Utopia Tech
Healthcare3 min read

ERMI; McLeod Physician Associates; Centers for Dialysis Care Announce Data Breaches

Data breaches have been announced by the Georgia-based medical equipment company ERMI, McLeod Physician Associates in South Carolina, and the Centers for Dialysis Care in Ohio. More than 101,000 individuals have been affected by these three incidents. ERMI LLC, Georgia ERMI LLC, A Georgia manufacturer of medical equipment for orthopedic patients, has experienced a significant d

UT

Utopia Tech

July 9, 2026 · 3 min read

Share

Data breaches have been announced by the Georgia-based medical equipment company ERMI, McLeod Physician Associates in South Carolina, and the Centers for Dialysis Care in Ohio. More than 101,000 individuals have been affected by these three incidents. ERMI LLC, Georgia ERMI LLC, A Georgia manufacturer of medical equipment for orthopedic patients, has experienced a significant data breach involving unauthorized access to systems containing the electronic protected health information of 74,074 patients.

Unauthorized access to its systems was identified on or around August 14, 2025. Assisted by third-party cybersecurity experts, ERMI determined that certain systems had been accessed by an unauthorized third party between February 15, 2025, and August 14, 2025, during which time files containing patient information may have been viewed or acquired. An extensive manual review of the affected data was completed on or around April 17, 2026, and confirmed that the exposed data included names in combination with one or more of the following: Social Security number, driver’s license number, veteran identification number, passport number, username and password, email address with password and security question, date of birth, date of death, taxpayer/employer identification number, financial account information, payment card information, medical information, and health insurance information.

The affected individuals have been notified and informed about the steps that can be taken to reduce the risk of data misuse, and complimentary credit monitoring services have been offered to individuals whose Social Security numbers were impacted. McLeod Physician Associates Li, South Carolina McLeod Physician Associates li, a Florence, SC-based healthcare group practice, has recently reported a data breach to the HHS’ Office for Civil Rights involving unauthorized access to the protected health information of up to 19,553 patients.

The affected patients started to be notified about the incident on June 4, 2026. According to the substitute breach notice on the McLeod Health website, on March 5, 2026, a suspicious file was found on a Dillon Family Medicine server that was in the process of being decommissioned. An investigation was launched, which determined that an unauthorized party had accessed the server between October 17 and October 18, 2025.

The investigation confirmed that the incident was limited to the single server, and no McLeod Health systems were involved, including the practice’s current electronic medical record system. The server was reviewed and found to contain patient information such as names, dates of birth, Social Security numbers, and information related to patient care, which may have included diagnoses, medications, test results, medical images, treatment information, and health insurance information.

Steps have been taken to prevent similar incidents in the future, and the practice will continue to implement and evaluate enhanced safeguards. McLeod Health has confirmed that the affected server has been decommissioned and is no longer in use. Centers for Dialysis Care, Ohio Centers for Dialysis Care in Shaker Heights, Ohio, has identified a data security incident that potentially involved unauthorized access to the protected health information of up to 8,000 individuals.

Suspicious activity was identified within its computer network on or around March 20, 2026. Assisted by third-party cybersecurity experts, Centers for Dialysis Care confirmed on April 11, 2026, that there had been unauthorized access to its network, and files containing personal and protected health information had been accessed. The personal and protected health information of current and former patients and employees was involved, including names, dates of birth, Social Security numbers, medical and health information, diagnostic and treatment information, health insurance information, and/or tax/financial information.

Centers for Dialysis Care said additional security measures have been implemented to reduce the risk of similar incidents in the future. The post ERMI; McLeod Physician Associates; Centers for Dialysis Care Announce Data Breaches appeared first on The HIPAA Journal .

Originally published at hipaajournal.com

Share
▸ Want a deeper look?

Talk to an architect about applying this to your stack.

60-minute technical evaluation, no obligation. We'll map the ideas in this article to your environment.

Skip to main content