25 N.Y.3d 678 (2015)

Insurance policies covering “fraudulent entry” of electronic data into a computer system refer to unauthorized access, not the content submitted by authorized users.

Summary

Universal American Corp. sought insurance coverage from National Union Fire Insurance Co. for losses resulting from fraudulent health care claims processed through its computer system. The insurance policy’s rider covered “computer systems fraud” resulting from the “fraudulent entry…of Electronic Data.” National Union denied coverage, arguing the rider applied to unauthorized system access, not fraudulent data input by authorized users. The New York Court of Appeals affirmed, holding that the policy’s language was unambiguous and covered losses from unauthorized access into the computer system, not the fraudulent content entered by authorized users, and that the term “fraudulent entry” referred to the act of accessing the system and not to the data entered.

Facts

Universal American Corp., a health insurance company, had a computerized billing system for processing claims. Universal purchased a financial institution bond from National Union, with a rider covering “computer systems fraud,” including losses from the “fraudulent entry of Electronic Data.” Universal suffered substantial losses from fraudulent claims for services never provided. National Union denied coverage, asserting the rider did not cover fraudulent claims submitted by healthcare providers. Universal sued for damages and declaratory relief, seeking to have the losses covered under the policy.

Procedural History

Universal moved for partial summary judgment in the trial court, which was denied; National Union’s cross-motion for summary judgment was granted, and the complaint was dismissed. The Appellate Division modified the order, declaring the policy did not cover the loss. The New York Court of Appeals granted Universal leave to appeal.

Issue(s)

1. Whether the insurance policy rider, covering losses resulting from “fraudulent entry…of Electronic Data,” encompasses losses caused by the submission of fraudulent information by authorized users into the insured’s computer system?

Holding

1. No, because the policy unambiguously applies to losses incurred from unauthorized access to the computer system, not the fraudulent content submitted by authorized users.

Court’s Reasoning

The court applied principles of contract interpretation, emphasizing the plain and ordinary meaning of unambiguous policy terms. The court found no ambiguity in the rider’s language, stating, “unambiguous provisions of an insurance contract must be given their plain and ordinary meaning.” The term “fraudulent entry” referred to the act of entering the system, not the nature of the data itself. The court noted that “fraudulent” modifies the