On January 13, 2026, Epic Systems (University of Pittsburgh Medical Center’s electronic medical records vendor) notified UPMC that a health information network named “Health Gorilla”, and certain participants of this network, improperly accessed medical records available through the national network used to exchange medical information.
The purpose of the national network is to allow health providers to exchange information for the treatment of their patients. UPMC is required to participate in this national network and is required to comply with applicable federal laws as a condition of participation. Certain participants of this network electronically requested information under the pretext of providing treatment to shared UPMC patients and allege they had permission to do so.
In addition to this notice, UPMC provided written notice to individuals who may be affected by this incident. The information involved included a list of UPMC encounters. This may include affected individuals’ demographic information, such as name and date of birth, and information such as clinical notes, reason for visit, diagnoses, medical history and any related orders or testing. No Social Security Numbers were involved in this incident.
Making Multi-Site Lighting Upgrades Work
Designing a Positive Care Destination for Children
Blackbird Health Opens 10th Clinic in Pennsylvania
Healthcare Construction Infection Control: Essential CDC Guidelines for Active Facilities
Protecting the Most Vulnerable: Inside the NICU