.png)
Aspire Rural Health Data Breach Lawsuit Investigation
Shamis & Gentile P.A., one of the nation's premier class action law firms specializing in data breach cases, is investigating the Aspire Rural Health System data breach.
If you were affected by the data breach, your sensitive personally identifiable information may have been exposed, and you may be eligible for compensation.
About Aspire Rural Health System
Aspire Rural Health System is a healthcare organization serving Michigan’s Thumb region. It was formed by combining Deckerville Community Hospital, Hills & Dales Healthcare, and Marlette Regional Hospital. These facilities work together to provide a connected network of care for rural communities across Huron, Sanilac, Tuscola, and Lapeer counties.
The system includes more than 70 healthcare providers. Patients can access emergency care, outpatient services, diagnostic testing, surgical procedures, hospice care, senior living, specialty care, and family healthcare.
What happened?
Aspire Rural Health System experienced a data breach that spanned more than a two-month period. Cybercriminals gained access to the Aspire internal network from Nov. 4, 2024 to Jan. 6, 2025. A ransomware group known as BianLian claimed responsibility for the attack and posted about it on the dark web on Feb. 13, 2025.
The cybersecurity incident compromised both personally identifiable information (PII) and protected health information (PHI) of patients and staff. The number of impacted individuals has not been released, but is believed to be in the thousands.
Information Exposed
- First and last name
- Date of birth
- Social Security number
- Driver’s license, state ID or passport number
- Biometric identifiers
- Financial account numbers and routing numbers
- Individual health insurance information
- Lab results
- Medical record numbers
- Medical treatment and diagnosis information
- Password and username
- Patient identification number
- Payment card expiration date
- Payment card number and access PIN numbers
- Prescription information
- Provider information
Aspire Rural Health began notifying affected individuals by mail on Aug. 20, 2025 and posted a Notice of Data Security Incident on its website on the same day.
Your Rights and Next Steps
If you received a notification from Aspire Rural Health System or believe your information may have been involved, you have important rights and options. You may be entitled to seek compensation for any harm or inconvenience caused by this cybersecurity incident.
- Credit monitoring services: Enroll in free credit monitoring services, if offered.
- Monitor your accounts carefully: Check your financial statements regularly for suspicious activity or unauthorized transactions. If you notice anything unusual, contact your financial institution immediately.
- Fraud alert and credit reports: A fraud alert informs creditors to take extra steps to verify your identity before opening new accounts in your name. Consumers are also entitled to one free credit report annually from each credit bureau. You can request a fraud alert or a credit report by contacting any one of the three major credit bureaus.
- Seek legal help: Lawyers are ready to help you understand your rights and pursue compensation.
Lawyers are ready to help answer questions, and guide you through the process of joining a class action lawsuit if you qualify.
You May Be Entitled to Compensation
If your personal and protected health information was compromised in the Aspire Rural Health System data breach, you may be entitled to compensation for damages such as lost time, out-of-pocket expenses, or the risk of identity theft. Lawyers are investigating this incident and are prepared to help affected individuals pursue claims.
To find out if you qualify, complete the form below to join the lawsuit investigation.
.svg)