University of Pittsburgh Medical Center (UPMC) Data Breach
Last Updated on March 19, 2026
At A Glance
- What's Going On?
- Attorneys need to hear from people who may have been affected by the possible UPMC data breach as they investigate whether a class action lawsuit can be filed.
- What You Can Do
- If you believe your information may have been compromised in the reported UPMC data breach, fill out the form on this page to learn more about the investigation and how you can help.
- Does This Cost Anything?
- It costs nothing to get in touch or to talk to someone about your rights.
- What Can I Get?
- If filed and successful, a class action lawsuit could provide consumers with money for any harm resulting from the UPMC breach.
UPMC Data Breach?: Lawsuit Investigation
Attorneys working with ClassAction.org are looking into whether a class action lawsuit can be filed in light of the reported UPMC data breach.
As part of their investigation, they need to hear from individuals who may have had their information exposed in the potential incident, including those who received notice of the possible UPMC data breach or otherwise believe they are affected.
UPMC Security Incident: What Happened?
The University of Pittsburgh Medical Center (UPMC) has announced a potential data breach that may have exposed confidential patient records.
A notice posted to UPMC’s website states that on January 13, 2026, UPMC was alerted by Epic Systems, its electronic medical records vendor, that Health Gorilla, a Health Information Exchange (HIE) partner, improperly accessed medical records.
The incident reportedly involved unauthorized electronic requests for information, allegedly for treatment purposes for shared UPMC patients. As a result, UPMC has issued written notices to possibly affected individuals.
Data compromised in the reported UPMC data breach may include demographic details such as names and birthdates, along with clinical notes, visit reasons, diagnoses, medical histories, and related orders or tests.
Epic Systems has filed a lawsuit against Health Gorilla for unauthorized access to its electronic records affecting patients in multiple healthcare systems, including UPMC's and Trinity Health's. Health Gorilla has denied wrongdoing.
UPMC operates over 40 hospitals and 800 outpatient sites across Pennsylvania, New York, Maryland, and internationally.
What You Can Do After the Reported UPMC Data Breach
If your information may have been exposed in the possible UPMC data breach, attorneys want to hear from you. You may be able to start a class action lawsuit to recover compensation for loss of privacy, time spent dealing with the breach, out-of-pocket costs, and more.
A successful case could also force UPMC to ensure they take proper steps to protect the information they were entrusted with.
Affected by the possible UPMC data breach? Fill out the form on this page today.
Take Action
If you believe your information was exposed in the reported UPMC data breach, fill out the form on this page to get in touch with us.
An attorney or legal representative may then reach out to you to explain more about this investigation and ask you a few questions.
Remember, there is no cost to get in touch, and you are under no obligation to take action after speaking to someone.
Published: March 19, 2026
Before commenting, please review our comment policy.
The information submitted on this page will be forwarded to Bryson Harris Suciu & DeMay PLLC who has sponsored this investigation.
Featured In:
Who Is ClassAction.org?
ClassAction.org is a group of online professionals who are committed to exposing corporate wrongdoing and giving consumers the tools they need to fight back.
We've been reporting on the legal space for nearly a decade and have built relationships with class action and mass tort attorneys across the country.
