Nov 12 (Reuters) - U.S. law firm Thompson Coburn and its client Presbyterian Healthcare Services paved the way for a data breach by failing to safeguard health care and other personal information, according to lawsuit filed against them on Tuesday.
, opens new tab in Missouri federal court follows a May data breach in which an unknown hacker accessed information on Thompson Coburn's network.
St. Louis-founded Thompson Coburn, which has about 400 lawyers, did not immediately respond to a request for comment on the lawsuit. Presbyterian, a New Mexico-based health system, did not immediately comment.
Plaintiff Jason Salazar of New Mexico said the law firm held his personal information in the course of providing legal services to Presbyterian. Thompson Coburn notified him of the breach in a Nov. 6 letter.
Private information exposed in the breach may have included names and medical information, such as prescription and clinical data, the lawsuit said. It called the breach a "direct result" of Thompson Coburn and Presbyterian's inadequate cybersecurity protocols.
Law firms are increasingly facing cybersecurity risks and lawsuits. Several big firms that have been sued over data breaches, including Gunster Yoakley & Stewart, Orrick Herrington & Sutcliffe, and Bryan Cave Leighton Paisner, have reached settlement agreements.
The case is Salazar v. Thompson Coburn LLP, U.S. District Court for the Eastern District of Missouri, No. 4:24-cv-01509
For the plaintiff: Andrew Shamis of Shamis & Gentile
For the defendants: Not yet known
Reporting by Sara Merken
Source: Reuters