Tempus AI Faces Class‑Action Lawsuits Over Unconsented Use and Sale of 45 Million Genetic Records
What Happened – Tempus AI, a health‑AI vendor, is accused in federal court of training AI models on genetic data acquired from Ambry Genetics without patient consent and subsequently selling hundreds of thousands of those records to more than 70 pharmaceutical and life‑science clients. The plaintiffs allege violations of Illinois genetic‑information statutes and multiple state privacy laws.
Why It Matters for TPRM – • Massive regulatory exposure for any organization that sources data from Tempus AI. • Potential downstream liability for downstream pharma partners that receive the data. • Highlights the limits of “de‑identification” for genomic information, a key risk for data‑driven health vendors.
Who Is Affected – Healthcare providers, pharmaceutical companies, biotech firms, and any third‑party that integrates Tempus AI’s genetic datasets into research or clinical workflows.
Recommended Actions – • Review all contracts and data‑sharing agreements with Tempus AI for consent and notice clauses. • Conduct a data‑privacy impact assessment on any genetic data received from Tempus. • Verify that your organization’s consent management processes meet state genetic‑information regulations. • Monitor litigation developments and be prepared to adjust data‑use policies promptly.
Technical Notes – The dispute centers on the use and sale of de‑identified genomic data, which research shows can be re‑identified through cross‑referencing with public genealogical databases. No specific vulnerability or malware is reported. Source: https://www.databreachtoday.com/health-ai-firm-faces-lawsuits-over-dna-data-use-disclosure-a-31465