A court issued a first-of-its-kind cyber insurance ruling blocking insurer HSB from applying a ransomware sub-limit to a claim tied to a 2022 ransomware incident at CiCi. The attack involved system encryption and threats to publish allegedly exfiltrated data; CiCi reported the incident via At-Bay (HSB’s agent), retained outside counsel and incident response firm Arete Advisors, and negotiated a ransom demand from $2 million down to $400,000. CiCi claimed total losses exceeding $1.2 million under a policy with a $3 million aggregate limit and $50,000 retention.
Separately, Indiana University Health sued Change Healthcare in U.S. federal court (District of Minnesota), alleging Change’s 2024 ransomware incident disrupted critical billing and payment operations and caused $66 million in damages. The filing underscores continued downstream legal exposure from ransomware-driven outages in healthcare supply chains, where third-party service disruptions can translate into large, quantifiable financial claims.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
2 events from the most recent confirmed update back to the earliest known activity.
Indiana University Health filed a lawsuit in the U.S. District Court for the District of Minnesota seeking $66 million in damages tied to the effects of the 2024 Change Healthcare ransomware attack.
A 2024 ransomware attack on Change Healthcare disrupted critical billing and payment systems used by healthcare providers, causing operational and financial impacts on Indiana University Health.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
2 references tracked. Mallory keeps watching after this page renders.
insurancebusinessmag.com
Open sourceteiss.co.uk
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.