What You Need to Know about the Covenant Health Data Breach
Table of Contents
- Published: Jan 08, 2026
- Last Updated: Jan 08, 2026
Founded in 1983 as a non-profit health care system, Covenant Health, Inc. sponsors skilled nursing homes, hospitals, assisted living residences, rehabilitation centers, and some health and elder services across New England. With over 5,000 employees and providers, the Andover, Massachusetts-based Catholic health care organization offers a continuum of high-quality, value-driven care to individuals and communities it serves, including Maine, Massachusetts, Rhode Island, Vermont, Pennsylvania, and New Hampshire.
In May 2025, Covenant Health learned its IT system was attacked by cybercriminals, an incident that reportedly exposed patients' sensitive data. There were reports in July 2025, according to the organization’s first notification to the Maine Attorney General’s Office, that only about 7,860 people were affected by the breach. Patients’ stolen information included name, address, date of birth, treatment information, health insurance data, Social Security number, and medical record number.
However, in late December 2025, Covenant Health sent an updated notification to the Maine Attorney General’s Office following extensive data analysis. This notification revealed that the number of affected individuals in the May 2025 data breach was much larger than the figure initially reported. At least 478,100 individuals were said to have been impacted by that incident.
The Qilin ransomware group has allegedly claimed responsibility for this incident, boasting it stole over 1.3 million files totaling 850 gigabytes of data. Covenant Health has since mailed notification letters to affected patients, offering free credit monitoring and identity theft protection services, especially to those whose Social Security numbers were exposed.
When Was the Covenant Health Data Breach?
The Covenant Health data breach occurred on May 18, 2025. However, it took approximately a week, on May 26, 2025, to detect unauthorized access to the organization’s IT environment. Upon discovering the hacker’s intrusion into its system, Covenant Health says it immediately engaged the services of leading third-party IT and forensic specialists to thoroughly investigate the source and extent of the breach. The investigation revealed that the hackers accessed sensitive personal information of some patients.
According to reports, Covenant Health immediately discontinued access to all data systems in its hospitals, provider practices, and clinics once it became aware of the intrusion. The health organization had earlier reported to regulators in July 2025 that the incident’s impact was limited to about 7,860 individuals. However, on December 31, 2025, it was revealed that the incident affected over 478,180 individuals.
Covenant Health, in a notice of data security incident published on July 11, 2025, stated it is unaware of any fraudulent misuse of any information stolen during the incident.
How to Check If Your Data Was Breached
You would have received a notification letter by now if you received healthcare services from any Covenant Health facility and were impacted by the May 2025 data incident. The letter describes the incident, compromised information, the organization’s efforts since the incident, and what you can do to protect yourself.
However, if you think you were affected by the data incident but have yet to receive a notification letter, checking data breach websites like Have I Been Pwned might help. With your email address, these sites will reveal where your information has been leaked and what data was stolen.
If you have received unsolicited, suspicious messages or emails following the news of the May 2025 breach, your data may have been leaked. Look for urgent emails or messages with suspicious links or attachments from strange senders or those that appear to be legitimate but are not, especially if you received healthcare services from one of the organization’s facilities.
Reviewing your Social Security and health insurance statements is another way to check if your information was stolen in the Covenant Health data incident. If you find entries for benefits or services you did not receive, it may be an indication that the hackers stole your Social Security number and health insurance data. Unauthorized transactions in your financial account statements or unfamiliar inquiries on credit reports are also potential signs of compromised data.
What to Do If Your Data Was Breached
Covenant Health, Inc. is offering a complimentary one-year free credit monitoring and identity protection service to individuals whose Social Security numbers were exposed in the May 2025 incident. If your data was breached and you have already received a notification letter, sign up for these services, which proactively detect possible misuse of your data and promptly identify and resolve identity theft.
You should also consider placing a fraud alert on your credit file through the three major credit bureaus if you believe your sensitive information was compromised in the incident. Having a fraud alert on your credit file puts creditors on notice that you may be a victim of fraud, prompting them to contact you for identity verification before approving new loans or credit.
Alternatively, you can put a credit freeze on your credit file through all three credit bureaus. This makes it harder for identity thieves to open new accounts in your name, even if you were affected by the Covenant Health data breach.
More importantly, remain vigilant for incidents of identity theft and fraud by reviewing your credit reports and financial statements for unauthorized activity. If you find any strange entry, report it to your local law enforcement agency or the Federal Trade Commission (FTC). Additionally, be sure to follow all official updates from Covenant Health, Inc., regarding the May 2025 incident.
Are There Any Lawsuits Because of the Data Breach?
Yes. While several law firms are investigating possible class actions against Covenant Health as a result of the May 2025 data incident, a class action lawsuit has already been filed against the organization.
In June 2025, Michael McClain filed a class action lawsuit against the Massachusetts-based non-profit healthcare organization and St. Joseph Hospital in Bangor in the Penobscot County Superior Court in Maine. Michael alleges that the cybersecurity incident indicates Covenant Health’s failure to properly secure and safeguard patients’ records and private information.
In his lawsuit, McClain is asking for restitution and other compensatory damages. The lawsuit is also seeking a court order mandating additional cybersecurity controls. The lawsuit remains pending as of January 2026.
Can My Covenant Health Information Be Used for Identity Theft?
Yes, because the sensitive nature of health records or data makes them a primary target for criminals. Cyber thieves can use the information stolen in the Covenant Health data breach of May 2025 for different types of fraud and identity theft. Exposed data included medical information and some personal details, including Social Security numbers, which identity thieves find helpful for several schemes.
With your health insurance data, criminals can get prescription drugs or obtain medical services in your name, as well as file false claims with your health insurance provider for services you never enjoyed. This could result in misleading information being entered in your medical records.
Similarly, criminals can facilitate financial identity theft with your name, address, and Social Security number by opening new bank accounts, applying for loans, or opening new credit card accounts while pretending to be you. In some cases, thieves can even commit tax fraud in your name using data exposed in the Covenant Health security incident.
Furthermore, scammers who obtain your personal information from the healthcare network may be able to answer security questions to access some of your online accounts. Moreover, medical records are a valuable source of information on the black market. If stolen, cybercriminals could sell them on the dark web to other criminals who specialize in exploiting victims.
What Can You Do to Protect Yourself Online?
The May 2025 Covenant Health data breach is a stern reminder about the risks you face online every time. Below are key tips to help you protect your personal data and stay safe online:
- Be mindful of the information you share online. It is always better to share less and avoid tagging your geolocation whenever you share information. Avoid shared folders, playlists, or albums, as they could be hacked. You can create a throwaway email address for subscriptions.
- Protect your privacy by deleting your data from search engines, as many of them collect personal information in their database every time.
- Avoid choosing passwords that are easy to guess. When creating a password, make sure it is long (at least 12 characters) and includes a mix of numbers, letters (upper and lower cases), and special characters. In addition, avoid using the same password for multiple accounts.
- Enroll in a credit monitoring service to help monitor your financial and personal data for possible threats online and proactive identity protection.
- Where possible, enable multiple-factor authentication (MFA). This will make your online accounts more secure and can reduce the likelihood of a successful cyberattack.
- Be sure that the websites you visit, especially those you transact with, are secure before entering any sensitive information. Always look out for URLs that begin with https rather than http.
- Be cautious when using public Wi-Fi, as you have no control over its security. If you must use one, avoid sharing sensitive information or carrying out personal transactions, such as online shopping and online banking. If you are using your home network, be sure to secure it with a password.
- Check your bank and credit card statements regularly for unusual activity or transactions and report any anomaly to your financial institution or law enforcement promptly.
- Keep the operating systems, software, and apps on your internet devices updated all the time so you can benefit from the latest security patches that come with each update.
- Be cautious of suspicious links and attachments in text messages or emails so you don’t become a victim of phishing scams.
