Active breach tracker Headquartered in Birmingham, AL with corporate operations in Frisco, TX; approximately 75 clinics across 12 states Disclosed December 23, 2025

AllerVie Health Data Breach 2025 (Anubis Ransomware): 80,521 Patients Exposed Across 12-State Allergy Network. Treatment Records, SSNs, and Prescription Data Stolen. What To Do

AllerVie Health, the national allergy and immunology network, confirmed an Anubis ransomware intrusion from October 24 through November 3, 2025 exposing 80,521 patients' names, SSNs, treatment/diagnosis records, prescription information, and Medicaid/Medicare numbers. A federal class action reached a notice of settlement June 4, 2026. Here is what to do.

You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.

By HealthConsent Editorial Last updated Sources & methodology

Timeline

Oct 24, 2025

Unauthorized access to AllerVie Health network begins (per investigation findings)

Nov 2, 2025

Unusual network activity detected; incident response and forensics investigation begins

Nov 3, 2025

Unauthorized access window closes; containment achieved

Nov 24, 2025

File review confirms scope of affected data

Nov 26, 2025

Anubis ransomware group claims responsibility and lists AllerVie on dark-web leak site

Dec 4, 2025

Federal class action filed: Safford v. AllerVie Health Professional Corporation, No. 4:25-cv-01333 (E.D. Tex.), assigned to Judge Amos L. Mazzant III

Dec 22, 2025

Individual patient notification letters mailed

Dec 23, 2025

Breach reported to HHS Office for Civil Rights (80,521 individuals) and to the New Hampshire Attorney General

Dec 26, 2025

Breach reported to the Massachusetts Attorney General

Jan 5, 2026

Lynch Carpenter LLP publicly announces class-action investigation

Jan 9, 2026

AllerVie posts substitute notice on its website confirming full PHI categories including treatment/diagnosis, prescription data, MRN, and Medicaid/Medicare numbers

Jan 26, 2026

Federman & Sherwood announces investigation into AllerVie Health data breach

Feb 17, 2026

E.D. Texas court orders consolidation of related cases and stay of proceedings

Apr 9, 2026

Consolidated amended complaint filed in Safford v. AllerVie Health

Jun 4, 2026

Notice of Settlement filed in Safford v. AllerVie Health (E.D. Tex. No. 4:25-cv-01333); terms not yet public

Data exposed

01

High-risk identity

Enables financial + identity theft

Social Security numbers Driver's license numbers

02

Health records

Don't expire and can't be reissued

Treatment and diagnosis information Prescription information Medical record numbers (MRN) / patient IDs Treatment cost information

03

Contact & insurance

Phishing + targeted scams

Names State identification numbers Dates of birth Addresses Phone numbers Email addresses Provider names Medicaid and Medicare numbers Health insurance information

Class actions filed by

These firms have publicly announced investigations. You may be eligible to join. We are not a law firm and cannot give legal advice.

Lynch Carpenter, LLP (investigating) Edelson Lechtzin LLP / EKSM (investigating) Maxey Law Firm, P.A. (investigating) Federman & Sherwood (investigating)
If you received a letter

Your action plan, in five steps.

You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.

01

Accept credit monitoring

It’s the floor of the response. Take it.

02

Freeze your credit

Free at Equifax, Experian, TransUnion.

03

File IRS Form 14039

Prevent fraudulent tax return under your SSN.

04

Review your EOBs

Insurance statements catch medical identity theft early.

05

Stop the ongoing flow

Credit monitoring doesn’t cover your health records. HealthConsent does.

Jump to step 5: protect my health data

What happened

AllerVie Health, a national network of board-certified allergists and immunologists operating roughly 75 clinics across 12 states (Alabama, Connecticut, D.C., Florida, Georgia, Illinois, Maryland, Ohio, Pennsylvania, Texas, Virginia, and others), confirmed that unauthorized actors had access to its network from October 24 through November 3, 2025. The intrusion was detected on November 2, 2025, when AllerVie identified unusual network activity. A third-party forensics firm was engaged immediately. The access window closed on November 3, and a comprehensive file review concluded on November 24, 2025.

The Anubis ransomware-as-a-service group claimed responsibility on November 26, 2025, posting AllerVie on its dark-web leak site and initially asserting more than 30,000 patient records affected. AllerVie’s HIPAA filing ultimately confirmed 80,521 individuals. Anubis is a Russian-language RaaS operation that emerged publicly in early 2025 and is characterized by a double-extortion model: it both encrypts victim systems and operates a data-leak site. Trend Micro analysts have noted the group includes an optional “wipe mode” that can permanently destroy files if ransom is not paid.

Patient notification letters were mailed on December 22, 2025. AllerVie filed its HIPAA breach report with HHS OCR on December 23, 2025 and began notifying attorney general offices in more than a dozen states. The company’s own substitute notice, posted on its website on January 9, 2026, confirmed a substantially broader set of data categories than the initial state filings indicated (see “What was stolen” below).

This breach is recorded in the HHS OCR portal as a Hacking/IT Incident affecting a Network Server, categorized under Healthcare Provider for AllerVie’s Texas corporate operations.

What was stolen

AllerVie’s substitute notice, published January 9, 2026, is the authoritative source on PHI categories. It confirms that the following information was potentially accessed for each affected individual, with one or more categories applying per record:

  • Name
  • Address
  • Phone number
  • Email address
  • Social Security number
  • Driver’s license or state-issued ID number
  • Date of birth
  • Treatment and diagnosis information
  • Prescription information
  • Provider name
  • Medical record number (MRN) or patient ID
  • Medicaid or Medicare number
  • Health insurance information
  • Treatment cost information

This is a clinically significant combination. Treatment, diagnosis, prescription, and Medicaid/Medicare data are regulated PHI under HIPAA and carry long-tail identity-theft risk: fraudulent insurance claims, prescription fraud, and billing manipulation. The Anubis leak-site sample reviewed by independent researchers (DeXpose, HIPAA Journal) is consistent with this scope, with phone numbers, email addresses, insurer details, and provider names visible in the posted records.

No payment-card or banking data has been publicly identified in the exposed records.

What AllerVie Health is offering

AllerVie Health is offering affected individuals complimentary credit monitoring and identity-theft protection services through Cyberscout, a TransUnion company. The duration of the monitoring period was not specified in the entity’s substitute notice; the enrollment instructions and a unique activation code are included in each individual mailed notification letter.

A dedicated breach hotline is available at 1-833-877-1419, staffed Monday through Friday, 8 a.m. to 8 p.m. Eastern, excluding major U.S. holidays.

Class actions

A federal class action, Safford v. AllerVie Health Professional Corporation, No. 4:25-cv-01333 (E.D. Tex.), was filed on December 4, 2025 and assigned to Judge Amos L. Mazzant III. Related cases were consolidated by December 31, 2025. The court stayed proceedings on February 17, 2026. An amended consolidated complaint was filed April 9, 2026. On June 4, 2026, plaintiffs’ counsel filed a Notice of Settlement. Settlement terms have not been publicly disclosed as of this writing; a motion for preliminary approval is expected to follow.

Four plaintiffs’ firms have publicly announced investigations: Lynch Carpenter LLP, Edelson Lechtzin LLP (EKSM), Maxey Law Firm, and Federman & Sherwood. AllerVie Health has not admitted any wrongdoing.

AllerVie also filed breach notifications with attorney general offices in at least 14 states: California, Iowa, Maine, Massachusetts, Montana, Nebraska, New Hampshire, Oregon, Rhode Island, South Carolina, Texas, Vermont, Washington, and others (per ClaimDepot aggregator, cross-referenced with confirmed NH and MA filings). The scope of multi-state AG filings reflects the network’s geographic spread.

What to do

  1. Enroll in the Cyberscout credit monitoring using the unique code in your notification letter. The code is single-use; activate it even if you also place credit freezes.
  2. Freeze your credit at Equifax (1-888-298-0045), Experian (1-888-397-3742), and TransUnion (1-800-680-7289). Social Security numbers and driver’s license data were confirmed exposed; a freeze is more protective than monitoring alone. It is free and reversible.
  3. File IRS Form 14039 (Identity Theft Affidavit) if you are concerned about tax-return fraud. Social Security number exposure makes you eligible to request an IRS Identity Protection PIN.
  4. Watch for medical identity theft. Review every Explanation of Benefits from your health insurer and request a copy of your insurance claims history. Treatment, diagnosis, prescription, MRN, and Medicare/Medicaid data were all exposed. If you see services you did not receive, contact your insurer’s fraud line immediately.
  5. If you receive Medicare or Medicaid: contact your plan’s fraud hotline and request a new beneficiary identifier if one was exposed. Medicare fraud from stolen beneficiary numbers can be difficult to reverse.
  6. Preserve your notification letter. If the court grants preliminary approval of the Safford settlement, eligible class members will need to demonstrate they received notice. Your letter is evidence of membership.
  7. Be alert to targeted phishing. Threat actors holding your name, address, diagnosis information, and insurer data can craft convincing follow-on lures. Treat any unsolicited call or email referencing your AllerVie care, your allergy or asthma treatment, or a “settlement claim” with skepticism.
  8. Stop the ongoing flow of your allergy and immunology health records. HealthConsent files HIPAA restriction requests so the treatment, prescription, and insurance data exposed in this breach is not continuously re-shared across health information exchanges and third-party billing networks.

Continue reading

Sources

Stop your data from spreading further

Credit monitoring covers your wallet. HealthConsent covers your health records.

Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.

Protect my health data

Cancel anytime · Family plan covers spouses + dependents

About this page

This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.