Home / Technology / Covenant Health Data Breach Swells to 500K Patients
Covenant Health Data Breach Swells to 500K Patients
11 Jan
Summary
- Cyberattack on Covenant Health may have impacted nearly 500,000 patients.
- Initial breach disclosure reported fewer than 8,000 affected individuals.
- Sensitive data including SSNs and health info was accessed by attackers.
Covenant Health has confirmed a significant expansion in the scope of a cyberattack discovered on May 26, 2025. Investigations now indicate that the incident, which began on May 18, 2025, may have compromised the data of up to 478,188 patients. This figure is a dramatic increase from the fewer than 8,000 individuals initially reported in July 2025.
The compromised data potentially includes sensitive personal and medical information such as names, addresses, Social Security numbers, dates of birth, health insurance details, and treatment records. The Qilin ransomware group has claimed responsibility for the attack, alleging the theft of 852 GB of data. Covenant Health has engaged third-party specialists to investigate and is notifying affected patients.
Covenant Health, which operates facilities across New England and parts of Pennsylvania, is offering complimentary credit monitoring and identity theft protection services to individuals whose Social Security numbers may have been exposed. The organization has also established a dedicated call center to address patient concerns and has implemented enhanced security safeguards.
