Mental health services provider reports data breach of patient records

Horizon House, a behavioral health provider that serves the states of Pennsylvania and Delaware, has reported a data breach. The report on the data breach is contained within a document that reads in part as follows:

On March 5, 2021, Horizon House became aware of suspicious activity in its systems. We immediately launched an investigation to confirm the full nature and scope of the incident and restore functionality to impacted systems. We learned that certain information stored within our environment was potentially viewed or taken by an unknown actor between March 2, 2021, and March 5, 2021. On or about September 3, 2021, after reviewing the potentially impacted files, we confirmed that certain personal information was included in those files.

The personal information affected in the Horizon House breach includes common data used by cybercriminals: Social Security numbers, name, address, financial account information, and date of birth. Additionally, what makes this particular breach more problematic is that it contains medical records of patients. As Horizon House is a mental health services provider, the breach could have exposed many intimate details sworn to secrecy by therapists, which can be parsed for extortion purposes or social engineering attacks. Even if this does not come to pass, the terror of being a patient and knowing nefarious and unscrupulous individuals are looking through your session data can be incredibly humiliating. No one should have their privacy violated in this manner.

Horizon House says that there is no indication that the information that was breached is being used for criminal purposes. This is always subject to change, and Horizon House is instructing anyone affected by the data breach to remain vigilant. This includes monitoring bank statements and taking advantage of free credit reporting. U.S. law allows for one free credit report to be requested from Equifax, Experian, or TransUnion every 12 months. Additionally, Americans can place fraud alerts on a credit file without any additional charge.

We will report any pertinent updates on this breach.

Featured image: Shutterstock

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top