ERMI
Data Breach Class Action Lawsuit
Posted: May 27, 2026 -- ERMI data breach class action lawsuit investigation.
Abington Cole + Ellery is investigating the data breach recently announced by ERMI and may be filing a class action lawsuit on behalf of victims.
ERMI Data Breach Summary:
In late-May of 2026, ERMI, LLC, a medical equipment manufacturing company, disclosed a security incident involving unauthorized access to sensitive data, which took place on or around between approximately February 15, 2025 and August 14, 2025. An UNKNOWN number of individuals were affected by the ERMI data breach, and breached data may include, but is not necessarily limited to: personal information. As a result of the data breach, ERMI is offering free credit monitoring and/or identity theft protection services to some affected individuals.
FREE CONSULTATION: If you are a victim of the ERMI data breach, and interested in potentially volunteering to serve as a class representative in a class action lawsuit against ERMI, please submit your information here to be considered:
An attorney-client relationship is not formed by submitting information through this website.
ERMI Data Breach Details:
ERMI, LLC recently reported a cybersecurity incident involving its email system. According to the notice filed with the California Attorney General, ERMI learned on or about July 25, 2025 that an unauthorized person may have gained access to a limited number of employee email accounts. ERMI said it took steps to contain the incident and hired outside cybersecurity professionals to investigate. The investigation found that files may have been accessed or removed between about February 15, 2025, and August 14, 2025. ERMI later completed its review of the affected files and, on or about April 17, 2026, determined that they may have contained personal information.
The incident appears to have been an email-account compromise, not a publicly described ransomware attack or broad network outage. The public notice does not explain exactly how the unauthorized person entered the accounts, such as through phishing, stolen credentials, or another method. The publicly available notice does not disclose the full categories of exposed information or the total number of affected individuals; it states that personal information may have been involved, and includes medical identity theft guidance. HIPAA Journal described ERMI as a provider of mobility and rehabilitation products and reported that unauthorized access affected a limited number of employee email accounts during the same February-to-August 2025 window. (The California filing lists ERMI LLC as the reporting organization and gives the known breach dates as February 15, 2025 and August 14, 2025.)
ERMI offered affected people complimentary single-bureau credit monitoring, credit report, and credit score services through Cyberscout, a TransUnion company.
About ERMI:
ERMI, LLC is an Atlanta, Georgia-based medical equipment company that provides home-based devices and support services for patients with severe joint stiffness and loss of motion. Founded in 1991, the company works with physicians, physical therapists, occupational therapists, nurse case managers, and other healthcare professionals to help patients restore mobility after injury, surgery, or other causes of joint stiffness. Its programs focus on non-surgical motion restoration for joints including the knee, shoulder, ankle, elbow, wrist, and great toe.
Additional Information:
For more information about steps you can take to possibly reduce the chances harm arising from a data breach, please review the following article: What are some steps you can take if you've been the victim of a data breach?
If you believe you are a victim of the ERMI data breach, and if you would like to volunteer to serve as a class representative in a class action lawsuit regarding this data breach, please submit your information via the form on this webpage. This website is not associated with nor authorized by ERMI or any affiliated companies. If you have received any other data breach notifications, you may to review Abington Cole + Ellery's current list of data breach investigations.