DRH Health Affected by the Nationwide Recovery Service Data Breach

On April 25, 2025, Duncan Regional Hospital, Inc. (DRH Health) disclosed a data breach involving its third-party vendor, Nationwide Recovery Services, Inc. (NRS). The breach affected at least one New Hampshire resident, according to a disclosure filed with the New Hampshire Attorney General’s office. The incident traces back to a cybersecurity issue within NRS’s network environment, which began on July 5, 2024, and continued until July 11, 2024. During this period, an unauthorized actor gained access to NRS’s systems and copied files from one of its servers.

NRS notified DRH Health about the potential impact on patient information on February 14, 2025. DRH Health then undertook a thorough review to identify affected individuals and complete notification preparations by March 28, 2025. The breach potentially exposed a range of sensitive personal information, including names, addresses, Social Security numbers, dates of birth, financial account information, and medical-related information. This means both personally identifiable information (PII) and protected health information (PHI) may have been compromised. While the investigation could not determine exactly which data points were accessed for each individual, the risk is significant due to the nature of the information involved.

DRH Health's response

Upon learning of the breach, DRH Health reviewed the impacted information and began notifying affected individuals. The hospital is offering complimentary Single Bureau Credit Monitoring, Credit Report, and Credit Score services for 12 months to those whose information was potentially compromised. In addition, proactive fraud assistance is being provided through a third-party vendor specializing in fraud remediation.

For those who may be affected, DRH Health recommends remaining vigilant by reviewing account statements, explanation of benefits forms, and monitoring free credit reports for any suspicious activity. Individuals can order one free credit report annually from each major credit bureau at AnnualCreditReport.com. DRH Health also encourages placing a fraud alert or security freeze on credit files to prevent unauthorized use of personal information.

If you believe you may have been affected but have not received a notification letter, you can contact DRH Health’s dedicated assistance line at (800) 494-2165, Monday through Friday, 8:00 a.m. to 5:00 p.m. Central Time (excluding major U.S. holidays).

Further guidance on protecting against identity theft—including how to place fraud alerts and credit freezes—is included in the official notice posted by DRH Health.

For more information about the organization, visit the official DRH Health website.