Aspire Rural Health System, which operates over 70 healthcare facilities across Michigan, disclosed a massive data breach that compromised personal information of 138,386 people. Hackers accessed the network from November 4, 2024, to January 6, 2025, stealing files containing patient data, financial records, HR documents, and email communications.
The BianLian ransomware group claimed responsibility for the attack in mid-February, but the gang went silent in late March, leaving the fate of the stolen data unclear. An investigation wrapped up in mid-July, prompting notifications to affected individuals and state authorities including Maine's Attorney General.
Source: Security Week