ACCESSED AND HOW TO KEEP YOURSELF PROTECTED, ACCORDING TO UPMC. PATIENT INFORMATION SUCH AS NAME, AGE AND MEDICAL DIAGNOSIS MAY HAVE BEEN COMPROMISED, THEY SAY. SOCIAL SECURITY NUMBERS WERE NOT, BUT EXPERTS SAY THE INFORMATION THAT COULD HAVE BEEN COMPROMISED IS ENOUGH FOR PATIENTS TO PAY ATTENTION. ALL OF THIS MATERIAL FALLS WITHIN THE CLASS OF PERSONALLY IDENTIFIABLE INFORMATION, WHICH YOU DON’T GENERALLY WANT TO HAVE OUT THERE, BECAUSE IT CAN BECOME THE BASIS FOR A HACKER TO IMPERSONATE YOU AND OPEN CREDIT CARDS AND THINGS LIKE THAT. DAVID HICKTON, A FORMER U.S. ATTORNEY AND THE DIRECTOR OF PITT’S INSTITUTE OF CYBER LAW, POLICY AND SECURITY, SAYS FOR NOW, THOUGH, PEOPLE SHOULD BE PATIENT. UPMC SAYS A HEALTH INFORMATION NETWORK MAY HAVE IMPROPERLY ACCESSED THEIR MEDICAL RECORDS THROUGH A NATIONAL NETWORK DESIGNED TO EXCHANGE MEDICAL INFORMATION. AND UPMC SAYS THEY ARE NOTIFYING PATIENTS WHO MAY BE AT RISK. THERE’S A LOT OF ARCHITECTURE IN PLACE TO TAKE STEPS TO PROTECT AND TO MAKE SURE THAT IF DISCLOSURES HAPPEN OR THE HACKING OCCURS, THAT THAT THE DAMAGE IS MINIMIZED. AND I WOULD JUST TRUST AND WAIT FOR WORD IF I WERE AND I AM A PATIENT OF THE UPMC NETWORK. SO THAT’S WHAT I’M GOING TO DO. IF YOU ARE A UPMC PATIENT AND HAVE QUESTIONS ABOUT THE BREACH, UPMC HAS SET UP A PHONE NUMBER WHERE YOU CAN ASK QUESTIONS. WE HAVE THAT INFORMATION FOR YOU@WTAE.COM. COVERING A
UPMC: Some patient records may have been ‘improperly accessed’
Updated: 6:32 PM EDT Mar 17, 2026
Some UPMC patients may have had their medical records improperly accessed, according to officials with UPMC.UPMC said it was notified by its electronic health vendor that some patient records may have been accessed through a national network used to exchange medical information. The health network said Health Gorilla requested access to patient information. UPMC said Health Gorilla wanted the data in order to help treat patients who were also connected to UPMC, claiming they had permission to do so. David Hickton, director of Pitt’s Institute of Cyber Law, Policy and Security, said, “I would urge caution and patience.”Hickton, who has previously been a victim of identity theft, shared his experience, saying, “I have been a victim of this in the past. When I was on the Kennedy Center board years ago, as you get notice, you’re told what the extent of the disclosure is some provision is usually made to give you a credit monitoring service. And, you know, ultimately, if there’s more of a breach than we know at this point, there’ll be other steps that can be taken.”UPMC said it is notifying patients who may have been affected. While officials say that information did not include Social Security numbers, it could have included names, ages, diagnoses and medical history information.If you have questions or concerns, UPMC said to call 1-855-460-8762 and leave your name, callback number, and preferred callback time.The incident has been reported to the U.S. Department of Health and Human Services Office for Civil Rights.
PITTSBURGH —
Some UPMC patients may have had their medical records improperly accessed, according to officials with UPMC.
UPMC said it was notified by its electronic health vendor that some patient records may have been accessed through a national network used to exchange medical information.
The health network said Health Gorilla requested access to patient information. UPMC said Health Gorilla wanted the data in order to help treat patients who were also connected to UPMC, claiming they had permission to do so.
David Hickton, director of Pitt’s Institute of Cyber Law, Policy and Security, said, “I would urge caution and patience.”
Hickton, who has previously been a victim of identity theft, shared his experience, saying, “I have been a victim of this in the past. When I was on the Kennedy Center board years ago, as you get notice, you’re told what the extent of the disclosure is some provision is usually made to give you a credit monitoring service. And, you know, ultimately, if there’s more of a breach than we know at this point, there’ll be other steps that can be taken.”
UPMC said it is notifying patients who may have been affected. While officials say that information did not include Social Security numbers, it could have included names, ages, diagnoses and medical history information.
If you have questions or concerns, UPMC said to call 1-855-460-8762 and leave your name, callback number, and preferred callback time.
The incident has been reported to the U.S. Department of Health and Human Services Office for Civil Rights.