Big Win For Policyholders in Fourth Circuit Finding Duty to Defend Under General Liability Policy for Data Breach!
This week, the Fourth Circuit affirmed the lower court’s ruling of summary judgment in favor of the policyholder Portal Healthcare, finding that Travelers has a duty to defend it under a General Liability policy for a putative class action lawsuit relating to a potential alleged data breach of hospital records that were available for anyone to see on the internet for a period of time. Travelers Indemnity Co. of Am. v. Portal Healthcare Solutions, LLC, No. 14-1944, 2016 U.S. App. LEXIS 6554 (4th Cir. April 11, 2016), unpublished. Significantly, the Fourth Circuit found that the face of the class-action complaint “at least potentially or arguably” alleged a “publication” of medical information under Coverage B of the Traveler’s General Liability policy. It did not matter to the court that there was no evidence that the medical information was ever accessed by anyone on the internet. The court found that it was enough that the general public could have accessed it freely on the internet during the time that the medical records were available, and that was enough to constitute a publication that gives rise to a duty to defend.
While purchasing a stand-alone cyber policy is still a recommended approach, this opinion should remind policyholders to consider coverage for your data breach under your General Liability policy as well.