Defining 'Computer Systems Fraud' in Insurance Policies: Excluding Fraudulent Entries by Authorized Users

Defining 'Computer Systems Fraud' in Insurance Policies: Excluding Fraudulent Entries by Authorized Users

Introduction

The case of Universal American Corp. v. National Union Fire Insurance Company of Pittsburgh, PA addressed a pivotal issue in insurance coverage related to computer systems fraud. Universal American Corp., a health insurance provider, sought indemnification for losses resulting from fraudulent claims processed through its computerized billing system. The central question was whether the insurance policy's provision for "computer systems fraud" extended to fraudulent entries made by authorized users within the insured's computer system.

Summary of the Judgment

The Court of Appeals of New York ruled in favor of National Union Fire Insurance Company, affirming the lower courts' decisions that the insurance policy did not cover losses caused by fraudulent entries made by authorized users. The court held that the term "fraudulent entry" in the policy unambiguously referred to unauthorized access, such as hacking or cyber intrusions, rather than fraudulent actions by individuals who already had authorized access to the computer system. Consequently, Universal American Corp.'s claim for indemnification was denied.

Analysis

Precedents Cited

The judgment referenced several key cases to support its interpretation of the insurance policy:

  • Vigilant Ins. Co. v Bear Stearns Companies, Inc. (2008) - Emphasized that unambiguous contract provisions should be given their plain and ordinary meaning.
  • Ellington v EMI Music, Inc. (2014) - Defined ambiguity in contracts as situations where the contract does not clearly disclose its purpose or the parties' intent.
  • Owens, Schine & Nicola, P.C. v Travelers Cas. and Sur. Co. of Am. (2012) - Addressed the extent of computer usage required to constitute computer fraud under an insurance policy.
  • Other cases such as Dean v Tower Ins. Co. of New York and Mostow v State Farm Ins. Companies were cited to elaborate on contract interpretation and the reasonable expectations of the average insured.

Legal Reasoning

The court employed principles of contract interpretation to determine the scope of the "computer systems fraud" rider in the insurance policy. Key points in the legal reasoning included:

  • Plain Language Interpretation: The court found the policy language to be clear and unambiguous, stating that "fraudulent entry" pertains to unauthorized access rather than actions by authorized users.
  • Intent of the Parties: The placement of the word "fraudulent" before "entry" and "change" indicated that the parties intended to cover deceitful acts impacting the integrity of the computer system itself.
  • Policy Headings and Exclusions: The headings "Computer Systems" and "Computer Systems Fraud," along with specific exclusions related to fraudulent instruments used in data preparation, reinforced the interpretation that the rider was intended to cover unauthorized access.
  • Rejection of Alternative Interpretations: The court dismissed Universal's argument that "fraudulent entry" should be interpreted as "fraudulent input," emphasizing that such an interpretation was not supported by the policy language or context.

Impact

This judgment has significant implications for both insurers and insured entities:

  • Clarification of Coverage: Insurance providers can now more clearly define the scope of coverage related to computer systems fraud, distinguishing between unauthorized access and internal fraudulent actions by employees or authorized users.
  • Policy Drafting: Insurers may revise policy language to explicitly include or exclude certain types of computer fraud, based on the clarified legal standards set by this case.
  • Risk Management: Companies may need to implement more robust internal controls and fraud prevention measures, as losses from authorized fraudulent entries are not covered under standard computer fraud insurance policies.
  • Future Litigation: This precedent will guide future court decisions in similar cases, influencing how ambiguities in insurance contracts related to computer fraud are interpreted.

Complex Concepts Simplified

  • Computer Systems Fraud: Refers to deceitful or dishonest actions that compromise the integrity of a computer system, typically involving unauthorized access or manipulation of data.
  • Fraudulent Entry: In the context of the insurance policy, this term specifically refers to unauthorized access or input into the computer system, such as hacking, rather than fraudulent data entered by someone with legitimate access.
  • Contract Ambiguity: Occurs when the terms of a contract can be reasonably interpreted in more than one way. In this case, the court found no ambiguity in the policy language.
  • Reasonable Expectations: A legal standard used to interpret contract terms based on what an average person would understand the terms to mean.

Conclusion

The Court of Appeals of New York's decision in Universal American Corp. v. National Union Fire Insurance Company underscores the importance of precise language in insurance contracts, particularly concerning computer systems fraud. By unequivocally interpreting "fraudulent entry" as unauthorized access, the court set a clear boundary on what constitutes covered fraud under such policies. This ruling not only affects how insurance contracts are drafted and interpreted but also emphasizes the necessity for organizations to safeguard their systems against unauthorized intrusions while recognizing that internal fraudulent actions may not be insurable under existing computer fraud policies.

Case Details

Year: 2015
Court: Court of Appeals of New York

Judge(s)

Jenny Rivera

Attorney(S)

Richard H. Dolan, for appellant. Barbara A. Lukeman, for respondent.

Comments