Overnight, ransomware gang BianLian added Aspire Rural Health System to its data leak site, alleging to have stolen a variety of data. This includes patient records, financial information, and email correspondence. Aspire Rural Health System hasn’t confirmed a cyber attack but did note technical disruptions in early January which led to phones and systems being shut down for over 24 hours at certain clinics.
On January 6, Aspire Rural Health System uploaded a message on Facebook which stated that it was experiencing “a technical outage impacting the network and phone systems at Aspire Hills & Dales Hospital and its clinics.” On January 7, it confirmed the technical issues impacting the phone systems had been resolved as of 8:30 PM that day.
Aspire hasn’t confirmed the nature of these technical issues, BianLian’s claims, or whether a data breach has occurred. We have contacted the health system for more information and will update this article if we receive a response.
Who is BianLian?
First appearing in late 2021, BianLian is responsible for 76 confirmed ransomware attacks, according to our data. These attacks have affected nearly 3.8 million records in total with over 2 million of these coming from attacks on healthcare organizations.
BianLian was recently confirmed to be behind an attack on another healthcare clinic in Michigan — St. Clair Orthopaedics and Sports Medicine. It was breached in November 2024 with BianLian alleging to have stolen 1.2 TB of data. The clinic started issuing data breach notifications to those affected earlier this month. River Region Cardiology in Alabama also started notifying 500,000 people of a breach following a September 2024 attack via this group.
Like many ransomware groups, BianLian has become more focused on stealing data (rather than encrypting systems). Therefore, if this attack on Aspire Rural Health System is confirmed, it is likely a data breach has occurred. While we await further information, we highly recommend any patients and employees at Aspire are on high alert for any potential phishing messages and monitor accounts for suspicious activity.
Aspire Rural Health System is one of 20 unconfirmed attacks via BianLian this year. We have seen a particular influx in activity from the group this month (17 of its unconfirmed attacks are from February so far).
Ransomware attacks on the US healthcare sector
So far this year, we’ve noted two confirmed attacks on US healthcare companies. These are Frederick Health and New York Blood Center Enterprises. We are also monitoring 32 unconfirmed attacks in this sector.
As well as all of the aforementioned attacks, three other US healthcare companies have started issuing data breach notifications following recent ransomware attacks:
- Asheville Eye Associates, PLLC is notifying 193,306 people of a data breach following a December 2024 attack via DragonForce
- Inlet Health (Communicare) is notifying 3,771 people of a data breach following a November 2024 attack via Daixin
- Arc Community Services, Inc. is notifying patients of a data breach following a November 2024 attack via INC.
About Aspire Rural Health System
Aspire Rural Health System is a network of over 70 providers across Huron County, Lapeer County, Sanilac County, and Tuscola County. Some of its centers include Deckerville Community Hospital, Hills & Dales Healthcare, Marlette Regional Hospital, and The Heartlands Senior Living.
