Georgia healthcare provider Harbin Clinic is notifying over 200,000 people that their personal information was stolen in a July 2024 data breach at debt collector Nationwide Recovery Services (NRS).
The incident was discovered after suspicious activity on NRS’s internal systems resulted in a network outage. The third-party collection agency discovered that the attackers accessed its network between July 5 and July 11, and stole certain data.
In February 2025, the debt collecting services provider, a subsidiary of ACCSCIENT, notified Harbin Clinic that some of the stolen data pertained to its patients, and in March provided a list of individuals who might have been affected by the incident.
The compromised information includes names, addresses, birth dates, Social Security numbers, financial account details, guarantor details, and medical information.
“NRS reported that it has no evidence to suggest there has been identify theft or fraud related to this incident,” Harbin Clinic notes in the notification letter sent to the impacted individuals.
The healthcare provider notified the Maine Attorney General’s Office that 210,140 people were affected by the data breach and that it is providing them with 24 months of free identity monitoring services.
The total number of potentially impacted individuals, however, appears to be much higher, as the incident affected other NRS customers as well, including multiple healthcare providers in Georgia and Tennessee. NRS has debt collection licenses in all 50 states.
In April, Hamilton Health Care System (dba Vitruvian Health), Erlanger Health, DRH Health, Elbert Memorial Hospital, Rhea Medical Center, and the City of Chattanooga disclosed impact from the incident saying that, collectively, over 110,000 people were affected.
NRS has not publicly disclosed which of its clients were affected by the incident, nor how many individuals might have been impacted. No known ransomware group appears to have claimed the attack.
SecurityWeek has emailed NRS for additional information on the data breach and will update this article if a reply arrives.
Related: Australian Human Rights Commission Discloses Data Breach
Related: 437,000 Impacted by Ascension Health Data Breach
Related: 160,000 Impacted by Valsoft Data Breach
Related: Kelly Benefits Data Breach Impact Grows to 400,000 Individuals
