Asheville Eye Associates to pay $500k following ransomware attack

The data breach impacted over 200,000 individuals in late 2024.

What happened

Asheville Eye Associates recently agreed to settle a class-action lawsuit stemming from a 2024 data breach that affected 204,984 individuals. After the incident, multiple lawsuits were filed but ultimately consolidated into In re Asheville Eye Associates Data Incident Litigation in South Carolina’s General Court of Justice Superior Court Division.

The lawsuit alleged that Asheville Eye Associates was negligent and breached its implied contract, among other claims.

A settlement of $500,000 will go towards attorney fees, awards to the plaintiffs, and the class action members. As part of the settlement, Asheville Eye maintains that they committed no wrongdoing. A final approval hearing is scheduled for May 14th, 2026.

Going deeper

According to the Settlement Agreement, the breach took place in November of 2024 and victims were notified in February of 2025. The breach led to exposure of names, addresses, health insurance information, Social Security numbers, and medical treatment information.

While the practice has not publicly stated the incident was a ransomware attack, it has been claimed by the ransomware group DragonForce. The malicious group used a tactic called double extortion, where they claimed to have exfiltrated 540 GB of data before encrypting files. DragonForce ultimately leaked the data, likely because the ransom went unpaid.

In the know

DragonForce first emerged in 2023, operating as a Ransomware-as-a-Service (RaaS) provider. As of early 2026, they have added 363 victims to their Data Leak Site. The group has attacked multiple countries, including the United Kingdom and Germany, but the US has faced the most attacks.

Uniquely, DragonForce has also been known to target rivals, like defacing BlackLock’s site and claiming RansomHub’s infrastructure when it went offline in April of 2025.

The big picture

Ransomware attacks have been on the rise, with one Paubox report showing a 264% increase since 2018. Attackers are growing more sophisticated, refining their methods and selling RaaS to increase the number of attacks. Organizations have to be prepared for the incidents, and the best preparation is prevention. Through using the right tools and services, like Paubox’s encrypted email, organizations can automate the prevention process, lessening the likelihood for human error or employees being tricked.

FAQs

What is double extortion?

Double extortion is a ransomware tactic where threat actors both steal a copy of the data and encrypt it so that the healthcare organization is unable to access it.

What is RaaS?

Ransomware-as-a-service is when highly tech-savvy hackers sell ransomware software to newer threat actors, receiving a percentage of the ransoms in return. Services like these have made ransomware attacks even more prevalent.