Ransomware cyber

Horizon Healthcare RCM

Jul 2, 2025 2 min read
Horizon Healthcare RCM

Horizon Healthcare RCM, a healthcare billing platform, suffered a ransomware attack in June 2024, attributed to the LockBit cybercriminal group. The attackers exfiltrated sensitive data, including protected health information (PHI), before encrypting the company’s cloud-based revenue-cycle management systems. A ransom was reportedly paid to prevent public exposure of the stolen data, though the full scope of affected clients remains undisclosed. The breach raises long-term concerns over privacy risks, regulatory penalties for healthcare providers, and operational disruptions. While systems were restored, the incident underscores vulnerabilities in third-party vendors supplying critical services to the healthcare sector. Experts highlight the need for vendor risk assessments, data encryption, and resilient system configurations to mitigate exposure to supply-chain attacks, which are increasingly targeting high-value data infrastructure.

Source: https://dig.watch/updates/billing-software-firm-hit-by-ransomware-attack

TPRM report: https://www.rankiteo.com/company/horizon-financial-management

"id": "hor0462204090925",
"linkid": "horizon-financial-management",
"type": "Ransomware",
"date": "6/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'customers_affected': 'healthcare providers (number '
                                              'undisclosed)',
                        'industry': 'healthcare (billing/RCM)',
                        'name': 'Horizon Healthcare RCM',
                        'type': 'private company'}],
 'data_breach': {'data_encryption': True,
                 'data_exfiltration': True,
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'high (PHI)',
                 'type_of_data_compromised': ['protected health information '
                                              '(PHI)',
                                              'sensitive data']},
 'date_detected': '2024-06',
 'date_publicly_disclosed': '2025-07-02',
 'description': 'Healthcare billing platform Horizon Healthcare RCM suffered a '
                'ransomware attack in June 2024, where threat actors '
                '(suspected LockBit affiliates) stole sensitive data, '
                'including protected health information, before encrypting '
                'systems. The company reportedly paid a ransom to prevent '
                'public exposure of the stolen data. The breach affected its '
                'cloud-based revenue-cycle management platform, with '
                'notifications sent to healthcare providers. Systems were '
                'eventually restored, but long-term privacy risks and '
                'regulatory consequences remain a concern.',
 'impact': {'brand_reputation_impact': 'potential long-term privacy risks',
            'data_compromised': ['protected health information (PHI)',
                                 'sensitive data'],
            'identity_theft_risk': 'high (due to PHI exposure)',
            'legal_liabilities': 'potential regulatory consequences for '
                                 'affected healthcare organizations',
            'operational_impact': 'systems encrypted; eventual restoration',
            'systems_affected': ['cloud-based revenue-cycle management '
                                 'platform']},
 'initial_access_broker': {'high_value_targets': ['cloud-based revenue-cycle '
                                                  'management platform']},
 'investigation_status': 'ongoing (assessing full scope with cybersecurity '
                         'experts)',
 'lessons_learned': 'Ransomware attacks on third-party vendors pose '
                    'significant risks to the healthcare sector. Importance of '
                    'vendor risk assessments, data encryption, and secure '
                    'system configurations to limit exposure. Proactive '
                    'monitoring and resilience strategies are essential for '
                    'safeguarding critical data infrastructure.',
 'motivation': 'financial (ransom)',
 'ransomware': {'data_encryption': True,
                'data_exfiltration': True,
                'ransom_demanded': True,
                'ransom_paid': True,
                'ransomware_strain': 'LockBit (suspected)'},
 'recommendations': ['Conduct vendor risk assessments',
                     'Implement data encryption',
                     'Enforce secure system configurations',
                     'Adopt proactive monitoring',
                     'Develop resilience strategies for supply-chain '
                     'providers'],
 'references': [{'date_accessed': '2025-07-02',
                 'source': 'Diplo chatbot (AI, tech, and digital diplomacy '
                           'platform)'}],
 'response': {'communication_strategy': ['notifications to healthcare '
                                         'providers'],
              'incident_response_plan_activated': True,
              'recovery_measures': ['system restoration'],
              'remediation_measures': ['system restoration',
                                       'scope assessment with cybersecurity '
                                       'experts'],
              'third_party_assistance': ['cybersecurity experts']},
 'stakeholder_advisories': ['notifications to healthcare providers'],
 'threat_actor': 'LockBit (suspected)',
 'title': 'Ransomware attack on Horizon Healthcare RCM',
 'type': 'ransomware'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.