Michigan Rural Health System Data Breach: What Patients Need to Know

Key Takeaways:

• Aspire Rural Health, a Michigan-based healthcare provider, reported a cyberattack discovered on January 6, 2025, in which the BianLian ransomware group infiltrated its systems between November 4, 2024, and January 6, 2025, compromising the data of nearly 140,000 patients.
• The exposed information is extensive, ranging from core identifiers—names, dates of birth, Social Security numbers, driver’s license/passport numbers, and patient IDs—to highly sensitive categories such as medical diagnoses, lab results, prescriptions, biometric data, financial details, health insurance records, and login credentials.
• Aspire has engaged cybersecurity experts, notified affected patients, and is providing credit monitoring and identity theft protection services for those whose Social Security numbers were compromised, while urging all patients to monitor accounts and credit reports closely.
• Morgan & Morgan is investigating the breach and may assist patients in pursuing compensation for out-of-pocket costs like credit monitoring, financial harm, and emotional distress stemming from the exposure of personal and medical data.

Aspire Rural Health, a network of more than 70 providers serving patients across Michigan’s rural communities, has begun notifying nearly 140,000 patients that their personal and medical information may have been stolen in a recent cyberattack.

The healthcare provider, which serves Huron, Sanilac, Tuscola, and Lapeer counties, announced that it detected the breach on or around January 6, 2025. A forensic investigation later confirmed that hackers had gained access to Aspire’s network for more than two months, between November 4, 2024, and January 6, 2025, before being discovered.

While Aspire has stated it is not aware of any misuse of the compromised data, the cybercriminal group BianLian has claimed responsibility for the attack and has already posted Aspire on its dark web leak site.

Regardless of who was responsible for stealing sensitive patient information, Aspire was responsible for keeping it safe. If you believe your data was compromised due to lax security measures, contact Morgan & Morgan for a free case evaluation to learn more about your legal options. You may be entitled to compensation.

What Information Was Exposed in the Michigan Rural Health System Data Breach?

The scope of this breach is significant. According to Aspire’s notice, patients’ protected health information (PHI) was accessed and, in some cases, stolen. The compromised files may have contained:

• Full names
• Dates of birth
• Social Security numbers
• Financial account and routing numbers
• Health insurance details
• Medical diagnoses and treatment information
• Prescription data
• Lab results
• Provider information
• Payment card numbers with PINs and expiration dates
• Driver’s license and passport numbers
• Biometric identifiers
• Usernames and passwords
• Patient identification and medical record numbers

This wide range of sensitive data could make victims particularly vulnerable to identity theft, financial fraud, and medical identity theft—where someone uses stolen medical information to obtain treatment, prescriptions, or submit fraudulent insurance claims.

What Aspire Rural Health Is Doing

Aspire has offered complimentary credit monitoring and identity theft protection services to patients whose Social Security numbers were impacted. 

The organization has also engaged cybersecurity experts to contain the incident, strengthen its defenses, and review its policies.

The breach has not yet appeared on the U.S. Department of Health and Human Services’ Office for Civil Rights breach portal, but Aspire has notified the Maine Attorney General that 138,386 individuals were affected, including four residents of Maine.

What This Means for Patients

Even if Aspire claims no evidence of data misuse, the fact that a known ransomware group is involved raises serious concerns. Once stolen, sensitive information like Social Security numbers, medical histories, and financial account details can be sold or misused years after the breach.

If you were affected, here’s what you can do:

• Enroll in credit monitoring if offered.
• Monitor bank and credit card accounts for suspicious activity.
• Check your credit reports regularly for unauthorized accounts.
• Watch for unusual medical bills or insurance statements, which may signal medical identity theft.
• Contact Morgan & Morgan if you think you’re information has been used
  
   

How Morgan & Morgan Can Help

At Morgan & Morgan, we understand how devastating a healthcare data breach can be, especially for patients in rural communities who rely on providers like Aspire. Sensitive information entrusted to a healthcare provider should never end up in the hands of cybercriminals.

If you received a notice from Aspire Rural Health about this data breach, you may have legal options. Our attorneys are already investigating cases like these and may be able to help you pursue compensation for:

• Costs related to credit monitoring and identity protection
• Financial losses caused by fraud or theft
• The emotional distress of having your most personal information exposed

If your personal or medical data was compromised in the Aspire Rural Health data breach, you don’t have to face the fallout alone. Morgan & Morgan is America’s largest injury law firm, with the resources and experience to hold negligent organizations accountable.

Contact us for a free, no-obligation case evaluation today to learn more about your rights.