OCHIN, Mosaic, Reid Health and Trinity Health: Health Gorilla Data Breach Investigation

Health Gorilla Data Breach Exposes Sensitive Patient Information

Health Gorilla, a Silicon Valley-based healthcare interoperability platform founded in 2014, is under investigation following a data breach that may have exposed sensitive patient information. The incident, disclosed on January 13, 2026, involved an unauthorized disclosure of health data through its health information exchange (HIE) network.

The breach potentially compromised a wide range of personally identifiable information (PII) and medical records, including:

• Names, dates of birth, and addresses
• Driver’s license and insurance card details
• Financial information
• Clinical data (diagnoses, conditions, lab results, medications, and care plans)

Health Gorilla reported that the data may have been accessed for treatment purposes, but investigators have not confirmed whether the requests or authorizations were legitimate. In response, the affected health organizations Mosaic, OCHIN, Reid Health, Trinity Health, and UMass Memorial Health were temporarily suspended from the HIE while the investigation continues.

Class action law firm Shamis & Gentile P.A. is examining potential legal claims for affected individuals, who may be eligible for compensation. The full scope and impact of the breach remain under review.

Source: https://www.claimdepot.com/investigations/health-gorilla-data-breach-2026

Trinity Health cybersecurity rating report: https://www.rankiteo.com/company/trinityhealth

Mosaic Health cybersecurity rating report: https://www.rankiteo.com/company/mosaichealthny

OCHIN, Inc. cybersecurity rating report: https://www.rankiteo.com/company/ochin

Reid Healthcare cybersecurity rating report: https://www.rankiteo.com/company/reid-healthcare

"id": "TRIMOSOCHREI1774651014",
"linkid": "trinityhealth, mosaichealthny, ochin, reid-healthcare",
"type": "Breach",
"date": "1/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'industry': 'Healthcare',
                        'location': 'Silicon Valley, USA',
                        'name': 'Health Gorilla',
                        'type': 'Healthcare Interoperability Platform'},
                       {'industry': 'Healthcare',
                        'name': 'Mosaic',
                        'type': 'Health Organization'},
                       {'industry': 'Healthcare',
                        'name': 'OCHIN',
                        'type': 'Health Organization'},
                       {'industry': 'Healthcare',
                        'name': 'Reid Health',
                        'type': 'Health Organization'},
                       {'industry': 'Healthcare',
                        'name': 'Trinity Health',
                        'type': 'Health Organization'},
                       {'industry': 'Healthcare',
                        'name': 'UMass Memorial Health',
                        'type': 'Health Organization'}],
 'data_breach': {'personally_identifiable_information': 'Names, dates of '
                                                        'birth, addresses, '
                                                        'driver’s license and '
                                                        'insurance card '
                                                        'details, financial '
                                                        'information',
                 'sensitivity_of_data': 'High (includes clinical data, '
                                        'financial information, and personal '
                                        'identifiers)',
                 'type_of_data_compromised': 'Personally identifiable '
                                             'information (PII) and medical '
                                             'records'},
 'date_publicly_disclosed': '2026-01-13',
 'description': 'Health Gorilla, a Silicon Valley-based healthcare '
                'interoperability platform, is under investigation following a '
                'data breach that may have exposed sensitive patient '
                'information through its health information exchange (HIE) '
                'network. The breach potentially compromised personally '
                'identifiable information (PII) and medical records, including '
                'names, dates of birth, addresses, driver’s license and '
                'insurance card details, financial information, and clinical '
                'data.',
 'impact': {'data_compromised': 'Personally identifiable information (PII) and '
                                'medical records, including names, dates of '
                                'birth, addresses, driver’s license and '
                                'insurance card details, financial '
                                'information, and clinical data (diagnoses, '
                                'conditions, lab results, medications, and '
                                'care plans)',
            'identity_theft_risk': 'High',
            'legal_liabilities': 'Potential legal claims being examined by '
                                 'class action law firm Shamis & Gentile P.A.',
            'operational_impact': 'Temporary suspension of affected health '
                                  'organizations from the HIE network',
            'payment_information_risk': 'High',
            'systems_affected': 'Health information exchange (HIE) network'},
 'investigation_status': 'Ongoing',
 'regulatory_compliance': {'legal_actions': 'Potential legal claims being '
                                            'examined by class action law firm '
                                            'Shamis & Gentile P.A.'},
 'response': {'containment_measures': 'Temporary suspension of affected health '
                                      'organizations from the HIE network'},
 'title': 'Health Gorilla Data Breach Exposes Sensitive Patient Information',
 'type': 'Data Breach'}