Ohio Supreme Court says insurance policy does not cover ransomware attack on software

vtqhtr413

Level 26
Thread author
Verified
Top Poster
Well-known
Aug 17, 2017
1,448
The Ohio Supreme Court has unanimously overruled a judgment of the Ohio Second District Court of Appeals and moved that there must be "direct" physical loss or physical damage in the company's computer software for insurance policy coverage. From a report:In the three-year court proceedings between the greater Dayton medical billing software maker EMOI and its insurance service provider Lansing, Michigan-based Owners Insurance Company, the latter asserted that the insurance contract unambiguously stated only "direct physical loss" or "direct physical damage" to media would be covered under the insurance policy. The court in its final ruling gave the rationale that a computer might have physical electronic components that are "tangible" in nature but the information stored there has no "physical presence"; thus a ransomware attack on the company software has no coverage under the company's insurance policy. The judgment against EMOI concludes that a software developer can't use its property insurance to cover losses. A district judge had dismissed EMOI's case against Owners, which the developer brought forth just months after the attack. But the appellate court in November 2021 had ruled in favor of EMOI stating that the claimant could sue the insurance company for allegedly treating its claim in bad faith by failing to properly examine "the various types of damage that can occur to media such as software."
 

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,094
Okay, now this is interesting. I never saw this coming, but this is huge. I mean huge.
Luddites? how can they conclude that "the information stored there has no "physical presence"?? I think science would say that electrons, 0 | 1 (whatever) in particular locations on hdd or sdd are definitely there, and can be removed or changed. To me, it is physical. This is not particularly significant if and until, a majority of courts adopt this line of thinking. Meanwhile attorneys will be adjusting the language in insurance contracts in an attempt to provide coverage or deny coverage depending on who's doing the drafting. This court opinion could be limited to that insurance company, using that contract, in Ohio. Probably a minority opinion from an insignificant court, 100 years from now some researcher will find it and say WTF! :ROFLMAO: or not??
 

vtqhtr413

Level 26
Thread author
Verified
Top Poster
Well-known
Aug 17, 2017
1,448
According to Greco, the only way to guarantee that insurance companies will continue to do business in the technology and private market is to set up some sort of private-public system to better absorb and handle systemic risks. Those risks cannot be quantified, Greco said, and must be treated like earthquakes or terror attacks when it comes to insurance costs for private companies. In this regard, Zurich's CEO praised the US government and how Washington is calling for views about a potential federal insurance response to cyber-threats like the Colonial Pipeline.
 
  • Like
Reactions: simmerskool

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top