Excerpt from The Lund Report Article, Published on December 23, 2025
An Oregon health care firm is facing a data breach lawsuit after a cybersecurity incident exposed sensitive employee information. The Lund Report states that Consonus Healthcare Services failed to protect personal data and delayed notifying affected individuals.
A former employee filed the lawsuit in U.S. District Court in Portland. The complaint says the company waited more than three months to inform victims after discovering the breach. During this period, individuals did not know their personal data faced potential misuse. As a result, the delay increased the risk of identity theft and financial fraud. The lawsuit claims that attackers accessed names and Social Security numbers of nearly 4,800 current and former employees. The incident occurred in early August. However, Consonus only issued notifications in November. This delay now stands at the center of the legal action.
Moreover, the filing argues that the Oregon – based firm did not maintain strong cybersecurity controls. It also says the company ignored standard data protection practices. According to the complaint, these failures allowed unauthorized parties to access internal systems. In addition, the plaintiff criticizes the company’s response efforts. Although Consonus offered credit monitoring services, the lawsuit says those measures fall short. Victims may still face long-term identity theft and financial risks.
The lawsuit seeks class – action status. If the court approves it, all affected individuals can pursue damages together. The filing also highlights emotional and financial stress. One former employee reportedly spent significant time securing bank accounts and monitoring credit activity.
Meanwhile, Consonus Healthcare Services has not released a public statement addressing the lawsuit. The company operates under Milwaukie – based Marquis Companies. At this time, the firm has not disclosed what steps it plans to take to strengthen security controls. This case highlights rising legal pressure around data protection failures in healthcare. It also serves as a warning for organizations handling sensitive data in Oregon and across the United States.
To delve deeper into this topic, Visit The Lund Report .
