In Georgia, United States, Harbin Clinic is alerting over 200,000 people about a significant healthcare data breach incident. The compromise originated from Nationwide Recovery Services (NRS), a debt collection firm working with numerous medical providers. The breach occurred in July 2024, when NRS noticed unusual activity that caused a network outage. Subsequent investigation confirmed that attackers accessed their internal systems between July 5 and July 11.
The attack led to the unauthorized extraction of sensitive patient data from NRS’s network.
In February 2025, NRS informed Harbin Clinic that some stolen files included its patient records. The following month, Harbin Clinic received a detailed list of affected individuals. The exposed data includes names, home addresses, dates of birth, and Social Security numbers.
Further compromised details included financial account numbers, guarantor information, and confidential medical data tied to each patient. Harbin Clinic stated that NRS has not found proof of fraud or identity theft resulting from the breach. Nonetheless, Harbin reported to the Maine Attorney General’s Office that 210,140 individuals were affected.
It is offering those patients 24 months of complimentary identity monitoring and protection services.
The breach is broader than initially disclosed and may involve several other healthcare providers across Georgia and neighboring Tennessee. Affected organizations include Erlanger Health, Hamilton Health Care, Rhea Medical Center, and Elbert Memorial Hospital. Combined, these institutions reported impacts to over 110,000 people. NRS has not publicly revealed a complete list of affected clients, and no cybercriminal group has claimed responsibility for the intrusion.
Reference:
