Horizon Healthcare RCM data breach hits over 75,000 people

Horizon Healthcare RCM, an American healthcare revenue cycle management company, said that a data security incident it experienced last year compromised the sensitive personal information of more than 75,000 individuals.

 

Based in Crown Point, Indiana, Horizon Healthcare RCM is a revenue cycle management (RCM) company that provides comprehensive solutions to healthcare providers. It helps hospitals, health systems, and other healthcare organisations improve financial performance by streamlining processes such as patient registration, billing, coding, and collections.

 

In a data security incident notice published on its website, Horizon said that on December 27, it suffered a ransomware attack where threat actors used malware to lock access to some files stored within its internal network. The revenue cycle management company immediately launched an investigation, with assistance from external cyber security experts, to determine the scope of the incident.

 

“During our investigation of this matter, we identified that files on certain systems were likely copied without permission between December 26 and 27,” Horizon said.

 

The compromised data included names, dates of birth, Social Security numbers, driver’s license numbers, passport numbers, payment card information, checking or financial account information, internal Horizon numbers, customer numbers, general health insurance details and medical record numbers.

 

The incident was reported to the U.S. Department of Health and Human Services Office for Civil Rights, where Horizon said it has identified at least 77,410 individuals impacted by the incident.

 

Horizon said it had “arranged for the party responsible for this matter to delete the copied information”. However, it advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general.

 

At the time of publishing, no known hacker group claimed responsibility for the cyber attack on Horizon. The revenue cycle management company also did not share details on who was behind the attack, how much data was compromised, or if it has paid a ransom.