Arisa Health Inc., a behavioral healthcare provider based in Springdale, Arkansas, suffered a severe hacking/IT incident in July 2024 that compromised 375,436 individuals’ protected health information (PHI). The breach targeted the company’s network server, exposing sensitive patient data likely including medical records, personal identifiers, and financial details to unauthorized actors. Given the scale and nature of the attack, the stolen data is highly valuable on the dark web, posing risks of identity theft, financial fraud, and reputational harm to affected individuals. The breach aligns with broader trends in healthcare cyber threats, where attackers exploit vulnerabilities in third-party providers or critical infrastructure to maximize disruption. While Arisa Health declined to comment, the incident underscores the escalating sophistication of cybercriminals targeting healthcare, where data theft and operational disruptions (e.g., delayed care, financial losses) are compounded by regulatory penalties and potential litigation. The breach’s magnitude suggests systemic weaknesses in cybersecurity defenses, exacerbating concerns over patient trust and organizational viability in an industry already strained by ransomware and workforce shortages.
Source: https://www.arkansasbusiness.com/article/health-care-cyberattacks-data-breaches/
TPRM report: https://www.rankiteo.com/company/arisa-health
"id": "ari4983649102825",
"linkid": "arisa-health",
"type": "Breach",
"date": "6/2017",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '375,436',
'industry': 'Behavioral Health',
'location': 'Springdale, Arkansas, USA',
'name': 'Arisa Health Inc.',
'type': 'Healthcare Provider'},
{'customers_affected': '80,166',
'industry': 'Primary Care',
'location': 'Mountain Home, Arkansas, USA',
'name': 'Regional Family Medicine',
'type': 'Healthcare Provider'},
{'customers_affected': '55,297',
'industry': 'Oncology',
'location': 'Fayetteville, Arkansas, USA',
'name': 'Highlands Oncology Group PA',
'type': 'Healthcare Provider'},
{'customers_affected': '31,216',
'industry': 'Primary Care',
'location': 'Pocahontas, Arkansas, USA',
'name': 'Pocahontas Medical Clinic PA',
'type': 'Healthcare Provider'},
{'customers_affected': '16,341',
'industry': 'Pharmacy',
'location': 'Arkadelphia, Arkansas, USA',
'name': 'AllCare Pharmacy',
'type': 'Healthcare Provider'},
{'customers_affected': '8,000',
'industry': 'Medical Supply',
'location': 'Salem, Arkansas, USA',
'name': 'Tri County Medical Supply & Respiratory '
'Services Inc.',
'type': 'Healthcare Provider'},
{'customers_affected': '5,259',
'industry': 'Mental Health',
'location': 'Little Rock, Arkansas, USA',
'name': 'Methodist Family Health',
'type': 'Healthcare Provider'},
{'customers_affected': '5,207',
'industry': 'General Healthcare',
'location': 'Monticello, Arkansas, USA',
'name': 'Baptist Health Medical Center-Drew County',
'type': 'Hospital'},
{'customers_affected': '2,700',
'industry': 'Home Health',
'location': 'Paragould, Arkansas, USA',
'name': '1st Choice Home Care',
'type': 'Healthcare Provider'},
{'customers_affected': '1,267',
'industry': 'Retail Health Clinics',
'location': 'Bentonville, Arkansas, USA',
'name': 'Walmart Inc. (Healthcare Division)',
'type': 'Retail/Healthcare Provider'},
{'customers_affected': '633',
'industry': 'Health Insurance',
'location': 'Little Rock, Arkansas, USA',
'name': 'Arkansas Blue Cross & Blue Shield',
'type': 'Health Plan'},
{'customers_affected': '500',
'industry': 'Healthcare IT',
'location': 'North Little Rock, Arkansas, USA',
'name': 'EngageMED Inc.',
'type': 'Business Associate'},
{'industry': 'Healthcare Billing/Payments',
'location': 'Nashville, Tennessee, USA',
'name': 'Change Healthcare Inc.',
'type': 'Third-Party Vendor'}],
'attack_vector': ['Phishing',
'Exploiting Vulnerabilities in Network Servers',
'Third-Party Vendor Compromise',
'Unauthorized Access/Disclosure'],
'customer_advisories': 'Limited (some entities declined to comment; breach '
'notifications sent to affected individuals per HIPAA)',
'data_breach': {'data_exfiltration': 'Yes (data sold on dark web)',
'file_types_exposed': ['Network Server Data',
'Desktop Files',
'Paper/Films (improper disposal)',
'Electronic Medical Records'],
'number_of_records_exposed': '500+ per incident (total: '
'500,000+ across Arkansas in '
'2023–2024)',
'personally_identifiable_information': 'Yes (names, medical '
'histories, payment '
'details)',
'sensitivity_of_data': 'High (health records, payment data)',
'type_of_data_compromised': ['Protected Health Information '
'(PHI)',
'Payment Information',
'Personally Identifiable '
'Information (PII)',
'Electronic Medical Records '
'(EMR)']},
'date_publicly_disclosed': '2024-10-07',
'description': 'Arkansas hospitals and healthcare providers face escalating '
'cyberattacks, including ransomware and data breaches, '
'exacerbated by a shortage of cybersecurity professionals. In '
'2024, eight Arkansas companies reported breaches affecting '
'500+ records, up from four in 2023. Key incidents include '
"Arisa Health's breach (375,436 individuals affected) and the "
'Change Healthcare ransomware attack, which disrupted billing '
'systems nationwide. Financial strain, operational '
'disruptions, and patient care risks are compounded by high '
'cybersecurity costs and regulatory fines. Rural hospitals are '
'particularly vulnerable due to limited resources and '
'workforce shortages.',
'impact': {'brand_reputation_impact': 'High (patient trust erosion, '
'regulatory scrutiny)',
'customer_complaints': 'Likely (class-action lawsuits reported)',
'data_compromised': '375,436+ records (Arisa Health), 80,166 '
'(Regional Family Medicine), 55,297 (Highlands '
'Oncology), etc.',
'downtime': 'Prolonged (months in some cases, e.g., Change '
'Healthcare attack)',
'financial_loss': 'Millions in ransom payments (avg. $4.4M per '
'incident in 2024), operational funding losses '
'due to billing system disruptions, '
'cybersecurity costs ($750K–$1.5M annually for '
'rural hospitals)',
'identity_theft_risk': 'High (health records and payment info sold '
'on dark web)',
'legal_liabilities': ['Regulatory Fines', 'Class-Action Lawsuits'],
'operational_impact': 'Cash flow disruptions, reduced/eliminated '
'services, hospital closures (e.g., rural '
'Illinois hospital in 2023)',
'payment_information_risk': 'High (targeted for higher dark web '
'value than credit cards)',
'revenue_loss': 'Significant (e.g., $15M–$20M annual net patient '
'revenue at risk for rural hospitals)',
'systems_affected': ['Electronic Medical Records (EMR)',
'Billing Systems',
'Network Servers',
'Desktop Computers',
'Payment Clearinghouses']},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes (health records fetch '
'higher prices than credit '
'card data)',
'entry_point': ['Phishing Emails',
'Exploited Network Vulnerabilities',
'Compromised Third-Party Vendors'],
'high_value_targets': ['Electronic Medical Records '
'(EMR)',
'Billing Systems',
'Payment Data']},
'investigation_status': 'Ongoing (HHS Office for Civil Rights investigations '
'for listed breaches)',
'lessons_learned': 'Healthcare sector remains a prime target due to '
'high-value data and critical infrastructure reliance. '
'Shortages in cybersecurity workforce and funding '
'exacerbate vulnerabilities, particularly in rural areas. '
'Third-party vendors (e.g., Change Healthcare) introduce '
'systemic risks. Proactive measures like the AHA '
'Cybersecurity Alliance and CISA collaborations are '
'essential but insufficient without broader resource '
'allocation.',
'motivation': ['Financial Gain', 'Data Theft for Dark Web Sales'],
'post_incident_analysis': {'corrective_actions': ['Expanding cybersecurity '
'alliances (e.g., AHA’s '
'monthly CIO meetings)',
'Federal/state grants for '
'rural hospital '
'cybersecurity',
'Mandatory cybersecurity '
'training for healthcare '
'staff',
'Enhanced third-party '
'vendor risk management',
'Legislative push for '
'healthcare-specific '
'cybersecurity standards'],
'root_causes': ['Understaffed IT/cybersecurity '
'teams, especially in rural '
'hospitals',
'Insufficient funding for '
'cybersecurity measures',
'Over-reliance on vulnerable '
'third-party vendors',
'Lack of proactive threat hunting '
'and vulnerability patching',
'High-value target profile (rich '
'PHI/PII data)']},
'ransomware': {'data_encryption': 'Yes (e.g., locked EMR systems)',
'data_exfiltration': 'Yes (double extortion tactics)',
'ransom_paid': '53% of healthcare companies in 2024 (avg. '
'$4.4M per payment)'},
'recommendations': ['Increase cybersecurity workforce training and hiring '
'incentives, especially in rural areas.',
'Allocate federal/state grants for hospital cybersecurity '
'upgrades.',
'Enhance third-party vendor risk assessments and '
'contractual cybersecurity requirements.',
'Implement mandatory ransomware response drills and EMR '
'backup systems.',
'Strengthen regulatory oversight and penalties for '
'non-compliance with HIPAA.',
'Promote information-sharing alliances (e.g., AHA '
'Cybersecurity Alliance) to pool resources and threat '
'intelligence.'],
'references': [{'date_accessed': '2024-10-07',
'source': 'American Hospital Association (AHA) - John Riggi',
'url': 'https://www.aha.org'},
{'date_accessed': '2024-10-22',
'source': 'U.S. Department of Health & Human Services Office '
'for Civil Rights (Breach Portal)',
'url': 'https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf'},
{'date_accessed': '2024-10-01',
'source': "Microsoft Report: 'US Healthcare at Risk'"},
{'source': 'University of California San Diego Center for '
'Healthcare Cybersecurity - Dr. Jeffrey Tully'},
{'date_accessed': '2024-10-21',
'source': "Arkansas Business - 'Cyberattacks on Arkansas "
"Hospitals Rise as Workforce Lags'",
'url': 'https://www.arkansasbusiness.com'}],
'regulatory_compliance': {'legal_actions': 'Class-action lawsuits from '
'affected patients',
'regulations_violated': ['HIPAA (Health Insurance '
'Portability and '
'Accountability Act)'],
'regulatory_notifications': 'Mandatory reporting to '
'HHS Office for Civil '
'Rights'},
'response': {'communication_strategy': 'Limited (e.g., Arisa Health declined '
'to comment)',
'incident_response_plan_activated': 'Yes (e.g., AHA '
'Cybersecurity Alliance '
'monthly meetings, CISA '
'scenario exercises)',
'third_party_assistance': 'Yes (vendors hired for IT work, '
'federal CISA support)'},
'stakeholder_advisories': 'AHA and state-level warnings issued (e.g., John '
'Riggi’s October 2024 advisory)',
'threat_actor': ['Cybercriminal Gangs', 'Ransomware Groups'],
'title': 'Rising Cyber Threats and Data Breaches in Arkansas Healthcare '
'Sector (2023-2024)',
'type': ['Data Breach', 'Ransomware', 'Hacking/IT Incident']}