AllerVie Health has disclosed a significant data breach that exposed sensitive patient information after a ransomware attack compromised parts of its network.
What happened
According to the company’s breach notice and regulatory filings, AllerVie Health first detected unusual network activity on November 2, 2025, triggering an internal investigation. The review later confirmed that unauthorized actors had access to the organization’s systems from October 24 to November 3, 2025. During that period, the attackers accessed and, in some cases, exfiltrated personally identifiable information (PII) stored on the network. The ANUBIS ransomware group is suspected to be responsible for the attack.
The exposed data reportedly included names, Social Security numbers, driver’s license or state ID numbers, and other identifiable information.
Going deeper
AllerVie Health notified state attorneys general in New Hampshire and Massachusetts on December 23 and 26, 2025, respectively, and has begun mailing breach notices to impacted individuals. Under U.S. state breach reporting laws, the company is required to alert affected people and regulators once a breach is discovered and evaluated.
In response to the incident, AllerVie has taken several steps:
- Reset affected system credentials and implemented enhanced monitoring.
- Engaged forensic and cybersecurity experts to investigate and secure the environment.
- Contracted Cyberscout, a TransUnion company, to offer complimentary credit monitoring and identity protection services to those affected.
What was said
According to the data breach notice, AllerVie Health has taken steps to address the incident. In the notice, the company further notes that “In response to this incident, we reset passwords, notified law enforcement, conducted a thorough investigation, and reviewed our policies and procedures related to data protection. As an additional safeguard, out of an abundance of caution, we have arranged for you to enroll, at no cost to you, in credit monitoring and identity
protection services.”
In the know
According to Ransomlook, Anubis is a fast-growing ransomware-as-a-service (RaaS) group that emerged in late 2024 and has quickly gained a name for targeting data-rich organizations, including healthcare providers. The group relies on a double-extortion model, stealing sensitive data and threatening to leak it publicly if victims refuse to pay, sometimes alongside file encryption.
Operating through affiliates, Anubis allows multiple monetization options, from traditional ransomware attacks to pure data-extortion campaigns. Security researchers warn that certain Anubis variants might possess destructive wiper functionality, significantly increasing the risk for victims.
See also: HIPAA Compliant Email: The Definitive Guide (2025 Update)
FAQS
What is ransomware?
Ransomware is a type of malicious software that cybercriminals use to block access to systems or data, typically by encrypting files. Attackers then demand a ransom payment in exchange for restoring access or preventing stolen data from being publicly released. In many modern attacks, ransomware is combined with data theft, meaning victims face both operational disruption and the risk of sensitive information exposure.
What is RaaS?
RaaS, or Ransomware-as-a-Service, is a cybercrime business model in which ransomware developers lease their tools and infrastructure to affiliates. These affiliates carry out attacks, while the operators take a percentage of the ransom payments. RaaS lowers the technical barrier to entry for cybercrime and has contributed to the rapid increase in ransomware attacks across industries, including healthcare.
Tshedimoso Makhene
