Skip to main content

Arietis Health Data Breach Investigation

Written by The Lyon Firm on . Posted in Data Breach.

Thank you for considering The Lyon Firm. At this time, we are not accepting plaintiffs related to this specific consumer issue. However, if you would like to be contacted in the future, please complete the contact form. By completing the form you will be contacted if the Firm begins accepting new cases on this matter, and you will also be included in firm news alerts related to important consumer safety and privacy issues to help keep you informed about related issues.

The Lyon Firm is investigating data theft claims on behalf of Arietis Health data breach victims nationwide. We are currently representing plaintiffs in several data privacy cases related to the MOVEit file transfer attack. Contact our legal team to discuss how to protect yourself and how to hold the responsible party accountable for their data security negligence.

Arietis Health, a Florida-based organization that provides healthcare billing services to NorthStar Anesthesia and dozens of other healthcare entities, has begun sending out data breach notice to Attorneys General around the nation as well as notification letters to thousands of impacted individuals.

What Happened?

Arietis Health, which manages hospitals and clinics that provide anesthesia and pain management services, was notified by a third party that information belonging to thousands of patients may have been compromised in a data security incident. On September 29, 2023, Arietis Health began notifying potentially impacted individuals with as many details as can be currently divulged. An investigation about the MOVEit attack is ongoing and evolving.

How is Arietis Health Linked to Progress Software & MOVEit?

On May 31, 2023, Progress Software, the parent company of the MOVEit file transfer software, alerted Arietis Health to a vulnerability affecting their application meant to securely transfer data. The MOVEit software was previously used by thousands of organizations, from hospitals to government agencies.

In July 2023, the investigation determined that unauthorized actors had access to Arietis Health’s MOVEit server in May and possibly acquired certain files which contained data belonging to individuals.

What Information Was Compromised?

This data security incident may have involved the following information for tens of thousands of patients:

  • Names
  • Dates of birth
  • Driver’s license
  • Addresses
  • Social Security numbers
  • Medical record numbers
  • Patient account numbers
  • Health insurance information
  • Diagnosis and treatment information
  • Clinical and prescription information

Which Arietis Health Patients Are Impacted?

Below is a list, provided by Arietis, of the potentially affected healthcare entities whose personal data may have been involved in the incident:

  • AmSol Physicians of Elkin, NC, PLLC
  • Anesthesia Company of Houston, PLLC
  • Anesthesia Resources Management Solutions, Inc
  • Coronado Anesthesia, PLLC
  • Digestive Health Specialists of SE
  • Dupont Anesthesia, PSC
  • Epix Anesthesia of Alabama, LLC
  • Epix Anesthesia of Tennessee, PLLC
  • Epix Medical Services of Houston, PLLC
  • Gastro South Anesthesia, LLC
  • Gastroenterology Consultants of Augusta, PC
  • GI Associates of West Alabama, PC
  • KBS Anesthesia, Inc
  • Lehigh Anesthesia Associates, PC
  • Northeast Gastroenterolgy Center, Inc
  • Northern Tier Gastroenterology, Inc
  • Northern Virginia Surgery Center Anesthesia, LLC
  • NorthStar Anesthesia
  • NSA Pain Services of Michigan, PLLC
  • Nurse Anesthesia of North Carolina, PLLC
  • Orange City Anesthesia Services, LLC
  • PhySynergy, LLC
  • Professional Anesthesia Group, LLC
  • River Cities Anesthesia, LLC
  • Riverside Anesthesia Services, LLC
  • Sarasota Anesthesia Services, LLC
  • Sentry Anesthesia Management, LLC
  • Southwest Ohio Anesthesia Consultants, LLC
  • Space Coast Anesthesia, LLC
  • Sunset Anesthesia, LLC

Contact our lawyers following any cybersecurity or data theft incident that impacts you and puts you at risk of fraud and identity theft. We believe any entity that collects and stores our personal data has a duty to protect it. Should an organization fail to protect our sensitive information, they may be held liable for the resulting damages.