On March 16, 2025, Horizon Behavioral Health discovered issues with their computer systems and quickly determined they were the victim of a ransomware incident. Horizon immediately took steps to stop the ransomware and engaged outside cybersecurity experts to investigate this event. Based on their investigation, it appears the incident began on or around March 13, 2025. Between March 13, 2025, and March 16, 2025, information from Horizon’s systems may have been inappropriately accessed and/or obtained by an unauthorized user.
The data impacted differed by individual and mostly pertained to information about insurance claims. Information involved may have included one or more of the following types of information: demographic information (such name, Social Security number, address, ZIP code, driver’s license number, date of birth, or similar identifier), clinical information (which may include diagnosis/conditions, medications, or other treatment information), or information related to insurance or claims information.
Horizon have notified state and federal law enforcement, including the FBI’s Cyber Crimes Division, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), and the Cyber Fusion Center of the Virginia State Police. Horizon is supporting all law enforcement investigations into this matter.
Horizon is continuing to evaluate additional actions to strengthen their network security in the face of an ever-evolving cyber threat landscape.
Rethinking Strategies for Construction Success
From Touchless to Total Performance: Healthcare Restroom Design Redefined
New York State Approves $53M Construction Program at Niagara Falls Memorial Medical Center
How Health Systems Are Rethinking Facilities Amid Margin Pressure
Ground Broken on New Medical Office Building in Scottsdale, AZ