Aspire Rural Health Breach Affects Two-Month Period

Aspire Rural Health System experienced a major data breach that impacted 138,386 patients and staff across its network of healthcare facilities in Michigan’s Thumb region. The cybersecurity incident took place over a two-month period, from approximately Nov. 4, 2024, to Jan. 6, 2025. During this time, cybercriminals gained access to Aspire’s network.

The breach was the result of a ransomware attack attributed to the BianLian group, a known cybercriminal organization that claimed responsibility for the incident on Feb. 13, 2025, via a posting on a Tor network site. The attackers reportedly stole both personally identifiable information (PII) and protected health information (PHI).

A review was completed on July 18, 2025 and it was determined that compromised information included first and last names, dates of birth, Social Security numbers, financial account numbers and routing numbers, medical treatment and diagnosis information, prescription information, individual health insurance information, payment card numbers and access PIN numbers, payment card expiration dates, lab results, provider information, driver’s license numbers, password and usernames, biometric identifiers, patient identification numbers, medical record numbers, and passport numbers.

Aspire Rural Health System began notifying affected patients and employees by mail on Aug. 20, 2025. The medical organization also published a Notice of Data Security Incident on its website.

Aspire also reported the cybersecurity incident to the U.S. Department of Health and Human Services on Aug. 20, 2025. The cybersecurity incident was disclosed to the Maine, Massachusetts, Vermont, New Hampshire and Texas Attorney Generals' offices beginning on Aug. 21, 2025.

The scope and sensitivity of the exposed data make this breach highly damaging, due to the length of the breach and as it involves not only financial and personal identity information but also detailed medical histories of over 100,000 individuals. Affected individuals include 477 Texas residents, 28 Massachusetts residents and four in Maine.

Aspire Rural Health System’s response

In addition to notifying patients and staff, Aspire Rural Health System will be required to issue certain state and federal disclosures. Aspire is also offering free credit monitoring to individuals whose Social Security numbers were exposed in the data breach.

If you receive a notice from Aspire Rural Health System about this breach, you may want to:

• Sign up for the free credit monitoring services, if offered.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

Aspire has also set up a dedicated response line for individuals impacted by the data breach at 833-594-5333, Monday through Friday, 9:00 a.m. to 9:00 p.m. Eastern Time.

More information about Aspire and its services can be found on the Aspire Rural Health System website.