Horizon Healthcare RCM Data Breach Exposes Patients' Sensitive Info

Between December 25 and December 27, 2024, Horizon Healthcare RCM, a revenue cycle management company serving healthcare providers, experienced a major data breach. The company discovered the breach on December 27.

According to the disclosure submitted to the Maine Attorney General’s office, the breach exposed a wide range of sensitive information, including both personally identifiable information (PII) and protected health information (PHI). The types of data compromised include medical record numbers, names, Social Security numbers, checking or financial account information, contact information, customer numbers, dates of birth, driver’s license numbers, general health insurance claims processing information, internal Horizon numbers, passport numbers, patient identifiers, and payment card information.

As of the latest available information, the breach affected at least 6 individuals in the state of Maine. The total number of people impacted across the United States has not been disclosed at the time of publishing. It's notable the company did not notify affected consumers in writing until June 27, 2025.

The breach was officially reported to the Maine Attorney General’s office on the same day.

The incident’s severity is heightened by the breadth of information exposed, which includes highly sensitive identifiers and financial data. While the exact method of the breach and the responsible party have not been detailed publicly, the exposure of both PII and PHI places affected individuals at risk for identity theft, financial fraud, and potential misuse of medical information.

Horizon Healthcare's response

Upon discovering the breach, Horizon Healthcare RCM took action to investigate and contain the incident. The company has notified affected individuals in writing, as required by law, and has posted a notice of data security incident on its website.

If you believe you may be affected, it is important to:

• Carefully review any correspondence from Horizon Healthcare RCM regarding the breach.
• Monitor your financial accounts and health insurance statements for suspicious activity.
• Consider placing a fraud alert or credit freeze with the major credit bureaus.
• Be vigilant for phishing attempts or unexpected communications requesting personal information.
• Review the company’s notice for additional resources or support that may be offered, such as credit monitoring or identity theft protection.

Given the nature of the information exposed, taking proactive steps to protect your identity and financial well-being is highly recommended.

For more information about the company and its services, visit the Horizon Healthcare RCM website.