Arietis Health reports MOVEit related data breach

Arietis Health, LLC reported a data breach incident in which an attacker exploited a vulnerability in the MOVEit file-transfer application, a tool employed by Arietis Health.

Arietis Health offers healthcare billing services to NorthStar Anesthesia, an entity that oversees various pain management and anesthesia practices. In the normal course of business, Arietis Health utilizes MOVEit, a widely used file-transfer program.

On May 31, 2023, Progress Software, the developer of MOVEit, alerted Arietis Health about a vulnerability present within MOVEit. Arietis Health secured and patched its MOVEit server, engaging cybersecurity experts to investigate the incident.

On July 26, 2023, Arietis Health confirmed that unauthorized actors had successfully accessed its MOVEit server on May 31, 2023. During this unauthorized access, hackers potentially acquired specific files containing confidential information pertaining to patients associated with NorthStar Anesthesia.

The breached information may vary from person to person, including their

• name,
• date of birth,
• driver’s license number,
• state identification card number,
• address,
• Social Security number,
• protected health information.

No details are disclosed about the number of affected individuals, but the Arietis breach notice lists over 50 entities impacted

Update - On 17th October Arietis Health reported that they have notified more than 1.9 million individuals of the data breach.

1. AmSol Physicians of Elkin, NC, PLLC
2. Anesthesia Company of Houston, PLLC
3. Anesthesia Resources Management Solutions, Inc
4. Coronado Anesthesia, PLLC
5. Digestive Health Specialists of SE
6. Dupont Anesthesia, PSC
7. Epix Anesthesia of Alabama, LLC
8. Epix Anesthesia of Tennessee, PLLC
9. Epix Medical Services of Houston, PLLC
10. Gastro South Anesthesia, LLC
11. Gastroenterology Consultants of Augusta, PC
12. GI Associates of West Alabama, PC
13. KBS Anesthesia, Inc
14. Lehigh Anesthesia Associates, PC
15. Northeast Gastroenterolgy Center, Inc
16. Northern Tier Gastroenterology, Inc
17. Northern Virginia Surgery Center Anesthesia, LLC
18. NorthStar Anesthesia II, PA
19. NorthStar Anesthesia III, PA
20. NorthStar Anesthesia of Delaware, LLC
21. NorthStar Anesthesia of Illinois, LLC
22. NorthStar Anesthesia of Indiana II, LLC
23. NorthStar Anesthesia of Indiana, LLC
24. NorthStar Anesthesia of Kansas, LLC
25. NorthStar Anesthesia of Kentucky, PLLC
26. NorthStar Anesthesia of Michigan II, PC
27. NorthStar Anesthesia of Michigan III, PLLC
28. NorthStar Anesthesia of Michigan, LLC
29. NorthStar Anesthesia of Mississippi, LLC
30. NorthStar Anesthesia of Missouri, LLC
31. NorthStar Anesthesia of Montana, PLLC
32. Northstar Anesthesia of Nebraska, PLLC
33. NorthStar Anesthesia of Ohio, LLC
34. NorthStar Anesthesia of Oklahoma, PLLC
35. NorthStar Anesthesia of Pennsylvania, LLC
36. NorthStar Anesthesia of Tennessee, PLLC
37. NorthStar Anesthesia of Virginia, LLC
38. NorthStar Anesthesia of West Virginia, PLLC
39. NorthStar Anesthesia, PA
40. NSA Pain Services of Michigan III, PLLC
41. NSA Pain Services of Michigan, PLLC
42. Nurse Anesthesia of North Carolina, PLLC
43. Orange City Anesthesia Services, LLC
44. PhySynergy, LLC AL
45. PhySynergy, LLC TN
46. Professional Anesthesia Group, LLC
47. Professional Anesthesia Services of Kentucky, PLLC
48. River Cities Anesthesia, LLC
49. Riverside Anesthesia Services, LLC
50. Sarasota Anesthesia Services, LLC
51. Sentry Anesthesia Management, LLC
52. Southwest Ohio Anesthesia Consultants, LLC
53. Space Coast Anesthesia, LLC
54. Sunset Anesthesia, LLC 

On October 2, 2023, Arietis Health initiated the dispatch of data breach notification letters to individuals impacted by this recent data security incident. These letters are expected to provide affected individuals with a comprehensive list of the compromised information pertinent to them.