Slashdot Mirror

← Back to Stories (view on slashdot.org)

Insurer Won't Pay Out For Security Breach Because of Lax Security

Posted by Soulskill on from the ounce-of-prevention-is-worth-a-ton-of-green dept.

chicksdaddy writes: In what may become a trend, an insurance company is denying a claim from a California healthcare provider following the leak of data on more than 32,000 patients. The insurer, Columbia Casualty, charges that Cottage Health System did an inadequate job of protecting patient data. In a complaint filed in U.S. District Court in California, Columbia alleges that the breach occurred because Cottage and a third party vendor, INSYNC Computer Solution, Inc. failed to follow "minimum required practices," as spelled out in the policy. Among other things, Cottage "stored medical records on a system that was fully accessible to the internet but failed to install encryption or take other security measures to protect patient information from becoming available to anyone who 'surfed' the Internet," the complaint alleges. Disputes like this may become more common, as insurers anxious to get into a cyber insurance market that's growing by about 40% annually use liberally written exclusions to hedge against "known unknowns" like lax IT practices, pre-existing conditions (like compromises) and so on.

2 of 119 comments (clear)

  1. The problem is the doctors. by jellomizer · · Score: 0, Offtopic

    Health care system give too much power to the Doctors, and they get their hands into everything. They figure because they went to medical school they seem to be an expert on all thing. But because they are in such a position of power other non-clinical departments need to kiss up to them. We can get a 5 minute pitch to say why we may think it may be a bad idea (usually out of the blue as it becomes a surprise change) but if it technically can be done it will end up having to be implemented. And they want it now with no patients for testing, and way too cheap to setup a good testing environment.
    Then we have issues because we were forced to implement a bad design, then it is a case those IT guys screwed up again! Even the fact it mostly worked is a near miracle that it even works.

    We can have better and safer health care IT if the doctors shut up and take what we make for them. They can state there problems on the high level, but they will nitpick into a crap system.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  2. Gotta love it by JRV31 · · Score: 1, Offtopic

    An insurance company trying to screw an insurance company. Gotta love it.