Horizon Behavioral Health suffered a ransomware attack discovered on March 16, 2025, leading to the potential compromise of sensitive personal client information by an unauthorized third party. While the organization confirmed that electronic health records and critical cloud-based functions remained unaffected, the breach exposed client data, prompting immediate action. Horizon notified impacted individuals via data breach letters, offered one year of complimentary credit monitoring, and posted breach details online. The attack did not disrupt operations—all locations remained open, and client care was unaffected—but the exposure of personal information poses risks of identity theft, fraud, or financial harm. The company engaged top cybersecurity experts and collaborated with state and federal law enforcement to investigate and mitigate the incident. Horizon pledged to strengthen cybersecurity measures in response to the evolving threat landscape, emphasizing transparency and support for affected clients, staff, and the community.
TPRM report: https://www.rankiteo.com/company/horizon-behavioral-health
"id": "hor829090225",
"linkid": "horizon-behavioral-health",
"type": "Ransomware",
"date": "3/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'behavioral health',
'name': 'Horizon Behavioral Health',
'type': 'healthcare provider'}],
'customer_advisories': 'Data breach notification letters mailed to impacted '
'individuals; information posted on the company '
'website; complimentary credit monitoring services '
'offered for one year.',
'data_breach': {'data_exfiltration': 'Potential (unauthorized access by third '
'party)',
'personally_identifiable_information': True,
'sensitivity_of_data': 'high',
'type_of_data_compromised': ['sensitive personal client '
'information']},
'date_detected': '2025-03-16',
'description': 'Horizon Behavioral Health recently fell victim to a '
'ransomware attack, potentially compromising sensitive '
'personal client information. The organization became aware of '
'the incident in March 2025 and promptly launched an '
'investigation. The investigation revealed that sensitive '
'personal information related to clients may have been '
'accessed by an unauthorized third party. Electronic health '
'records and other critical cloud-based functions were not '
'impacted, and all locations remained operational. Affected '
'individuals were notified via mail and offered complimentary '
'credit monitoring services for one year.',
'impact': {'data_compromised': ['sensitive personal client information'],
'identity_theft_risk': 'Potential (credit monitoring offered to '
'affected individuals)',
'operational_impact': 'None (all locations remained open and '
'operating; client care unaffected)'},
'investigation_status': 'Ongoing (led by top cybersecurity experts)',
'lessons_learned': 'The incident highlighted the need to strengthen '
'cybersecurity readiness in an ever-changing threat '
'landscape.',
'post_incident_analysis': {'corrective_actions': 'Commitment to enhance '
'cybersecurity measures and '
'readiness.'},
'ransomware': {'data_exfiltration': 'Potential (sensitive personal client '
'information accessed)'},
'regulatory_compliance': {'regulatory_notifications': ['state and federal law '
'enforcement '
'notified']},
'response': {'communication_strategy': 'Data breach notification letters '
'mailed to impacted individuals; '
'information posted on the company '
'website; complimentary credit '
'monitoring services offered for one '
'year.',
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'third_party_assistance': True},
'title': 'Ransomware Attack on Horizon Behavioral Health',
'type': 'ransomware'}