Nationwide Data Breach Exposes Social Security Numbers

On July 11, 2024, Nationwide Recovery Service (NRS), a third-party collection agency and subsidiary of ACCSCIENT, detected a cybersecurity incident affecting its internal systems. An unauthorized individual gained access to NRS’s systems between July 5 and July 11, 2024, and removed data.

NRS began notifing its downstream vendor clients beginning on February 10, 2025. Since then, NRS and the affected vendor clients have been working together to identify specific records affected and notify those individuals.

What Types of Information were Exposed?

The information exposed in this breach includes personally identifiable information (PII) and protected health information (PHI) including names, addresses, Social Security numbers, dates of birth, financial account information, and other medical information.

The inclusion of Social Security numbers, financial data, and medical information makes this breach particularly severe.

Who are the Affected Vendor Clients?

While NRS has not publicly disclosed who all the affected vendor clients are, Claim Depot is maintaining a list that will be updated daily.

Affected Vendor Clients:

• Erlanger Western Carolina Hospital
• Rhea Medical Center
• Hamilton Health Care System, Inc. d/b/a Vitruvian Health
• DRH Health
• Elbert Memorial Hospital
• Swedish Edmonds Hospital

Nationwide Recovery Services' response

In response to the breach, Nationwide Recovery Service has implemented additional data security safeguards and reviewed its existing policies to strengthen its security posture and prevent similar incidents in the future. NRS has also notified law enforcement and credit monitoring bureaus about the incident.

For those affected, NRS is offering identity theft protection services through IDX, a data breach and recovery services expert. This includes 12 or 24 months of credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed identity theft recovery services. These resources are provided at no cost to affected individuals, and IDX representatives are available to assist with enrollment and answer questions.

If you received a notification, it is important to take the following steps:

• Activate the credit monitoring included in your IDX membership.
• Review your credit reports regularly for any unauthorized activity. You are entitled to one free credit report every 12 months from each of the three major credit bureaus at AnnualCreditReport.com.
• Consider placing a fraud alert or security freeze with the credit bureaus to add an extra layer of protection.
• Remain vigilant for suspicious activity and report any concerns to IDX or the appropriate authorities.

Given the sensitive nature of the information involved—especially Social Security numbers and medical details—it is essential for affected individuals to take advantage of the identity protection services and to monitor their financial and health records closely.

For more information about Nationwide Recovery Service, Inc., visit their official website: nrsagency.com.