A CNA unit is seeking a judicial ruling that it is not obligated to pay a $4.1 million settlement under an exclusion in a hospital system’s cyber policy. Cottage Health System suffered a data breach involving about 32,500 confidential medical records between Oct 8, 2013, and Dec. 2, 2013. The breach allegedly occurred because Cottage and/or its third-party vendor stored medical records on a system that was fully accessible to the Internet but failed to install encryption or take other security measures to protect patient information.”]
Source: https://www.businessinsurance.com/article/20150515/NEWS06/150519893