Cyber Incident Victim: National Research Corporation

On February 11, 2020, NRC Health, a Lincoln-based healthcare analytics provider, experienced a ransomware attack that disrupted its operations. The company promptly shut down its systems to contain the infection upon detection. NRC Health specializes in delivering data-driven insights to healthcare providers to improve service quality, but the attack forced an immediate cessation of normal business activities. Internal staff initiated containment protocols to prevent lateral movement of the ransomware within the network. No evidence emerged during the initial response indicating unauthorized access to or exfiltration of protected health information, confidential data, or patient records. The company maintained operational silence regarding technical specifics of the attack vector, initial access method, or ransomware variant involved.

Paul Cooper, NRC Health’s Chief Information Officer, confirmed significant progress in system restoration within two weeks of the incident, anticipating full recovery within days of his February 25 statement. The restoration effort relied entirely on internal resources without external confirmation of third-party forensic assistance. NRC Health formally reported the incident to the FBI but did not disclose whether the bureau provided investigative support. Cooper explicitly declined to state whether the company paid a ransom to attackers. Operational impacts included temporary loss of analytics services to healthcare clients, though the duration of outages for specific systems remained unspecified. The company reiterated throughout its communications that no data compromise occurred despite the systemic disruption caused by the ransomware encryption event.