EHG Reports Data Breach Impacting Sensitive Health and Personal Information
EHG recently disclosed a data breach affecting sensitive personal and protected health information stored on its cloud-based healthcare platform. The company detected unauthorized activity on or around December 3, 2025, prompting an immediate investigation.
The breach potentially exposed a range of personal data, including names, Social Security numbers, dates of birth, and medical information, though the exact details vary by individual. Following a thorough review, EHG confirmed that an unauthorized third party accessed the compromised data.
On February 25, 2026, EHG published a breach notice on its website, outlining the incident and offering affected individuals complimentary credit monitoring services along with a breakdown of the exposed information. The full notice is available on EHG’s website.
Source: https://straussborrelli.com/2026/02/25/evergreen-healthcare-group-data-breach-investigation/
Environment and Health Group cybersecurity rating report: https://www.rankiteo.com/company/environment-and-health-group
"id": "ENV1772065882",
"linkid": "environment-and-health-group",
"type": "Breach",
"date": "2/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Healthcare',
'name': 'EHG',
'type': 'Company'}],
'customer_advisories': 'Complimentary credit monitoring services offered to '
'affected individuals',
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Social Security numbers',
'Dates of birth',
'Medical information']},
'date_detected': '2025-12-03',
'date_publicly_disclosed': '2026-02-25',
'description': 'EHG recently disclosed a data breach affecting sensitive '
'personal and protected health information stored on its '
'cloud-based healthcare platform. The company detected '
'unauthorized activity on or around December 3, 2025, '
'prompting an immediate investigation. The breach potentially '
'exposed a range of personal data, including names, Social '
'Security numbers, dates of birth, and medical information, '
'though the exact details vary by individual. Following a '
'thorough review, EHG confirmed that an unauthorized third '
'party accessed the compromised data.',
'impact': {'data_compromised': 'Sensitive personal and protected health '
'information',
'identity_theft_risk': 'High',
'systems_affected': 'Cloud-based healthcare platform'},
'investigation_status': 'Completed',
'references': [{'source': 'EHG Breach Notice', 'url': 'EHG’s website'}],
'response': {'communication_strategy': 'Breach notice published on company '
'website, offering complimentary '
'credit monitoring services'},
'threat_actor': 'Unauthorized third party',
'title': 'EHG Data Breach Impacting Sensitive Health and Personal Information',
'type': 'Data Breach'}