AllerVie Health Patients Affected by Ransomware Attack
AllerVie Health, a Frisco, TX-based provider of allergy and immunology services, has announced a security incident that exposed personally identifiable information. Unusual network activity was identified on November 2, 2025, and an investigation was launched to determine the cause of the activity. The investigation confirmed unauthorized access to its network between October 24, 2025, and November 3, 2025, and during that time, “a limited amount of information was subject to unauthorized access.”
The file review revealed on November 24, 2025, that names, Social Security numbers, driver’s license numbers, and state identification numbers were involved. The affected individuals were notified by mail on December 22, 2025, and have been offered complimentary credit monitoring and identity theft protection services. Allervie Health said it has reviewed its policies and procedures related to data protection. The number of affected individuals has yet to be confirmed.
While not stated by Allervie Health in its notification letters, this appears to have been a ransomware attack by the Anubis ransomware group, which has added Allervie Health to its dark web data leak site along with a copy of the data allegedly stolen in the attack. Anubis claims that the stolen data includes the records of more than 30,000 patients, and the data sample on the website shows first and last names, email addresses, ages, addresses, zip codes, phone numbers, provider names, primary insurer names, and other sensitive data. On December 23, 2026, the HHS’ Office for Civil Rights was informed that the data breach affected 80,521 individuals.
Gardner Health Services, California
Gardner Health Services in San Jose, California, has confirmed that it was one of the victims of the recently announced TriZetto Provider Solutions data breach. TriZetto provided billing-related services to Gardner, which required access to patient data. The data breach was detected on October 2, 2025, and involved unauthorized access to records related to insurance eligibility verification transactions.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The compromised data included names, addresses, dates of birth, Social Security numbers, health insurance member numbers (which may be a Medicare beneficiary identifier), provider names, health insurer names, primary insured information, health information, and health insurance information. TriZetto has offered the affected individuals complimentary single-bureau credit monitoring and identity theft protection services.
This is the second data breach to affect Gardner Health Services this year. An earlier breach involved unauthorized access to the protected health information of 26,000 individuals. The Cl0p ransomware group claimed responsibility for the attack.
