3rd Party Risk Management,
Data Breach Notification,
Data Security
Horizon Healthcare RCM Indicates Possible Ransom Payment in Data Breach
Horizon Healthcare RCM has publicly disclosed a ransomware attack resulting in a significant health data breach, suggesting that a ransom may have been paid to protect the confidentiality of the compromised information.
According to a breach report submitted to Maine’s Attorney General on June 27, the attack impacted six residents within that state; however, the report did not specify the total number of individuals affected nationwide. Notably, the U.S. Department of Health and Human Services’ Office for Civil Rights has not yet listed this incident on its HIPAA Breach Reporting Tool as a major data breach involving 500 or more individuals.
The breach appears to potentially affect numerous clients associated with Horizon Healthcare RCM, based in Indiana. The company’s website highlights several prominent client partnerships, which include major healthcare systems and hospitals such as Ascension Health and Bon Secours Health System, among others.
Despite requests for clarification regarding the scope of the breach, including the number of affected clients and patients, Horizon Healthcare RCM has yet to provide additional information. As of now, clients featured on the company website have not reported any breaches to state or federal regulators related to this incident.
Potential Ransom Payment
In a publicly accessible breach notice on its website, Horizon Healthcare RCM indicated that on December 27, 2024, it discovered a computer virus that locked access to certain files on its network. The company stated that it “securely restored” its systems and took steps to investigate the breach. Some files were confirmed to be copied without authorization.
While Horizon did not explicitly confirm a ransom payment, it mentioned that it arranged for the perpetrator to delete the copied information and is notifying patients as possible. The data compromised potentially includes patient identifiers alongside general health insurance claims processing information, with some records containing sensitive details such as Social Security numbers and payment information.
Current analysis indicates that adversary tactics potentially utilized in this attack align with several techniques described in the MITRE ATT&CK framework, such as initial access through phishing or exploitation of vulnerabilities, persistence via establishing backdoors, and possibly privilege escalation during the attack process.
This incident is part of a broader trend, as multiple revenue cycle management firms have reported similar breaches in recent months. For example, ALN Medical Management recently updated its breach report to reflect a staggering 1.32 million individuals affected by a similar hacking incident.
The ongoing frequency of attacks on revenue cycle management firms raises concerns regarding their security practices. Cybersecurity experts emphasize the need for these companies to move beyond mere compliance and adopt proactive security measures. As demonstrated by this incident, the impact of these cyberattacks can ripple through entire healthcare systems, affecting critical operations and patient data security.
