Insurer Won't Pay Out For Security Breach Because of Lax Security

chicksdaddy writes: In what may become a trend, an insurance company is denying a claim from a California healthcare provider following the leak of data on more than 32,000 patients. The insurer, Columbia Casualty, charges that Cottage Health System did an inadequate job of protecting patient data. In a complaint filed in U.S. District Court in California, Columbia alleges that the breach occurred because Cottage and a third party vendor, INSYNC Computer Solution, Inc. failed to follow "minimum required practices," as spelled out in the policy. Among other things, Cottage "stored medical records on a system that was fully accessible to the internet but failed to install encryption or take other security measures to protect patient information from becoming available to anyone who 'surfed' the Internet," the complaint alleges. Disputes like this may become more common, as insurers anxious to get into a cyber insurance market that's growing by about 40% annually use liberally written exclusions to hedge against "known unknowns" like lax IT practices, pre-existing conditions (like compromises) and so on.

Showing once again how worthless insurance is

[smooth+wombat]

Insurance is the biggest scam ever perpetrated in the history of mankind. You pay and pay and pay some more, then, when you need to use it you're given every excuse possible why the coverage you've been paying for doesn't apply.

When one takes into consideration the thousands of dollars each year the average person pours down the drain for insurance, it's no wonder people are going broke. That money could be used for more productive endeavors such as food, housing, education or transportation.

Instead, the money is lost in the ether, used only to enrich a few while the many bleed from a thousand cuts.