Health AI Firm Faces Lawsuits Over DNA Data Use, Disclosure

Artificial Intelligence & Machine Learning , Data Privacy , Data Security Health AI Firm Faces Lawsuits Over DNA Data Use, Disclosure Complaints Allege Tempus AI Lacked Consent to Use, Share Data With Pharma Cos. Marianne Kolbasuk McGee (HealthInfoSec) • April 20, 2026     Share Post Share Credit Eligible Get Permission Several recent lawsuits allege that Tempus AI is using and disclosing sensitive genetics information it obtained when it acquired a testing firm Ambry Genetics in 2025. (Image: Tempus) A healthcare artificial intelligence firm that sells genetic information from an acquired database holding the results of millions of screening tests faces multiple putative class action lawsuits in Chicago federal court. See Also: AI Is Transforming the Chief Data Officer Role Plaintiffs say Tempus AI was wrong when it trained AI models on genetic data collected by Ambry Genetics, a company it bought in 2025 for $600 million. They say the company was wrong again when it sold hundreds of thousands of individuals' sensitive genetic data - to more than 70 pharmaceutical and life science firm clients in deals allegedly worth $1.1 billion. Publicly traded Tempus AI, which reported revenue of $1.27 billion in fiscal 2025, on its website describes itself as a technology company "advancing precision medicine through the practical application of AI, including generative AI." The lawsuits - including a complaint filed on April 15 - accuse it of breaking Illinois law regulating access to genetic testing information, as well as slew of state privacy laws, breach of contract and invasion of privacy. Tempus AI claims on its website to have a clinical and molecular data "library" containing more than 45 million de-identified patient records, including 8.5 million research records, 1 million matched clinical-genomic records and 2 million imaging records. Genetic data resists attempts to de-identify it, plaintiffs say, no matter what assertions that Tempus AI may have made about removing personal data before commercializing it. "Genetic data cannot be de-identified because such data serves as an inherently unique biomarker. Genetic data, like DNA, is inherently identifiable," the April 15 suit states. Tempus customers include AstraZeneca, Bristol Myers Squibb and Pfizer, as well as smaller bio tech firms. The litigation seek damages and a court order charging Tempus with ceasing to share individuals' genetic information without proper notice and consent. Studies including research cited by the National Institute of Health show that genetic information can be cross-referenced with genealogic databases and public records to re-identify the individual. GenAI and similar tech are also being bundled in healthcare related tools used by clinicians, other healthcare workers and patients. But many end users, including patients or consumers, may not be aware of this, said regulatory attorney Rachel Rose, who is not involved in the Tempus litigation. "Removing a name, birthdate, etc. is one thing but anonymizing genetic information is an entirely different kettle of fish," she said.