Covenant Health: Alerted to a breach in November, Advanced Family Surgery Center remains publicly silent

Cyberattack on Advanced Family Surgery Center Exposes Sensitive Patient Data

On November 26, 2025, the ransomware group Genesis notified Advanced Family Surgery Center (AFSC), a Tennessee-based facility under Covenant Health, that they had breached its systems. Despite initial contact and attempted negotiations, no resolution was reached.

By January 11, Genesis listed AFSC on its dark web leak site, claiming to have exfiltrated 100 GB of data, including:

Protected health information (surgical records with patient names, dates of birth, Social Security numbers, insurance details, and procedure notes)
Personal and financial data
Operational and file-server records

A file tree posted by the threat actors confirmed the breach, with DataBreaches verifying the authenticity of exposed records. On January 19, when contacted for comment, Covenant Health initially questioned whether the inquiry was intended for them, suggesting a possible lack of awareness about the incident.

As of publication, no data has been leaked, though Genesis indicated an upload was in progress. Under HIPAA regulations, affected entities must notify patients and the U.S. Department of Health and Human Services (HHS) within 60 days of discovery a deadline AFSC appears to have missed. No public breach notification from Covenant Health or AFSC has been identified, nor does the incident appear on HHS’s breach reporting tool. Further updates may follow if additional responses or disclosures emerge.

Source: https://databreaches.net/2026/01/21/alerted-to-a-breach-in-november-advanced-family-surgery-center-remains-publicly-silent/

Covenant Health (MA) cybersecurity rating report: https://www.rankiteo.com/company/covhealth

"id": "COV1769001816",
"linkid": "covhealth",
"type": "Ransomware",
"date": "11/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'industry': 'Healthcare',
                        'location': 'Tennessee, USA',
                        'name': 'Advanced Family Surgery Center (AFSC)',
                        'type': 'Healthcare provider'},
                       {'industry': 'Healthcare',
                        'location': 'Tennessee, USA',
                        'name': 'Covenant Health',
                        'type': 'Healthcare network'}],
 'data_breach': {'data_exfiltration': 'Yes',
                 'personally_identifiable_information': ['Patient names',
                                                         'Dates of birth',
                                                         'Social Security '
                                                         'numbers',
                                                         'Insurance details',
                                                         'Procedure notes'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Protected health information',
                                              'Personal and financial data',
                                              'Operational and file-server '
                                              'records']},
 'date_detected': '2025-11-26',
 'date_publicly_disclosed': '2025-01-11',
 'description': 'On November 26, 2025, the ransomware group Genesis notified '
                'Advanced Family Surgery Center (AFSC), a Tennessee-based '
                'facility under Covenant Health, that they had breached its '
                'systems. Despite initial contact and attempted negotiations, '
                'no resolution was reached. By January 11, Genesis listed AFSC '
                'on its dark web leak site, claiming to have exfiltrated 100 '
                'GB of data, including protected health information, personal '
                'and financial data, and operational records. A file tree '
                'posted by the threat actors confirmed the breach, with '
                'DataBreaches verifying the authenticity of exposed records. '
                'As of publication, no data has been leaked, though Genesis '
                'indicated an upload was in progress. Under HIPAA regulations, '
                'affected entities must notify patients and the U.S. '
                'Department of Health and Human Services (HHS) within 60 days '
                'of discovery, a deadline AFSC appears to have missed.',
 'impact': {'brand_reputation_impact': 'Potential damage due to delayed '
                                       'disclosure',
            'data_compromised': '100 GB',
            'identity_theft_risk': 'High',
            'legal_liabilities': 'Potential HIPAA violations',
            'payment_information_risk': 'High'},
 'investigation_status': 'Ongoing',
 'motivation': 'Financial gain',
 'ransomware': {'data_exfiltration': 'Yes', 'ransom_paid': 'No'},
 'references': [{'source': 'DataBreaches'}],
 'regulatory_compliance': {'regulations_violated': ['HIPAA'],
                           'regulatory_notifications': 'Missed 60-day HHS '
                                                       'notification deadline'},
 'response': {'communication_strategy': 'Delayed/Unclear'},
 'threat_actor': 'Genesis',
 'title': 'Cyberattack on Advanced Family Surgery Center Exposes Sensitive '
          'Patient Data',
 'type': 'Ransomware'}

Covenant Health: Alerted to a breach in November, Advanced Family Surgery Center remains publicly silent – DataBreaches.Net

Trivy and European Commission: European Commission breach exposed data of 30 EU entities, CERT-EU says

Hong Kong Hospital Authority: Probe launched after Hospital Authority data breach involving 56,000 patients

Brokk: Brokk purportedly hacked by Play ransomware, data leaked