• Home
  • cyber
  • Covenant Health and Inc.: Covenant Health Data Breach Impacts 478,000 Individuals
cyber Ransomware

Covenant Health and Inc.: Covenant Health Data Breach Impacts 478,000 Individuals

Jan 2, 2026 2 min read
Covenant Health and Inc.: Covenant Health Data Breach Impacts 478,000 Individuals

Covenant Health Data Breach Exposes Personal and Medical Data of 478,000 Individuals

Covenant Health, a Massachusetts-based healthcare provider operating across six states, confirmed a significant data breach affecting 478,188 individuals after a cyberattack in May 2025. The incident, discovered on May 26, involved unauthorized access to sensitive patient information, including names, dates of birth, addresses, Social Security numbers, medical record numbers, health insurance details, and treatment records.

The attack, claimed by the Qilin ransomware group in June 2025, reportedly resulted in the theft of 1.3 million files (850 GB). The stolen data was later published online, suggesting Covenant Health did not pay the ransom. The organization initially reported only 7,800 affected individuals to the Maine Attorney General’s Office in July but revised the figure to 478,188 in a December 31 update after completing its investigation.

Covenant Health serves patients in Massachusetts, Maine, New Hampshire, Pennsylvania, Rhode Island, and Vermont, making this one of the largest healthcare breaches in recent months. The delayed disclosure and underreported initial impact highlight the challenges in accurately assessing the scope of such incidents.

Source: https://www.securityweek.com/covenant-health-data-breach-impacts-478000-individuals/

Covenant Health cybersecurity rating report: https://www.rankiteo.com/company/covenanthealth

"id": "COV1767361247",
"linkid": "covenanthealth",
"type": "Ransomware",
"date": "5/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'customers_affected': '478,188',
                        'industry': 'Healthcare',
                        'location': 'Andover, Massachusetts, USA (with '
                                    'locations in Maine, New Hampshire, '
                                    'Pennsylvania, Rhode Island, and Vermont)',
                        'name': 'Covenant Health, Inc.',
                        'type': 'Healthcare Organization'}],
 'attack_vector': 'Unknown',
 'customer_advisories': 'Notifications sent to affected individuals',
 'data_breach': {'data_encryption': 'Yes (ransomware encryption)',
                 'data_exfiltration': 'Yes (alleged by Qilin ransomware group)',
                 'number_of_records_exposed': '478,188 individuals (1.3 '
                                              'million files alleged by Qilin)',
                 'personally_identifiable_information': 'Name, date of birth, '
                                                        'address, SSN, medical '
                                                        'record number, health '
                                                        'insurance '
                                                        'information, '
                                                        'treatment information',
                 'sensitivity_of_data': 'High (SSN, medical records, insurance '
                                        'information)',
                 'type_of_data_compromised': ['Personal Information',
                                              'Health Information']},
 'date_detected': '2025-05-26',
 'date_publicly_disclosed': '2025-07-01',
 'date_resolved': '2025-12-31',
 'description': 'Covenant Health, Inc. reported a data breach impacting over '
                '478,000 individuals after a hacker attack on May 18, 2025. '
                'Personal and health information was compromised, and the '
                'Qilin ransomware group claimed responsibility, alleging theft '
                'of 1.3 million files (850 GB). The breach was discovered on '
                'May 26, 2025, and the investigation concluded in December '
                '2025.',
 'impact': {'brand_reputation_impact': 'Likely significant',
            'data_compromised': 'Personal and health information (name, date '
                                'of birth, address, SSN, medical record '
                                'number, health insurance information, '
                                'treatment information)',
            'identity_theft_risk': 'High',
            'legal_liabilities': 'Possible regulatory fines and lawsuits'},
 'initial_access_broker': {'data_sold_on_dark_web': 'Data allegedly made '
                                                    'public by Qilin'},
 'investigation_status': 'Completed',
 'motivation': 'Financial gain, Data exfiltration',
 'ransomware': {'data_encryption': 'Yes',
                'data_exfiltration': 'Yes (alleged 850 GB of data)',
                'ransom_paid': 'No',
                'ransomware_strain': 'Qilin'},
 'references': [{'source': 'Maine Attorney General’s Office'},
                {'source': 'Qilin ransomware group claim'}],
 'regulatory_compliance': {'regulations_violated': ['HIPAA (likely)'],
                           'regulatory_notifications': 'Maine Attorney '
                                                       'General’s Office'},
 'response': {'communication_strategy': 'Notifications to Maine Attorney '
                                        'General’s Office and affected '
                                        'individuals'},
 'threat_actor': 'Qilin ransomware group',
 'title': 'Covenant Health Data Breach',
 'type': 'Data Breach, Ransomware'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.