An insurer sought to rescind professional liability coverage against a real estate company (the “Company”) for failure to disclose a risk that the Company learned of just days after signing the insurance application.

The Company’s president signed the application, which stated that the company had no information about any “unauthorized access, unauthorized use, unauthorized disclosure, virus, denial of service attack, theft of data, fraud, electronic vandalism, sabotage, extortion, or other security events, including notification for any actual or potential compromise of information" within the last five years. The application signed by the president of the Company also stated that:

As the authorized agent, I declare that if the firm or any of its members become aware of any information that would change answers furnished in the application, the firm will reveal such information in writing to the Company prior to the effective date of coverage.

Days after signing the application, the Company became aware that its client wired a payment to a bad actor impersonating the Company. The Company promptly notified its insurance brokers; however, both failed to provide a notice to the insurer before the new policy was incepted. Once notice was provided, the insurer sought to rescind the policy and declared that it had no duty to defend the Company.

The Company sued the insurer and urged the court to stay the coverage litigation, pending the resolution of the underlying lawsuit. According to the Company, the facts that would be established in the underlying lawsuit would guide the coverage litigation. The court granted the Company’s motion although it was not persuaded that the underlying lawsuit would shed light on the issues related to the failure to disclose a known risk. Yet, the court opined that the claim seeking to declare that the insurer had no duty to defend the Company had some potential overlap with the underlying lawsuit, so it agreed to stay the coverage litigation.

Alliant will continue monitoring the resolution of this rescission litigation. However, even without coverage issues being ruled upon, this case serves as an important reminder that any known risk needs to be timely reported to insurers. More importantly, this case reiterates how important it is to draft narrow and specific application and warranty language. Such language needs to identify a narrow group of people whose knowledge would impose disclosure obligations, and such language must be limited in scope and time. Crucially, such warranty or application statements of the limited control group must never be imputed to innocent insureds.

A large pharmacy chain in the United States (the “Pharmacy”) reached one of the largest settlements among derivative lawsuits. The settlement was for an opioid-related shareholder derivative lawsuit alleging a breach of duty of oversight.  

This settlement stems from the opioid epidemic that led to the emergence of extensive securities and corporate litigation.  The Pharmacy became involved in opioid litigation approximately fifteen years ago, when the Drug Enforcement Administration (“DEA”) started its investigation into the Pharmacy’s compliance with the Controlled Substances Act (the “Act”). The Pharmacy settled the matter with the DEA and agreed to implement changes to its practices; however, a series of lawsuits followed. Predictably, shareholder derivative complaints were among the lawsuits, and they alleged that the Pharmacy’s board failed to establish proper protocols to ensure compliance with the Act.

The court denied the Pharmacy’s motion to dismiss the allegations of the breach of duty of oversight—that the directors consciously ignored the absence of a robust monitoring system, which led to the compliance risk. After the motion to dismiss, the board engaged in mediation efforts and, although it maintained the position of denying all allegations, agreed to a $123M settlement to be paid by its D&O insurers. 

The Massachusetts Supreme Judicial Court upheld the dismissal of class action lawsuits filed against two hospitals alleging they violated the privacy of users by tracking the users’ web-browsing activities on their sites. Specifically, the court rejected the applicability of the state’s wiretap statute to the claims. 

The plaintiff, a patient of the hospitals, argued that the collection of her personal information, such as her IP address and browsing history, violated her reasonable expectation of privacy and constituted a wiretap under the Wiretap Act.  The court reasoned that the Massachusetts Wiretap Act (the “Act”) was enacted to protect person-to-person communications from hidden electronic surveillance.  The court rejected the patient’s position that web-tracking activities involved the type of communications that the statute was intended to prohibit.  In the absence of an express textual provision or an indication of legislative intent, browsing and other similar website interactions on the hospitals' websites were not "wire communications" under the Act. In the court’s view, activities such as entering a URL, accessing a specific webpage, clicking on links, and scrolling through a webpage were clearly not the type of person-to-person conversation protected by the Act. One judge dissented, suggesting that the legislature needs to revise the Act to protect consumers from such web-tracking activity.

This decision is expected to be used by defendants in similar cases across the country to limit the use of wiretap statutes to support such claims.  While it does not immunize hospitals and other businesses from these types of claims under other legal theories (such as invasion of privacy or breach of contract), it should make proving these claims more difficult for the plaintiff’s bar.  

A federal district court ruled that there was no coverage for a malpractice claim under a lawyer’s professional liability policy and subsequent policies, because the insured failed to satisfy the policies’ notice and reporting requirements. The insured was sued for malpractice after they failed to timely respond to a motion for summary judgment and the underlying medical malpractice case was dismissed. The insured’s client sued for legal malpractice, which the insured settled and assigned their claims under the policies to the client. The client then brought a declaratory judgment and breach of contract action against the carriers, which was dismissed.

The policy was a "claims made" policy, providing coverage for claims made during the policy period. The claim was not reported until years after the initial dismissal of the underlying case, which was after the expiration of the policy period and the two-year extended reporting period. Therefore, no coverage was afforded under the initial policy. The client alleged that a notice of potential claim was reported during the extended reporting period; however, the policy provided that potential claims must be reported during the "policy period" (not the "extended reporting period") for coverage to apply to a subsequent claim.

The malpractice claim was also reported to a subsequent professional liability carrier; however, that policy excluded coverage for claims "based upon, arising out of, directly or indirectly resulting from, or in any way involving any Wrongful Act prior to the Retroactive Date or any subsequent Related Wrongful Act." The alleged wrongful act that formed the basis for the malpractice claim, failing to timely respond to the motion for summary judgment, occurred prior to the Retroactive Date and therefore did not trigger coverage.