By HFT Staff

Aspire Rural Health System (Aspire) is making individuals aware of a data security incident that impacted the Aspire network environment. Although Aspire has no evidence of financial fraud or identity theft directly related to this incident, Aspire is making potentially affected individuals aware of the incident and steps that impacted individuals can take to protect their personal information. 

Aspire learned that an unauthorized party gained access to Aspire’s internal network from November 4, 2024, to on or about January 6, 2025. Upon detecting the unauthorized activity, Aspire immediately worked to contain the incident and launched a thorough investigation. As a part of the investigation, Aspire engaged leading outside cybersecurity professionals to secure the environment and to identify the scope of what personal information, if any, was involved.  

After an extensive forensic investigation manual document review exercise, Aspire discovered on or about July 18, 2025, that certain files and folders accessed and/or acquired by the unauthorized party contained personally identifiable information and protected health information pertaining to a limited number of individuals. To date, Aspire has no evidence of financial fraud or identity theft directly related to this incident. Nevertheless, Aspire is providing notice of the incident to the individuals whose personal information was potentially involved. 

The information involved in this incident includes first and last names, dates of birth, Social Security numbers, financial account numbers and routing numbers, medical treatment and diagnosis information, prescription information, individual health insurance information, payment card numbers and access PIN numbers, payment card expiration dates, lab results, provider information, driver’s license numbers, password and usernames, biometric identifiers, patient identification numbers, medical record numbers and passport numbers. The types of impacted information varied by individual.