In Universal Am. Corp v Nat’l Union Fire Ins Co of Pittsburgh, PA, No. 95, 2015 WL 3885816 (N.Y. June 25, 2015), the highest court in New York applied the language of a financial institution bond to deny coverage for losses that arose from the entry of fraudulent claims into its computer systems by authorized users.
Universal American Corp is a health insurer that allows health providers to submit claims directly into its computer system. It allegedly suffered over $18 million in losses for payments of fraudulent claims for services never actually performed.
The bond contained a rider covering “Computer Systems Fraud,” which it defined as “Losses resulting directly from a fraudulent (1) entry of Electronic Data or Computer Program into, or (2) change of Electronic Data or Computer Program within the Insured’s Proprietary Computer System.”
However, the bond excluded “losses resulting directly or indirectly from fraudulent instruments which are used as source documentation in the preparation of Electronic Data, or manually keyed into a data terminal.”
National Union denied coverage. Like the lower courts, the Court of Appeals ruled in its favor. The Court of Appeals concluded that the rider provided coverage for losses incurred through unauthorized access to the computer system, i.e., acts of outside hackers, but not to fraudulent information entered by authorized users.