Emergency Responders Health Center reports data breach affecting more than 1,500 individuals

Emergency Responders Health Center in Boise, Idaho (EHRC), has confirmed a data breach that exposed sensitive personal and medical information of 1,528 individuals, including 526 Washington state residents. The incident stemmed from unauthorized access to employee email accounts first detected in April, with formal notifications to affected individuals beginning on September 26.

According to EHRC, unusual activity was discovered in an employee’s email account on April 11, 2025. The account was immediately secured, and an investigation was launched with the assistance of third-party cybersecurity experts. Investigators later determined that multiple email accounts had been accessed by an unauthorized party. While the affected accounts were secured shortly after the breach, a detailed review of compromised data continued into September.

On July 23, EHRC issued a substitute breach notice on its website, cautioning that the scope of exposure was still under review. The list of affected individuals was finalized on September 16, confirming that the exposed data included names, dates of birth, driver’s license numbers, Social Security numbers, medical details, and health insurance information.

EHRC said it has not seen evidence of misuse of the data but is offering affected individuals a complimentary 12-month membership for credit monitoring and identity theft protection. In addition, the organization reported taking multiple steps to strengthen its defenses, including resetting user credentials, expanding monitoring systems, and providing staff with additional security training.

The notification process began September 26, when letters were mailed to those impacted. EHRC emphasized that securing patient and employee information remains a top priority as it works to prevent similar incidents in the future.