Horizon Members Impacted by NASCO Cybersecurity Incident

Posted on October 25, 2023

Horizon Brief Notes

Applies to: All markets

Some Horizon Members Impacted by NASCO Cybersecurity Incident
NASCO, a provider of benefits administration services to health plans, including Horizon, has notified us of a cybersecurity incident.

What Happened?
NASCO was among the more than 1,000 entities worldwide that was impacted by the widely reported 2023 MoveIT cybersecurity incident. While this global cybersecurity incident affected more than 60 million individuals, our impact was limited to fewer than 5,000 of our members. Upon discovery of the cybersecurity incident, NASCO took appropriate steps to respond and prevent further illegal access.

What is Horizon Doing?
On August 16, 2023, Horizon received notice that some of its members were impacted by NASCO’s cybersecurity incident. NASCO’s leadership, forensics and legal teams continue to work with affected entities to assist with notification of the incident in accordance with applicable federal and state law.

We are sorry to report that this incident occurred, but rest assured we are working closely with NASCO to mitigate the risks associated with this incident.

What is NASCO Doing?
On or about October 20, 2023, NASCO will mail letters to affected plan members notifying them of this incident and offering them the option to accept free identity monitoring services. NASCO has arranged for Experian, a global leader in risk mitigation and response, to provide complimentary identity monitoring services for 24 months to impacted members. Experian will be establishing a dedicated assistance line for affected members to be published in the member letter to be sent by NASCO.

Additionally, NASCO will post media notices where required, notify the state Attorneys General in affected states as required by state law, and notify the Secretary of the U.S. Department of Health and Human Services (HHS) as required under federal law. 

Protecting the privacy and security of our members’ information is among our highest priorities. We follow rigorous, industry-leading information security best-practices and we hold the vendors who assist Horizon in administering member benefits to the same standards. We will continue to work with NASCO to evaluate opportunities for improvements for data retention and disposition across environments.