Horizon Healthcare RCM Announces December 2024 Ransomware Attack
Horizon Healthcare RCM, a Crown Point, IN-based revenue cycle management firm, has recently disclosed a ransomware attack and data breach. The attack was identified on December 27, 2024, and the forensic investigation confirmed that the ransomware group had access to its network between December 25 and December 27, 2024, and exfiltrated sensitive data.
The review of the affected files was completed on May 20, 2025. The types of information involved vary from individual to individual and generally include an internal Horizon number, customer number, or other patient identifier in combination with general claims processing information. A limited number of individuals (under 500) had other information compromised, such as non-address contact information, date of birth, Social Security number, driver’s license number, passport number, payment card information, and/or checking/financial account information. Horizon has started notifying the affected individuals by mail and has offered complimentary identity monitoring services to certain individuals.
The substitute breach notice suggests that the ransom was paid, as Horizon stated it arranged for the party responsible to delete the copied information. No ransomware group appears to have claimed responsibility for the attack, which further suggests that the ransom was paid. As some law enforcement operations against ransomware gangs have shown, copies of the stolen data may be retained even when the ransom is paid, so the affected individuals should remain vigilant against identity theft and fraud. Horizon said there are no verified reports of identity theft or fraud related to the incident.
Revenue cycle management companies are attractive targets for ransomware groups, as a breach of their systems potentially gives them access to the data of many healthcare provider clients. For instance, the attack on ALN Medical Management in March 2024 involved unauthorized access to the protected health information of more than 1.8 million individuals.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The Horizon website lists some of the healthcare providers and health systems that use its revenue management solutions, such as Ascension Health, Adfinitas Health, Bon Secours Health System, Crook County Medical Services District, Ensemble Health Partners, Franciscan Alliance, Guthrie Lourdes Hospital, Methodist Hospitals, Pinnacle Wound Care, TeleCare Pharmacy and The Podiatry Care Center.
It is unclear how many of those clients have been affected, but given the size of some of those clients, the data breach could potentially be considerable. At present, the incident is not shown on the HHS’ Office for Civil Rights website, so it is unclear how many individuals have been affected.
