Two Healthcare Organizations Hit By Ransomware
Two healthcare organizations - AllerVie Health in Texas and Gardner Health Services in California - have disclosed serious security incidents involving unauthorized network access and exposure of sensitive patient data, underscoring persistent weaknesses in healthcare security visibility and third-party risk management.
AllerVie Health detected unusual network activity on November 2, 2025, and subsequent investigation confirmed unauthorized access between October 24 and November 3, 2025. File analysis revealed that names, Social Security numbers, driver’s license numbers, and state ID numbers were exposed, with affected individuals notified in late December and offered credit monitoring and identity theft protection. Although not stated in patient notifications, evidence strongly suggests this was a ransomware attack by the Anubis ransomware group, which has published alleged stolen data on its leak site and claims the compromise involves records of more than 30,000 patients.
Separately, Gardner Health Services confirmed it was impacted by the TriZetto Provider Solutions data breach, detected on October 2, 2025, involving unauthorized access to insurance eligibility verification transactions handled by the third-party billing provider. This marks Gardner’s second breach in a single year, following an earlier incident affecting 26,000 individuals that was attributed to the Cl0p ransomware group - highlighting the compounding risk of repeat intrusions and third-party dependencies within healthcare ecosystems.
These incidents demonstrate why healthcare organizations need deep, unified visibility across security data sources, including full packet capture, NetFlow/IPFIX, DNS and HTTP logs, authentication logs, endpoint telemetry, SNMP infrastructure metrics, API logs, and cloud audit trails with a platform like NIKSUN. When these data sources are fragmented, early indicators of compromise - such as lateral movement, command-and-control traffic, abnormal data exfiltration, or ransomware staging - are easily missed. Read more about this story on our LinkedIn page
AllerVie Health detected unusual network activity on November 2, 2025, and subsequent investigation confirmed unauthorized access between October 24 and November 3, 2025. File analysis revealed that names, Social Security numbers, driver’s license numbers, and state ID numbers were exposed, with affected individuals notified in late December and offered credit monitoring and identity theft protection. Although not stated in patient notifications, evidence strongly suggests this was a ransomware attack by the Anubis ransomware group, which has published alleged stolen data on its leak site and claims the compromise involves records of more than 30,000 patients.
Separately, Gardner Health Services confirmed it was impacted by the TriZetto Provider Solutions data breach, detected on October 2, 2025, involving unauthorized access to insurance eligibility verification transactions handled by the third-party billing provider. This marks Gardner’s second breach in a single year, following an earlier incident affecting 26,000 individuals that was attributed to the Cl0p ransomware group - highlighting the compounding risk of repeat intrusions and third-party dependencies within healthcare ecosystems.
These incidents demonstrate why healthcare organizations need deep, unified visibility across security data sources, including full packet capture, NetFlow/IPFIX, DNS and HTTP logs, authentication logs, endpoint telemetry, SNMP infrastructure metrics, API logs, and cloud audit trails with a platform like NIKSUN. When these data sources are fragmented, early indicators of compromise - such as lateral movement, command-and-control traffic, abnormal data exfiltration, or ransomware staging - are easily missed. Read more about this story on our LinkedIn page