Federal Judge Consolidates Five Cerner/Oracle Data Breach Lawsuits in Missouri

Judge U.S. District Judge Beth Phillips

U.S. District Judge Beth Phillips on Monday consolidated five separate lawsuits stemming from a data breach involving Oracle Health into a single multidistrict litigation proceeding, ruling that the cases 'share common questions of fact and law.'

The consolidated cases involve patients and individuals whose personal information was allegedly compromised in a data breach involving Cerner Corp., which operates as Oracle Health, and various hospital systems including Bon Secours Community Hospital, Good Samaritan Hospital, St. Anthony Community Hospital, and Ascension Health. The lawsuits were filed by Rebecca Blount, Cheryl McCulley, Stephen Schlaugies, Terri Ufko, Stephanie Spikes, and Kyle Park, among others, seeking damages for the alleged security incident.

Judge Phillips ordered the consolidation under Federal Rule of Civil Procedure 42, determining that efficiency would be served by combining the cases 'at least for all pretrial purposes.' The court directed that all future filings be made in the lead case, No. 25-00259-CV-W-BP, and that parties use the simplified caption 'In re: Cerner/Oracle Data Breach Litigation' instead of listing all individual case captions.

The order reflects the court's assessment that the multiple lawsuits involve sufficiently similar factual allegations and legal theories to warrant consolidated treatment. Phillips noted the consolidation was 'consistent with previous Orders consolidating other similar cases,' suggesting this may be part of a broader pattern of data breach litigation involving the healthcare technology company.

The cases originated as separate filings in 2025 and 2026, with plaintiffs represented by different counsel but all targeting Oracle Health's alleged role in a data security incident. The Blount case, filed as No. 25-00259, became the lead case due to its lower docket number. Additional defendants in the various cases include multiple hospital systems that presumably used Cerner's healthcare information technology services.

Under the consolidation order, parties must indicate in their filings which specific cases any motion or brief relates to if it does not apply to all consolidated matters. This procedural requirement allows the court to maintain clarity about which plaintiffs and defendants are affected by particular legal arguments or discovery requests.

The consolidation comes as healthcare data breaches have become increasingly common and costly for both technology providers and healthcare institutions. Oracle acquired Cerner in 2022 for approximately $28 billion, inheriting the company's extensive relationships with hospitals and health systems nationwide that rely on its electronic health record systems.

The consolidated litigation will likely focus on common issues including the scope of the alleged breach, Oracle Health's security practices, notice to affected individuals, and the calculation of damages across multiple plaintiff groups. The efficiency gains from consolidation typically benefit both parties by avoiding duplicative discovery and inconsistent rulings across related cases.

Counsel

Counsel information was not provided in the consolidation order.

Case

The cases are consolidated as In re: Cerner/Oracle Data Breach Litigation, lead case number 25-00259-CV-W-BP, in the U.S. District Court for the Western District of Missouri.

Court

Western District of Missouri

Case Name

Blount et al v. Oracle Health, Inc.<b><font color="red"> LEAD CASE. All filings shall occur in 25-cv-259.</font>

Docket

4:25-cv-00259