Hamilton County officials have updated actions taken in response to a data breach from a debt collectioni firm used by the county.
They said there has been no evidence thus far that anyone's data has been misused.
Officials said, "As we previously made you aware in our letter to you dated April 14, 2025, Nationwide Recovery Service (“NRS”) is a business associate of Hamilton County Government (“HCG”) providing debt collection services for delinquent accounts for various departments, offices and organizational components of HCG.
"On July 14, 2024, HCG received an email from NRS with an attached letter. The letter confirmed NRS had suffered a cybersecurity event that was reported to federal law enforcement. On Monday, February 24, 2025, the Hamilton County Attorney’s Office received a letter via U.S. Mail from NRS supplementing their July 14, 2024, letter.
"The letter stated that NRS’s investigation recently found that there was unauthorized access to the NRS network between July 5, 2024, and July 11, 2024, and that certain files and folders were copied from the system.
"NRS determined that the compromised information potentially included names, addresses, Social Security numbers, dates of birth, financial account information and/or medical related information, among other information provided to NRS by HCG.
"NRS took the following corrective actions after the event to safeguard their environment:
• Network Segmentation: NRS implemented additional segregation of all offices and cloud server networks from each other.
• Access Control and Identity Management: Network users are required to access via VPN with Domain authentication and multi-factor authentication (“MFA”) to access any NRS resources; role-based access control (“RBAC”) to segment data access according to job roles or required permissions; enforcement of a Fine-Grained Password Policy (“FGPP”), allowing administrators to set different password and account lockout policies for specific groups of users within a domain; Local Administrator Password Solution (“LAPS”) to manage local administrator passwords for domain-joined computers in Active Directory. NRS conducts audits on a daily basis when a local user is being added to device; NRS audits weekly domain administrator access; and NRS audits monthly for domain user rights.
• Data Segmentation and Classification: data is classified based on sensitivity and policy restrictions are in place to ensure the minimum as necessary policy is followed To Enroll, Scan the QR Code Below: Or Visit: https://app.idx.us/account-creation/protect • Micro-Segmentation: implementation of fine-grained policies within individual workloads or applications on all NRS firewalls. NRS also utilizes firewalls and Intrusion Detection/Prevention Systems (“IDS/IPS”) between segments to filter traffic, monitor for suspicious activity, and enforce segmentation policies. This setup includes rules to block unauthorized lateral movement within the network.
• More Regular Audits and Monitoring: NRS regularly conduct audits and monitor user-based permissions and network traffic, including Datto log monitoring and segmentation reviews, to detect any anomalies or unauthorized activity. The NRS team checks Kaseya Datto RMM and EDR for any alerts on a daily basis. Additionally, the NRS team reviews on a weekly basis that all devices to ensure Kaseya Datto RMM and AntiVirus/EDR is installed and operating properly. • Patching and Vulnerability and Remediation: deployment and integration of Datto RMM/EDR for patching and vulnerability management. In addition to Datto, NRS leverages RocketCyber to remediate critical vulnerabilities with 24/7 monitoring and containment functionality.
• Backup and Recovery: Restructuring of Veeam Enterprise Backup and replication, including nightly backups to a backup storage server, followed by an immutable backup that sends the backups offsite storage. What HCG is Doing HCG is offering identity theft protection services through IDX, data breach and recovery services expert, for qualified individuals affected by the NRS Data Breach. All affected HCG patients are qualified. IDX identity protection services include: 12 months of credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed ID theft recovery services. With this protection, IDX will help you resolve issues if your identity is compromised.
"We encourage you to contact IDX with any questions and to enroll in the free identity protection services by calling 800-939-4170, going to https://app.idx.us/account-creation/protect, or scanning the QR image. You will need to call the HCG Privacy Officer at phone number 1-833-484-8671 to obtain an Enrollment Code. Please note the deadline to enroll is September 30, 2025.
"Again, at this time, there is no evidence that your information has been misused. However, we encourage you to take full advantage of this service offering. IDX representatives can answer questions or concerns you may have regarding protection of your personal information."