On January 13, 2026, Epic Systems (University of Pittsburgh Medical Center’s electronic medical records vendor) notified UPMC that a health information network named “Health Gorilla”, and certain participants of this network, improperly accessed medical records available through the national network used to exchange medical information.
The purpose of the national network is to allow health providers to exchange information for the treatment of their patients. UPMC is required to participate in this national network and is required to comply with applicable federal laws as a condition of participation. Certain participants of this network electronically requested information under the pretext of providing treatment to shared UPMC patients and allege they had permission to do so.
In addition to this notice, UPMC provided written notice to individuals who may be affected by this incident. The information involved included a list of UPMC encounters. This may include affected individuals’ demographic information, such as name and date of birth, and information such as clinical notes, reason for visit, diagnoses, medical history and any related orders or testing. No Social Security Numbers were involved in this incident.
How Curated Art Elevates Senior Care Spaces
The CDC's Guide to Hand Hygiene in Healthcare
Dana-Farber, BIDMC Launch Construction of Dedicated Adult Cancer Hospital
5 Components of an Integrated Safety Culture in Healthcare
NYC Opens Therapeutic Housing Unit for Medically Vulnerable Detainees