Insurer says it's not liable for University of Utah's $3.3M data breach
In lawsuit, Colorado Casualty says its policies do not obligate coverage
Computerworld - An Englewood, Colo., insurance company has filed a federal lawsuit contending that it isn't responsible for reimbursing the University of Utah for $3.3 million in costs related to a 2008 data breach caused by a third-party service provider.
The lawsuit, filed in a Utah federal court by Colorado Casualty Insurance Co., contends that the insurer is not obligated to cover the costs now being sought by the university from the third-party service provider. Colorado Casualty was providing breach insurance to the third-party provider at the time of the breach.
The nine-page complaint, which seeks a declaratory judgment from the court, offers little explanation as to why exactly the insurer believes it is not obligated to pay the breach related costs sought by the university.
The breach occurred in June 2008, when burglars stole back-up tapes containing sensitive data on 1.7 million patients at the university's hospitals and clinics. The tapes were on their way to a storage facility when they were stolen from a car belonging to an employee at Perpetual Storage Inc. a Sandy-Utah-based data storage company used by the university.
The disks were recovered untouched a few days later, but the university ended up spending more than $3.3 million in breach notification costs, credit monitoring fees, phone bank costs and other expenses.
Steven McMurray, a lawyer representing Perpetual Storage, said that it's not unusual for insurance companies to dispute claims involving potentially large payouts.
"We have filed a motion to dismiss the compliant," he said.
The motion contends that that Colorado Casualty offered no obvious reasons for its objections, McMurray said. "We obviously think there is coverage," he added.
Since the breach, Perpetual has changed to another insurance provider, he said.
Christopher Nelson, a spokesman at University of Utah Health Care and Health Science, said the university would be "very disappointed" if a judge ruled in favor of Colorado Casualty's complaint. In that case, the university will consider other avenues, which could include filing a lawsuit against Perpetual or its insurance agent, to recover the money.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
Read more about Data Security in Computerworld's Data Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Top tips for securing big data environments - Why big data doesn't have to mean big security challenges Organizations don't have to feel overwhelmed when it comes to securing big data environments. The same security fundamentals for securing databases, data warehouses...
- Top 3 Myths about Big Data Security : Debunking common misconceptions about big data security Big data represents massive business possibilities and competitive advantage for organizations that are able to harness and use that information. But how are...
- Three guiding principles for data security and compliance Data security is a moving target-as data grows, more sophisticated threats emerge; the number of regulations increase; and changing economic times make it...
- Mitigate the OWASP Top 10 Web Application Security Risks This technical brief analyzes each of the ten risks and outlines how you can protect your organization from threats targeting your high-value applications...
- Live Webcast Best Practices for the Hyperconverged Enterprise Network To the Age of Constant Connectivity and Information overload
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva.
- How SIEM Addresses the Challenges of Big Security Data This webcast will help you understand today's big data security challenges and how intelligent and scalable SIEM solutions give IT the tools and... All Data Security White Papers | Webcasts