The May data breach reportedly compromised names and medical information
US firm Thompson Coburn and its client Presbyterian Healthcare Services have been named as defendants in a proposed class action over a data breach that happened earlier this year, reported Reuters.
An unidentified hacker gained access to Thompson Coburn’s network in May. Names and medical information like prescription and clinical data may have been compromised, according to the suit filed in Missouri federal court.
The class action accused the firm and the New Mexico-based health system of not being able to protect healthcare and personal information in the event of such a cyberattack. A statement in the suit said that the data breach occurred as a “direct result” of the lacking cybersecurity protocols implemented by Thompson Coburn and Presbyterian.
Plaintiff Jason Salazar, who is based in New Mexico, learned of the data breach when Thompson Coburn sent him a letter dated November 6. Salazar claimed that Thompson Coburn got hold of his personal information while conducting legal work for Presbyterian.
Shamis & Gentile’s Andrew Shamis will represent Salazar in this suit. Thompson Coburn and Presbyterian did not reveal details about their legal representation or provide comment on the matter.
The case is Salazar v. Thompson Coburn LLP, U.S. District Court for the Eastern District of Missouri, No. 4:24-cv-01509.
Thompson Coburn is the latest addition to a growing list of major firms that have been targeted in cybersecurity-related lawsuits. The list includes Gunster Yoakley & Stewart, Orrick Herrington & Sutcliffe, and Bryan Cave Leighton Paisner; these firms settled their suits out of court.
The 2024 ACC Chief Legal Officers Survey, which was conducted by the Association of Corporate Counsel, revealed that CLOs see data breaches as their biggest data-related concern.
Earlier this year, the BC Court of Appeal upheld the class action status of a case involving the Capital One data breach. Orrick, Herrington & Sutcliffe was also accused of going against court orders in a matter involving the 2023 cyber attack on Progress Software’s MOVEit program.