Cases & Investigations
Epic Systems / MyChart Data Privacy Investigation
Type: Investigations
If your healthcare provider uses MyChart, your personal health information may have been accessed by third parties for purposes unrelated to your medical care. You may have a legal claim.
Epic Systems develops and operates MyChart, a widely used online patient portal that allows individuals to communicate with their healthcare providers, review test results, schedule appointments, and manage their medical records. MyChart is used by hospitals and healthcare systems throughout the United States and serves millions of patients.
Wolf Popper LLP is investigating reports that nearly 300,000 patient medical records maintained through MyChart were improperly accessed through a national health data exchange network.
In January 2026, Epic and several health systems filed a federal lawsuit against health data network Health Gorilla, alleging that third parties gained access to patient medical records by posing as legitimate healthcare providers and requesting records for purported treatment purposes. According to the complaint, the data was allegedly diverted for non-treatment uses, including marketing-related activities. Health Gorilla has denied the allegations.
Medical records contain highly sensitive information, including diagnoses, medications, test results, and treatment history. If accessed for non-treatment purposes, that information could be used for marketing, data profiling, or other activities unrelated to patient care.
Federal and state laws strictly regulate how protected health information may be used and disclosed. Unauthorized access to or use of patient data may violate privacy protections and state consumer protection statutes.
Patients may not have been notified if their records were viewed by third parties for non-treatment purposes. As a result, individuals may be unaware that their medical information improperly accessed or used for purposes outside of their healthcare.
You may be able to review access activity within your MyChart account by following these steps:
Step 1: Log in to your MyChart account.
Step 2: Click the icon with three stacked horizontal lines (the “hamburger” menu).
Step 3: Select “Document Center” (you may need to scroll).
Step 4: Click “Who’s Accessed My Record?” or a similarly named link.
Step 5: Review the list of entities that accessed your records, including third-party apps.
You may see entries from your physicians, their staff, affiliated hospitals, or technology vendors used in connection with your care.
Do you see an entity you do not recognize or that appears unrelated to your treatment?
Join our Epic Systems / MyChart Data Privacy investigation.
If your healthcare provider uses MyChart and you are concerned that your personal medical information may have been accessed for purposes unrelated to your care, you may be entitled to compensation. Contact us for a free case evaluation.
Epic Systems develops and operates MyChart, a widely used online patient portal that allows individuals to communicate with their healthcare providers, review test results, schedule appointments, and manage their medical records. MyChart is used by hospitals and healthcare systems throughout the United States and serves millions of patients.
Wolf Popper LLP is investigating reports that nearly 300,000 patient medical records maintained through MyChart were improperly accessed through a national health data exchange network.
In January 2026, Epic and several health systems filed a federal lawsuit against health data network Health Gorilla, alleging that third parties gained access to patient medical records by posing as legitimate healthcare providers and requesting records for purported treatment purposes. According to the complaint, the data was allegedly diverted for non-treatment uses, including marketing-related activities. Health Gorilla has denied the allegations.
Medical records contain highly sensitive information, including diagnoses, medications, test results, and treatment history. If accessed for non-treatment purposes, that information could be used for marketing, data profiling, or other activities unrelated to patient care.
Federal and state laws strictly regulate how protected health information may be used and disclosed. Unauthorized access to or use of patient data may violate privacy protections and state consumer protection statutes.
Patients may not have been notified if their records were viewed by third parties for non-treatment purposes. As a result, individuals may be unaware that their medical information improperly accessed or used for purposes outside of their healthcare.
You may be able to review access activity within your MyChart account by following these steps:
Step 1: Log in to your MyChart account.
Step 2: Click the icon with three stacked horizontal lines (the “hamburger” menu).
Step 3: Select “Document Center” (you may need to scroll).
Step 4: Click “Who’s Accessed My Record?” or a similarly named link.
Step 5: Review the list of entities that accessed your records, including third-party apps.
You may see entries from your physicians, their staff, affiliated hospitals, or technology vendors used in connection with your care.
Do you see an entity you do not recognize or that appears unrelated to your treatment?
Join our Epic Systems / MyChart Data Privacy investigation.
If your healthcare provider uses MyChart and you are concerned that your personal medical information may have been accessed for purposes unrelated to your care, you may be entitled to compensation. Contact us for a free case evaluation.
Contact Instructions
- Phone: Emily Madoff – 212-451-9622
- Phone: Patricia I. Avery– 212-451-9619
- Phone: David A. Nicholas– 212-451-9642
- Phone: Philip M. Black – 212-451-9628
- Email: Outreach@wolfpopper.com
- Contact Us
Wolf Popper LLP is Investigating Data Privacy Breaches on Epic System's MyChart Platform
Case Update | 3/5/2026