Health-data privacy alarms

Tempus AI is facing lawsuits in Chicago that accuse it of using and sharing genetic test data from millions of people without proper consent. (bankinfosecurity.com) The complaints say Tempus trained artificial-intelligence models on data it obtained after buying Ambry Genetics in 2025 for $600 million. They also allege Tempus sold data from hundreds of thousands of people to more than 70 drug and life-science companies in deals worth $1.1 billion. (bankinfosecurity.com) The April 15 complaint cited in the report says the company violated Illinois rules on genetic testing information, along with other state privacy laws, breach-of-contract claims and invasion-of-privacy claims. Tempus said in a statement to Information Security Media Group that the allegations are “without merit” and that it will defend itself “vigorously.” (bankinfosecurity.com) The dispute lands as Washington is already fighting over who gets to hold large pools of medical records. On April 21, CBS News and KFF Health News reported that Democratic lawmakers asked the Office of Personnel Management to drop a plan to collect detailed medical and pharmacy claims data on more than 8 million people in federal health plans. (cbsnews.com) That federal request would require 65 insurers to send monthly reports, and the notice did not tell them to remove names or diagnoses before sending the files. The Office of Personnel Management said the data would be used for oversight and to manage federal health plans. (cbsnews.com) States have also been tightening privacy rules since 2025. Termageddon’s tracker says eight new state privacy laws took effect in 2025, including laws in Delaware, Iowa, Nebraska, New Hampshire, New Jersey, Tennessee, Minnesota and Maryland. (termageddon.com) Connecticut added another layer in June 2025 when Gov. Ned Lamont signed SB1295, which takes effect July 1, 2026. The changes expand the definition of sensitive data and add neural data, including brain-computer-interface data, to the law’s protected categories. (termageddon.com) The pressure is not limited to Tempus. In June 2025, 27 states and the District of Columbia sued to block the sale of 23andMe customer genetic data in bankruptcy unless customers gave express, informed consent. (cnbc.com) Tempus is not a small target. The company said in January that its preliminary 2025 revenue was about $1.27 billion, up about 83% from a year earlier, with data licensing helping drive growth. (tempus.com) The next test is whether courts and regulators treat DNA files like ordinary business assets or like records that follow the person who provided them. The lawsuits, the federal-worker fight and the state crackdowns are all pushing on that same question. (bankinfosecurity.com)