In a ruling particularly meaningful to health care companies, who are responsible for patients’ protected, personally-identifiable information, the U.S. Court of Appeals recently upheld a lower court’s decision finding coverage under a healthcare company’s comprehensive general liability (CGL) policy. When the health care company inadvertently made certain confidential medical records accessible to the public online over a three month period, the court determined that the “publication” requirement under the CGL policy had been met, thus triggering coverage under the company’s CGL policy.
The decision turned on the fact that the term “publication” was not a defined term in the policy, thus coverage must be afforded in favor of the insured. The opinion serves as a reminder that companies, when faced with a cyber claim, should review their traditional lines of insurance – such as CGL and property policies – as part of a full assessment of their potential coverage. Although a dedicated cyberliability policy may provide more comprehensive coverage in response to data breach claims or losses, this recent decision shows that these “traditional” policies should also be part of a comprehensive breach response and risk management plan.
For a deeper look at the case and its implications, read our recent Client Alert, “Fourth Circuit Finds That Traditional CGL Policies May Continue to Provide Coverage for Cyberliability Claims.”