Sham NPI Numbers Pulled 300,000 Records From Epic, Lawsuit Alleges
The breach didn't need a hack. It needed an interoperability framework that took fake clinics at their word.
The breach didn't need a hack. It needed an interoperability framework that took fake clinics at their word.
Michigan Medicine on May 1 notified roughly 551 patients that their medical records were accessed through a health information exchange connection by one or more third-party companies tied to Health Gorilla Inc. — companies that an Epic Systems lawsuit alleges fraudulently posed as healthcare providers using shell entities, fictitious websites, and "sham" National Provider Identification numbers to harvest and monetize patient data.
The Michigan Medicine letters are the local face of a much larger alleged scheme. Epic's January 13 complaint, filed in the U.S. District Court for the Central District of California, alleges that nearly 300,000 patient records across multiple Epic-using health systems were improperly accessed, with an unknown additional number pulled from the Department of Veterans Affairs and providers running other electronic health record systems. The records, according to the complaint, were marketed to law firms recruiting plaintiffs for class action and mass tort lawsuits.
| Epic v. Health Gorilla — Scope of the Alleged Scheme | |
|---|---|
| Detail | Information |
| Michigan Medicine notifications | 551 patients (mailed May 1, 2026) |
| Breach period | October 18, 2023 — November 12, 2025 |
| Total alleged scheme scope | ~300,000 records across the Epic community plus an undisclosed VA / non-Epic figure |
| Lawsuit filed | January 13, 2026 — U.S. District Court, Central District of California |
| Plaintiffs | Epic Systems, OCHIN, Reid Health, Trinity Health, UMass Memorial Health |
| Named defendants | Health Gorilla Inc., Mammoth, RavillaMed, GuardDog Telehealth |
| Alleged tactics | Sham NPI numbers, shell entities, fictitious websites, "junk data" insertion |
| Data types exposed (Michigan Medicine) | Names, addresses, contact info, medical record numbers, diagnoses, medications, allergies, test results, insurance info — no SSNs |
How the Michigan Medicine Notification Came Together
Michigan Medicine, the academic medical center of the University of Michigan in Ann Arbor, said Epic notified it on January 13, 2026 of unusual activity involving third-party companies requesting records through a health information exchange. An internal review ran from March 12 to March 25, and patient notifications went out May 1. The breach period spans October 18, 2023 to November 12, 2025.
The exposed data, per Michigan Medicine, includes patient names, addresses, phone numbers, email addresses, dates of birth, medical record numbers, diagnoses, medications, allergies, test results, treatment information, and health insurance information. Social Security numbers, payment cards, and bank account numbers were not involved. Michigan Medicine assesses the risk of identity or medical theft as "low" on that basis.
Epic's "Hydra" Allegations: Shell Entities, Sham NPIs, and Junk Data
The co-plaintiffs in Epic's lawsuit are OCHIN, Reid Health, Trinity Health, and UMass Memorial Health. Named defendants include Health Gorilla Inc., Mammoth, RavillaMed, and — per the Detroit Free Press — GuardDog Telehealth. The complaint alleges the defendants used fictitious websites, shell entities, sham NPI numbers, and inserted "junk data" into records to camouflage the access pattern. Epic's filing contains what has become known as the "Hydra" allegation: caught operators, the complaint alleges, simply create new companies.
Health Gorilla denies the allegations. CEO and executive chairperson Bob Watson called Epic's lawsuit "the equivalent of shouting 'fire' in the middle of a crowded theater" and accused Epic of using the suit as an exclusionary act that limits competition and restricts access to healthcare data. Health Gorilla said it suspended connections with the named third parties and began investigating.
Carequality, TEFCA, and the Federated-Trust Problem in U.S. Healthcare
The attack vector here is not a network intrusion. It is the abuse of legitimate health data interoperability frameworks — the systems set up under Carequality and TEFCA to let providers share records on behalf of mutual patients. Those frameworks operate on trust in onboarded participants. Epic's allegations, if proven, describe attackers walking through that trust with fabricated provider credentials. The threshold regulatory question is what counts as a data breach when the records moved through an authorized channel.
A second class action filed March 20 in the U.S. District Court for the Eastern District of Michigan names Trinity Health and Health Gorilla as defendants over delayed notification. UPMC said on March 13 that Health Gorilla had requested patient data "under the guise of coordinating care for mutual patients." Trinity Health is now offering 12 months of complimentary credit monitoring and identity protection. The pattern across Epic Systems customers is consistent: a request that looked legitimate at the network layer, originated from a participant the framework had cleared, and produced records that ended up where they should not have been. The pattern lands in a year that has already produced disclosures the size of Kettering Health's 1.7M-patient ransomware attack — different attack vector, same regulatory and reputational stakes for the health systems on the hook.
For ongoing reporting on healthcare cyber risk and breach response, see all healthcare cybersecurity coverage on The CyberSignal.
The CyberSignal Analysis
Signal 01 — The trust boundary in healthcare data sharing has moved to the network layer
Hospital security programs have invested heavily in EHR access controls, network perimeters, and third-party vendor reviews. The Epic lawsuit alleges that none of those controls were the relevant ones in this case. The relevant control was whoever was supposed to verify that an organization claiming to be a clinic was actually a clinic. That control sits at the health information network operator, not the hospital. Until the answer to "who vouches for the requester" is more rigorous than "they have a valid NPI on file," healthcare CISOs should expect to keep explaining to boards why records they never consented to share ended up on class action solicitation lists.
Signal 02 — HIPAA breach notification is being tested by procedurally-legitimate access
The interesting regulatory question is whether HHS Office for Civil Rights treats the access as a reportable breach when the records moved through an authorized channel via a participant the framework had cleared. Michigan Medicine's notification, on its face, does treat it as reportable — but Health Gorilla disputes the framing, and the legal record is unsettled. A clear OCR position one way or the other would reshape how every HIN-connected provider in the country thinks about counterparty due diligence. Until that position arrives, expect each affected health system to make its own call.
Signal 03 — The monetization model — selling records to law firms — is the part that escalates this story
If Epic's complaint holds up, this is not opportunistic data theft. It is a sustained business operation that turned interoperability access into a feedstock for class-action solicitation. That commercial model — taking medical records out of an authorized channel and converting them into mass tort plaintiff lists — is what makes the alleged scheme distinct from a typical healthcare breach. It also explains why the affected records skewed toward conditions and diagnoses that match active mass tort categories. Healthcare CISOs whose organizations participate in HINs should expect plaintiffs' firms and regulators to ask, in the next twelve months, how they would have detected the same pattern in their own outbound record requests.
