Cyber Incident Victim: Horizon Actuarial Services

Horizon Actuarial Services, a Georgia-based consulting firm providing actuarial services to multiemployer benefit plans, experienced a cyberattack between November 10 and 11, 2021. A ransomware group sent an email to the company on November 12, 2021, claiming to have stolen data from Horizon's servers. The threat actors asserted they had exfiltrated sensitive information including names, Social Security numbers, birth dates, and health plan details during the two-day intrusion period. As a business associate to HIPAA-covered health plans, Horizon's compromised systems contained protected health information belonging to participants of specific benefit plans it serviced. The company engaged in negotiations with the ransomware group and ultimately paid a ransom in exchange for assurances that the attackers would delete the stolen data. This transaction represented an attempt to mitigate potential downstream harm from the data exposure.

Following internal investigation and verification processes, Horizon began notifying affected client plans in early January 2022. On March 9, 2022, the company mailed individual notification letters on behalf of two specifically impacted plans: the Major League Baseball Players Benefit Plan and the Local 295 IBT Employer Group Welfare Fund. The breach impacted 38,418 individuals across these plans whose personal and health insurance information resided on Horizon's compromised systems. While the ransomware group claimed deletion of stolen data post-payment, the incident exposed beneficiaries to potential identity theft and fraud risks due to the sensitive nature of the compromised identifiers. Horizon's notification timeline spanned nearly four months from initial attack detection to individual disclosures, reflecting investigation and coordination periods required to identify affected parties across multiple client plans.