Attorney says lawyers suing Anthem subsidiaries in Kansas can show data breach harmed insured

A former candidate for Kansas governor said Monday that he and other attorneys who are suing two subsidiaries of Anthem Inc. can show that individuals were harmed after hackers breached the health insurer's computer networks.

Paul Davis and other attorneys who filed the lawsuit earlier this month in Douglas County District Court on behalf of a Kansas City, Kansas, woman also are urging participants in the state's Medicaid program to consider joining the case. A similar lawsuit was filed in February in St. Louis County, Missouri.

Davis, from Lawrence, is a partner in one of three law firms involved in both lawsuits. He also was the Democratic nominee for Kansas governor last year, narrowly losing to Republican Gov. Sam Brownback.

Brownback's major first-term initiatives included turning over the management of the state's Medicaid program, which provides health coverage to the needy and disabled, to three private health insurers. One is Amerigroup Kansas Inc., affiliated with Amerigroup Corp., an Anthem subsidiary.

Hackers in December or January broke into an Anthem database with information for about 80 million people, including names, employment details and Social Security numbers. The Kansas Department of Health and Environment said nearly 165,000 past and current recipients of state health coverage could have been affected.

The lawsuit names the two Amerigroup companies as defendants and alleges they failed to adequately protect data. The lawsuit said the woman filing the case, Julie Stanturf, fears potential future harm, but Davis said her attorneys have identified other individuals who have been fraud victims because of the data breach and plan to add them to the case later.

"Their personal information right now is in the hands of thieves," Davis said. "This is a huge, huge mistake that Anthem has made."

Anthem spokeswoman Cindy Wakefield said in an email statement that Anthem is offering free credit monitoring, special identity-protection services for insured children and help from investigators in tracking down fraud to people who may be affected.

"To date, in working with the FBI, we have found no evidence that the cyber attackers have shared or sold any of our members' data and there is no evidence that fraud has occurred against our members," Wakefield said.

Davis said the lawyers are not blaming Brownback's administration directly for the problem but added that such a data breach is a risk when the state "outsources" government functions to private companies.

"Had the state not contracted the Medicaid program out with a private insurance company like Amerigroup, we clearly would not be in the situation we are now," Davis said.

KDHE declined to comment on the lawsuit, and Brownback spokeswoman Eileen Hawley did not respond Monday evening to telephone and email messages seeking a response to Davis' comments.


Follow John Hanna on Twitter at .