Alabama Hospital Recently Informed About 2024 Data Breach
Jackson Hospital and Clinic in Montgomery, Alabama, has notified 14,485 individuals about a July 2024 data breach at one of its former vendors, the debt collection agency Nationwide Recovery Services.
Nationwide Recovery Services first identified suspicious activity within its computer network in July 2024. The forensic investigation confirmed that an unauthorized third party accessed its network between July 5, 2024, and July 15, 2024. Nationwide Recovery Services notified the affected HIPAA-regulated entity clients between February 2025 and March 2025; however, Jackson Hospital and Clinic said it was not informed that it was one of the affected clients until January 27, 2026. Notification letters started to be mailed to the affected individuals on February 27, 2026, more than 19 months after the data breach occurred.
Jackson Hospital and Clinic said the incident involved data provided to Nationwide Recovery Services to allow the company to perform its contracted duties. None of Jackson Hospital and Clinic’s information technology systems were affected. Data potentially compromised in the incident includes names, phone numbers, addresses, dates of birth, Social Security numbers, account information, health insurance information, and/or dates of service. Jackson Hospital and Clinic said it no longer uses Nationwide Recovery Services for debt recovery.
As a precaution against data misuse, the affected individuals have been offered complementary credit monitoring and identity theft protection services. Due to the lengthy delay between the data breach and notification, the affected individuals should check their accounts and explanation of benefits statements for potential data misuse going back to July 2024, in addition to signing up for the complimentary credit monitoring services.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The total number of individuals affected by the Nationwide Recovery Services is unknown. Nationwide Recovery Services reported the breach to the HHS’ Office for Civil Rights (OCR) on September 9, 2024, using a placeholder figure of at least 501 affected individuals. That total has not been updated since the initial breach report. Many clients chose to issue their own notifications about the data breach. Based on breach notifications to state attorneys general and OCR, the data breach affected more than 560,000 individuals.
