Vitruvian Health Reports 88,848 Americans Affected by NRS Data Breach

A significant cybersecurity incident has compromised the sensitive personal, medical, and financial information of 88,848 Americans. The breach, involving the third-party collection agency Nationwide Recovery Service (NRS), was discovered in July 2024 when an unauthorized entity accessed NRS’s database. The compromised data includes names, addresses, Social Security numbers, dates of birth, financial account details, and medical records.

Vitruvian Health, a Georgia-based family healthcare firm, disclosed the incident in a filing with the Office of the Maine Attorney General. The company, formerly known as Hamilton Health Care System, uses NRS to recover unpaid debts. The unauthorized access occurred between July 5, 2024, and July 11, 2024, and Vitruvian Health was notified by NRS on February 24, 2025, about the breach. Since then, Vitruvian Health has been working with NRS to identify the specific records affected and notify the impacted individuals.

Vitruvian Health has taken immediate action to mitigate the damage. The firm sent letters to affected customers, informing them about the security incident and offering identity theft protection services. These services include a $1 million insurance reimbursement policy to cover any potential losses. The company has emphasized that its own systems were not affected by the breach, and the incident was confined to NRS’s network.

The firm is urging affected users to remain vigilant and report any suspicious activities related to their personal, financial, or medical records. This breach highlights the vulnerabilities in third-party data management and the importance of robust cybersecurity measures to protect sensitive information. The incident serves as a reminder for healthcare providers and their partners to enhance their security protocols to prevent such breaches in the future.