teiss – News – Horizon Healthcare RCM discloses ransomware attack, sensitive data exfiltrated | #ransomware | #cybercrime

Horizon Healthcare RCM, a Crown Point, Indiana-based revenue cycle management firm, has confirmed it suffered a ransomware attack in late December 2024 that resulted in the exfiltration of sensitive data from its network. The company publicly disclosed the breach in July 2025 after completing a forensic investigation and review of affected files.

According to Horizon, the intrusion occurred between December 25 and December 27, 2024, and was identified on December 27. The firm launched an investigation with the help of cybersecurity experts, who determined that the attackers accessed and copied data from its systems before deploying ransomware. A review of the impacted files concluded on May 20, 2025.

While the types of information exposed vary by individual, they generally include internal Horizon identifiers such as a customer number or patient ID, alongside claims-related data. For fewer than 500 individuals, more sensitive data was compromised, including names in combination with Social Security numbers, driver’s license or passport numbers, dates of birth, financial account or payment card details, and other non-address contact information.

Horizon has begun notifying affected individuals by mail and is offering complimentary identity monitoring services to those whose data was most sensitive. In its substitute breach notice, the company disclosed that it arranged for the deletion of the copied data, strongly suggesting that a ransom was paid. Although no ransomware group has publicly claimed responsibility, the lack of attribution further supports that a payment may have been made to prevent public disclosure or sale of the data.

Cybersecurity experts caution that ransom payments do not guarantee permanent deletion, and some ransomware operations are known to retain stolen information even after receiving payment. Horizon stated there have been no verified reports of fraud or identity theft linked to the incident as of now, but urged affected individuals to remain vigilant.

Revenue cycle management companies like Horizon are increasingly attractive to threat actors due to their access to sensitive health and financial data across multiple provider networks. The Horizon breach follows a similar incident at ALN Medical Management in March 2024, which affected more than 1.8 million individuals.

Horizon Healthcare’s website lists several major healthcare clients, including Ascension Health, Bon Secours Health System, Franciscan Alliance, Adfinitas Health, Ensemble Health Partners, and Methodist Hospitals, among others. It remains unclear which clients were impacted or how many individuals in total may have been affected. As of now, the breach has not appeared on the U.S. Department of Health and Human Services’ Office for Civil Rights breach portal.