Covenant Health patient data breach numbers skyrocket

According to a revised breach notification, the provider sent out an additional 470,000 letters for a ransomware attack initially reported last year as affecting upwards of 8,000 individuals. 
Global
Privacy & Security
By Andrea Fox , Senior Editor | January 5, 2026 | 12:19 PM
Covenant Health

Photo: Covenant Health

Covenant Health has sent more letters to victims of a May 2025 hacking incident, according to a new data breach notification filed with the Maine Attorney General's Office.

WHY IT MATTERS

The Andover, Massachusetts-based health system with medical centers and assisted living locations in Maine and New Hampshire, said in a new Dec. 31 notification letter that 478,188 individuals (including 284,529 Maine residents) may have been affected by a previously disclosed IT incident that occurred on May 18.

No new statement has been posted to Covenant Health's website at this time, and we have reached out to the provider for comment. If one is provided, we will update this story.

THE LARGER TREND

In July, Covenant Health initially reported that 7,864 people were affected, including 4,659 Maine residents. The Catholic health system's hospitals and skilled nursing sites in the state include St. Mary's in Lewiston, St. Joseph in Bangor and St. André in Biddeford.

In a statement posted to its website at the time, the health system said that the hackers breached patient addresses, dates of birth, medical record numbers, Social Security numbers, health insurance details and treatment information, including diagnoses, dates of treatment and types of treatment.

Before the attack's disclosure, the Qilin ransomware group claimed responsibility for leaking 852GB of compromised Covenant patient files, according to a recent story by Bleeping Computer.

The ransomware group is known to the health sector due to cyberattacks on blood suppliers in 2024 and was named one of the most prolific threat actors in recent reports, indicating cloud account compromises as the most prevalent emerging cybersecurity threat to providers.

Covenant has not confirmed an extortion attempt, but is offering victims 12 months of identity monitoring protection, including credit monitoring, fraud consultation and identity theft restoration.

ON THE RECORD

"On May 26, 2025, Covenant Health was alerted to unusual activity in our Information Technology environment," the health system said in a statement last year.

"We immediately worked to secure and restore our systems and engaged industry-leading third-party information technology and forensic specialists to conduct a thorough investigation into the source and extent of the incident, including the amount and type of data that may have been affected."

Andrea Fox is senior editor of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.

Topic:
Privacy & Security

More Regional News

Pharmacist fills prescriptions
Utah's AI prescription refill pilot could affect patient safety, critics say
By Andrea Fox |
Zack Tisch of Pivot Point Consulting on interoperability
In the age of AI, interoperability becomes core operating infrastructure
By Bill Siwicki |
Clinician burnout
Physician burnout declines nationally but specialty gaps persist, says AMA
By Nathan Eddy |