A hack at Cass City, Mich.-based Aspire Rural Health System, which includes three critical access hospitals, has compromised the data of 138,386 individuals.
An unauthorized party gained access to Aspire’s network sometime between Nov. 4 and Jan. 6, viewing and stealing files and folders containing patient data, according to an Aug. 20 notice. The information included names, dates of birth, Social Security numbers, banking account and credit card numbers, and medical records including lab results.
The health system said it has no evidence that any of the information has been misused. Aspire started notifying affected individuals Aug. 20.
Hackers have started turning their attention to rural hospitals as larger health systems have boosted their cyber defenses, cybersecurity leaders told Becker’s. Ransomware group BianLian has reportedly taken responsibility for the Michigan hack.
