I have known that stupidity is expensive but there is nothing like hard core numbers to prove it.
Data insurance coverage that refuses to cover damages is proof.
Four million dollars worth of proof.
But it is not that the insurer refused to pay.
Oh, they paid.
But, they changed their mind. They want their money back.
And they have filed a counter claim that specifies why they believe they should be legally vindicated. {Read the full story here}
Ouch!
Do you remember when Vanessa Williams was crowned Ms. America only to be dethroned?
Yeah, yeah—that kind of pain.
Maybe it’s just me. But I get embarrassed for other people–so much so, that I have had to leave the room because I couldn’t bear to watch.
Or listen for that matter.
Hearing about the Cottage Health System Data security breach reminds me of those times.
Cottage learned that one of its servers had been disabled, leaving tens of thousands of patients’ files potentially open and exposed on the internet.
They filed a claim with their insurer, Columbia Casualty. {Read: Benefits of Data Insurance}
Until,
Columbia Casualty discovered that Cottage Health and InSync (the company responsible for putting Cottage records in a secure online location) were ‘stupid.’
Here is how they define stupid:
17. The complaint alleges that the breach occurred because Cottage and/or its third-party vendor, INSYNC Computer Solution, Inc. (“INSYNC”), stored medical records on a system that was fully accessible to the internet but failed to install encryption or take other security measures to protect patient information from becoming available to anyone who “surfed” the internet.
18. The complaint alleges that Cottage violated its nondelegable duties under CMIA and HIPAA to maintain the security of its patients’ confidential medical records and to detect and prevent data breaches on its system that would allow such information to become available to the public through the internet.
Specifically, Columbia Casualty asserts that Cottage “stored medical records on a system that was fully accessible to the internet.
And the clincher?
They failed to install encryption or take security measures to protect patient information from becoming available to anyone who ‘surfed’ the internet.”
Do you agree with their definition?
Five things to consider before you buy Data Insurance:
1. What specifically do you expect from your data insurance coverage in the event that a claim is filed?
2. What aspects of a breach will your data insurance cover?
3. Have all the critical questions been addressed before signing the contract?
4. What are the benefits vs costs?
5. Has the anti-stupidity clause been identified?
Further Reading:
Cyber Insurance: Do the benefits outweigh the costs?
Policyholders Beware–Cyber Coverage may provide a false sense of security
