A major cybersecurity incident has exposed sensitive medical and financial records of tens of thousands of Americans.
In a filing with the Maine Attorney General, Aspire Rural Health System says 138,386 people are impacted by a data breach that gave hackers access to its internal network.
-->Aspire Rural Health System is a Marlette, Michigan-based healthcare provider serving rural communities with hospital and clinical care.
The company says an unauthorized party infiltrated its systems, accessed files and stole customer data, including names, dates of birth, Social Security numbers, financial account numbers and routing numbers, medical treatment and diagnosis records, insurance and prescription details, payment card numbers, access PINs, payment card expiration dates, lab results, provider records, medical record numbers, driver’s license numbers, patient identification numbers, biometric identifiers, passwords and usernames and passport numbers.
“Aspire learned that an unauthorized party gained access to Aspire’s internal network from on or about November 4, 2024, to on or about January 6, 2025. Upon detecting the unauthorized activity, Aspire immediately worked to contain the incident and launched a thorough investigation…
After an extensive forensic investigation and manual document review exercise, Aspire discovered on or about July 18, 2025, that certain files and folders accessed and/or acquired by the unauthorized party contained personally identifiable information and protected health information pertaining to a limited number of individuals.”
Aspire says it mailed notification letters to those affected. Individuals whose Social Security numbers were exposed are being offered complimentary credit monitoring, and the company has established a dedicated hotline to answer questions and provide support.
For now, the firm says it has not received reports of financial fraud or identity theft directly related to the data breach.
