Medical billing company Horizon Healthcare notifies 77K people of data breach

Horizon Healthcare RCM this week confirmed it notified 77,410 people of a December 2024 data breach that compromised patients’ personal info.

The breach resulted in unauthorized access to internal data like patient numbers and identifiers, and health insurance claims info. In some cases, the data also included medical record numbers, Social Security numbers, contact info, dates of birth, state-issued ID numbers, payment card info, and bank account info.

Horizon’s notice to victims indicates this was a ransomware attack. “On December 27, 2024, we learned that a computer virus was used to lock access to some files stored on our computer network,” it says. “During our investigation of this matter, we identified that files on certain systems were likely copied without permission between December 26 and 27.”

Notably, the notice states, “Additionally, we arranged for the party responsible for this matter to delete the copied information.”

That statement, in addition to the fact that no ransomware gang has publicly claimed the attack, suggests Horizon paid a ransom.

The notice does not mention free credit monitoring or identity theft insurance for victims, which are typically offered in the wake of breaches that expose Social Security numbers and other info that could be used identity fraud.

Comparitech contacted Horizon Healthcare for comment and will update this article if it replies.

Ransomware attacks on US healthcare businesses

In 2024, Comparitech researchers logged 30 confirmed ransomware attacks on healthcare-related businesses like Horizon that do not offer direct care to patients. Those attacks compromised some 193 million records. Companies like Horizon often contract with multiple hospitals and other companies, so they have access to larger amounts of patient data.

In a similar recently-confirmed attack, medical manufacturer Artivion is issuing data breach notifications this week to more than 5,600 Texans following an attack in November 2024. No ransomware gang claimed that attack, either.

Change Healthcare marks the largest breach in 2024: 190 million people’s data was compromised. Change Healthcare paid attackers a ransom to delete the data only for it to resurface again later with a second ransom demand from a different group of cybercriminals.

In 2025 so far, we’ve recorded six confirmed attacks on non-direct care healthcare businesses, compromising more than 5 million records. The majority of those records came from a January 2025 attack on medical software company Episource.

Attacks on these businesses can both steal data and lock down computer systems. Infected businesses must either pay a ransom or face extended downtime, permanent data loss, and putting patients at increased risk of fraud.

About Horizon Healthcare RCM

Horizon Healthcare RCM is a revenue cycle management company that tracks patient care, appointment scheduling, and medical billing for hospitals and clinics. The company is based in Crown Point, Indiana and was founded in 2005. According to its website, Horizon’s clients include Ascension Health, Adfinitas health, Bon Secours Health System, Crook County Medical Services District, Ensemble Health Partners, Gurthrie Lourdes Hospital, Pinnacle Wound Care, TeleCare Pharmacy, The Podiatry Care Center, and more.