Emergency Responders Health Center (ERHC), a medical provider specializing in healthcare for first responders, suffered a data breach after cybercriminals compromised several internal email accounts between December 11, 2024, and April 11, 2025. The breach exposed sensitive personally identifiable information (PII) and protected health information (PHI) of current and former patients, including names, addresses, dates of birth, Social Security numbers, driver’s license copies, health insurance details, medical records, and payment information. The incident was detected on April 11, 2025, but public disclosure occurred only on July 25, 2025, with affected individuals notified by mail on September 26, 2025. The breach was reported to the Montana Attorney General’s office, and ERHC offered 12 months of free credit monitoring and identity restoration services to victims. Legal firms are investigating potential compensation claims for affected individuals due to risks of identity theft, financial fraud, and unauthorized use of medical data.
Source: https://www.claimdepot.com/investigations/emergency-responders-health-center-data-breach-2025
TPRM report: https://www.rankiteo.com/company/emergency-responders-health-center
"id": "eme5893258092925",
"linkid": "emergency-responders-health-center",
"type": "Breach",
"date": "12/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Current and former patients '
'(exact number not specified)',
'industry': 'Healthcare (Outpatient Services for First '
'Responders)',
'location': [{'city': 'Boise',
'country': 'USA',
'state': 'Idaho'},
{'country': 'USA',
'region': 'Northeastern Washington and '
'Northern Idaho'}],
'name': 'Emergency Responders Health Center (ERHC)',
'size': 'Over 8,000 patients (first responders and '
'families)',
'type': 'Healthcare Provider'}],
'attack_vector': 'Unauthorized Access to Email Accounts',
'customer_advisories': ['Enroll in 12 months of free credit monitoring '
'(HaystackID)',
'Monitor financial statements for unauthorized '
'activity',
'Consider placing a fraud alert on credit reports',
'Request free annual credit reports',
'Contact financial institutions if suspicious '
'activity is detected',
'Seek legal assistance for potential compensation'],
'data_breach': {'data_exfiltration': 'Likely (Data Accessed by Unauthorized '
'Party)',
'file_types_exposed': ['Emails',
'Attachments (Potentially Including '
'Scanned Documents)'],
'personally_identifiable_information': ['Name',
'Address',
'Date of Birth',
'Social Security '
'Number',
"Driver's License "
'Copy',
'Health Insurance '
'Information',
'Medical Records',
'Payment Information'],
'sensitivity_of_data': 'High (Includes SSN, Medical Records, '
'Payment Info)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_detected': '2025-04-11',
'date_publicly_disclosed': '2025-07-25',
'description': 'Emergency Responders Health Center (ERHC), a medical provider '
'specializing in healthcare for first responders, experienced '
'a data breach where unauthorized access to internal email '
'accounts may have compromised sensitive personally '
'identifiable information (PII) and protected health '
'information (PHI) of current and former patients. The breach '
'was detected on April 11, 2025, with the compromise period '
'spanning from December 11, 2024, to April 11, 2025. Affected '
'individuals were notified via mail starting September 26, '
'2025, and the breach was reported to the Montana Attorney '
'General’s office on the same date.',
'impact': {'brand_reputation_impact': 'Potential Reputation Damage (Class '
'Action Investigation Initiated)',
'data_compromised': ['Name',
'Address',
'Date of Birth',
'Social Security Number',
"Driver's License Copy",
'Health Insurance Information',
'Medical Records',
'Payment Information'],
'identity_theft_risk': 'High (PII and PHI Exposed)',
'legal_liabilities': 'Potential Lawsuits (Shamis & Gentile P.A. '
'Investigating Claims)',
'payment_information_risk': 'High (Payment Information '
'Compromised)',
'systems_affected': ['Email Accounts']},
'initial_access_broker': {'data_sold_on_dark_web': 'Possible (Not Confirmed)',
'entry_point': 'Compromised Email Accounts',
'high_value_targets': ['Patient PII/PHI',
'Payment Information'],
'reconnaissance_period': 'Potentially between '
'2024-12-11 and '
'2025-04-11'},
'investigation_status': 'Ongoing (Class Action Investigation by Shamis & '
'Gentile P.A.)',
'motivation': 'Likely Financial Gain (Data Theft for Fraud/Identity Theft or '
'Sale on Dark Web)',
'post_incident_analysis': {'corrective_actions': ['Credit Monitoring for '
'Affected Individuals',
'Public and Individual '
'Notifications',
'Legal Support '
'Partnership']},
'recommendations': ['Enroll in provided credit monitoring (HaystackID)',
'Monitor financial accounts for suspicious activity',
'Place fraud alerts on credit reports',
'Request free annual credit reports',
'Seek legal counsel if affected'],
'references': [{'date_accessed': '2025-07-25',
'source': 'Emergency Responders Health Center (ERHC) Website '
'Notice'},
{'source': 'Shamis & Gentile P.A. Investigation Page'},
{'date_accessed': '2025-09-26',
'source': 'Montana Attorney General’s Office Breach Report'}],
'regulatory_compliance': {'legal_actions': 'Class Action Investigation by '
'Shamis & Gentile P.A.',
'regulations_violated': ['Potential HIPAA '
'Violations (PHI '
'Compromised)'],
'regulatory_notifications': ['Montana Attorney '
'General’s Office '
'(Reported on '
'2025-09-26)']},
'response': {'communication_strategy': ['Website Notice (July 25, 2025)',
'Mail Notifications (Starting '
'September 26, 2025)',
'Partnership with Shamis & Gentile '
'P.A. for Legal Support'],
'incident_response_plan_activated': 'Yes (Investigation Launched '
'Post-Detection)',
'recovery_measures': ['Credit Monitoring Enrollment for Affected '
'Individuals',
'Fraud Alert Recommendations',
'Free Credit Report Access Guidance'],
'remediation_measures': ['Notification to Affected Individuals '
'(Mail)',
'Public Notice on Website',
'Report to Montana Attorney General’s '
'Office',
'Offer of 12 Months Free Credit '
'Monitoring (HaystackID)'],
'third_party_assistance': ['HaystackID (Credit Monitoring and '
'Identity Restoration Services)']},
'stakeholder_advisories': ['Public Notice on ERHC Website',
'Mail Notifications to Affected Individuals',
'Legal Advisory via Shamis & Gentile P.A.'],
'threat_actor': 'Cybercriminal(s)',
'title': 'Emergency Responders Health Center (ERHC) Data Breach',
'type': 'Data Breach (Email Account Compromise)'}