ERMI Data Breach Compromises Personal Information and Health Records

Published

May 27, 2026

Updated

June 9, 2026

ERMI

Affected by the data breach? You may be entitled to compensation. Submit a claim today.

ERMI LLC, a medical devices company headquartered in Atlanta, Georgia, disclosed a data breach that involved unauthorized access to employee email accounts over a period of approximately six months in 2025.

Ermi took steps to contain the incident and began an investigation with the help of external cybersecurity professionals to determine the extent of the incident.

The investigation found that some files within the compromised email accounts may have been accessed or removed by the unauthorized individual. The unauthorized activity occurred between approximately Feb. 15, 2025, and Aug. 14, 2025.

On or about April 17, 2026, nearly nine months after discovering the breach, the company determined that the compromised files may have contained personal information belonging to certain individuals. The breach potentially exposed health records, health insurance information, medical information, names, Social Security numbers, driver's license numbers, financial account information and dates of birth.

The breach was reported to the California Attorney General, Texas Attorney General and Vermont Attorney General. The total number of people affected across the United States was not disclosed in the company's notification to consumers, although 9,453 residents in Texas were impacted.

ERMI's response

ERMI is offering affected individuals complimentary credit monitoring services at no charge through Cyberscout, a TransUnion company. The services include single bureau credit monitoring, a single bureau credit report and a single bureau credit score. To enroll, affected individuals must use a unique code included in their notification letter within 90 days of the letter's date.

The company has also established a dedicated and confidential toll-free response line staffed with knowledgeable professionals familiar with the incident. The response line is available to answer questions and help affected individuals understand what they can do to protect their personal information.