Weisbrod Matteis & Copley Uncovers Massive Fraud In the Adjustment Of Superstorm Sandy Claims

I, and several colleagues, recently had the good fortune of joining the law firm of Weisbrod Matteis & Copley (“WMC”) and opening its first office based outside of Washington, D.C. in Philadelphia, PA. In addition to representing corporate policyholders in maximizing insurance recoveries, WMC is one of the leading firms in the country representing individuals who have been left high and dry by their insurers after a major disaster, such as Hurricane Katrina or Superstorm Sandy, strikes.

For nearly ten years, the firm has represented the whistleblowers who first discovered fraudulent engineering reports after Hurricane Katrina. It remains the only firm in history to prove to a jury that a FEMA-contracted insurer committed fraud in adjusting Hurricane Katrina claims.

WMC is now bringing that experience to bear for the benefit of home and business owners who continue to suffer so greatly in the aftermath of Superstorm Sandy. The firm represents nearly 1300 Sandy victims who are seeking a fair adjustment of their flood insurance claims by FEMA. Unfortunately, that adjustment process is rife with fraud.

On the positive side, both congress and the media are taking note. Recently, WMC partner, August Matteis, appeared on a television news segment along with Congressman Tom MacArthur to discuss the fraud. You can view that segment by clicking here. Most recently, Matthew Krauss, another WMC attorney, appeared on Maggie Glynn’s radio show to further explain how Sandy victims are being underpaid. That interview can be heard by clicking here.

Victims of natural disasters have suffered enough. If nothing else, FEMA owes them an honest adjustment of their insurance claims.

 

For more information, please contact Lee M. Epstein.

Caveat Emptor in the Brave New World of Cyber Insurance Coverage

databreach

Guest Blogger:  Martin Bienstock, Weisbrod Matteis & Copley PLLC

There are two types of entities in the world, goes the adage: those who have learned that their data was breached; and those who just don’t know it yet.  The cost of these data breaches is no laughing matter, however; according to a recent study sponsored by IBM, the average data breach costs a company more than $200 for each record lost.[1]  (In the health-care sector, the cost are even greater, approaching $400 per-record lost record.[2])  The more records that are lost, the greater the per-record expense, so that a large data breach may give rise to exorbitant costs.[3]

Thoughtful executives can mitigate these costs through effective utilization of insurance coverage.  Insurance companies aggressively are marketing new cyber-insurance policies that provide first-party and third-party coverage in the event of a data breach.  Often, the new policies are accompanied by an exclusion in the entity’s Commercial General Liability Policy for losses arising from a data breach.

Entities entering the market for cyber coverage therefore must be vigilant to ensure that, at the end of the day, their efforts not yield less coverage than previously had been available.

Cyber Insurance Policies Are Often Conditioned Upon Maintaining a Particular Level of IT Security.

The new cyber policies typically require an applicant to complete a comprehensive assessment of its cyber security measures, affirming, for example, that it has in place “up-to-date, active firewall technology,” and “updated anti-virus software active on all computers and networks.”[4]   Coverage may be conditioned on the accuracy of these representations.[5]   In the event of a breach, if it turns out that the IT security information represented in the application form was inaccurate, coverage might not be available.

Thus, in one recent case,[6] an insurer sought to deny coverage because, among other things, the insured health-care provider had not maintained the level of IT security described in its application.  The insurer argued that the policy therefore was void.[7]  Under cyber-liability policies, then, an insured might be excluded from coverage in the event that it was negligent in implementing cyber-security measures – hardly the result that the insured had in mind when it purchased the policy.

Traditional CGL Policies Offer Some Protection for Data Breaches Even When the Insured Failed to Maintain Adequate IT Security.

When a data breach arises from an entity’s failure to maintain security, third-party coverage likely would be available under a standard Commercial General Liability Policy.  The standard CGL Policy provides coverage for “advertising injury.”  It defines such advertising injury to include injury caused by “oral or written publication, including publication by electronic means,” which “disclosed information about a person’s private life.”

This definition of “advertising injury” is ill-suited for costs arising from a data breach since it depends upon “publication.”  In the event of a data breach, many of the costs are unrelated to the actual publication of private data; the costs arise from the mere possibility of publication, not its actuality.  Conditioning data-breach coverage upon an irrelevant “publication” standard makes little sense.

Two recent cases highlight the limitation of relying on the “publication” standard to provide protection against data-breach claims.  In one case, electronic data concerning 50,000 employees fell out of a transport van and never was recovered.  The Connecticut Supreme Court held that the data had not been “published,” since there no factual support for the conclusion that the data, which was not in a readily usable format, ever was accessed by anyone.[8]  In contrast, in another recent case, the Fourth Circuit Court of Appeals affirmed a district court decision that damages resulting from a data-breach did constitute “advertising injury” because the information had been made available on the internet, and therefore was “published.”[9]

Cyber-data and Cyber-security policies can be better designed than the CGL “advertising injury” coverage, so that coverage is not dependent on publication.  But as some insureds have learned to their dismay, cyber-liability policies may be drafted to shift the costs of negligence back to the insured, and to make coverage unavailable for the very data breaches for which the insured purchased the insurance in the first place.

Caveat Emptor

Cyber-risk insurance therefore may serve a useful purpose by providing coverage that is targeted specifically towards data breaches, and that covers damages that go beyond the scope of the traditional CGL Policy. Buyers must beware however that the extra financial and administrative burden they assume in buying such policies not leave them worse-off than before.

For more information, please contact Marty at mbienstock@wmclaw.com or 202.751.2002.

 

[1] IBM 2015 Cost of Data Breach Study United States, conducted by Ponemon Institute LLC (May 2015) at 1.

[2] Id. at 7.

[3] Id. at 7.

[4] A sample cyber-risk policy issued by Travelers Group and containing these representations (last accessed on the date of publication) is available here .

[5] Id., Cyber-Risk Policy at III.M. (p. 22).

[6] Columbia Cas. Co. v. Cottage Health Sys., 15-cv-3432 (2015 C.D. Cal.).

[7] Id., Dkt No. 22.

[8] Recall Total Info. Mgmt., Inc. v. Fed. Ins., 317 Conn. 46, 115 A.3d 458 (2015).  The Connecticut Supreme Court adopted the reasoning of the appellate court in Recall Total Information Management, Inc. v. Federal Ins. Co., 147 Conn.App. 450, 465, 83 A.3d 664 (2014).

[9] Travelers Indem. Co. of Am. v. Portal Healthcare Sols., L.L.C No. 14-1944, 2016 WL 1399517, at *2 (4th Cir. Apr. 11, 2016).

“UBER” Liabilities: Legislatures Respond To Emerging RideShare Liabilities With New Insurance Laws

Guest Blogger, Annie Kernicky, Esq.

The growing popularity of rideshare services like Uber and Lyft is resulting in new and emerging liabilities. Just last week in Michigan, for example, an Uber driver, in between shooting six people, allegedly picked up passengers for Uber. Passengers flock to rideshares for their touch-and-go convenience and low cost, and courts and legislatures are trying to keep up.

Situations such as the Michigan shooting will not only spur an increase rise in litigation connected to rideshare services (see previous blog post), but are also prompting new laws across the county to ensure that minimum insurance and adequate coverage exist during, and even before, a passenger’s trip in a rideshare vehicle.uBER 3

California, for example, recently enacted a new law designed to clarify what insurance coverage is required during the various phases that a rideshare driver goes through during a day of driving – i.e. Period 1, the time when the Uber app is on, but the driver hasn’t yet been matched to a driver; and Periods 2 and 3, which includes when the driver is matched with a rider, when the driver picks up the rider, and the entire drive until the rider is dropped off at the destination.

Like others of its kind across the country, the new California law sets insurance coverage requirements for all Transportation Network (TNCs) and driver partners while they are logged into the Uber platform and waiting for a trip request, i.e. Period 1.  The law requires either the TNC, Uber’s affiliate Rasier-CA LLC, or the rideshare driver partner to maintain primary third-party liability insurance that provides coverage in the amounts of $50,000 per individual with a total of $100,000 per accident along with up to $30,000 for property damage during Period 1.  Prior to the law, California’s minimum insurance requirement was $15,000. The new law also means that standard and optional coverages a driver may have purchased on their own personal auto policy no longer apply while the driver is logged into the app (in California only).

Outside of California, other states are enacting similar insurance-related laws, especially during Period 1 when other insurance may not be applicable because a passenger has not yet been picked up. At the beginning of February, in Florida, the Senate Judiciary Committee voted in favor of the law, which would set minimum insurance coverage requirements for when drivers are using their personal vehicles and are logged into the companies’ apps, but not in the act of transporting a paying passenger.  Among others, the Florida bill would require a TNC driver or company to maintain primary automobile insurance issued by specified insurers with certain coverages in specified amounts during the different periods, and also require a TNC driver to carry proof of insurance coverage at all times during the use of a personal vehicle for rideshare services.

Certainly the trend is to require rideshare drivers (or companies) to have higher insurance minimums when a driver has the company app on, even with no passengers in the vehicle.  These measures not only help protect public safety, but also ensure that there is adequate coverage and responsibility if an accident or potential liability does occur while a driver is using a rideshare app.

TIME IS MONEY: Insured’s Late Notice Of An Insurance Claim Causes Forfeiture Of Coverage Even Though Insurer Suffers No Prejudice

hour glass

The failure to give timely notice continues to unnecessarily plague insureds and others seeking coverage under insurance policies. In an unsurprising move, the New Jersey Supreme Court affirmed prior holdings allowing insurers to disclaim coverage under a“claims made” policy for late notice even though the insurer suffers no prejudice as a result of the late notice. Templo Fuente De Vida Corp., et al. v. National Union Fire Insurance Co., (A-18-14) (074572) (NJ, February 11, 2016). In this case, the insured’s six month delay in providing notice under “claims made” Directors & Officers (“D&O”) Policy resulted in a complete forfeiture of coverage. While proceeding slowly and deliberately may be a virtue in some contexts, it is not advisable when notifying insurers of claims.

In reaching its holding the Court affirmed prior holdings in which it distinguished between “claims made” and “occurrence” policies. Under an “occurrence” policy, “it is the ‘occurrence’ of the peril that is insured, and so long as that peril occurred during the life of the policy, coverage attaches.” In contrast, under a “‘claims made’ policy, it is the making of the claim which is the event and peril being insured and, subject to policy language, regardless of when the occurrence took place.’” Accordingly, the Court had determined previously that while insurers must show that they were prejudiced by late notice of a claim under an “occurrence” policy, no showing of prejudice is required under a “claims made” policy.

Faced with this adverse precedent governing “claims made” policies, the plaintiffs (the insured had assigned its rights under the “claims made” policy to the underlying plaintiffs) argued that insurers were relieved of proving prejudice from late notice only where the claim was made after the expiration of the policy period. Rather than address that argument directly, the Court focused on the sophistication of the policyholder: “We have historically approached ‘claims made’ and ‘occurrence’ policies differently due in large part to the differences between the policyholders themselves.” The Court reasoned that in the “vast majority” of “occurrence” policies, the policyholders are “unsophisticated consumers unaware of all of the policy’s requirements.” In contrast, under “claims made” policies, “insurers are ‘dealing with a more sophisticated clientele, [who] are much better able to deal with the insurers on an equal footing[.]’” (quotation omitted).

Because the insured in the case before it was sophisticated, the Court held that the insured’s failure to give timely notice constituted a breach of its “claims made” D&O policy which, in turn, permitted the insurer to disclaim coverage without demonstrating prejudice: “our jurisprudence has never afforded a sophisticated insured the right to deviate from the clear terms of a ‘claims made’ policy.”

This case serves as another reminder of the importance of providing timely notice of insurance claims. Indeed, in this case time really was money. Depending on the nature of the claim, the nature of the policy and the nature of the insured, late notice may prove fatal.

Questions? Let me know.

 

Anticipation Over: Heinz Squeezed By Federal Court

Heinz DeniedUnderscoring the need for complete candor when answering insurance application questions, a federal court permitted an insurer to rescind an insurance policy.  See H.J. Heinz Co. v. Starr Surplus Lines Co., Case No. 15 cv0631 (W.D. PA, Feb 1, 2016). Starr sold Heinz an Accidental Contamination and Government Recall insurance policy (the “Recall Policy”). After Heinz sought coverage for losses incurred in connection with a product recall in China, Starr refused the claim and sought to rescind the Recall Policy. As the court explained, “rescind” means to have the insurance policy declared void as if it never existed.

Interestingly, the court employed an advisory jury to assist in the determination. The court agreed with the jury’s finding that Heinz had omitted and misrepresented certain material facts in its application for insurance. Specifically, the application asked two pertinent questions: (1) whether “any fines or penalties been assessed against the Applicant by any food or similar regulatory body over the last 3 years” and (2) whether “the Applicant experienced a withdrawal, recall or stock recovery of any products or has the Applicant been responsible for the costs incurred by a third party in recalling or withdrawing any products.” Heinz answered no to the first question and did not answer the second question.

Contrary to its application answers, the evidence presented at trial showed that Heinz was fined or undertook recalls in connection with a number of contaminated food products. Heinz’s Global Insurance Director sought to excuse certain of the less than accurate application answers by stating that the losses at issue would not have been covered by a Recall Policy. The court did not credit that testimony.

Particularly damning was the fact that Heinz’s Global Insurance Director had previously disclosed the very same contamination losses that had been withheld from the insurer to Heinz’s Senior Management. According to the court, “simply put, if this information was sufficiently important for [the Global Insurance Director] to include in a presentation memorandum to the Heinz senior management, it was sufficiently important to include on the Application, yet [he] failed to do so.” The court found further that the Global Insurance Director made the misrepresentations for one or both of the following reasons: (1) to obtain a lower SIR and/or (2) to secure a lower insurance premium.

Although instances of insurance policy rescission for fraud and misrepresentation are rare, it does occur. This case serves as a painful reminder to all policyholders and their risk managers of the importance of full and complete candor when answering insurance application questions.

Questions? Let me know.

Declaration of Independence: Court Declares That Insureds Are Entitled To Independent Counsel When A Conflict Of Interest Develops

This past week, the Nevada Supreme Court adopted the so-called “Cumis” Rule. See State Farm Mutl. Ins. Co. v. Hansen, No. 64484 (Nev., Sept. 24, 2015). That Rule derives from a California appellate court case decided over thirty years ago. San Diego Fed. Credit Union v. Cumis Ins. Society, Inc., 208 Cal. Rptr. 494, 506 (Cal. Ct. App. 1984). The Cumis Rule provides that when a conflict of interest develops between an insurer that is defending its insured against a third-party claim, the insurer must satisfy its contractual duty to defend by paying for independent defense counsel chosen by the insured.

Courts throughout the country are split on whether and when the Cumis Rule or some variant of that Rule applies. Thus, the right to independent counsel varies from state to state and policyholders must be proactive in understanding and securing their right to independent defense counsel.

Those courts that have refused to allow insureds to select independent counsel hold generally that no conflict arises because defense counsel represent and owe a duty of loyalty to to the insured only and not to the insurer. Conversely, those courts allowing insureds to select independent counsel hold that defense counsel engage in a dual representation by representing the interests of both insurers and insureds. When a conflict of interest develops in a case involving a dual representation, independent counsel selected by the insured and paid by the insurer is required.

Courts are likewise split on when an actual conflict of interest arises. Some courts hold that whenever an insurer reserves its right to deny coverage an actual conflict arises. Other courts have decided that an insurer’s reservation of the right to deny coverage does not create a per se conflict of interest. An actual conflict of interest requiring the retention of independent counsel arises in those jurisdictions only when the outcome of the coverage determination can be controlled by defense counsel. The Hansen Court opted for the latter approach, holding that “there is no conflict of interest if the reservation of rights is based on coverage issues that are only extrinsic or ancillary to the issues actually litigated in the underlying action.”

The Hansen decision underscores the reality that insurance coverage law and rights are ever developing state by state. Knowing which states acknowledge dual representation and when an actual conflict arises will make all the difference in securing independent defense counsel at the insurer’s expense.

Questions? Let me know.

Thinking Outside The Car: UBER Gets Creative With Its Insurance

Guest Blogger: Annie Kernicky, Esq.,

New and emerging technologies are leading to new and emerging insurance products. Policyholders must remain vigilant in both securing that coverage and in pursuing claims under that coverage. A recently filed case involving the technology fueled, rideshare service, Uber, drives this point home.

As more and more consumers are learning, Uber and other rideshare services like Lyft work as follows: A customer seeking a ride activates an app and sees real-time locations of nearby rideshare vehicles. After a user clicks to request a pick-up, drivers are alerted of the potential fare by visual display on their smartphone, which they must respond to. The app also allows both the driver and passenger to text and/or call each other.

As reflected in a recently filed insurance coverage action involving Uber, insured smartphone-based app rideshare services are seeking coverage in creative ways.  In that case, Evanston Insurance Company seeks a declaration that it is not required to cover Uber’s settlement with the family of a 6-year-old girl killed in a collision with an alleged Uber driver who was allegedly using the Uber app, but had not yet picked up passengers. In its complaint, Evanston argues that its excess policy covers only technology, and the underlying suit concerns an automobile accident.  Instead of seeking coverage under its Business Auto policy or perhaps in addition thereto, Uber is pursuing a claim against Evanston under a liability insurance policy designed to cover Uber’s technology operations.   Evanston contends that its insurance policy excludes taxi operations and covers only Uber’s technology aspects and operations.  Although Uber has not yet responded to Evanston’s complaint, it appears that Uber is contending that the Underlying claim arose out of its “technology operations” because the underlying injury occurred while the driver was using the Uber app, and not while the driver had passengers.

Even though the underlying claim appeared to involve an automobile liability, further consideration reveals that a new technology may be the real culprit. This case provides a prime example of an insured creatively pursuing coverage under an insurance policy that at first blush might not apply. It serves as a healthy reminder for all policyholders that successfully securing coverage sometimes requires looking for coverage in both the usual and not so usual places.

%d bloggers like this: