New York Federal Court Directs Expert Discovery in Computer Fraud Coverage Case
Medidata Solutions, Inc. v. Federal Insurance Company, No. 115-cv-00907 (S.D.N.Y., filed February 6, 2015). This highly-watched case involves a loss of $4.8 million through a voluntary electronic transfer made by an authorized user of a computer system induced by a social engineering fraud. Both parties had moved for summary judgment. By Order dated March 9, 2016, the Court denied both motions without prejudice due to an insufficient record.
The fraud included fictitious emails purportedly sent from one employee of Medidata to another. Medidata sought coverage under a crime policy providing coverage for losses resulting from Computer Fraud, defined as “fraudulent entry of data into . . . a Computer System” or a “fraudulent change of data elements . . . of a computer system.” The insurer, Federal, argued that there is no coverage because there was no manipulation or unauthorized entry into a computer system, so there was no involuntary transfer effected by hackers, forgers or impostors.
Federal placed heavy reliance on a 2015 New York Court of Appeals decision, Universal Am. Corp v. Nat’l Union Fire Ins. Co. of Pittsburgh, PA, 25 N.Y. 3d 275 (2015). That case found no coverage under a Computer Systems Fraud Rider for losses resulting from the entry of fraudulent medical claims into a health insurer’s computer system by authorized users. The Court of Appeals found the Rider was intended to cover deceitful and dishonest acts of outside hackers, not entries by authorized users.
The Order in Medidata did not refer to Universal Am. Instead, in denying summary judgment to both parties, the Court granted leave to to conduct expert discovery. The discovery is “to be limited to establishing the method in which the perpetrator sent its emails to [Medidata], and discussing what changes, if any, were made to [Medidata’s] computer systems when the emails were received.”
If the case proceeds to a further decision, it could provide significant insight into the facts and analysis that would inform future computer-related coverage disputes