Covenant Health Cyberattack Exposes Data of Nearly Half a Million Patients
ANDOVER, Mass. — Covenant Health, a prominent Catholic healthcare provider operating across New England and parts of Pennsylvania, disclosed on January 10, 2026, that a cyberattack detected in late May 2025 compromised the personal information of 478,188 patients. This figure marks a significant increase from the fewer than 8,000 individuals initially reported to be affected earlier in the year.
The breach was first identified on May 26, 2025, when Covenant Health’s IT security team detected unusual activity within its systems. However, subsequent forensic investigations revealed that attackers had gained unauthorized access as early as May 18, 2025, allowing them to access sensitive patient data during that eight-day window. The healthcare provider engaged third-party cybersecurity experts to conduct a thorough analysis, which led to the expanded estimate of affected individuals.
According to Covenant Health, the exposed information includes names, addresses, dates of birth, medical record numbers, Social Security numbers, health insurance details, and treatment information such as diagnoses and dates of care. The scope of the breach is particularly concerning given Covenant Health’s broad network of hospitals, nursing and rehabilitation centers, assisted living residences, and elder care facilities.
In late June 2025, the Qilin ransomware group claimed responsibility for the attack, stating they had stolen approximately 852 gigabytes of data comprising nearly 1.35 million files. While Covenant Health has not publicly confirmed the use of ransomware, the organization acknowledged that patient data was accessed during the incident. The ransomware group listed Covenant Health on its data leak site, a tactic commonly used to pressure victims into paying ransom.
The healthcare provider promptly notified regulators and affected patients, offering credit monitoring services to mitigate potential identity theft risks. Such responses align with best practices outlined by the U.S. Department of Health and Human Services (HHS) for healthcare data breaches. Covenant Health continues to work closely with federal authorities and cybersecurity specialists to investigate the full extent of the breach and enhance its security posture.
This incident underscores the growing threat of cyberattacks targeting healthcare organizations, which often hold vast amounts of sensitive personal and medical data. The Federal Bureau of Investigation (FBI) has repeatedly warned about the rise of ransomware attacks on hospitals and healthcare providers, emphasizing the critical need for robust cybersecurity defenses.
Patients impacted by the breach are encouraged to remain vigilant for signs of identity theft and to take advantage of any credit monitoring services offered. The Federal Trade Commission (FTC) provides resources and guidance on protecting personal information following a data breach.
As investigations continue, Covenant Health has pledged to keep patients and regulators informed of any new developments. This breach serves as a stark reminder of the vulnerabilities in healthcare IT systems and the importance of ongoing investment in cybersecurity measures to protect patient privacy and safety.
Leave a Reply