If your insurance company offers any kind of data security/breach rider, especially if you work in a healthcare field, make sure you read the fine print as there are many common exclusion clauses that will make it worthless. Though in this case? The insurance company is correct – this was pure negligence leaving a server wide open on the Internet.

We don't cover stupid, says cyber insurer that's fighting a payout
After 2 months of patient data exposed for anyone to see, Cottage Health System's insurance policy should have come as a relief. It didn't.