On March 16, 2025, Horizon Behavioral Health discovered issues with their computer systems and quickly determined they were the victim of a ransomware incident. Horizon immediately took steps to stop the ransomware and engaged outside cybersecurity experts to investigate this event. Based on their investigation, it appears the incident began on or around March 13, 2025. Between March 13, 2025, and March 16, 2025, information from Horizon’s systems may have been inappropriately accessed and/or obtained by an unauthorized user.
The data impacted differed by individual and mostly pertained to information about insurance claims. Information involved may have included one or more of the following types of information: demographic information (such name, Social Security number, address, ZIP code, driver’s license number, date of birth, or similar identifier), clinical information (which may include diagnosis/conditions, medications, or other treatment information), or information related to insurance or claims information.
Horizon have notified state and federal law enforcement, including the FBI’s Cyber Crimes Division, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), and the Cyber Fusion Center of the Virginia State Police. Horizon is supporting all law enforcement investigations into this matter.
Horizon is continuing to evaluate additional actions to strengthen their network security in the face of an ever-evolving cyber threat landscape.
How Efficiency Checklists Help Hospitals Save Energy, Water and Money
Designing with Heart: Seen Health Center Blends Cultural Warmth and Clinical Care
Rutgers Health and University Hospital Breaks Ground on Campus Expansion
What to Consider When Modernizing Healthcare Facilities
Corewell Health Beaumont Troy Hospital to Build New Tower