By HFT Staff

UCM Medical Group Sub, LLC posted this notice because a third-party vendor, Nationwide Recovery Services, Inc. (NRS), notified them on April 8, 2025, that they experienced a cybersecurity incident in July 2024 that may have resulted in unauthorized access to certain personal information. At this time, the vendor has informed UCM that they are not aware of any misuse of the personal information potentially affected by this incident. 

UCM is providing separate written notification to affected individuals for whom they have mailing addresses. They are posting this notice for those affected individuals for whom they do not have mailing addresses. 

From July 5, 2024, to July 11, 2024, an unauthorized individual gained access to NRS systems and obtained information from certain files and folders. Upon learning of this, NRS took steps to terminate unauthorized access and make enhancements to further secure their systems. NRS recently completed a review and analysis of the potential impacts and determined that personal information may have been involved. 

NRS has indicated that the affected information may have contained the following types of personal information: first and last name, address, date of birth, Social Security number, financial account information, and/or medical-related information that may have been provided to them to perform financial services on their behalf. 

UCM has terminated their relationship with Nationwide Recovery Services, Inc. NRS has confirmed they implemented additional security measures to prevent the occurrence of a similar event in the future.