Covenant Health data breach affects nearly 500,000 patients

When a health data breach is first revealed, the number of people affected is usually much smaller than the final count. That number frequently increases as investigations continue.

That’s exactly what happened with Andover, Massachusetts-based Covenant Health. The Catholic healthcare provider has confirmed that a cyberattack discovered last May may have affected nearly 500,000 patients, a sharp increase from the fewer than 8,000 people it initially reported earlier this year.

A ransomware group later claimed responsibility for the incident, although Covenant Health has not publicly confirmed the use of ransomware. The attackers accessed names, addresses, Social Security numbers and health information, among other sensitive data that could put patients at serious risk.

Sign up to receive my FREE CyberGuy report
Get my best tech tips, urgent security alerts, and exclusive offers delivered right to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM information sheet.

UNIVERSITY OF PHOENIX DATA BREACH AFFECTS 3.5M PEOPLE

What happened in the Covenant Health breach?

Covenant Health says it detected unusual activity in its IT environment on May 26, 2025. Further investigation revealed that an attacker had gained access eight days earlier, on May 18, and was able to access patient data during that window.

In July, Covenant Health told regulators that the breach affected 7,864 people. After completing what it describes as extensive data analysis, the organization now says that up to 478,188 people may have been affected.

Covenant Health operates hospitals, nursing and rehabilitation facilities, assisted living residences and senior care organizations in New England and parts of Pennsylvania. That broad footprint means the breach potentially affected patients in multiple states and care settings.

In late June, the Qilin ransomware group claimed responsibility for the attack, Bleeping Computer reported. The group alleged that it stole 852 GB of data, totaling almost 1.35 million files. Covenant Health has not confirmed those figures, but did acknowledge that patient information was accessed.

Depending on the organization, the exposed data may have included names, addresses, dates of birth, medical record numbers, Social Security numbers, health insurance details, and treatment information such as diagnoses, dates of treatment, and types of care received.

700CREDITO DATA BREACH EXPOSES THE SSNS OF 5.8 MILLION CONSUMERS

What Covenant Health tells patients

In a notice sent to regulators and patients, Covenant Health says it hired outside forensic specialists to investigate the incident and determine what data was involved. The organization says its data analysis is ongoing as it continues to identify individuals whose information may have been involved.

Then there are the well-known statements that all companies make after a breach, stating that they have strengthened the security of their IT systems to help prevent similar incidents in the future. Covenant Health says it has also created a dedicated toll-free call center to handle questions related to the breach.

Beginning December 31, 2025, the organization began sending notification letters to patients whose information may have been compromised. For people whose Social Security numbers may have been involved, Covenant Health offers free credit monitoring and identity theft protection services.

We reached out to Covenant Health and the company confirmed the expanded scope of the incident and outlined steps being taken to notify patients and improve safety measures.

DATA BREACH EXPOSES THE INFORMATION OF 400,000 BANK CUSTOMERS

7 Steps You Can Take to Protect Yourself After a Covenant Health Breach

If you have received a notice from Covenant Health, or if your data has been exposed in a healthcare breach, these steps can help reduce the risk of misuse.

1) Sign up for the free identity protection offered

If the organization offers you credit monitoring or identity protection, take it. These services can alert you to suspicious activity related to your Social Security number, credit file, or identity details before any real damage is done. If you are not offered one and want to be on the safe side, you might consider purchasing one yourself.

Identity theft companies can monitor personal information such as your Social Security number, phone number, and email address and alert you if it is sold on the dark web or used to open an account. They can also help you freeze your bank and credit card accounts to prevent further unauthorized use by criminals.

See my tips and best options on how to protect yourself from identity theft at Cyberguy.com

2) Closely monitor medical and insurance statements

Medical identity theft often appears quietly. Review an explanation of benefits (EOB), insurance claims, and statements for services you don’t recognize. If something seems strange, report it to your insurer immediately.

3) Place a fraud alert or freeze credit

A fraud alert tells lenders to take additional steps to verify your identity before approving credit. A credit freeze goes further by completely blocking new accounts unless you lift it. If Social Security numbers were exposed, freezing them is usually the safest option.

For more information on how to do this, go to Cyberguy.com and search “How to freeze your credit.”

4) Use a password manager

Breaches in healthcare often lead to credential stuffing attacks elsewhere. A password manager ensures that each account uses a unique password, so that one exposed set of data can’t unlock everything else. It also makes it easier to quickly update passwords after a breach.

Next, check to see if your email has been exposed in previous breaches. Our #1 pick for password manager includes a built-in breach scanner that checks to see if your email address or passwords have appeared in known breaches. If you discover a match, immediately change any reused passwords and protect those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

5) Beware of phishing scams and use strong antivirus software

Breaches are often followed by phishing emails, text messages, or calls that reference the incident to make it appear legitimate. Attackers can impersonate healthcare providers, insurers, or credit agencies. Please do not click on links or share information unless you independently verify the source.

The best way to protect yourself from malicious links that install malware and potentially access your private information is to have antivirus software installed on all of your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best antivirus protection winners of 2025 for your Windows, Mac, Android, and iOS devices at Cyberguy.com.

6) Consider a personal data deletion service

Once your data is leaked, it often spreads through data broker sites. Personal data deletion services help reduce your digital footprint by requesting deletions from these databases. While they can’t erase everything, they reduce your exposure and make targeted fraud more difficult.

While no service can guarantee complete removal of your data from the Internet, a data erasure service is truly a smart choice. They are not cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically deleting your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to delete your personal data from the Internet. By limiting the information available, you reduce the risk of scammers cross-referencing leak data with information they can find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already available on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already available on the web: Cyberguy.com.

7) Review your credit reports periodically

You are entitled to receive free credit reports from all major bureaus. Check them for unknown accounts, difficult queries, or address changes. Detecting fraud early makes it much easier to contain it.

Kurt’s Key Takeaway

Healthcare organizations remain prime targets for cybercriminal groups due to the volume and sensitivity of the data they store. Medical records contain a combination of personal, financial, and health information that is difficult to change once exposed. Unlike a password, you cannot reset a diagnosis or treatment history. This breach also shows how early disclosures often underestimate the impact. Large healthcare networks rely on complex systems and third-party vendors, which can slow down forensic analysis in the early stages. As investigations progress, the number of people affected usually increases.

Do you think healthcare organizations are doing enough to protect user data? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE News APP

Sign up to receive my FREE CyberGuy report
Get my best tech tips, urgent security alerts, and exclusive offers delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM information sheet.

Copyright 2025 CyberGuy.com. All rights reserved.