Cybersecurity Lawsuit Dropped Against Thompson Coburn and Presbyterian Healthcare Services
A proposed class action lawsuit alleging a May 2024 data breach at law firm Thompson Coburn and Presbyterian Healthcare Services has been dismissed without prejudice, leaving open the possibility of refiling. The suit, filed by a group of New Mexico residents who were current or former patients of Presbyterian, claimed an unknown hacker accessed sensitive data including Social Security numbers and health records belonging to over 300,000 individuals.
The plaintiffs argued the breach stemmed from inadequate cybersecurity measures by both organizations. Thompson Coburn, a St. Louis-based firm, had been granted access to patient files as a client of Presbyterian. Last year, both defendants sought dismissal, with Thompson Coburn contending the plaintiffs failed to demonstrate damages and Presbyterian asserting it was also a victim of the breach.
The case was voluntarily withdrawn on Tuesday in federal court in Missouri, though no settlement details were disclosed. Neither Thompson Coburn nor Presbyterian provided immediate comment. The incident reflects a broader trend of cybersecurity litigation targeting law firms, with several major firms facing similar lawsuits in recent years.
Presbyterian Healthcare Services cybersecurity rating report: https://www.rankiteo.com/company/presbyterian-healthcare-services
Thompson Coburn LLP cybersecurity rating report: https://www.rankiteo.com/company/thompson-coburn-llp
"id": "PRETHO1770850946",
"linkid": "presbyterian-healthcare-services, thompson-coburn-llp",
"type": "Breach",
"date": "5/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Legal',
'location': 'St. Louis, Missouri, USA',
'name': 'Thompson Coburn',
'type': 'Law Firm'},
{'customers_affected': '300000',
'industry': 'Healthcare',
'location': 'New Mexico, USA',
'name': 'Presbyterian Healthcare Services',
'type': 'Healthcare Provider'}],
'data_breach': {'number_of_records_exposed': '300000',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Social Security numbers',
'Health records']},
'date_publicly_disclosed': '2024-05',
'description': 'A proposed class action lawsuit alleging a May 2024 data '
'breach at law firm Thompson Coburn and Presbyterian '
'Healthcare Services has been dismissed without prejudice. The '
'suit claimed an unknown hacker accessed sensitive data '
'including Social Security numbers and health records '
'belonging to over 300,000 individuals.',
'impact': {'data_compromised': 'Social Security numbers, health records',
'identity_theft_risk': 'High',
'legal_liabilities': 'Class action lawsuit'},
'investigation_status': 'Dismissed without prejudice',
'post_incident_analysis': {'root_causes': 'Inadequate cybersecurity measures'},
'references': [{'source': 'Cyber Incident Description'}],
'regulatory_compliance': {'legal_actions': 'Class action lawsuit dismissed '
'without prejudice'},
'threat_actor': 'Unknown hacker',
'title': 'Cybersecurity Lawsuit Dropped Against Thompson Coburn and '
'Presbyterian Healthcare Services',
'type': 'Data Breach',
'vulnerability_exploited': 'Inadequate cybersecurity measures'}