reliably audit the agents making consequential decisions. CIOs should begin defining the agentic infrastructure layer now — specifically the orchestration, audit, and human-in-the-loop components — before individual business units begin deploying agents for tasks like CSR drafting or PV narrative generation. The alternative is a landscape of ungoverned point deployments that will be nearly impossible to audit under GxP once they are in production.

---

💡 Editor’s Perspective

• Lilly’s $2.75B bet and McKinsey’s 2.3/5 governance score are not contradictory signals — they describe the same moment from opposite ends. The organizations placing the largest AI platform bets believe they can build governance discipline as they scale. The McKinsey data suggests most organizations cannot, and that regulated industries face compounding exposure when they try. Life sciences CIOs sitting between accelerating AI investment above them and lagging governance infrastructure below have a narrow window to establish architecture and oversight before deployment decisions make governance retroactive rather than foundational.
• The CareCloud, TriMed, and BlackFog data collectively describe an attack surface that has migrated to your vendors’ environments. Last week, FDA’s Novo Nordisk warning letter documented how regulatory accountability follows your contractors’ system failures back to you. This week, a cloud EHR vendor and a device manufacturer confirmed that patient data breaches in their environments trigger your HIPAA notification obligations on their timeline. The pattern is consistent: vendor risk management built on annual questionnaires is not proportionate to an environment where 41.2% of incidents originate from third parties and double-extortion accounts for more than 80% of attacks.
• Four distinct regulatory moves this week — FDA AEMS, the breakthrough AI device pathway analysis, the GAIP implementation activity, and the EMA NDSG workplan — are all pointing the same direction. Regulators are no longer publishing principles and waiting for industry to self-organize; they are building the infrastructure and case law that will define compliance in practice. Organizations that have been tracking these frameworks without acting on them are now watching the gap between “understand” and “implement” become a compliance timeline.
• The pharmaphorum R&P framing and McKinsey’s governance data point to a CIO action that has no obvious owner at most organizations: defining what “agentic infrastructure” means before the first production agent is deployed. Not the agent itself — the orchestration layer, audit trail requirements, human-in-the-loop checkpoints, and version control framework that make the agent auditable after the fact. In a GxP environment, the agent that generated the study report is not the compliance problem. The inability to reconstruct every decision it made is.

---

🔗 Top 5 Must-Read Links

1. Lilly’s AI Commitment Expands Through Deal with Insilico (BioPharma Dive, March 29) — The clearest account of the deal structure, platform architecture, and strategic implications; share with R&D IT, data science leadership, and anyone evaluating AI vendor platform contracts.
2. McKinsey: State of AI Trust in 2026 — Shifting to the Agentic Era (March 24) — The RAI maturity benchmarking data by industry; use it as a board-level diagnostic and to position your organization’s governance investment against the sector.
3. FDA Adverse Event Monitoring System (AEMS) — FDA.gov — The primary FDA resource; pharmacovigilance and safety systems teams should read it to scope what API migration work the AEMS transition requires before legacy endpoints are deprecated.
4. CareCloud Breach: Hackers Accessed Patient Medical Records in Cloud EHR (TechCrunch, March 31) — Clear account of the multi-tenant breach and its SEC material disclosure; useful context for vendor contract reviews and cloud EHR architecture conversations with security and legal.
5. EMA Network Data Steering Group Workplan 2026–2028 (EMA.europa.eu) — The primary EMA document; EU-active R&D IT and regulatory affairs teams should map their current data and AI infrastructure against the five workplan domains.

---

The week’s developments don’t resolve into a comfortable synthesis: the sector is simultaneously placing its largest-ever AI bets, watching governance maturity lag at 2.3 out of 5, absorbing vendor breaches in real time, and navigating regulators who have stopped waiting for voluntary alignment. Those are not separate problems with separate owners — they are the same operating challenge from four angles. If any of this week’s developments connects directly to decisions you’re working through, hit reply and tell me where you’re drawing the lines.

Ready to move beyond the digest? The LS CIO Community is where these conversations continue — vendor-neutral, practitioner-led.

Join the LS CIO Community →

---

This digest is an interpretive summary of publicly available information and does not constitute legal, regulatory, cybersecurity, or investment advice.

Until next week,

Joe Miller

Founder, Leadership Inklings