Aspire Rural Health System is warning patients of a data security incident that impacted their network.
In a release dated Wednesday, August 20, the health system made it clear that it had no evidence of financial fraud or identity theft directly related to the data security incident, and the Epic Electronic Medical Record (EMR) data was not impacted. Despite this, the health system made the announcement to make potentially affected individuals aware of the incident and to give steps that impacted individuals can take to protect their personal information.
Aspire learned that an unauthorized party gained access to their internal network some time around November 4, 2024, and kept access until about January 6, 2025. Upon detecting this unauthorized activity, the health system worked to contain the incident and launched a thorough investigation. As a part of the investigation, the health system engaged outside cybersecurity professionals to secure the environment and identify the scope of what personal information, if any, was involved.
After an extensive forensic investigation manual document review exercise, Aspire learned in July 2025 that certain files and folders accessed and/or acquired by the unauthorized party contained personally identifiable information and protected health information pertaining to a limited number of individuals.
The information involved in this incident includes first and last names, dates of birth, Social Security numbers, financial account numbers and routing numbers, medical treatment and diagnosis information, prescription information, individual health insurance information, payment card numbers and access PIN numbers, payment card expiration dates, lab results, provider information, driver’s license numbers, password and usernames, biometric identifiers, patient identification numbers, medical record numbers, and passport numbers. The types of impacted information varied by individual.
In addition to the press release, the health system mailed written notification letters on August 20, to individuals whose information was determined to be involved in this incident, to the extent valid mailing addresses were available. Aspire is also providing complimentary credit monitoring services to individuals whose Social Security numbers have been determined to be involved.
For individuals who have questions or need additional information regarding this incident, or to determine if they are impacted and are eligible for credit monitoring, a dedicated toll-free response line has been established at 833-594-5333. The response line is available Monday through Friday, 9:00 a.m. to 9:00 p.m. Eastern Time, excluding holidays.
