On March 16, 2025, Horizon Behavioral Health discovered issues with their computer systems and quickly determined they were the victim of a ransomware incident. Horizon immediately took steps to stop the ransomware and engaged outside cybersecurity experts to investigate this event. Based on their investigation, it appears the incident began on or around March 13, 2025. Between March 13, 2025, and March 16, 2025, information from Horizon’s systems may have been inappropriately accessed and/or obtained by an unauthorized user.
The data impacted differed by individual and mostly pertained to information about insurance claims. Information involved may have included one or more of the following types of information: demographic information (such name, Social Security number, address, ZIP code, driver’s license number, date of birth, or similar identifier), clinical information (which may include diagnosis/conditions, medications, or other treatment information), or information related to insurance or claims information.
Horizon have notified state and federal law enforcement, including the FBI’s Cyber Crimes Division, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), and the Cyber Fusion Center of the Virginia State Police. Horizon is supporting all law enforcement investigations into this matter.
Horizon is continuing to evaluate additional actions to strengthen their network security in the face of an ever-evolving cyber threat landscape.
What 'Light' Daily Cleaning of Patient Rooms Misses
Sprinkler Compliance: Navigating Code Mandates, Renovation Triggers and Patient Safety
MUSC Board of Trustees Approves $1.1B South Carolina Cancer Hospital
Study Outlines Hand Hygiene Guidelines for EVS Staff
McCarthy Completes $65M Sharp Rees-Stealy Kearny Mesa MOB Modernization