Ermi Data Breach Compromises Health Records

Ermi LLC, a medical devices company headquartered in Atlanta, Georgia, disclosed a data breach that involved unauthorized access to employee email accounts over a period of approximately six months in 2025.

The breach was reported to the California Attorney General and Vermont Attorney General. The total number of people affected across the United States was not disclosed in the company's notification to consumers.

Ermi took steps to contain the incident and began an investigation with the help of external cybersecurity professionals to determine the extent of the incident.

The investigation found that some files within the compromised email accounts may have been accessed or removed by the unauthorized individual. The unauthorized activity occurred between approximately Feb. 15, 2025, and Aug. 14, 2025.

On or about April 17, 2026, nearly nine months after discovering the breach, the company determined that the compromised files may have contained personal information belonging to certain individuals. The breach potentially exposed health records.

Ermi's response to the breach

Ermi is offering affected individuals complimentary credit monitoring services at no charge through Cyberscout, a TransUnion company. The services include single bureau credit monitoring, a single bureau credit report and a single bureau credit score. To enroll, affected individuals must use a unique code included in their notification letter within 90 days of the letter's date.

The company has also established a dedicated and confidential toll-free response line staffed with knowledgeable professionals familiar with the incident. The response line is available to answer questions and help affected individuals understand what they can do to protect their personal information.