Class Action Lawsuit Filed Against Anthem with Evidence of Harm

Three insurance agencies have been accused of failing to secure HIPAA-covered data and have been cited in a class action claim as a result of the Anthem data breach in February. Now the lawsuit has allegedly attracted three new plaintiffs, each of who claim to have suffered identity theft as a result of the security breach.

There have been a slew of lawsuits filed in recent months since the Connecticut Supreme Court ruling that individuals can sue for data breaches that exposed their PHI. However many of these class action claims against insurance companies and healthcare providers have been thrown out by judges as plaintiffs have been unable to substantiate the claims for damages with evidence of actual loss or harm suffered.

The Missouri class action against the insurers was filed in February in St. Louis County by one female breach victim; shortly after the data breach was announced. Each of the three new plaintiffs that have been signed up for the suit alleges that they suffered actual losses as a result of the breach.

In December and January each of the three plaintiffs had fraudulent tax returns filed, and they allege that these were as the result of the Anthem data breach. The combined losses of all plaintiffs total $6,753.

The claim is a 10-count lawsuit that is seeking unspecified damages. It is claimed that the data is “in the hands of thieves” and that this “has carved a wide tail of substantial customer harm and injuries to consumers across the United States.” The claim also states that “further instances of identity theft are certainly impending and imminent.”

The suit alleges that Anthem did not do enough to prevent hackers from gaining access to their confidential information. If the case is signed off by a judge, there are potentially some 1.5 million signatures that could be added to the suit; being the number of Missourians affected by the data breach.

Worrying Times for Anthem Data Breach Victims

While claims have previously been made for damages, this case appears to involve identity theft and tax fraud. It remains to be seen whether the claim can establish that the fraudulent tax claims were as a result of the Anthem breach. Identity and medical fraud have become easier for thieves since the move to EHRs, but this is not the only way that data can be obtained and used for fraudulent purposes. The claims will have to establish that the Anthem breach was how their personal data was disclosed.

Should this prove to be the case, with 78.8 million individuals affected by the breach, the number of actual identity fraud victims could well total in the millions. In light of these potential instances of PHI being used for fraudulent purposes, it is essential that any individual notified that their data was exposed in the Anthem breach should monitor their credit closely, check EOB statements for discrepancies and sign up for credit monitoring services.

Anthem Reassures its Members

Anthem issued a statement via the Associated Press on Tuesday stating it “has no evidence that the hackers shared or sold any of the data involving its current or past customers, or that fraud has occurred against its members”, although no specific mention was made about the class action HIPAA breach claim in Missouri.

The statement explained that the insurer is “offering free credit monitoring, special identity-protection services for insured children and help from investigators in tracking down fraud to people who may be affected.”

If breach victims sign up for these services, instances of medical and identity fraud can be identified quickly in time for any damage to be mitigated.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.