02/69 Monday, January 5, 2026
Covenant Health, a U.S.-based healthcare organization, disclosed that it suffered a ransomware cyberattack in May 2025, resulting in the unauthorized access to personal and health information of more than 478,000 individuals. Covenant Health provides medical services through hospitals and healthcare facilities across several states, including Massachusetts, Maine, New Hampshire, Pennsylvania, and Vermont.
According to Covenant Health, the attack began on May 26, 2025, forcing the organization to temporarily shut down IT systems across hospitals, clinics, and medical practices to contain the incident and limit potential damage. The organization engaged cybersecurity experts to investigate the intrusion. In June, the ransomware group Qilin claimed responsibility for the attack and alleged that it had exfiltrated up to 850 gigabytes of data.
Following a comprehensive investigation, Covenant Health revised the number of affected individuals from an initial estimate of 7,800 to 478,188. The potentially compromised data includes full names, dates of birth, addresses, Social Security numbers (SSNs), medical record numbers, health insurance information, and treatment-related data. The organization began notifying affected individuals on December 31, 2025, established a dedicated assistance center, and is offering free credit monitoring services to those whose sensitive information may have been impacted. Covenant Health also stated that it has strengthened its cybersecurity measures to prevent similar incidents in the future.
