SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

200,000 Harbin Clinic Patients Impacted by NRS Data Breach

Harbin Clinic says the information of over 200,000 patients was stolen in a July 2024 data breach at Nationwide Recovery Services.

Georgia healthcare provider Harbin Clinic is notifying over 200,000 people that their personal information was stolen in a July 2024 data breach at debt collector Nationwide Recovery Services (NRS).

The incident was discovered after suspicious activity on NRS’s internal systems resulted in a network outage. The third-party collection agency discovered that the attackers accessed its network between July 5 and July 11, and stole certain data.

In February 2025, the debt collecting services provider, a subsidiary of ACCSCIENT, notified Harbin Clinic that some of the stolen data pertained to its patients, and in March provided a list of individuals who might have been affected by the incident.

The compromised information includes names, addresses, birth dates, Social Security numbers, financial account details, guarantor details, and medical information.

“NRS reported that it has no evidence to suggest there has been identify theft or fraud related to this incident,” Harbin Clinic notes in the notification letter sent to the impacted individuals.

The healthcare provider notified the Maine Attorney General’s Office that 210,140 people were affected by the data breach and that it is providing them with 24 months of free identity monitoring services.

The total number of potentially impacted individuals, however, appears to be much higher, as the incident affected other NRS customers as well, including multiple healthcare providers in Georgia and Tennessee. NRS has debt collection licenses in all 50 states.

In April, Hamilton Health Care System (dba Vitruvian Health), Erlanger Health, DRH Health, Elbert Memorial Hospital, Rhea Medical Center, and the City of Chattanooga disclosed impact from the incident saying that, collectively, over 110,000 people were affected.

Advertisement. Scroll to continue reading.

NRS has not publicly disclosed which of its clients were affected by the incident, nor how many individuals might have been impacted. No known ransomware group appears to have claimed the attack.

SecurityWeek has emailed NRS for additional information on the data breach and will update this article if a reply arrives.

Related: Australian Human Rights Commission Discloses Data Breach

Related: 437,000 Impacted by Ascension Health Data Breach

Related: 160,000 Impacted by Valsoft Data Breach

Related: Kelly Benefits Data Breach Impact Grows to 400,000 Individuals

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: Rethinking Endpoint Hardening for Today’s Attack Landscape
On Demand

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Virtual Event: Cloud & Data Security Summit
July 16, 2025

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Cloud security startup Upwind has appointed Rinki Sethi as Chief Security Officer.

SAP security firm SecurityBridge announced the appointment of Roman Schubiger as the company’s new CRO.

Cybersecurity training and simulations provider SimSpace has appointed Peter Lee as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.