• Covenant Health, a large Catholic healthcare provider based in Andover, Massachusetts that operates hospitals and care facilities across New England and parts of Pennsylvania, experienced a ransomware attack in May 2025.
• The attack was attributed to the Qilin ransomware group, which claimed to have stolen a large amount of data (about 1.35 million files, 852 GB).
• The unauthorized access began around May 18, 2025 and was discovered by Covenant Health on May 26, 2025.

Revised number of affected patients

• Initially, Covenant Health reported in July 2025 that only about 7,800 patients were impacted.
• However, after completing a detailed investigation and data analysis, the organization revised the total to around 478,188 individuals whose personal and health information was compromised.
• Local reporting notes that this includes nearly 285,000 residents of Maine among the affected.

What data was exposed

The breach exposed sensitive patient information, including:

• Names
• Addresses
• Social Security numbers
• Treatment and medical records
  (These details were reported as accessed by unauthorized parties; see local Maine reporting for specifics.)

Response and follow-up

• Covenant Health has been notifying affected individuals, offering identity protection services, and working with forensic experts to investigate the breach.
• Officials say they’ve taken steps to secure systems and prevent future incidents, though they haven’t publicly detailed all technical changes.

Potential impacts

• Patients affected by the breach could face risks of identity theft or fraud due to the nature of the data exposed, and credit/identity monitoring services are typically offered in such cases.