Aspire Rural Health System, a Michigan-based healthcare provider serving over 70 locations across four counties, suffered a ransomware attack by the BianLian group between November 4, 2024, and January 6, 2025. The breach exposed sensitive data of 138,386 individuals, including full names, Social Security numbers, financial details (account/routing numbers, payment cards, PINs), medical records (diagnoses, prescriptions, lab results), biometric identifiers, driver’s licenses, passports, and usernames/passwords. The attack disrupted systems, causing a technical outage on January 6, 2025, with partial restoration the following day. BianLian claimed responsibility, asserting theft of patient records, though Aspire neither confirmed the group’s involvement nor disclosed ransom demands/payments. Affected individuals particularly those with compromised Social Security numbers were offered free credit monitoring. This incident ranks as BianLian’s sixth-largest healthcare breach, aligning with their pattern of targeting healthcare for data encryption and exfiltration. The prolonged investigation (until July 18, 2025) underscores the attack’s complexity and the high-risk nature of exposed health and financial data, which could enable identity theft, fraud, or further cyber exploitation.
TPRM report: https://www.rankiteo.com/company/aspire-rural-health-system
"id": "asp701082325",
"linkid": "aspire-rural-health-system",
"type": "Ransomware",
"date": "11/2024",
"severity": "100",
"impact": "",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': '138,386 individuals',
'industry': 'healthcare',
'location': ['Huron County, Michigan',
'Lapeer County, Michigan',
'Sanilac County, Michigan',
'Tuscola County, Michigan'],
'name': 'Aspire Rural Health System',
'size': '70+ healthcare providers (including hospitals '
'and senior living facilities)',
'type': 'healthcare provider'}],
'attack_vector': 'unauthorized network access',
'customer_advisories': ['free credit monitoring for affected individuals with '
'exposed SSNs'],
'data_breach': {'data_exfiltration': 'confirmed (claimed by BianLian)',
'number_of_records_exposed': '138,386',
'personally_identifiable_information': 'yes (extensive PII '
'exposure)',
'sensitivity_of_data': 'high (includes SSNs, medical records, '
'financial data, and biometrics)',
'type_of_data_compromised': ['personally identifiable '
'information (PII)',
'protected health information '
'(PHI)',
'financial data',
'biometric data',
'authentication credentials']},
'date_detected': '2025-01-06',
'date_publicly_disclosed': '2025-07-22',
'date_resolved': '2025-07-18',
'description': 'Aspire Rural Health System experienced a cyber attack '
'starting in November 2024, discovered in January 2025, '
'involving unauthorized access to its internal network. The '
'ransomware group BianLian claimed responsibility for the '
'attack, which resulted in the theft of sensitive patient data '
'affecting 138,386 individuals. The breach included personally '
'identifiable information (PII), financial data, medical '
'records, and biometric identifiers. Aspire offered free '
'credit monitoring to affected individuals whose Social '
'Security numbers were compromised. Investigations concluded '
'in July 2025, with notifications sent to impacted parties.',
'impact': {'brand_reputation_impact': 'potential reputational damage due to '
'large-scale breach of sensitive '
'healthcare data',
'data_compromised': ['first and last names',
'dates of birth',
'Social Security numbers',
'financial account numbers and routing '
'numbers',
'medical treatment and diagnosis information',
'prescription information',
'individual health insurance information',
'payment card numbers',
'access PIN numbers',
'payment card expiration dates',
'lab results',
'driver’s license numbers',
'passwords and usernames',
'biometric identifiers',
'patient identification numbers',
'medical record numbers',
'passport numbers'],
'downtime': '2025-01-06 (partial outage, some systems restored on '
'2025-01-07)',
'identity_theft_risk': 'high (due to exposure of SSNs, financial '
'data, and PII)',
'operational_impact': 'technical outage, disruption of healthcare '
'services',
'payment_information_risk': 'high (payment card numbers, PINs, and '
'expiration dates exposed)',
'systems_affected': ['internal network',
'unspecified systems (technical outage on '
'2025-01-06)']},
'initial_access_broker': {'high_value_targets': ['patient records',
'financial data',
'PII'],
'reconnaissance_period': 'potentially from '
'2024-11-04 to 2025-01-06'},
'investigation_status': 'completed (as of 2025-07-18)',
'motivation': ['data theft', 'financial gain (ransomware)', 'disruption'],
'ransomware': {'data_exfiltration': 'confirmed',
'ransomware_strain': 'BianLian (claimed)'},
'references': [{'source': 'Comparitech'},
{'date_accessed': '2025-07-22',
'source': 'Aspire Rural Health System Breach Notification'}],
'regulatory_compliance': {'regulations_violated': ['potential HIPAA '
'violations '
'(unconfirmed)']},
'response': {'communication_strategy': ['public notification (July 2025)',
'credit monitoring for affected SSN '
'holders'],
'containment_measures': ['immediate actions to contain '
'unauthorized activity (details '
'unspecified)'],
'incident_response_plan_activated': 'yes (immediate containment '
'and investigation launched '
'upon detection)',
'recovery_measures': ['partial system restoration by '
'2025-01-07']},
'threat_actor': 'BianLian (claimed, unconfirmed by Aspire)',
'title': 'Aspire Rural Health System Data Breach (November 2024 - January '
'2025)',
'type': ['data breach', 'ransomware attack']}