Supply-chain attacks are often a goldmine for cybercriminals. In the healthcare sector, revenue cycle management (RCM) firms process and store a great amount of personally identifiable information (PII) and protected health information (PHI). DataBreaches.net reports that another RCM firm was the victim of an attack:
Horizon Healthcare RCM (“Horizon”) in Indiana is the latest RCM to disclose that it has been the victim of a breach.
In a substitute notice on its site and in its notification to the Maine Attorney General’s Office, Horizon reported that between December 25 and December 27, it suffered a ransomware attack with encryption and data exfiltration. They discovered the breach on December 27.
The notification to Maine, filed by Horizon Financial Management LLC, did not disclose the total number of people affected by the breach, only disclosing that 6 Maine residents were affected and providing a sample notification letter.
… The most common types of information were an internal Horizon number, customer number, or other patient identifier in conjunction with general health insurance claims processing information. In some circumstances, a Medical Record Number was identified with the claims processing information. In a small number of instances, non-address contact information, date of birth, Social Security number, driver’s license number, passport number, payment card information, or checking or financial account information were identified.
Read more at DataBreaches.net.
