Judge Consolidates Five Cerner/Oracle Data Breach Lawsuits in Missouri Federal Court

Judge U.S. District Judge Beth Phillips

U.S. District Judge Beth Phillips on Monday consolidated five separate lawsuits against Cerner Corp., now operating as Oracle Health, stemming from an apparent data breach, ruling the cases 'share common questions of fact and law.'

The consolidated litigation involves multiple plaintiffs including Rebecca Blount, Cheryl McCulley, Stephen Schlaugies, Terri Ufko, Stephanie Spikes, and Kyle Park, who have filed separate lawsuits against Cerner Corp., which now operates as Oracle Health, and various hospital defendants including Bon Secours Community Hospital, Good Samaritan Hospital, St. Anthony Community Hospital, and Ascension Health. The cases appear to stem from a data breach incident, though the court's brief consolidation order does not detail the nature or scope of the alleged breach.

Judge Phillips invoked Rule 42 of the Federal Rules of Civil Procedure to merge the cases for pretrial purposes, noting that her decision was 'consistent with previous Orders consolidating other similar cases.' The judge ordered that 'all future filings shall be made only in the lowest numbered case, Case No. 25-00259-CV-W-BP,' streamlining what had become a scattered litigation across five separate dockets.

The court directed that future filings should use the caption 'In re: Cerner/Oracle Data Breach Litigation' rather than listing individual case captions, though parties must indicate in their filings which specific cases are affected if a motion or brief 'relates to only some of the cases.' This approach suggests the court anticipates managing potentially dozens of individual claims under a single umbrella proceeding.

The consolidation follows what appears to be a wave of litigation against the healthcare technology company. Cerner, which was acquired by Oracle in 2022 for $28.3 billion, provides electronic health records systems and other healthcare information technology to hospitals and health systems nationwide. The company now operates as Oracle Health following the acquisition.

While the brief order does not specify the plaintiffs' allegations or the hospitals' potential liability, data breach litigation in the healthcare sector typically involves claims that sensitive patient information was improperly accessed, stolen, or disclosed. Healthcare organizations are frequent targets for cyberattacks due to the valuable personal and medical information they maintain.

The consolidation represents an early but significant procedural step that will likely accelerate discovery and motion practice while reducing duplicative litigation costs for all parties. Similar healthcare data breach cases have resulted in multi-million-dollar settlements when patient information is compromised on a large scale.

The case will now proceed as a consolidated matter under Judge Phillips' supervision, with all parties required to coordinate their filings and legal strategies under the unified docket. The consolidation order suggests additional related cases may have been previously merged, indicating this could be part of a broader litigation arising from the same data security incident.

Counsel

Counsel information was not provided in the consolidation order.

Case

The case is In re: Cerner/Oracle Data Breach Litigation, case number 25-00259-CV-W-BP, in the U.S. District Court for the Western District of Missouri.

Court

Western District of Missouri

Case Name

Ufko v. Cerner Corporation d/b/a Oracle Health et al <b><font color="red"> This case has been consolidated into case 25-00259-CV-W-BP. All filings should be made in Case No. 25-00259-CV-W-BP. </font>

Docket

4:26-cv-00304