On June 25, 2015, the Court of Appeals issued a decision in Universal American Corp. v. National Union Fire Insurance Co. of Pittsburgh, PA., 2015 NY Slip Op. 05516, interpreting an insurance policy.
In Universal American Corp., the plaintiff health insurance company brought a claim against its insurer “for indemnification to cover losses resulting from health care claims for unprovided services, paid through” the plaintiff’s “computer system.” The plaintiff based its claim on a rider for “Computer Systems Fraud” that covered “[l]oss resulting directly from a fraudulent (1) entry of Electronic Data or Computer Program into, or (2) change of Electronic Data or Computer Program within the Insured’s proprietary Computer System . . . provided that the entry or change causes (a) Property to be transferred, paid or delivered, (b) an account of the insured, or of its customer, to be added, deleted, debited or credited, or (c) an unauthorized account or a fictitious account to be debited or credited.” The defendant refused the claim. The plaintiff brought an action for damages and declaratory judgment. Both the trial court and the First Department held that the policy did not cover the plaintiff’s loss.
The Court of Appeals granted the plaintiff leave to appeal the First Department’s decision, but ultimately agreed with the lower courts that the claim was not covered, explaining:
An insurance agreement is subject to principles of contract interpretation. As with the construction of contracts generally, unambiguous provisions of an insurance contract must be given their plain and ordinary meaning, and the interpretation of such provisions is a question of law for the court. Ambiguity in a contract arises when the contract, read as a whole, fails to disclose its purpose and the parties’ intent, or where its terms are subject to more than one reasonable interpretation. However, parties cannot create ambiguity from whole cloth where none exists, because provisions are not ambiguous merely because the parties interpret them differently. Rather, the test to determine whether an insurance contract is ambiguous focuses on the reasonable expectations of the average insured upon reading the policy, and employing common speech.
Turning to the language of the Rider, we conclude that it unambiguously applies to losses incurred from unauthorized access to [the [plaintiff’s] computer system, and not to losses resulting from fraudulent content submitted to the computer system by authorized users. The term “fraudulent” is not defined in the Rider, but it refers to deceit and dishonesty. While the Rider also does not define the terms “entry” and “change,” the common definition of the former includes “the act of entering” or “the right or privilege of entering, access,” and the latter means “to make different, alter”. In the Rider, “fraudulent” modifies “entry” or “change” of electronic data or computer program, meaning it qualifies the act of entering or changing data or a computer program. Thus, the Rider covers losses resulting from a dishonest entry or change of electronic data or computer program, constituting what the parties agree would be “hacking” of the computer system. The Rider’s reference to “fraudulent” does not also qualify what is actually acted upon, namely the “electronic data” or “computer program” itself. The intentional word placement of “fraudulent” before “entry” and “change” manifests the parties’ intent to provide coverage for a violation of the integrity of the computer system through deceitful and dishonest access.
(Internal quotations and citations omitted).
[NOTE: Schlam Stone & Dolan was counsel for the plaintiff on this appeal]