Cybercrime,
Data Breach Notification,
Data Security
Nationwide Recovery Service Data Breach Impacts Numerous Healthcare Providers
The hacking incident at Nationwide Recovery Service (NRS) has prompted a significant rise in reported health data breaches among its healthcare clients, affecting over half a million patients across the United States. Recent updates indicate that at least six additional clients have informed federal and state regulators of breaches linked to this incident, increasing the total number of affected individuals by over 200,000.
Initially reported to the U.S. Department of Health and Human Services (HHS) in September 2024, the breach was estimated to affect 501 individuals—a figure later confirmed to be a placeholder. As of now, NRS’s report remains unupdated on HHS’s Office for Civil Rights HIPAA Breach Reporting Tool, which monitors significant health data breaches.
As of mid-May 2025, reports from NRS clients suggested that over 300,000 patients had been affected, with notable impacts on organizations such as Harbin Clinic in Georgia, which saw 210,000 patient records compromised, and Vitruvian Health in Texas, which reported almost 90,000 affected patients. Several other firms across the healthcare landscape also noted breaches during this timeframe.
Recent disclosures highlight ongoing notifications to affected individuals. For instance, Oregon-based TRG Imaging reported to Texas authorities that 257 patients were impacted, with additional breach reports submitted to other states, though the total number of affected individuals from TRG’s breach remains undisclosed. Similarly, Duncan Regional Hospital in Oklahoma has begun notifying patients of their involvement, even as their breach report is still unlisted on the HHS OCR website.
Healthcare Sector Vulnerabilities
This breach is part of a broader trend, with NRS’s incident being one of many affecting the healthcare sector this year, targeting organizations that manage extensive protected health information. The HHS OCR reported a total of 336 major breaches impacting nearly 29.2 million people in 2025 alone, with business associates responsible for 124 of these incidents, affecting over 15.2 million individuals.
Experts suggest that malicious actors often exploit the trust relationships between healthcare providers and their business associates, gaining access to sensitive data through compromised third-party systems. Mike Hamilton, a field CISO at Lumifi Cyber, noted that the wide access provided to these associates can turn them into significant entry points for cybercriminals.
As of today, NRS faces multiple proposed federal class action lawsuits stemming from this incident. The data breach reportedly occurred when an “unauthorized party” accessed NRS’s computer network from July 5 to July 11, 2024, during which confidential files were extracted.
Among the compromised information are individuals’ personal details, such as names, addresses, Social Security numbers, dates of birth, account balances, and medical records. Although clients have assured affected individuals that their IT systems were not directly breached, the incident underscores the high value of health and financial data, making firms like NRS prime targets for cyberattacks.
As businesses across the healthcare spectrum continue to confront cyber threats, understanding the potential tactics used in such breaches becomes essential. The MITRE ATT&CK framework suggests that tactics such as initial access, data exfiltration, and operational impact may well describe the methods employed in the NRS incident.
