With a regular parade of headlines describing disastrous corporate data breaches, there are clear motives for getting a cyberinsurance policy. But William Wagner of Taft Stettinius & Hollister warns that one case in particular demonstrates the potential dangers of some policies. In the case, a network of hospitals in California realized an IT vendor it hired left data unencrypted for two months, exposing 32,500 patient records. The network had a $10 million cyberinsurance policy and quickly turned over the necessary paperwork for coverage of the ensuing lawsuits.
Convenient, right? Not so much. After agreeing to pay the fees, the insurer then sued the hospital in federal district court, alleging it didn’t have a duty to defend or indemnify. In large part, the argument was based on the hospital not continuously following the minimum required security practices as agreed to in the insurance policy.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.
For questions call 1-877-256-2472 or contact us at [email protected]