From: Lexology
Scott L. Schmookler – Gordon & Rees LLP
The increasing market for cyber insurance policies combined with the addition of cyber exclusions has cooled litigation over whether a cyber breach triggers coverage under a commercial general liability (CGL) policy and whether a CGL insurer owes a duty to defend litigation arising from a cyber breach. However, the expansion of cyber insurance and integration of cyber exclusions has not the stemmed litigation under older CGL policies, many of which do not include cyber exclusions. Earlier today, the Fourth Circuit Court of Appeals addressed cyber coverage under a traditional CGL policy in Portal Healthcare v. Travelers Indemnity Company, Case No. 14-1944.
Portal arose after plaintiffs filed a putative class action, alleging that Portal negligently failed to secure a server containing confidential records for patients at a hospital, thereby making the records available for anyone to view online without a password. The insured argued that Travelers owed a duty to defend that class action because the medical records company published, and therefore disclosed, confidential information, triggering the personal and advertising injury coverage provision in the CGL policy. Travelers disagreed, arguing that the failure to secure a server is not a publication. Publication, Travelers argued, requires the deliberate step of disseminating the records – which was not alleged.
Leave a Reply