Horizon Behavioral Health hit by ransomware attack, client data potentially compromised
Learn More
Horizon Behavioral Health, a Lynchburg, Virginia-based provider of mental health, substance use, and intellectual disability services , is reporting a serious ransomware attack that compromised sensitive client information.
The health provider discovered the security incident on March 16, 2025, when it detected irregularities in its computer systems, and initiated an investigation with cybersecurity experts.
The unauthorized access began around March 13, 2025, and continued until March 16, 2025, during which time sensitive data may have been viewed or acquired by the ransomware group. The exposed data includes:
- Names
- Social Security numbers
- Addresses and ZIP codes
- Driver's license numbers
- Dates of birth
- Diagnosis/conditions
- Medications
- Other treatment information
- Health insurance information
- Claims information
The number of affected individuals is not disclosed.
The organization claims assured that their cloud-based electronic health records and other critical operational functions remained secure.
The organization also promptly notified appropriate state and federal law enforcement agencies about the breach and is offering complimentary credit monitoring and fraud consultation services for a period of one year.
