Hamilton & Vitruvian Health Data Breach Affects 88,848 Patients: SSNs Exposed

On February 24, 2025, Hamilton Health Care System, Inc. d/b/a Vitruvian Health learned of a data breach impacting patient information. The incident originated not within Vitruvian Health’s own systems, but rather through a third-party collection agency, Nationwide Recovery Service (NRS), which serves several Vitruvian Health affiliates, including Hamilton Emergency Medical Services, Hamilton Physician Group, Hamilton Medical Center, and Anna Shaw Children’s Institute.

The breach occurred when an unauthorized individual accessed NRS systems between July 5 and July 11, 2024. During this window, the attacker removed data from NRS’s environment. Vitruvian Health was notified of the incident by NRS on February 24, 2025, and has since worked to identify the affected individuals.

A total of 88,848 individuals in the United States were affected by this breach, including 3 residents of Maine, according to the Maine Attorney General’s data breach disclosure.

The exposed information includes names, addresses, Social Security numbers, dates of birth, financial account information, and other medical information. This means both personally identifiable information (PII) and protected health information (PHI) were compromised.

Vitruvian Health's response

Vitruvian Health responded by collaborating closely with NRS to confirm which records were affected and to ensure that all impacted individuals could be notified. NRS has implemented additional security safeguards and reviewed its policies to strengthen its cybersecurity posture and help prevent similar incidents in the future.

Notifications have also been provided to law enforcement and credit monitoring bureaus.

For those affected, Vitruvian Health is offering identity theft protection services through IDX, a data breach and recovery services provider. These services include 12 or 24 months of credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed identity theft recovery services.

Impacted individuals are encouraged to enroll in these free services by visiting the Vitruvian Health IDX response portal, calling 1-877-434-0713, or scanning the QR code provided in the written notice. The deadline to enroll is July 14, 2025.

Vitruvian Health has provided detailed instructions for placing fraud alerts, freezing credit, and seeking additional help through federal and state agencies. The company’s written notice, sent on April 14, 2025, outlines these steps and resources in detail.

Where are

For more information on the system, visit the Vitruvian Health website.