In Universal Am. Corp v Nat’l Union Fire Ins Co of Pittsburgh, PA, No. 95, 2015 WL 3885816 (N.Y. June 25, 2015), the highest court in New York applied the language of a financial institution bond to deny coverage for losses that arose from the entry of fraudulent claims into its computer systems by authorized users.
Universal American Corp is a health insurer that allows health providers to submit claims directly into its computer system. It allegedly suffered over $18 million in losses for payments of fraudulent claims for services never actually performed.
The bond contained a rider covering “Computer Systems Fraud,” which it defined as “Losses resulting directly from a fraudulent (1) entry of Electronic Data or Computer Program into, or (2) change of Electronic Data or Computer Program within the Insured’s Proprietary Computer System.”
However, the bond excluded “losses resulting directly or indirectly from fraudulent instruments which are used as source documentation in the preparation of Electronic Data, or manually keyed into a data terminal.”
National Union denied coverage. Like the lower courts, the Court of Appeals ruled in its favor. The Court of Appeals concluded that the rider provided coverage for losses incurred through unauthorized access to the computer system, i.e., acts of outside hackers, but not to fraudulent information entered by authorized users.
Vince Vitkowsky is a partner in Seiger Gfeller Laurie LLP, resident in New York. He represents insurance and reinsurance companies in complex claims matters, and advises on cybersecurity and cyber insurance issues. He has served as an Adjunct Fellow at the Center for Law and Counterterrorism, and is a member of the Executive Committee of the American Branch of the International Law Association. He can be reached at [email protected].
