Cyber Incident Victim: Allergy Partners

The ransomware attack on Allergy Partners began on February 23, 2020, disrupting operations across multiple locations in the mountains, with specific impacts reported at the Asheville and Arden offices. The cyber intrusion persisted for eight consecutive days, during which attackers encrypted network systems and demanded a ransom payment of $1.75 million to restore access. This network outage severely impaired clinical operations, preventing staff from administering critical allergy shots to patients at the affected facilities. The Asheville Police Department documented the financial demand in an official report, confirming the attackers' ransom ultimatum. No patient data exfiltration or Dark Web leaks were reported during the initial disclosure period, distinguishing it from typical double-extortion ransomware incidents.

Federal authorities, including the FBI, initiated an investigation into the attack's origin and threat actors, though no attribution details were publicly confirmed. The incident marked the second disclosed ransomware attack against an allergy practice that week, following Atlanta Allergy & Asthma's breach by Nefilim ransomware operators. While both attacks occurred within close temporal proximity, no forensic evidence or threat intelligence linked the two incidents at the time of reporting. Allergy Partners' systems remained absent from dedicated Dark Web leak sites during the initial response phase, suggesting potential differences in attacker methodology or negotiation outcomes compared to the Atlanta case. Operational disruptions persisted throughout the eight-day attack duration until systems were restored through unspecified recovery measures.