tl;dr
Georgia-based healthcare firm Harbin Clinic disclosed a cybersecurity breach affecting 210,140 people. An unknown attacker accessed the database of its third-party vendor, Nationwide Recovery Services (NRS), stealing personal and financial information including names, addresses, Social Security numb...
In a significant cybersecurity breach, Nationwide Recovery Services (NRS), a third-party vendor, compromised the sensitive personal and financial data of 210,140 patients from Georgia-based healthcare provider Harbin Clinic. The attacker accessed the NRS database between July 5 and July 11, 2024, stealing information including names, addresses, Social Security numbers, birth dates, and financial records.
The breach was uncovered by NRS during a network outage investigation in July 2024, with Harbin Clinic being notified in February 2025. Upon discovery, Harbin Clinic promptly informed affected patients and offered free identity monitoring services. Despite the data exposure, no misuse of the stolen information has been reported so far.
Harbin Clinic, which provides various medical services such as family medicine, internal medicine, oncology, and cardiology, relies on NRS for debt collection services. The breach originated from unauthorized access to NRS systems, where files and folders were illegally copied. NRS has conducted an extensive review to determine the scope of the impact and the affected individuals.
Authorities and the healthcare firm urge patients to monitor their financial accounts closely for any suspicious activity. This event highlights the increasing cybersecurity risks associated with third-party vendors handling sensitive healthcare data and underscores the importance of robust security measures and vigilant monitoring.