As reported by Orrick’s Cybersecurity and Data Privacy Practice Group:

Orrick LogoColumbia Casualty Company on May 7 filed one of the first lawsuits challenging coverage for a privacy class action following breach of a health system insured under a cyber policy. According to a post by Russell Cohen, Mark Mermelstein and Nancy Harris of Orrick’s Cybersecurity and Data Privacy Practice Group, the lawsuit could signal a changing tide on coverage under these targeted policies.

The insured, Cottage Health System, failed to provide complete and accurate information in the application about the minimum required practices of one of its third-party vendors. To avoid application of minimum required practice exclusions, Orrick suggests insureds:

  • Eliminate “minimum requirement” and similar exclusions from their cyber policies.
  • Conduct reasonable due diligence and take appropriate care before making the security representations in their applications
  • Engage specialized counsel early in the process of procuring insurance to identify and eliminate coverage exclusions.

Read More Orange


HB Litigation Conferences Presents

NetDiligence Cyber Risk & Privacy Liability Forum

June 2 and 3