Subscribe To Our Newsletter

This field is for validation purposes and should be left unchanged.
Class Action U Logo
Check Your Eligibility

University of Pittsburgh Medical Center Data Breach

The University of Pittsburgh Medical Center (UPMC) recently reported a potential data breach involving unauthorized access by Health Gorilla. The breach compromised personal and medical information of patients. Affected individuals may be eligible to join a class action lawsuit for compensation. Learn more about the breach, the exposed data, and steps you can take to protect yourself.

University of Pittsburgh Medical Center
Date of Breach: January 13, 2026
CAU logo

Who was affected:

Clients of University of Pittsburgh Medical Center

Impacted Data:

Date of birth

Clinical notes

Reasons for visits

Diagnoses

Medical histories

Related orders or tests

Check Your Eligibility

The University of Pittsburgh Medical Center (UPMC) has recently alerted the public to a potential data breach involving unauthorized access to sensitive patient records. The breach occurred when Health Gorilla, a partner in UPMC’s Health Information Exchange (HIE) network, improperly accessed medical records. While UPMC has taken steps to notify potentially impacted individuals, those affected by the breach may be entitled to compensation through a class action lawsuit. Continue reading to learn more about the breach, the compromised data, and what you can do to protect yourself.

UPMC’s Data Breach Investigation

On January 13, 2026, UPMC was alerted by Epic Systems, its electronic medical records vendor, that unauthorized electronic requests for patient information had been made by Health Gorilla, its HIE partner. These requests were allegedly made for treatment purposes, but UPMC determined that they were improperly accessed. As a result, UPMC issued written notices to individuals whose data may have been affected by this breach.

The compromised data reportedly includes demographic information such as names and birthdates, as well as sensitive medical details like clinical notes, reasons for visits, diagnoses, medical histories, and related test orders. UPMC has stated that it is working diligently to address the situation and protect patient privacy.

Epic Systems, which provides the electronic medical records platform, has filed a lawsuit against Health Gorilla for unauthorized access to patient records across several healthcare systems, including UPMC and Trinity Health. Health Gorilla has denied any wrongdoing related to the breach.

UPMC operates over 40 hospitals and 800 outpatient sites across Pennsylvania, New York, Maryland, and internationally. The breach is a significant concern given the sensitive nature of the exposed medical information.

When Did This Breach Occur?

  • Breach Date: January 13, 2026

  • Breach Discovered: January 13, 2026 (when UPMC was alerted by Epic Systems)

What Information Was Breached?

The following personal and medical information may have been compromised during the breach:

  • Name

  • Date of birth

  • Clinical notes

  • Reasons for visits

  • Diagnoses

  • Medical histories

  • Related orders or tests

Given the sensitive nature of this information, those affected by this breach may be at risk of identity theft, medical fraud, and other privacy violations.

What You Can Do

If you were affected by the UPMC data breach, here are the steps you should take to protect yourself:

  1. Monitor your credit: Enroll in credit monitoring services and regularly check your credit reports for any unauthorized activity or new accounts opened in your name.

  2. Place fraud alerts: Contact the major credit bureaus (Equifax, Experian, and TransUnion) to place a fraud alert on your credit file. This will help prevent fraudulent activity in your name.

  3. Consider a credit freeze: A credit freeze will stop anyone from accessing your credit report, making it harder for fraudsters to open accounts in your name.

  4. Stay vigilant: Regularly monitor your healthcare accounts for any suspicious activities or unauthorized claims that could indicate medical fraud.

  5. Consult an attorney: Given the sensitive nature of the data involved, it is advisable to speak with an attorney to better understand your legal options and any steps you can take to protect your privacy.

File a Data Breach Lawsuit Against UPMC

If you received a data breach notification from UPMC or believe your personal information was exposed in this breach, you may be eligible to join a class action lawsuit to seek compensation for the potential loss of privacy, time spent dealing with the breach, out-of-pocket costs, and other damages.

At Class Action U, we connect individuals with experienced attorneys who specialize in class action lawsuits. Joining a class action ensures your voice is heard and that you receive the compensation you may be entitled to for the breach.

Contact us today for a free consultation to determine if you have a case. Simply fill out our quick, easy, secure form to sign up. There is no cost to reach out to our legal partner, and no obligation after speaking with our team.

Subscribe To Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

This field is for validation purposes and should be left unchanged.
Other Data Breaches
National Coatings Data Breach
Date of Breach: Not Specified
The Manhattan Retirement Foundation Data Breach
Date of Breach: February 26, 2026
University of Pittsburgh Medical Center Data Breach
Date of Breach: January 13, 2026
Show More

Frequently Asked Questions

A data breach occurs when sensitive, confidential, or protected information is accessed, stolen, or disclosed without authorization. Data breaches often occur through phishing emails, malware, weak passwords, insider threats, or unsecured databases. Indicators of a data breach can include unexpected password resets, suspicious account activity, unauthorized transactions, or notifications from companies about compromised information.If you suspect your data has been compromised, you must take measures and act quickly. Change passwords, enable two-factor authentication, review your financial accounts for unusual activity and consider freezing your credit.

Once stolen, your personal information may be sold on the dark web or used for identity theft and financial fraud. In some cases, hackers use the data to extort companies or launch further attacks. Victims often face long-term risks, including damage to credit and privacy.

If you receive a data breach notification, don’t ignore it. Immediately change passwords for the affected account and any others that share credentials. Enroll in any free credit monitoring services offered and monitor financial statements closely.

To pursue a data breach claim, you’ll need documentation showing your information was compromised and proof of resulting harm, such as fraudulent charges, credit score damage, or identity theft reports. Notification letters, financial records, and communication with the breached company can help support your claim.

Yes. If a company fails to protect consumer data or delays notifying victims, it may be held liable under state and federal privacy laws. Many victims join class action lawsuits to recover financial losses and hold negligent organizations accountable.

Data breach settlements vary widely depending on the size of the breach, type of data compromised, and damages suffered by victims. Payouts may include cash compensation, identity theft protection, or reimbursement for losses. Many settlements range from a few hundred to several thousand dollars per person. A skilled data breach lawyer can guide victims through the complex legal process, ensuring their rights are protected. If you’ve received a data breach notification or believe your personal data was exposed, you may be eligible for compensation. Contact Class Action U to learn more about how to join a data breach lawsuit and understand the process of filing.