Horizon Healthcare RCM Data Breach Affects 77,410 People: SSNs Exposed

Between December 25 and December 27, 2024, Horizon Healthcare RCM, a revenue cycle management company serving healthcare providers, experienced a major data breach. The company discovered the breach on December 27.

The cybersecurity incident was disclosed to the U.S. Department of Health and Human Services on June 27, 2025. At least 77,410 individuals have been impacted by the data breach.

According to the disclosure submitted to the Maine Attorney General’s office, the breach exposed a wide range of sensitive information, including both personally identifiable information (PII) and protected health information (PHI). The types of data compromised include medical record numbers, names, Social Security numbers, checking or financial account information, contact information, customer numbers, dates of birth, driver’s license numbers, general health insurance claims processing information, internal Horizon numbers, passport numbers, patient identifiers, and payment card information.

Horizon Healthcare RCM began notifying affected individuals on June 27, 2025. The breach was disclosed to the Maine, Massachusetts, New Hampshire, and South Carolina Attorney Generals' offices on the same day. Affected consumers include 5,499 South Carolina residents, 43 Massachusetts residents, 14 in New Hampshire, and 6 individuals in the state of Maine.

The incident’s severity is heightened by the breadth of information exposed, which includes highly sensitive identifiers and financial data. While the exact method of the breach and the responsible party have not been detailed publicly, the exposure of both PII and PHI places affected individuals at risk for identity theft, financial fraud, and potential misuse of medical information.

Horizon Healthcare's response

Upon discovering the breach, Horizon Healthcare RCM took action to investigate and contain the incident. The company has notified affected individuals in writing, as required by law, and has posted a notice of data security incident on its website.

If you believe you may be affected, it is important to:

• Carefully review any correspondence from Horizon Healthcare RCM regarding the breach.
• Monitor your financial accounts and health insurance statements for suspicious activity.
• Consider placing a fraud alert or credit freeze with the major credit bureaus.
• Be vigilant for phishing attempts or unexpected communications requesting personal information.
• Review the company’s notice for additional resources or support that may be offered, such as credit monitoring or identity theft protection.

Given the nature of the information exposed, taking proactive steps to protect your identity and financial well-being is highly recommended.

For more information about the company and its services, visit the Horizon Healthcare RCM website.