A cybersecurity incident has exposed sensitive personal, medical and financial information of nearly 100,000 Americans.
In a new filing with the Office of the Maine Attorney General, the Georgia-based family healthcare firm Virtuvian Health says 88,848 clients are affected by a data breach involving Nationwide Recovery Service (NRS), a third-party collection agency used by the company to recover unpaid debts.
-->Vitruvian Health says NRS discovered the cybersecurity incident in July of 2024 when an unauthorized entity illegally accessed the firm’s database, siphoning customer data including names, addresses, Social Security numbers, dates of birth, financial account details, and medical records.
“The NRS investigation revealed that an unauthorized individual accessed NRS Systems from July 5, 2024 to July 11, 2024 and removed data from the system. Vitruvian Health was notified by NRS on February 24, 2025, that our patients’ information was amongst the data affected by this incident. Since that time, Vitruvian Health has been working with NRS to confirm specific records affected so as to provide notification to those involved.”
Virtuvian Health, formerly known as Hamilton Health Care System, is a multi-specialty medical practice that offers primary, emergency and behavioral care services as well as various interventions for pain management.
The firm says it immediately sent letters to impacted customers to notify them about the security incident while offering identity theft protection services that come with a $1 million insurance reimbursement policy.
Vitruvian Health also highlights that its systems were “in no way affected by the security incident,” and that the data breach was limited to NRS’s network.
For now, the firm is asking affected users to remain vigilant and immediately report any suspicious activities related to their personal, financial or medical records.
