Covenant Health data breach impacts 478,188 patients after May cyberattack
NEWYou can now listen to Fox News articles!
When a healthcare data breach is first disclosed, the number of people affected is often well below the final count. This figure frequently increases as investigations continue.
Mass. That’s exactly what happened at Andover-based Covenant Health. The Catholic healthcare provider has confirmed that a cyberattack discovered last May may have affected nearly 500,000 patients; That’s a sharp increase from the fewer than 8,000 it reported earlier this year.
A ransomware group later claimed responsibility for the incident, but Covenant Health has not publicly confirmed the use of the ransomware. Attackers accessed names, addresses, Social Security numbers and health information, among other sensitive data that could put patients at serious risk.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent safety alerts and special deals straight to your inbox. You’ll also get instant access to my Ultimate Scam Survival Guide – free when you join my channel CYBERGUY.COM bulletin.
PHOENIX UNIVERSITY DATA BREACH HIT 3.5 MILLION PEOPLE
Covenant Health detected suspicious activity in late May 2025, but researchers later confirmed that attackers had accessed systems days earlier. (Kurt “CyberGuy” Knutsson)
What happened in the Covenant Health breach?
Covenant Health announced on May 26, 2025 that it detected unusual activity in its IT environment. A subsequent investigation revealed that an attacker had actually gained access eight days earlier, on May 18, and was able to access patient data during that window.
In July, Covenant Health told regulators the breach affected 7,864 people. After completing what it describes as extensive data analysis, the organization now says 478,188 people may have been affected.
Covenant Health operates hospitals, nursing and rehabilitation centers, assisted living homes and senior care facilities in New England and parts of Pennsylvania. This large footprint means the breach potentially touched patients across multiple states and care settings.
In late June, the Qilin ransomware group claimed responsibility for the attack, Bleeping Computer reported. The group claimed to have stolen 852 GB of data, approximately 1.35 million files in total. Covenant Health did not confirm these figures but acknowledged that patient information was accessed.
Depending on the organization, the data disclosed may include names, addresses, birth dates, medical record numbers, Social Security numbers, health insurance details and treatment information such as diagnoses, treatment dates and types of care received.
700KREDİ DATA BREACH EXPOSES SSNS OF 5.8 MILLION CONSUMERS
Qilin ransomware lists Covenant Health on its data leak site. (Computer Beep)
What does Covenant Health tell patients?
In a notice sent to regulators and patients, Covenant Health said it had appointed third-party forensic experts to investigate the incident and determine what data was involved. The organization says data analysis is ongoing as it continues to identify individuals whose information may have been involved.
There are also the familiar statements every company makes after a breach, claiming that they have strengthened the security of their IT systems to help prevent similar incidents in the future. Covenant Health also said it has established a dedicated, toll-free call center to answer questions about the breach.
Starting from December 31, 2025, the organization began sending notification letters to patients whose information may have been compromised. Covenant Health offers free credit monitoring and identity theft protection services for people whose Social Security numbers may be involved.
We reached out to Covenant Health and the company confirmed the incident had been expanded and outlined steps being taken to notify patients and enhance safety measures.
400 THOUSAND BANK CUSTOMERS’ INFORMATION IS DISCLOSED DUE TO DATA BREACH
The breach exposed highly sensitive information including names, Social Security numbers, medical records and treatment details for nearly half a million patients. (Kurt “CyberGuy” Knutsson)
7 steps you can take to protect yourself after a Covenant Health breach
If you have received a notification from Covenant Health or your data has been subject to any healthcare breach, these steps can help reduce the risk of abuse.
1) Sign up for free identity protection offered
If the organization offers you credit monitoring or identity protection, get it. These services can alert you to suspicious activity tied to your Social Security number, credit file, or identification details before any actual damage is done. If it’s not offered to you and you want to be on the safer side, you might consider getting one yourself.
Identity Theft companies can track your personal information, such as your Social Security Number (SSN), phone number, and email address, and alert you if it is sold on the dark web or used to open an account. They can also help freeze your bank and credit card accounts to prevent further unauthorized use by criminals.
See my tips and top picks on how to protect yourself from identity theft at: cyberguy.com
2) Monitor health and insurance claims closely
Medical identity theft often occurs silently. Review the description of benefits for services (EOBs), insurance claims, and billing statements that you do not recognize. If something isn’t right, let your insurer know immediately.
3) Issue a fraud alert or credit freeze
A fraud alert notifies lenders that they need to take additional steps to verify your identity before approving the loan. A credit freeze goes further by completely blocking new accounts unless you remove them. If Social Security numbers are compromised, freezing them is often a safer option.
To learn more about how to do this, go to: cyberguy.com and call “How do you freeze your credit?”
4) Use a password manager
Healthcare breaches often lead to credential stuffing attacks elsewhere. The password manager ensures that each account uses a unique password so that one set of exposed data cannot unlock everything else. It also makes it easier to quickly update passwords after a breach.
Next, see if your email has been subject to past breaches. Our #1 password manager pick includes a built-in breach scanner that checks to see if your email address or passwords appear in known leaks. If you find a match, immediately replace reused passwords and secure those accounts with new, unique credentials.
Check out the best expert-reviewed password managers of 2025 at: cyberguy.com.
5) Be wary of phishing scams and use strong antivirus software
Breaches are often followed by phishing emails, texts or calls that make the incident appear legitimate. Attackers can pose as a healthcare provider, insurer, or credit bureau. Do not click on links or share information unless you can independently verify the source.
The best way to protect yourself from malicious links that install malware and potentially access your private information is to have antivirus software installed on all your devices. This protection also keeps your personal information and digital assets safe by alerting you to phishing emails and ransomware scams.
Get my picks for the 2025 best antivirus protection winners for your Windows, Mac, Android, and iOS devices at: cyberguy.com.
6) Consider personal data removal service
When your data is leaked, it usually spreads to data broker sites. Personal data removal services help you reduce your digital footprint by requesting removal from these databases. While they can’t delete everything, they do reduce your visibility and make targeted fraud more difficult.
While no service can guarantee complete removal of your data from the internet, a data removal service is truly a smart choice. They’re not cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically deleting your personal information from hundreds of websites. This is what gives me peace of mind and has proven to be the most effective way to delete your personal data from the internet. By limiting the information available, you reduce the risk of fraudsters cross-referencing data obtained from breaches with information they can find on the dark web, making it harder for them to target you.
Check out my top picks for data removal services and get a free scan to see if your personal information is already on the internet by visiting: cyberguy.com.
Take advantage of free scanning to find out if your personal information is already on the internet: cyberguy.com.
7) Review your credit reports regularly
You are entitled to free credit reports from all major bureaus. Check for unfamiliar accounts, difficult questions or address changes. Catching fraud early makes it much easier to control.
Kurt’s important takeaway
Healthcare organizations continue to be a prime target for cybercriminal groups due to the volume and sensitivity of the data they store. Medical records contain a mixture of personal, financial and health information that is difficult to change once disclosed. Unlike a password, you cannot reset diagnosis or treatment history. This breach also shows how early disclosures often underestimate the impact. Large healthcare networks are dependent on complex systems and third-party providers, which can slow down forensic analysis in the early stages. The number of affected individuals frequently increases as investigations continue.
Do you think healthcare organizations are doing enough to protect user data? Let us know by writing to us. cyberguy.com.
CLICK TO DOWNLOAD FOX NEWS APPLICATION
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent safety alerts and special deals straight to your inbox. You’ll also get instant access to my Ultimate Scam Survival Guide — free when you join me CYBERGUY.COM bulletin.
Copyright 2025 CyberGuy.com. All rights reserved.
