In follow up to our previous post, on Friday, July 17, the U.S. District Court for the Central District of California dismissed a lawsuit initiated by Columbia Casualty Company (“Columbia”) against Cottage Health System (“Cottage”) related to a data breach that released about 32,500 patient healthcare records that were stored electronically on Cottage’s network servers. Columbia Casualty Company v. Cottage Health System, No. 2:15-cv-03432 would have been a case of first impression in the California district court and one of the first litigated disputes involving a stand-alone cyberinsurance policy.
According to U.S. District Judge Dean D. Pregerson, who dismissed the suit, Columbia’s resort to litigation was premature. In this regard, the stand-alone “NetProtect360” cyberinsurance policy at issue provided that “[a]ll disputes and differences between the Insured and Insurer which may arise under or in connection with this policy . . . shall be submitted to the alternative dispute resolution (“ADR”) process” and that if the chosen method of ADR is mediation, then “no . . . judicial proceeding shall be commenced until the mediation shall have been terminated and at least 60 days shall have elapsed from the date of the termination . . . .”