Strauss Borrelli PLLC, a leading data breach law firm, is investigating Aspire Rural Health System (“Aspire”), regarding its recent data breach. The Aspire data breach involved sensitive personal identifiable information and protected health information belonging to over 138,300 patients.
ABOUT ASPIRE RURAL HEALTH SYSTEM:
Aspire is a rural healthcare organization based in Michigan. Employing over 1,000 individuals, Aspire provides after-hours care, cardiology, emergency services, infusion services, neurology, oncology services, orthopedic services, pediatric services, psychiatric services, radiology, respiratory services, surgical services, and women’s health.2,4 Aspire is comprised of facilities that operate under their own established names but come together to create the collective health system: Deckerville Community Hospital, Hills & Dales Healthcare, Marlette Regional Hospital & The Heartlands Senior Living. Headquartered in Cass City, Michigan, Aspire has additional locations in Marlette, Bad Axe, Caro, Deckerville, Brown City, Kingston, Maryville, North Branch, Port Sanilac, and Ubly, Michigan.3,4
WHAT HAPPENED?
On August 20, 2025, Aspire posted that it had experienced a data breach in which the sensitive personal identifiable information and protected health information in its care may have been compromised. According to the breach notice, Aspire learned that an unauthorized party gained access to Aspire’s internal network approximately November 4, 2024, to January 6, 2025.1 Therefore, Aspire launched an investigation to determine the nature of the incident.
Through its investigation, Aspire discovered on or about July 18, 2025, that certain files accessed and/or acquired by the unauthorized party contained sensitive personal information.1 As a result, Aspire began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. While the information impacted varies depending on the individual, the type of information potentially exposed includes:
- Name
- Social Security number
- Date of birth
- Financial account information (e.g., routing numbers, payment card numbers and access PIN numbers, and payment card expiration dates)
- Medical record (e.g., medical treatment and diagnosis information, prescription information, lab results, provider information, patient identification numbers, and medical record numbers)
- Passport number
- Medical insurance information
- Driver’s license number
- Passwords/usernames
- Biometric identifiers
In addition to posting notice on its website, on August 20, 2025, Aspire mailed notification letters to impacted individuals. Based on the notice, Aspire is providing affected individuals with a list of the specific types of sensitive information impacted and complimentary credit monitoring services.1 A link to the notice posted to Aspire’s website is below.
If you received a breach notification letter from Aspire Rural Health System:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
