Covenant Health has significantly revised the scale of a data breach discovered in May 2025, saying that nearly 500,000 people were affected, far more than initially reported.
The Catholic healthcare organization first disclosed the incident in July, when it said the personal information of 7,864 individuals may have been exposed. However, after completing most of its internal data analysis, Covenant Health now says the breach impacted 478,188 individuals.
Covenant Health is based in Andover, Massachusetts, and operates hospitals, nursing and rehabilitation centers, assisted living facilities, and elder care organizations across New England and parts of Pennsylvania.
According to the organization, it learned on May 26, 2025, that an unauthorized party had gained access to its systems on May 18, eight days earlier. During that time, the attacker was able to access patient data.
In late June, the Qilin ransomware group claimed responsibility for the attack. The group alleged it stole 852 GB of data, including nearly 1.35 million files, and later listed Covenant Health on its data leak website.
Covenant Health said the compromised information may include patients’ names, addresses, dates of birth, medical record numbers, Social Security numbers, health insurance details, and treatment-related information such as diagnoses and dates of care.
The organization said it hired third-party forensic experts to investigate the incident and determine what data was accessed and how many individuals were affected. While most of the analysis has been completed, Covenant Health said the review is still ongoing and did not provide a timeline for when it will be finalized.
Covenant Health also stated that it has strengthened its cybersecurity measures to help prevent similar incidents in the future.
To support affected individuals, the healthcare provider is offering 12 months of free identity protection services to help monitor for potential misuse of personal information.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
Starting December 31, Covenant Health began mailing data breach notification letters to patients whose information may have been compromised during the May cyberattack.
