Horizon Healthcare RCM Data Breach Investigation

On June 27, 2025, Horizon announced that the sensitive personal identifiable information and protected health information in its care may have been compromised. According to the breach notice, Horizon experienced a data security incident on December 27, 2024.¹ As a result, Horizon launched an investigation to determine the nature of the incident, which concluded on May 20, 2025.

Through its investigation, Horizon discovered that files on certain systems were likely copied without permission between December 26 and December 27, 2024.¹ As a result, Horizon began a review of the data to determine what information had been impacted, as well as identify the specific individuals affected. While the information impacted varies depending on the individual, the type of information potentially exposed includes:

• Name
• Social Security Number
• Date of birth
• Driver’s license number
• Passport number
• Financial account information
• Medical information (e.g., customer number, patient identifiers in conjunction with general health insurance claims, medical record number)

As a result of the data breach, Horizon posted a notice of the incident on its website. Additionally, on June 27, 2025, Horizon began sending breach notification letters to impacted individuals. Based on the website breach notice, Horizon is providing affected individuals with a list of the specific types of sensitive information impacted and complimentary credit monitoring services. A link to the form breach notification that Horizon posted to its website is below.