AllerVie Health Data Breach 2025 (Anubis Ransomware): 80,521 Patients Exposed Across 12-State Allergy Network. Treatment Records, SSNs, and Prescription Data Stolen. What To Do
AllerVie Health, the national allergy and immunology network, confirmed an Anubis ransomware intrusion from October 24 through November 3, 2025 exposing 80,521 patients' names, SSNs, treatment/diagnosis records, prescription information, and Medicaid/Medicare numbers. A federal class action reached a notice of settlement June 4, 2026. Here is what to do.
You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.
Timeline
Oct 24, 2025
Unauthorized access to AllerVie Health network begins (per investigation findings)
Nov 2, 2025
Unusual network activity detected; incident response and forensics investigation begins
Nov 3, 2025
Unauthorized access window closes; containment achieved
Nov 24, 2025
File review confirms scope of affected data
Nov 26, 2025
Anubis ransomware group claims responsibility and lists AllerVie on dark-web leak site
Dec 4, 2025
Federal class action filed: Safford v. AllerVie Health Professional Corporation, No. 4:25-cv-01333 (E.D. Tex.), assigned to Judge Amos L. Mazzant III
Dec 22, 2025
Individual patient notification letters mailed
Dec 23, 2025
Breach reported to HHS Office for Civil Rights (80,521 individuals) and to the New Hampshire Attorney General
Dec 26, 2025
Breach reported to the Massachusetts Attorney General
Jan 5, 2026
Lynch Carpenter LLP publicly announces class-action investigation
Jan 9, 2026
AllerVie posts substitute notice on its website confirming full PHI categories including treatment/diagnosis, prescription data, MRN, and Medicaid/Medicare numbers
Jan 26, 2026
Federman & Sherwood announces investigation into AllerVie Health data breach
Feb 17, 2026
E.D. Texas court orders consolidation of related cases and stay of proceedings
Apr 9, 2026
Consolidated amended complaint filed in Safford v. AllerVie Health
Jun 4, 2026
Notice of Settlement filed in Safford v. AllerVie Health (E.D. Tex. No. 4:25-cv-01333); terms not yet public
Oct 24, 2025
Unauthorized access to AllerVie Health network begins (per investigation findings)
Nov 2, 2025
Unusual network activity detected; incident response and forensics investigation begins
Nov 3, 2025
Unauthorized access window closes; containment achieved
Nov 24, 2025
File review confirms scope of affected data
Nov 26, 2025
Anubis ransomware group claims responsibility and lists AllerVie on dark-web leak site
Dec 4, 2025
Federal class action filed: Safford v. AllerVie Health Professional Corporation, No. 4:25-cv-01333 (E.D. Tex.), assigned to Judge Amos L. Mazzant III
Dec 22, 2025
Individual patient notification letters mailed
Dec 23, 2025
Breach reported to HHS Office for Civil Rights (80,521 individuals) and to the New Hampshire Attorney General
Dec 26, 2025
Breach reported to the Massachusetts Attorney General
Jan 5, 2026
Lynch Carpenter LLP publicly announces class-action investigation
Jan 9, 2026
AllerVie posts substitute notice on its website confirming full PHI categories including treatment/diagnosis, prescription data, MRN, and Medicaid/Medicare numbers
Jan 26, 2026
Federman & Sherwood announces investigation into AllerVie Health data breach
Feb 17, 2026
E.D. Texas court orders consolidation of related cases and stay of proceedings
Apr 9, 2026
Consolidated amended complaint filed in Safford v. AllerVie Health
Jun 4, 2026
Notice of Settlement filed in Safford v. AllerVie Health (E.D. Tex. No. 4:25-cv-01333); terms not yet public
Data exposed
01
High-risk identity
Enables financial + identity theft
02
Health records
Don't expire and can't be reissued
03
Contact & insurance
Phishing + targeted scams
Class actions filed by
These firms have publicly announced investigations. You may be eligible to join. We are not a law firm and cannot give legal advice.
Your action plan, in five steps.
You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.
01
Accept credit monitoring
It’s the floor of the response. Take it.
02
Freeze your credit
Free at Equifax, Experian, TransUnion.
03
File IRS Form 14039
Prevent fraudulent tax return under your SSN.
04
Review your EOBs
Insurance statements catch medical identity theft early.
05
Stop the ongoing flow
Credit monitoring doesn’t cover your health records. HealthConsent does.
What happened
AllerVie Health, a national network of board-certified allergists and immunologists operating roughly 75 clinics across 12 states (Alabama, Connecticut, D.C., Florida, Georgia, Illinois, Maryland, Ohio, Pennsylvania, Texas, Virginia, and others), confirmed that unauthorized actors had access to its network from October 24 through November 3, 2025. The intrusion was detected on November 2, 2025, when AllerVie identified unusual network activity. A third-party forensics firm was engaged immediately. The access window closed on November 3, and a comprehensive file review concluded on November 24, 2025.
The Anubis ransomware-as-a-service group claimed responsibility on November 26, 2025, posting AllerVie on its dark-web leak site and initially asserting more than 30,000 patient records affected. AllerVie’s HIPAA filing ultimately confirmed 80,521 individuals. Anubis is a Russian-language RaaS operation that emerged publicly in early 2025 and is characterized by a double-extortion model: it both encrypts victim systems and operates a data-leak site. Trend Micro analysts have noted the group includes an optional “wipe mode” that can permanently destroy files if ransom is not paid.
Patient notification letters were mailed on December 22, 2025. AllerVie filed its HIPAA breach report with HHS OCR on December 23, 2025 and began notifying attorney general offices in more than a dozen states. The company’s own substitute notice, posted on its website on January 9, 2026, confirmed a substantially broader set of data categories than the initial state filings indicated (see “What was stolen” below).
This breach is recorded in the HHS OCR portal as a Hacking/IT Incident affecting a Network Server, categorized under Healthcare Provider for AllerVie’s Texas corporate operations.
What was stolen
AllerVie’s substitute notice, published January 9, 2026, is the authoritative source on PHI categories. It confirms that the following information was potentially accessed for each affected individual, with one or more categories applying per record:
- Name
- Address
- Phone number
- Email address
- Social Security number
- Driver’s license or state-issued ID number
- Date of birth
- Treatment and diagnosis information
- Prescription information
- Provider name
- Medical record number (MRN) or patient ID
- Medicaid or Medicare number
- Health insurance information
- Treatment cost information
This is a clinically significant combination. Treatment, diagnosis, prescription, and Medicaid/Medicare data are regulated PHI under HIPAA and carry long-tail identity-theft risk: fraudulent insurance claims, prescription fraud, and billing manipulation. The Anubis leak-site sample reviewed by independent researchers (DeXpose, HIPAA Journal) is consistent with this scope, with phone numbers, email addresses, insurer details, and provider names visible in the posted records.
No payment-card or banking data has been publicly identified in the exposed records.
What AllerVie Health is offering
AllerVie Health is offering affected individuals complimentary credit monitoring and identity-theft protection services through Cyberscout, a TransUnion company. The duration of the monitoring period was not specified in the entity’s substitute notice; the enrollment instructions and a unique activation code are included in each individual mailed notification letter.
A dedicated breach hotline is available at 1-833-877-1419, staffed Monday through Friday, 8 a.m. to 8 p.m. Eastern, excluding major U.S. holidays.
Class actions
A federal class action, Safford v. AllerVie Health Professional Corporation, No. 4:25-cv-01333 (E.D. Tex.), was filed on December 4, 2025 and assigned to Judge Amos L. Mazzant III. Related cases were consolidated by December 31, 2025. The court stayed proceedings on February 17, 2026. An amended consolidated complaint was filed April 9, 2026. On June 4, 2026, plaintiffs’ counsel filed a Notice of Settlement. Settlement terms have not been publicly disclosed as of this writing; a motion for preliminary approval is expected to follow.
Four plaintiffs’ firms have publicly announced investigations: Lynch Carpenter LLP, Edelson Lechtzin LLP (EKSM), Maxey Law Firm, and Federman & Sherwood. AllerVie Health has not admitted any wrongdoing.
AllerVie also filed breach notifications with attorney general offices in at least 14 states: California, Iowa, Maine, Massachusetts, Montana, Nebraska, New Hampshire, Oregon, Rhode Island, South Carolina, Texas, Vermont, Washington, and others (per ClaimDepot aggregator, cross-referenced with confirmed NH and MA filings). The scope of multi-state AG filings reflects the network’s geographic spread.
What to do
- Enroll in the Cyberscout credit monitoring using the unique code in your notification letter. The code is single-use; activate it even if you also place credit freezes.
- Freeze your credit at Equifax (1-888-298-0045), Experian (1-888-397-3742), and TransUnion (1-800-680-7289). Social Security numbers and driver’s license data were confirmed exposed; a freeze is more protective than monitoring alone. It is free and reversible.
- File IRS Form 14039 (Identity Theft Affidavit) if you are concerned about tax-return fraud. Social Security number exposure makes you eligible to request an IRS Identity Protection PIN.
- Watch for medical identity theft. Review every Explanation of Benefits from your health insurer and request a copy of your insurance claims history. Treatment, diagnosis, prescription, MRN, and Medicare/Medicaid data were all exposed. If you see services you did not receive, contact your insurer’s fraud line immediately.
- If you receive Medicare or Medicaid: contact your plan’s fraud hotline and request a new beneficiary identifier if one was exposed. Medicare fraud from stolen beneficiary numbers can be difficult to reverse.
- Preserve your notification letter. If the court grants preliminary approval of the Safford settlement, eligible class members will need to demonstrate they received notice. Your letter is evidence of membership.
- Be alert to targeted phishing. Threat actors holding your name, address, diagnosis information, and insurer data can craft convincing follow-on lures. Treat any unsolicited call or email referencing your AllerVie care, your allergy or asthma treatment, or a “settlement claim” with skepticism.
- Stop the ongoing flow of your allergy and immunology health records. HealthConsent files HIPAA restriction requests so the treatment, prescription, and insurance data exposed in this breach is not continuously re-shared across health information exchanges and third-party billing networks.
Continue reading
- Your HIPAA Rights — how to request access, amendments, and restrictions on your health records.
- All tracked healthcare breaches — browse the full list of OCR-reported incidents.
Sources
- HHS Office for Civil Rights Breach Portal — federal regulatory record (Hacking/IT Incident, Network Server, 80,521 individuals, filed 2025-12-23).
- AllerVie Health — Notice of Data Incident (substitute notice, January 9, 2026) — authoritative source for confirmed PHI categories including treatment/diagnosis, prescription, MRN, Medicaid/Medicare.
- HIPAA Journal — AllerVie Health Patients Affected by Ransomware Attack — incident timeline, Anubis attribution, affected count.
- New Hampshire DOJ — AllerVie Health breach notice (2025-12-23 PDF) — state AG filing.
- Massachusetts OCABR — December 2025 Breach Notification Letters — MA state AG filing record.
- CourtListener — Safford v. AllerVie Health Professional Corporation, No. 4:25-cv-01333 (E.D. Tex.) — docket, including Notice of Settlement filed June 4, 2026.
- Paubox — AllerVie Health confirms ransomware attack exposed patient data — Anubis attribution, Cyberscout monitoring offer.
- ClaimDepot — AllerVie Health Data Breach — multi-state AG filing list, 80,521 affected count.
- Lynch Carpenter LLP — AllerVie Health Data Breach Claims Investigation — plaintiff-side investigation.
- GlobeNewswire — AllerVie Health Data Breach Claims Investigated by Lynch Carpenter (January 5, 2026) — press release confirming investigation scope.
- Federman & Sherwood — AllerVie Health Data Breach Investigation — fourth plaintiff firm investigation, January 26, 2026.
- DeXpose — Anubis Ransomware Strikes AllerVie Health — dark-web leak-site analysis and sample data fields.
- HIPAA Journal — December 2025 Healthcare Data Breach Report — monthly aggregate confirming AllerVie reporting.
- BankInfoSecurity — RaaS Gang Anubis Claims Signature Healthcare Data Theft — Anubis group profile: 70+ victims, double-extortion model, wipe-mode capability.
Credit monitoring covers your wallet. HealthConsent covers your health records.
Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.
Protect my health dataCancel anytime · Family plan covers spouses + dependents
Sources & further reading
- HHS Office for Civil Rights Breach Portal
- HIPAA Journal — AllerVie Health Patients Affected by Ransomware Attack
- New Hampshire Department of Justice — AllerVie Health breach notice (PDF, 2025-12-23)
- Massachusetts Office of Consumer Affairs — Data Breach Notification Letters December 2025
- Paubox — AllerVie Health confirms ransomware attack exposed patient data
- ClaimDepot — AllerVie Health Data Breach Affects 80k, Exposing Social Security Numbers
- Lynch Carpenter LLP — AllerVie Health Data Breach Claims Investigation
- DeXpose — Anubis Ransomware Strikes AllerVie Health
- HIPAA Journal — December 2025 Healthcare Data Breach Report
- AllerVie Health — Notice of Data Incident (substitute notice, January 9, 2026 PDF)
- Federman & Sherwood — AllerVie Health Data Breach Investigation (January 26, 2026)
- CourtListener — Safford v. AllerVie Health Professional Corporation, No. 4:25-cv-01333 (E.D. Tex.) — docket with Notice of Settlement June 4, 2026
- GlobeNewswire — AllerVie Health Data Breach Claims Investigated by Lynch Carpenter (January 5, 2026)
- BankInfoSecurity — RaaS Gang Anubis Claims Signature Healthcare Data Theft (Anubis group profile)
Official HHS OCR Breach Portal: ocrportal.hhs.gov
About this page
This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.