National Research Corporation

NRC Health, also known as National Research Corporation, operates within the healthcare sector, specifically providing healthcare analytics services. The organization focuses on gathering and analyzing data relevant to healthcare providers and systems. Its core offerings involve delivering insights derived from patient and operational data, supporting healthcare entities in understanding performance, patient experiences, and market dynamics. The company serves markets primarily within the healthcare industry, catering to providers seeking data-driven solutions to improve their services and strategic decision-making. Based in the United States of America, NRC Health functions as a significant entity in the healthcare information technology and analytics landscape.

The organization encountered a significant cybersecurity incident on February 11, 2020, identified as a ransomware attack. This event necessitated an immediate shutdown of systems to contain the infection and prevent further spread. NRC Health confirmed that the attack did not result in the compromise of sensitive information, explicitly stating that patient data, protected health information (PHI), and other confidential materials remained secure throughout the incident. This outcome highlights the company's implementation of security measures designed to protect critical healthcare data even under direct attack conditions.

Following the containment actions, NRC Health's internal technical teams undertook extensive efforts to restore affected systems. The company reported making substantial progress in these restoration activities, anticipating a full recovery of operations in the near term following the attack. In accordance with standard incident response protocols involving cybercrime, the Federal Bureau of Investigation (FBI) was formally notified about the ransomware event. While the specific ransomware variant used in the attack was not publicly identified by the company, NRC Health also maintained confidentiality regarding whether any ransom payment was made to the attackers. The incident underscores the persistent cybersecurity threats facing healthcare data analytics firms and NRC Health's procedural response to such critical events.