BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.
To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.
To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.
Policyholders scored a victory in a closely-watched cyber coverage case, in which a U.S federal court in Los Angeles dismissed a case filed by an insurer seeking to deny coverage.
But last week's ruling by the court in Columbia Casualty Co. v. Cottage Health System, which was publicized this week, did not address the central issue in the case, which was the acceptability of an exclusion in the policy issued by the subsidiary of Chicago-based CNA Financial Corp. to Cottage Health that precludes coverage for “failure to follow minimum required practices.”
The Santa Barbara, California-based health system suffered a data breach involving about 32,500 confidential medical records in 2013. A $4.1 million settlement of a resulting class action suit was reached. Columbia Casualty filed suit May 7 in Los Angeles federal court seeking to void its obligation, citing the “best practices” exclusion.
In his ruling Judge Dean D. Pregerson said under terms of its policy, Columbia Casualty should have pursed alternative dispute resolution first, before filing suit against Cottage.
“The insurance policy provides that 'all disputes and differences between the insured and the insurers which may arise under or in connection with this policy…shall be submitted to the alternative dispute resolution process' ” and that there be no judicial proceeding until 60 days after mediation has terminated, said the ruling.
“The court concludes that the above language controls the timing of suits arising out of the policy and requires that the ADR process take place before a lawsuit is initiated,” said Judge Pregerson, in dismissing the case.
“I assume the parties will try to establish a mediation procedure” now, said Jerold Oshinsky, a partner with Kasowitz, Benson, Torres & Friedman L.L.P. in Los Angeles, who represents Cottage Health, and had moved to have the case dismissed.
A CNA spokesman could not be reached for comment.
“It's obviously not a ruling on the merits,” said Stephen T. Raptis, a partner at Manatt, Phelps & Phillips L.L.P. in Washington, who is not involved in the case.
Mr. Raptis said the ruling still leaves unanswered the acceptability of the best practices exclusion. “The court is applying as written a provision in the Columbia policy that requires parties to basically mediate disputes before they file a lawsuit,” he said.
“It doesn't give us a lot of insight on how these cyber policies are likely to be interpreted in terms of the substantive provisions, but it does give us a sense that courts, at least in California, are going to hold all parties to these provisions that require them to mediate or arbitrate, either in lieu of litigation, or before they can litigate.”
However, he added, the case had attracted significant attention because it would have been the first time the best practices exclusion would have been interpreted by any court.
“Now it looks like we're going to have to wait for some period of time for that to happen,” and it may not even be with this case, Mr. Raptis said.
A recent survey by U.S.-based Intel Security Group and The Aspen Institute has found that cyber attacks on critical infrastructure often result in physical damage, SC Magazine UK reported.