Back

Gastro Health and Ermi Data Breaches Expose Sensitive Personal Information

Severity: High (Score: 64.5)

Sources: Classaction

Published: 2026-05-29 · Updated: 2026-05-29

Keywords: data, breach, gastro, health, ssns, medical, info

Severity indicators: breach, data breach, medical, ssn

Summary

Gastro Health and Ermi have reported significant data breaches affecting sensitive personal information. Gastro Health experienced two phishing incidents on February 25 and March 2, 2026, leading to unauthorized access to files containing Social Security numbers, medical data, and other personal details. The breach impacts individuals across multiple states where Gastro Health operates. Meanwhile, Ermi's breach involved unauthorized access to employee email accounts, with the exposure of data occurring between February 15 and August 14, 2025. Affected information includes Social Security numbers, driver's license numbers, and health insurance details. Both companies are currently reaching out to affected individuals and exploring potential class action lawsuits. Attorneys are seeking individuals to come forward to assist in these investigations. Key Points: • Gastro Health reported a phishing-related data breach affecting sensitive personal information. • Ermi's data breach involved unauthorized access to employee email accounts, exposing personal data. • Both companies are investigating potential class action lawsuits for affected individuals.

Detailed Analysis

**Impact** The breaches affected patients and employees across multiple U.S. states, including Alabama, Florida, Maryland, Massachusetts, Ohio, Virginia, Washington, and Texas. Gastro Health’s phishing incidents exposed sensitive personal and medical information such as names, dates of birth, Social Security numbers, government-issued IDs, health insurance details, diagnosis, and treatment data. Ermi’s breach involved unauthorized access to employee email accounts, compromising names, Social Security numbers, driver’s license numbers, financial, medical, and insurance information. Both incidents risk identity theft, privacy loss, and potential financial harm to thousands of individuals. **Technical Details** Gastro Health experienced two phishing attacks detected on February 25 and March 2, 2026, resulting in unauthorized access to files and systems. Ermi’s breach involved unauthorized access to employee email accounts, with the intrusion window spanning February 15 to August 14, 2025. No specific malware, CVEs, or detailed TTPs were disclosed. The attacks correspond to initial access and credential compromise stages of the kill chain. No IOCs or infrastructure details were provided. **Recommended Response** Organizations should enhance phishing detection and employee training to mitigate credential compromise risks, prioritize monitoring for suspicious email activity, and enforce multi-factor authentication. Review and restrict access to sensitive data, especially in email systems and file repositories. Monitor for unusual access patterns and conduct regular audits of compromised accounts. No specific patches or IOCs were identified for immediate blocking.

Source articles (2)

  • Ermi Data Breach Exposes SSNs, Medical Info — Classaction · 2026-05-28
    Attorneys working with ClassAction.org are looking into whether a class action lawsuit can be filed in light of the Ermi data breach. As part of their investigation, they need to hear from individuals…
  • Gastro Health Data Breach Impacts SSNs, Medical Info — Classaction · 2026-05-29
    Attorneys working with ClassAction.org are looking into whether a class action lawsuit can be filed in light of the Gastro Health data breach. As part of their investigation, they need to hear from in…

Timeline

  • 2025-02-15 — Ermi data breach period begins: The breach at Ermi occurred over several months, with data exposure confirmed by April 2026.
  • 2025-07-25 — Ermi unauthorized activity detected: Ermi reported unauthorized access to employee email accounts, leading to a data breach.
  • 2026-02-25 — Gastro Health phishing incident discovered: Gastro Health identified unauthorized access to files due to a phishing attack.
  • 2026-03-02 — Second phishing incident at Gastro Health: A second phishing-related breach was discovered, compounding the initial incident.
  • 2026-05-29 — Class action investigations initiated: Attorneys are seeking individuals affected by both breaches to explore potential class action lawsuits.

Related entities

  • Data Breach (Attack Type)
  • Phishing (Attack Type)
  • Ermi (Company)
  • Gastro Health (Company)
  • CWE-200 - Exposure of Sensitive Information (Cwe)
  • classaction.org (Domain)
  • Healthcare (Industry)
  • T1566 - Phishing (Mitre Attack)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed