Harbin Clinic in Georgia is alerting over 200,000 patients about a significant data breach involving personal information that was stolen from Nationwide Recovery Services (NRS) in July 2024.

The breach has also impacted several other healthcare systems, including Hamilton Health Care System and Erlanger Health, underscoring the widespread ramifications of this incident.

The breach was uncovered following suspicious activity that led to a network outage at NRS, revealing that attackers had access to their systems from July 5 to July 11, 2024.

Despite the breach, NRS has not disclosed the specific clients affected or the total number of individuals involved, and notably, no ransomware group has claimed responsibility for the attack.

The compromised data includes sensitive information such as names, addresses, birth dates, Social Security numbers, financial account details, guarantor information, and medical records.

In their notification to affected individuals, Harbin Clinic stated that NRS found no evidence of identity theft or fraud linked to the breach.

The total number of individuals potentially impacted may be even higher, as additional healthcare providers in Georgia and Tennessee have reported being affected, bringing the total to over 110,000 more individuals.

The Maine Attorney General’s Office confirmed that 210,140 patients were affected, and in response, Harbin Clinic is offering 24 months of free identity monitoring services to those impacted.

In February 2025, NRS informed Harbin Clinic that some of the stolen data included patient information, and by March, they provided a list of the affected individuals.